2 # Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
17 # sha1_block procedure for x86_64.
19 # It was brought to my attention that on EM64T compiler-generated code
20 # was far behind 32-bit assembler implementation. This is unlike on
21 # Opteron where compiler-generated code was only 15% behind 32-bit
22 # assembler, which originally made it hard to motivate the effort.
23 # There was suggestion to mechanically translate 32-bit code, but I
24 # dismissed it, reasoning that x86_64 offers enough register bank
25 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
26 # implementation:-) However! While 64-bit code does perform better
27 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
28 # x86_64 does offer larger *addressable* bank, but out-of-order core
29 # reaches for even more registers through dynamic aliasing, and EM64T
30 # core must have managed to run-time optimize even 32-bit code just as
31 # good as 64-bit one. Performance improvement is summarized in the
34 # gcc 3.4 32-bit asm cycles/byte
35 # Opteron +45% +20% 6.8
36 # Xeon P4 +65% +0% 9.9
41 # The code was revised to minimize code size and to maximize
42 # "distance" between instructions producing input to 'lea'
43 # instruction and the 'lea' instruction itself, which is essential
44 # for Intel Atom core.
48 # Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
49 # is to offload message schedule denoted by Wt in NIST specification,
50 # or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
51 # for background and implementation details. The only difference from
52 # 32-bit code is that 64-bit code doesn't have to spill @X[] elements
53 # to free temporary registers.
57 # Add AVX code path. See sha1-586.pl for further information.
61 # Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions
62 # and loading pair of consecutive blocks to 256-bit %ymm registers)
63 # did not provide impressive performance improvement till a crucial
64 # hint regarding the number of Xupdate iterations to pre-compute in
65 # advance was provided by Ilya Albrekht of Intel Corp.
69 # Add support for Intel SHA Extensions.
71 ######################################################################
72 # Current performance is summarized in following table. Numbers are
73 # CPU clock cycles spent to process single byte (less is better).
78 # Core2 6.55 6.05/+8% -
79 # Westmere 6.73 5.30/+27% -
80 # Sandy Bridge 7.70 6.10/+26% 4.99/+54%
81 # Ivy Bridge 6.06 4.67/+30% 4.60/+32%
82 # Haswell 5.45 4.15/+31% 3.57/+53%
83 # Skylake 5.18 4.06/+28% 3.54/+46%
84 # Bulldozer 9.11 5.95/+53%
85 # Ryzen 4.75 3.80/+24% 1.93/+150%(**)
86 # VIA Nano 9.32 7.15/+30%
88 # Silvermont 13.1(*) 9.37/+40%
89 # Knights L 13.2(*) 9.68/+36% 8.30/+59%
90 # Goldmont 8.13 6.42/+27% 1.70/+380%(**)
92 # (*) obviously suboptimal result, nothing was done about it,
93 # because SSSE3 code is compiled unconditionally;
98 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
100 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
102 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
103 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
104 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
105 die "can't locate x86_64-xlate.pl";
107 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
108 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
109 $avx = ($1>=2.19) + ($1>=2.22);
112 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
113 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
114 $avx = ($1>=2.09) + ($1>=2.10);
117 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
118 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
119 $avx = ($1>=10) + ($1>=11);
122 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
123 $avx = ($2>=3.0) + ($2>3.0);
126 $shaext=1; ### set to zero if compiling for 1.0.1
127 $avx=1 if (!$shaext && $avx);
129 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
132 $ctx="%rdi"; # 1st arg
133 $inp="%rsi"; # 2nd arg
134 $num="%rdx"; # 3rd arg
136 # reassign arguments in order to produce more compact code
144 @xi=("%edx","%ebp","%r14d");
154 my ($i,$a,$b,$c,$d,$e)=@_;
156 $code.=<<___ if ($i==0);
157 mov `4*$i`($inp),$xi[0]
160 $code.=<<___ if ($i<15);
161 mov `4*$j`($inp),$xi[1]
163 mov $xi[0],`4*$i`(%rsp)
169 lea 0x5a827999($xi[0],$e),$e
175 $code.=<<___ if ($i>=15);
176 xor `4*($j%16)`(%rsp),$xi[1]
178 mov $xi[0],`4*($i%16)`(%rsp)
180 xor `4*(($j+2)%16)`(%rsp),$xi[1]
183 xor `4*(($j+8)%16)`(%rsp),$xi[1]
185 lea 0x5a827999($xi[0],$e),$e
192 push(@xi,shift(@xi));
196 my ($i,$a,$b,$c,$d,$e)=@_;
198 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
199 $code.=<<___ if ($i<79);
200 xor `4*($j%16)`(%rsp),$xi[1]
202 `"mov $xi[0],".4*($i%16)."(%rsp)" if ($i<72)`
204 xor `4*(($j+2)%16)`(%rsp),$xi[1]
207 xor `4*(($j+8)%16)`(%rsp),$xi[1]
215 $code.=<<___ if ($i==79);
226 push(@xi,shift(@xi));
230 my ($i,$a,$b,$c,$d,$e)=@_;
233 xor `4*($j%16)`(%rsp),$xi[1]
235 mov $xi[0],`4*($i%16)`(%rsp)
237 xor `4*(($j+2)%16)`(%rsp),$xi[1]
240 xor `4*(($j+8)%16)`(%rsp),$xi[1]
241 lea 0x8f1bbcdc($xi[0],$e),$e
251 push(@xi,shift(@xi));
256 .extern OPENSSL_ia32cap_P
258 .globl sha1_block_data_order
259 .type sha1_block_data_order,\@function,3
261 sha1_block_data_order:
263 mov OPENSSL_ia32cap_P+0(%rip),%r9d
264 mov OPENSSL_ia32cap_P+4(%rip),%r8d
265 mov OPENSSL_ia32cap_P+8(%rip),%r10d
266 test \$`1<<9`,%r8d # check SSSE3 bit
269 $code.=<<___ if ($shaext);
270 test \$`1<<29`,%r10d # check SHA bit
273 $code.=<<___ if ($avx>1);
274 and \$`1<<3|1<<5|1<<8`,%r10d # check AVX2+BMI1+BMI2
275 cmp \$`1<<3|1<<5|1<<8`,%r10d
278 $code.=<<___ if ($avx);
279 and \$`1<<28`,%r8d # mask AVX bit
280 and \$`1<<30`,%r9d # mask "Intel CPU" bit
282 cmp \$`1<<28|1<<30`,%r8d
291 .cfi_def_cfa_register %rax
302 mov %rdi,$ctx # reassigned argument
304 mov %rsi,$inp # reassigned argument
306 mov %rdx,$num # reassigned argument
307 mov %rax,`16*4`(%rsp)
308 .cfi_cfa_expression %rsp+64,deref,+8
321 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
322 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
323 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
324 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
338 lea `16*4`($inp),$inp
341 mov `16*4`(%rsp),%rsi
354 .cfi_def_cfa_register %rsp
358 .size sha1_block_data_order,.-sha1_block_data_order
361 ######################################################################
362 # Intel SHA Extensions implementation of SHA1 update function.
364 my ($ctx,$inp,$num)=("%rdi","%rsi","%rdx");
365 my ($ABCD,$E,$E_,$BSWAP,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(0..3,8,9));
366 my @MSG=map("%xmm$_",(4..7));
369 .type sha1_block_data_order_shaext,\@function,3
371 sha1_block_data_order_shaext:
375 $code.=<<___ if ($win64);
376 lea `-8-4*16`(%rsp),%rsp
377 movaps %xmm6,-8-4*16(%rax)
378 movaps %xmm7,-8-3*16(%rax)
379 movaps %xmm8,-8-2*16(%rax)
380 movaps %xmm9,-8-1*16(%rax)
386 movdqa K_XX_XX+0xa0(%rip),$BSWAP # byte-n-word swap
388 movdqu ($inp),@MSG[0]
389 pshufd \$0b00011011,$ABCD,$ABCD # flip word order
390 movdqu 0x10($inp),@MSG[1]
391 pshufd \$0b00011011,$E,$E # flip word order
392 movdqu 0x20($inp),@MSG[2]
393 pshufb $BSWAP,@MSG[0]
394 movdqu 0x30($inp),@MSG[3]
395 pshufb $BSWAP,@MSG[1]
396 pshufb $BSWAP,@MSG[2]
397 movdqa $E,$E_SAVE # offload $E
398 pshufb $BSWAP,@MSG[3]
404 lea 0x40($inp),%r8 # next input block
407 movdqa $ABCD,$ABCD_SAVE # offload $ABCD
409 for($i=0;$i<20-4;$i+=2) {
411 sha1msg1 @MSG[1],@MSG[0]
413 sha1rnds4 \$`int($i/5)`,$E,$ABCD # 0-3...
414 sha1nexte @MSG[1],$E_
416 sha1msg1 @MSG[2],@MSG[1]
417 sha1msg2 @MSG[3],@MSG[0]
420 sha1rnds4 \$`int(($i+1)/5)`,$E_,$ABCD
423 sha1msg2 @MSG[0],@MSG[1]
425 push(@MSG,shift(@MSG)); push(@MSG,shift(@MSG));
428 movdqu ($inp),@MSG[0]
430 sha1rnds4 \$3,$E,$ABCD # 64-67
431 sha1nexte @MSG[1],$E_
432 movdqu 0x10($inp),@MSG[1]
433 pshufb $BSWAP,@MSG[0]
436 sha1rnds4 \$3,$E_,$ABCD # 68-71
438 movdqu 0x20($inp),@MSG[2]
439 pshufb $BSWAP,@MSG[1]
442 sha1rnds4 \$3,$E,$ABCD # 72-75
443 sha1nexte @MSG[3],$E_
444 movdqu 0x30($inp),@MSG[3]
445 pshufb $BSWAP,@MSG[2]
448 sha1rnds4 \$3,$E_,$ABCD # 76-79
450 pshufb $BSWAP,@MSG[3]
452 paddd $ABCD_SAVE,$ABCD
453 movdqa $E,$E_SAVE # offload $E
457 pshufd \$0b00011011,$ABCD,$ABCD
458 pshufd \$0b00011011,$E,$E
462 $code.=<<___ if ($win64);
463 movaps -8-4*16(%rax),%xmm6
464 movaps -8-3*16(%rax),%xmm7
465 movaps -8-2*16(%rax),%xmm8
466 movaps -8-1*16(%rax),%xmm9
473 .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
478 my @X=map("%xmm$_",(4..7,0..3));
479 my @Tx=map("%xmm$_",(8..10));
481 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
482 my @T=("%esi","%edi");
488 my $_rol=sub { &rol(@_) };
489 my $_ror=sub { &ror(@_) };
495 jmp .Lalign32_$sn # see "Decoded ICache" in manual
503 .type sha1_block_data_order_ssse3,\@function,3
505 sha1_block_data_order_ssse3:
508 mov %rsp,$fp # frame pointer
509 .cfi_def_cfa_register $fp
516 push %r13 # redundant, done to share Win64 SE handler
520 lea `-64-($win64?6*16:0)`(%rsp),%rsp
522 $code.=<<___ if ($win64);
523 movaps %xmm6,-40-6*16($fp)
524 movaps %xmm7,-40-5*16($fp)
525 movaps %xmm8,-40-4*16($fp)
526 movaps %xmm9,-40-3*16($fp)
527 movaps %xmm10,-40-2*16($fp)
528 movaps %xmm11,-40-1*16($fp)
533 mov %rdi,$ctx # reassigned argument
534 mov %rsi,$inp # reassigned argument
535 mov %rdx,$num # reassigned argument
539 lea K_XX_XX+64(%rip),$K_XX_XX
541 mov 0($ctx),$A # load context
545 mov $B,@T[0] # magic seed
551 movdqa 64($K_XX_XX),@X[2] # pbswap mask
552 movdqa -64($K_XX_XX),@Tx[1] # K_00_19
553 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
554 movdqu 16($inp),@X[-3&7]
555 movdqu 32($inp),@X[-2&7]
556 movdqu 48($inp),@X[-1&7]
557 pshufb @X[2],@X[-4&7] # byte swap
558 pshufb @X[2],@X[-3&7]
559 pshufb @X[2],@X[-2&7]
561 paddd @Tx[1],@X[-4&7] # add K_00_19
562 pshufb @X[2],@X[-1&7]
563 paddd @Tx[1],@X[-3&7]
564 paddd @Tx[1],@X[-2&7]
565 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU
566 psubd @Tx[1],@X[-4&7] # restore X[]
567 movdqa @X[-3&7],16(%rsp)
568 psubd @Tx[1],@X[-3&7]
569 movdqa @X[-2&7],32(%rsp)
570 psubd @Tx[1],@X[-2&7]
574 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
575 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
577 $arg = "\$$arg" if ($arg*1 eq $arg);
578 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
581 sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4
584 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
587 eval(shift(@insns)); # ror
588 &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]);
590 &movdqa (@Tx[0],@X[-1&7]);
591 &paddd (@Tx[1],@X[-1&7]);
595 &punpcklqdq(@X[0],@X[-3&7]); # compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
597 eval(shift(@insns)); # rol
599 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords
603 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
605 eval(shift(@insns)); # ror
606 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
611 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
613 eval(shift(@insns)); # rol
614 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
618 &movdqa (@Tx[2],@X[0]);
621 eval(shift(@insns)); # ror
622 &movdqa (@Tx[0],@X[0]);
625 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword
626 &paddd (@X[0],@X[0]);
632 eval(shift(@insns)); # rol
634 &movdqa (@Tx[1],@Tx[2]);
640 eval(shift(@insns)); # ror
641 &por (@X[0],@Tx[0]); # "X[0]"<<<=1
647 &pxor (@X[0],@Tx[2]);
649 &movdqa (@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)"); # K_XX_XX
650 eval(shift(@insns)); # rol
654 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2
655 &pshufd (@Tx[1],@X[-1&7],0xee) if ($Xi==7); # was &movdqa (@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
657 foreach (@insns) { eval; } # remaining instructions [if any]
659 $Xi++; push(@X,shift(@X)); # "rotate" X[]
660 push(@Tx,shift(@Tx));
663 sub Xupdate_ssse3_32_79()
666 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
669 eval(shift(@insns)) if ($Xi==8);
670 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
671 eval(shift(@insns)) if ($Xi==8);
672 eval(shift(@insns)); # body_20_39
674 eval(shift(@insns)) if (@insns[1] =~ /_ror/);
675 eval(shift(@insns)) if (@insns[0] =~ /_ror/);
676 &punpcklqdq(@Tx[0],@X[-1&7]); # compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
678 eval(shift(@insns)); # rol
680 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
684 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
685 } else { # ... or load next one
686 &movdqa (@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
688 eval(shift(@insns)); # ror
689 &paddd (@Tx[1],@X[-1&7]);
692 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]"
693 eval(shift(@insns)); # body_20_39
696 eval(shift(@insns)); # rol
697 eval(shift(@insns)) if (@insns[0] =~ /_ror/);
699 &movdqa (@Tx[0],@X[0]);
702 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
703 eval(shift(@insns)); # ror
705 eval(shift(@insns)); # body_20_39
711 eval(shift(@insns)) if (@insns[0] =~ /_rol/);# rol
714 eval(shift(@insns)); # ror
716 &por (@X[0],@Tx[0]); # "X[0]"<<<=2
718 eval(shift(@insns)); # body_20_39
719 eval(shift(@insns)) if (@insns[1] =~ /_rol/);
720 eval(shift(@insns)) if (@insns[0] =~ /_rol/);
721 &pshufd(@Tx[1],@X[-1&7],0xee) if ($Xi<19); # was &movdqa (@Tx[1],@X[0])
723 eval(shift(@insns)); # rol
726 eval(shift(@insns)); # rol
729 foreach (@insns) { eval; } # remaining instructions
731 $Xi++; push(@X,shift(@X)); # "rotate" X[]
732 push(@Tx,shift(@Tx));
735 sub Xuplast_ssse3_80()
738 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
745 &paddd (@Tx[1],@X[-1&7]);
749 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
751 foreach (@insns) { eval; } # remaining instructions
754 &je (".Ldone_ssse3");
756 unshift(@Tx,pop(@Tx));
758 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask
759 &movdqa (@Tx[1],"-64($K_XX_XX)"); # K_00_19
760 &movdqu (@X[-4&7],"0($inp)"); # load input
761 &movdqu (@X[-3&7],"16($inp)");
762 &movdqu (@X[-2&7],"32($inp)");
763 &movdqu (@X[-1&7],"48($inp)");
764 &pshufb (@X[-4&7],@X[2]); # byte swap
773 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
779 &pshufb (@X[($Xi-3)&7],@X[2]);
784 &paddd (@X[($Xi-4)&7],@Tx[1]);
789 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU
794 &psubd (@X[($Xi-4)&7],@Tx[1]);
796 foreach (@insns) { eval; }
803 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
806 foreach (@insns) { eval; }
809 sub body_00_19 () { # ((c^d)&b)^d
810 # on start @T[0]=(c^d)&b
811 return &body_20_39() if ($rx==19); $rx++;
813 '($a,$b,$c,$d,$e)=@V;'.
814 '&$_ror ($b,$j?7:2)', # $b>>>2
816 '&mov (@T[1],$a)', # $b for next round
818 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
819 '&xor ($b,$c)', # $c^$d for next round
823 '&and (@T[1],$b)', # ($b&($c^$d)) for next round
825 '&xor ($b,$c)', # restore $b
826 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
830 sub body_20_39 () { # b^d^c
832 return &body_40_59() if ($rx==39); $rx++;
834 '($a,$b,$c,$d,$e)=@V;'.
835 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
836 '&xor (@T[0],$d) if($j==19);'.
837 '&xor (@T[0],$c) if($j> 19)', # ($b^$d^$c)
838 '&mov (@T[1],$a)', # $b for next round
842 '&xor (@T[1],$c) if ($j< 79)', # $b^$d for next round
844 '&$_ror ($b,7)', # $b>>>2
845 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
849 sub body_40_59 () { # ((b^c)&(c^d))^c
850 # on entry @T[0]=(b^c), (c^=d)
853 '($a,$b,$c,$d,$e)=@V;'.
854 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
855 '&and (@T[0],$c) if ($j>=40)', # (b^c)&(c^d)
856 '&xor ($c,$d) if ($j>=40)', # restore $c
858 '&$_ror ($b,7)', # $b>>>2
859 '&mov (@T[1],$a)', # $b for next round
864 '&xor (@T[1],$c) if ($j==59);'.
865 '&xor (@T[1],$b) if ($j< 59)', # b^c for next round
867 '&xor ($b,$c) if ($j< 59)', # c^d for next round
868 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
875 &Xupdate_ssse3_16_31(\&body_00_19);
876 &Xupdate_ssse3_16_31(\&body_00_19);
877 &Xupdate_ssse3_16_31(\&body_00_19);
878 &Xupdate_ssse3_16_31(\&body_00_19);
879 &Xupdate_ssse3_32_79(\&body_00_19);
880 &Xupdate_ssse3_32_79(\&body_20_39);
881 &Xupdate_ssse3_32_79(\&body_20_39);
882 &Xupdate_ssse3_32_79(\&body_20_39);
883 &Xupdate_ssse3_32_79(\&body_20_39);
884 &Xupdate_ssse3_32_79(\&body_20_39);
885 &Xupdate_ssse3_32_79(\&body_40_59);
886 &Xupdate_ssse3_32_79(\&body_40_59);
887 &Xupdate_ssse3_32_79(\&body_40_59);
888 &Xupdate_ssse3_32_79(\&body_40_59);
889 &Xupdate_ssse3_32_79(\&body_40_59);
890 &Xupdate_ssse3_32_79(\&body_20_39);
891 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done"
893 $saved_j=$j; @saved_V=@V;
895 &Xloop_ssse3(\&body_20_39);
896 &Xloop_ssse3(\&body_20_39);
897 &Xloop_ssse3(\&body_20_39);
900 add 0($ctx),$A # update context
907 mov @T[0],$B # magic seed
919 $j=$saved_j; @V=@saved_V;
921 &Xtail_ssse3(\&body_20_39);
922 &Xtail_ssse3(\&body_20_39);
923 &Xtail_ssse3(\&body_20_39);
926 add 0($ctx),$A # update context
937 $code.=<<___ if ($win64);
938 movaps -40-6*16($fp),%xmm6
939 movaps -40-5*16($fp),%xmm7
940 movaps -40-4*16($fp),%xmm8
941 movaps -40-3*16($fp),%xmm9
942 movaps -40-2*16($fp),%xmm10
943 movaps -40-1*16($fp),%xmm11
957 .cfi_def_cfa_register %rsp
961 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
965 $Xi=4; # reset variables
966 @X=map("%xmm$_",(4..7,0..3));
967 @Tx=map("%xmm$_",(8..10));
971 my $done_avx_label=".Ldone_avx";
973 my $_rol=sub { &shld(@_[0],@_) };
974 my $_ror=sub { &shrd(@_[0],@_) };
977 .type sha1_block_data_order_avx,\@function,3
979 sha1_block_data_order_avx:
983 .cfi_def_cfa_register $fp
990 push %r13 # redundant, done to share Win64 SE handler
994 lea `-64-($win64?6*16:0)`(%rsp),%rsp
997 $code.=<<___ if ($win64);
998 vmovaps %xmm6,-40-6*16($fp)
999 vmovaps %xmm7,-40-5*16($fp)
1000 vmovaps %xmm8,-40-4*16($fp)
1001 vmovaps %xmm9,-40-3*16($fp)
1002 vmovaps %xmm10,-40-2*16($fp)
1003 vmovaps %xmm11,-40-1*16($fp)
1008 mov %rdi,$ctx # reassigned argument
1009 mov %rsi,$inp # reassigned argument
1010 mov %rdx,$num # reassigned argument
1014 lea K_XX_XX+64(%rip),$K_XX_XX
1016 mov 0($ctx),$A # load context
1020 mov $B,@T[0] # magic seed
1026 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask
1027 vmovdqa -64($K_XX_XX),$Kx # K_00_19
1028 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
1029 vmovdqu 16($inp),@X[-3&7]
1030 vmovdqu 32($inp),@X[-2&7]
1031 vmovdqu 48($inp),@X[-1&7]
1032 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
1034 vpshufb @X[2],@X[-3&7],@X[-3&7]
1035 vpshufb @X[2],@X[-2&7],@X[-2&7]
1036 vpshufb @X[2],@X[-1&7],@X[-1&7]
1037 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
1038 vpaddd $Kx,@X[-3&7],@X[1]
1039 vpaddd $Kx,@X[-2&7],@X[2]
1040 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU
1041 vmovdqa @X[1],16(%rsp)
1042 vmovdqa @X[2],32(%rsp)
1046 sub Xupdate_avx_16_31() # recall that $Xi starts with 4
1049 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
1050 my ($a,$b,$c,$d,$e);
1052 eval(shift(@insns));
1053 eval(shift(@insns));
1054 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1055 eval(shift(@insns));
1056 eval(shift(@insns));
1058 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1059 eval(shift(@insns));
1060 eval(shift(@insns));
1061 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1062 eval(shift(@insns));
1063 eval(shift(@insns));
1064 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1065 eval(shift(@insns));
1066 eval(shift(@insns));
1068 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1069 eval(shift(@insns));
1070 eval(shift(@insns));
1071 eval(shift(@insns));
1072 eval(shift(@insns));
1074 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1075 eval(shift(@insns));
1076 eval(shift(@insns));
1077 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1078 eval(shift(@insns));
1079 eval(shift(@insns));
1081 &vpsrld (@Tx[0],@X[0],31);
1082 eval(shift(@insns));
1083 eval(shift(@insns));
1084 eval(shift(@insns));
1085 eval(shift(@insns));
1087 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1088 &vpaddd (@X[0],@X[0],@X[0]);
1089 eval(shift(@insns));
1090 eval(shift(@insns));
1091 eval(shift(@insns));
1092 eval(shift(@insns));
1094 &vpsrld (@Tx[1],@Tx[2],30);
1095 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1096 eval(shift(@insns));
1097 eval(shift(@insns));
1098 eval(shift(@insns));
1099 eval(shift(@insns));
1101 &vpslld (@Tx[2],@Tx[2],2);
1102 &vpxor (@X[0],@X[0],@Tx[1]);
1103 eval(shift(@insns));
1104 eval(shift(@insns));
1105 eval(shift(@insns));
1106 eval(shift(@insns));
1108 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1109 eval(shift(@insns));
1110 eval(shift(@insns));
1111 &vmovdqa ($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1112 eval(shift(@insns));
1113 eval(shift(@insns));
1116 foreach (@insns) { eval; } # remaining instructions [if any]
1118 $Xi++; push(@X,shift(@X)); # "rotate" X[]
1121 sub Xupdate_avx_32_79()
1124 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
1125 my ($a,$b,$c,$d,$e);
1127 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
1128 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
1129 eval(shift(@insns)); # body_20_39
1130 eval(shift(@insns));
1131 eval(shift(@insns));
1132 eval(shift(@insns)); # rol
1134 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
1135 eval(shift(@insns));
1136 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
1137 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1138 &vmovdqa ($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
1139 eval(shift(@insns)); # ror
1140 eval(shift(@insns));
1142 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
1143 eval(shift(@insns)); # body_20_39
1144 eval(shift(@insns));
1145 eval(shift(@insns));
1146 eval(shift(@insns)); # rol
1148 &vpsrld (@Tx[0],@X[0],30);
1149 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1150 eval(shift(@insns));
1151 eval(shift(@insns));
1152 eval(shift(@insns)); # ror
1153 eval(shift(@insns));
1155 &vpslld (@X[0],@X[0],2);
1156 eval(shift(@insns)); # body_20_39
1157 eval(shift(@insns));
1158 eval(shift(@insns));
1159 eval(shift(@insns)); # rol
1160 eval(shift(@insns));
1161 eval(shift(@insns));
1162 eval(shift(@insns)); # ror
1163 eval(shift(@insns));
1165 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
1166 eval(shift(@insns)); # body_20_39
1167 eval(shift(@insns));
1168 eval(shift(@insns));
1169 eval(shift(@insns)); # rol
1170 eval(shift(@insns));
1171 eval(shift(@insns));
1172 eval(shift(@insns)); # rol
1173 eval(shift(@insns));
1175 foreach (@insns) { eval; } # remaining instructions
1177 $Xi++; push(@X,shift(@X)); # "rotate" X[]
1180 sub Xuplast_avx_80()
1183 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1184 my ($a,$b,$c,$d,$e);
1186 eval(shift(@insns));
1187 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1188 eval(shift(@insns));
1189 eval(shift(@insns));
1190 eval(shift(@insns));
1191 eval(shift(@insns));
1193 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
1195 foreach (@insns) { eval; } # remaining instructions
1198 &je ($done_avx_label);
1200 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask
1201 &vmovdqa($Kx,"-64($K_XX_XX)"); # K_00_19
1202 &vmovdqu(@X[-4&7],"0($inp)"); # load input
1203 &vmovdqu(@X[-3&7],"16($inp)");
1204 &vmovdqu(@X[-2&7],"32($inp)");
1205 &vmovdqu(@X[-1&7],"48($inp)");
1206 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap
1215 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1216 my ($a,$b,$c,$d,$e);
1218 eval(shift(@insns));
1219 eval(shift(@insns));
1220 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
1221 eval(shift(@insns));
1222 eval(shift(@insns));
1223 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],$Kx);
1224 eval(shift(@insns));
1225 eval(shift(@insns));
1226 eval(shift(@insns));
1227 eval(shift(@insns));
1228 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU
1229 eval(shift(@insns));
1230 eval(shift(@insns));
1232 foreach (@insns) { eval; }
1239 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1240 my ($a,$b,$c,$d,$e);
1242 foreach (@insns) { eval; }
1249 &Xupdate_avx_16_31(\&body_00_19);
1250 &Xupdate_avx_16_31(\&body_00_19);
1251 &Xupdate_avx_16_31(\&body_00_19);
1252 &Xupdate_avx_16_31(\&body_00_19);
1253 &Xupdate_avx_32_79(\&body_00_19);
1254 &Xupdate_avx_32_79(\&body_20_39);
1255 &Xupdate_avx_32_79(\&body_20_39);
1256 &Xupdate_avx_32_79(\&body_20_39);
1257 &Xupdate_avx_32_79(\&body_20_39);
1258 &Xupdate_avx_32_79(\&body_20_39);
1259 &Xupdate_avx_32_79(\&body_40_59);
1260 &Xupdate_avx_32_79(\&body_40_59);
1261 &Xupdate_avx_32_79(\&body_40_59);
1262 &Xupdate_avx_32_79(\&body_40_59);
1263 &Xupdate_avx_32_79(\&body_40_59);
1264 &Xupdate_avx_32_79(\&body_20_39);
1265 &Xuplast_avx_80(\&body_20_39); # can jump to "done"
1267 $saved_j=$j; @saved_V=@V;
1269 &Xloop_avx(\&body_20_39);
1270 &Xloop_avx(\&body_20_39);
1271 &Xloop_avx(\&body_20_39);
1274 add 0($ctx),$A # update context
1281 mov @T[0],$B # magic seed
1293 $j=$saved_j; @V=@saved_V;
1295 &Xtail_avx(\&body_20_39);
1296 &Xtail_avx(\&body_20_39);
1297 &Xtail_avx(\&body_20_39);
1302 add 0($ctx),$A # update context
1313 $code.=<<___ if ($win64);
1314 movaps -40-6*16($fp),%xmm6
1315 movaps -40-5*16($fp),%xmm7
1316 movaps -40-4*16($fp),%xmm8
1317 movaps -40-3*16($fp),%xmm9
1318 movaps -40-2*16($fp),%xmm10
1319 movaps -40-1*16($fp),%xmm11
1333 .cfi_def_cfa_register %rsp
1337 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
1342 $Xi=4; # reset variables
1343 @X=map("%ymm$_",(4..7,0..3));
1344 @Tx=map("%ymm$_",(8..10));
1348 my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi");
1349 my ($a5,$t0)=("%r12d","%edi");
1351 my ($A,$F,$B,$C,$D,$E)=@ROTX;
1356 .type sha1_block_data_order_avx2,\@function,3
1358 sha1_block_data_order_avx2:
1362 .cfi_def_cfa_register $fp
1375 $code.=<<___ if ($win64);
1376 lea -6*16(%rsp),%rsp
1377 vmovaps %xmm6,-40-6*16($fp)
1378 vmovaps %xmm7,-40-5*16($fp)
1379 vmovaps %xmm8,-40-4*16($fp)
1380 vmovaps %xmm9,-40-3*16($fp)
1381 vmovaps %xmm10,-40-2*16($fp)
1382 vmovaps %xmm11,-40-1*16($fp)
1386 mov %rdi,$ctx # reassigned argument
1387 mov %rsi,$inp # reassigned argument
1388 mov %rdx,$num # reassigned argument
1395 lea K_XX_XX+64(%rip),$K_XX_XX
1397 mov 0($ctx),$A # load context
1399 cmovae $inp,$frame # next or same block
1404 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1406 vmovdqu ($inp),%xmm0
1407 vmovdqu 16($inp),%xmm1
1408 vmovdqu 32($inp),%xmm2
1409 vmovdqu 48($inp),%xmm3
1411 vinserti128 \$1,($frame),@X[-4&7],@X[-4&7]
1412 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1413 vpshufb @X[2],@X[-4&7],@X[-4&7]
1414 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1415 vpshufb @X[2],@X[-3&7],@X[-3&7]
1416 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1417 vpshufb @X[2],@X[-2&7],@X[-2&7]
1418 vmovdqu -64($K_XX_XX),$Kx # K_00_19
1419 vpshufb @X[2],@X[-1&7],@X[-1&7]
1421 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
1422 vpaddd $Kx,@X[-3&7],@X[1]
1423 vmovdqu @X[0],0(%rsp) # X[]+K xfer to IALU
1424 vpaddd $Kx,@X[-2&7],@X[2]
1425 vmovdqu @X[1],32(%rsp)
1426 vpaddd $Kx,@X[-1&7],@X[3]
1427 vmovdqu @X[2],64(%rsp)
1428 vmovdqu @X[3],96(%rsp)
1430 for (;$Xi<8;$Xi++) { # Xupdate_avx2_16_31
1433 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1434 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1435 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1436 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1437 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1438 &vpsrld (@Tx[0],@X[0],31);
1439 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1440 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1441 &vpaddd (@X[0],@X[0],@X[0]);
1442 &vpsrld (@Tx[1],@Tx[2],30);
1443 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1444 &vpslld (@Tx[2],@Tx[2],2);
1445 &vpxor (@X[0],@X[0],@Tx[1]);
1446 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1447 &vpaddd (@Tx[1],@X[0],$Kx);
1448 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1450 push(@X,shift(@X)); # "rotate" X[]
1453 lea 128(%rsp),$frame
1462 sub bodyx_00_19 () { # 8 instructions, 3 cycles critical path
1463 # at start $f=(b&c)^(~b&d), $b>>>=2
1464 return &bodyx_20_39() if ($rx==19); $rx++;
1466 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1468 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1469 '&lea ($frame,"256($frame)") if ($j%32==31);',
1470 '&andn ($t0,$a,$c)', # ~b&d for next round
1472 '&add ($e,$f)', # e+=(b&c)^(~b&d)
1473 '&rorx ($a5,$a,27)', # a<<<5
1474 '&rorx ($f,$a,2)', # b>>>2 for next round
1475 '&and ($a,$b)', # b&c for next round
1477 '&add ($e,$a5)', # e+=a<<<5
1478 '&xor ($a,$t0);'. # f=(b&c)^(~b&d) for next round
1480 'unshift(@ROTX,pop(@ROTX)); $j++;'
1484 sub bodyx_20_39 () { # 7 instructions, 2 cycles critical path
1485 # on entry $f=b^c^d, $b>>>=2
1486 return &bodyx_40_59() if ($rx==39); $rx++;
1488 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1490 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1491 '&lea ($frame,"256($frame)") if ($j%32==31);',
1493 '&lea ($e,"($e,$f)")', # e+=b^c^d
1494 '&rorx ($a5,$a,27)', # a<<<5
1495 '&rorx ($f,$a,2) if ($j<79)', # b>>>2 in next round
1496 '&xor ($a,$b) if ($j<79)', # b^c for next round
1498 '&add ($e,$a5)', # e+=a<<<5
1499 '&xor ($a,$c) if ($j<79);'. # f=b^c^d for next round
1501 'unshift(@ROTX,pop(@ROTX)); $j++;'
1505 sub bodyx_40_59 () { # 10 instructions, 3 cycles critical path
1506 # on entry $f=((b^c)&(c^d)), $b>>>=2
1509 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1511 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1512 '&lea ($frame,"256($frame)") if ($j%32==31);',
1513 '&xor ($f,$c) if ($j>39)', # (b^c)&(c^d)^c
1514 '&mov ($t0,$b) if ($j<59)', # count on zero latency
1515 '&xor ($t0,$c) if ($j<59)', # c^d for next round
1517 '&lea ($e,"($e,$f)")', # e+=(b^c)&(c^d)^c
1518 '&rorx ($a5,$a,27)', # a<<<5
1519 '&rorx ($f,$a,2)', # b>>>2 in next round
1520 '&xor ($a,$b)', # b^c for next round
1522 '&add ($e,$a5)', # e+=a<<<5
1523 '&and ($a,$t0) if ($j< 59);'. # f=(b^c)&(c^d) for next round
1524 '&xor ($a,$c) if ($j==59);'. # f=b^c^d for next round
1526 'unshift(@ROTX,pop(@ROTX)); $j++;'
1530 sub Xupdate_avx2_16_31() # recall that $Xi starts with 4
1533 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 instructions
1534 my ($a,$b,$c,$d,$e);
1536 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1537 eval(shift(@insns));
1538 eval(shift(@insns));
1539 eval(shift(@insns));
1540 eval(shift(@insns));
1542 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1543 eval(shift(@insns));
1544 eval(shift(@insns));
1545 eval(shift(@insns));
1547 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1548 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1549 eval(shift(@insns));
1550 eval(shift(@insns));
1552 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1553 eval(shift(@insns));
1554 eval(shift(@insns));
1555 eval(shift(@insns));
1556 eval(shift(@insns));
1558 &vpsrld (@Tx[0],@X[0],31);
1559 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1560 eval(shift(@insns));
1561 eval(shift(@insns));
1562 eval(shift(@insns));
1564 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1565 &vpaddd (@X[0],@X[0],@X[0]);
1566 eval(shift(@insns));
1567 eval(shift(@insns));
1569 &vpsrld (@Tx[1],@Tx[2],30);
1570 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1571 eval(shift(@insns));
1572 eval(shift(@insns));
1574 &vpslld (@Tx[2],@Tx[2],2);
1575 &vpxor (@X[0],@X[0],@Tx[1]);
1576 eval(shift(@insns));
1577 eval(shift(@insns));
1579 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1580 eval(shift(@insns));
1581 eval(shift(@insns));
1582 eval(shift(@insns));
1584 &vpaddd (@Tx[1],@X[0],$Kx);
1585 eval(shift(@insns));
1586 eval(shift(@insns));
1587 eval(shift(@insns));
1588 &vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1590 foreach (@insns) { eval; } # remaining instructions [if any]
1593 push(@X,shift(@X)); # "rotate" X[]
1596 sub Xupdate_avx2_32_79()
1599 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 to 50 instructions
1600 my ($a,$b,$c,$d,$e);
1602 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
1603 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
1604 eval(shift(@insns));
1605 eval(shift(@insns));
1607 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
1608 &vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
1609 eval(shift(@insns));
1610 eval(shift(@insns));
1611 eval(shift(@insns));
1613 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
1614 eval(shift(@insns));
1615 eval(shift(@insns));
1616 eval(shift(@insns));
1618 &vpsrld (@Tx[0],@X[0],30);
1619 &vpslld (@X[0],@X[0],2);
1620 eval(shift(@insns));
1621 eval(shift(@insns));
1622 eval(shift(@insns));
1624 #&vpslld (@X[0],@X[0],2);
1625 eval(shift(@insns));
1626 eval(shift(@insns));
1627 eval(shift(@insns));
1629 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
1630 eval(shift(@insns));
1631 eval(shift(@insns));
1632 eval(shift(@insns));
1633 eval(shift(@insns));
1635 &vpaddd (@Tx[1],@X[0],$Kx);
1636 eval(shift(@insns));
1637 eval(shift(@insns));
1638 eval(shift(@insns));
1639 eval(shift(@insns));
1641 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1643 foreach (@insns) { eval; } # remaining instructions
1646 push(@X,shift(@X)); # "rotate" X[]
1652 my @insns = (&$body,&$body,&$body,&$body,&$body); # 32 instructions
1653 my ($a,$b,$c,$d,$e);
1655 foreach (@insns) { eval; }
1659 &Xupdate_avx2_32_79(\&bodyx_00_19);
1660 &Xupdate_avx2_32_79(\&bodyx_00_19);
1661 &Xupdate_avx2_32_79(\&bodyx_00_19);
1662 &Xupdate_avx2_32_79(\&bodyx_00_19);
1664 &Xupdate_avx2_32_79(\&bodyx_20_39);
1665 &Xupdate_avx2_32_79(\&bodyx_20_39);
1666 &Xupdate_avx2_32_79(\&bodyx_20_39);
1667 &Xupdate_avx2_32_79(\&bodyx_20_39);
1670 &Xupdate_avx2_32_79(\&bodyx_40_59);
1671 &Xupdate_avx2_32_79(\&bodyx_40_59);
1672 &Xupdate_avx2_32_79(\&bodyx_40_59);
1673 &Xupdate_avx2_32_79(\&bodyx_40_59);
1675 &Xloop_avx2(\&bodyx_20_39);
1676 &Xloop_avx2(\&bodyx_20_39);
1677 &Xloop_avx2(\&bodyx_20_39);
1678 &Xloop_avx2(\&bodyx_20_39);
1681 lea 128($inp),$frame
1682 lea 128($inp),%rdi # borrow $t0
1684 cmovae $inp,$frame # next or previous block
1686 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1687 add 0($ctx),@ROTX[0] # update context
1688 add 4($ctx),@ROTX[1]
1689 add 8($ctx),@ROTX[3]
1690 mov @ROTX[0],0($ctx)
1691 add 12($ctx),@ROTX[4]
1692 mov @ROTX[1],4($ctx)
1693 mov @ROTX[0],$A # A=d
1694 add 16($ctx),@ROTX[5]
1696 mov @ROTX[3],8($ctx)
1697 mov @ROTX[4],$D # D=b
1698 #xchg @ROTX[5],$F # F=c, C=f
1699 mov @ROTX[4],12($ctx)
1700 mov @ROTX[1],$F # F=e
1701 mov @ROTX[5],16($ctx)
1703 mov @ROTX[5],$E # E=c
1705 #xchg $F,$E # E=c, F=e
1711 $Xi=4; # reset variables
1712 @X=map("%ymm$_",(4..7,0..3));
1715 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1716 cmp $num,%rdi # borrowed $t0
1719 vmovdqu -64(%rdi),%xmm0 # low part of @X[-4&7]
1720 vmovdqu -48(%rdi),%xmm1
1721 vmovdqu -32(%rdi),%xmm2
1722 vmovdqu -16(%rdi),%xmm3
1723 vinserti128 \$1,0($frame),@X[-4&7],@X[-4&7]
1724 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1725 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1726 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1731 lea 128+16(%rsp),$frame
1738 $rx=$j=0; @ROTX=($A,$F,$B,$C,$D,$E);
1740 &Xloop_avx2 (\&bodyx_00_19);
1741 &Xloop_avx2 (\&bodyx_00_19);
1742 &Xloop_avx2 (\&bodyx_00_19);
1743 &Xloop_avx2 (\&bodyx_00_19);
1745 &Xloop_avx2 (\&bodyx_20_39);
1746 &vmovdqu ($Kx,"-64($K_XX_XX)"); # K_00_19
1747 &vpshufb (@X[-4&7],@X[-4&7],@X[2]); # byte swap
1748 &Xloop_avx2 (\&bodyx_20_39);
1749 &vpshufb (@X[-3&7],@X[-3&7],@X[2]);
1750 &vpaddd (@Tx[0],@X[-4&7],$Kx); # add K_00_19
1751 &Xloop_avx2 (\&bodyx_20_39);
1752 &vmovdqu ("0(%rsp)",@Tx[0]);
1753 &vpshufb (@X[-2&7],@X[-2&7],@X[2]);
1754 &vpaddd (@Tx[1],@X[-3&7],$Kx);
1755 &Xloop_avx2 (\&bodyx_20_39);
1756 &vmovdqu ("32(%rsp)",@Tx[1]);
1757 &vpshufb (@X[-1&7],@X[-1&7],@X[2]);
1758 &vpaddd (@X[2],@X[-2&7],$Kx);
1760 &Xloop_avx2 (\&bodyx_40_59);
1762 &vmovdqu ("64(%rsp)",@X[2]);
1763 &vpaddd (@X[3],@X[-1&7],$Kx);
1764 &Xloop_avx2 (\&bodyx_40_59);
1765 &vmovdqu ("96(%rsp)",@X[3]);
1766 &Xloop_avx2 (\&bodyx_40_59);
1767 &Xupdate_avx2_16_31(\&bodyx_40_59);
1769 &Xupdate_avx2_16_31(\&bodyx_20_39);
1770 &Xupdate_avx2_16_31(\&bodyx_20_39);
1771 &Xupdate_avx2_16_31(\&bodyx_20_39);
1772 &Xloop_avx2 (\&bodyx_20_39);
1775 lea 128(%rsp),$frame
1777 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1778 add 0($ctx),@ROTX[0] # update context
1779 add 4($ctx),@ROTX[1]
1780 add 8($ctx),@ROTX[3]
1781 mov @ROTX[0],0($ctx)
1782 add 12($ctx),@ROTX[4]
1783 mov @ROTX[1],4($ctx)
1784 mov @ROTX[0],$A # A=d
1785 add 16($ctx),@ROTX[5]
1787 mov @ROTX[3],8($ctx)
1788 mov @ROTX[4],$D # D=b
1789 #xchg @ROTX[5],$F # F=c, C=f
1790 mov @ROTX[4],12($ctx)
1791 mov @ROTX[1],$F # F=e
1792 mov @ROTX[5],16($ctx)
1794 mov @ROTX[5],$E # E=c
1796 #xchg $F,$E # E=c, F=e
1804 $code.=<<___ if ($win64);
1805 movaps -40-6*16($fp),%xmm6
1806 movaps -40-5*16($fp),%xmm7
1807 movaps -40-4*16($fp),%xmm8
1808 movaps -40-3*16($fp),%xmm9
1809 movaps -40-2*16($fp),%xmm10
1810 movaps -40-1*16($fp),%xmm11
1824 .cfi_def_cfa_register %rsp
1828 .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
1835 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1836 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1837 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1838 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1839 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1840 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1841 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1842 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1843 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1844 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1845 .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
1849 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1853 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1854 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1862 .extern __imp_RtlVirtualUnwind
1863 .type se_handler,\@abi-omnipotent
1877 mov 120($context),%rax # pull context->Rax
1878 mov 248($context),%rbx # pull context->Rip
1880 lea .Lprologue(%rip),%r10
1881 cmp %r10,%rbx # context->Rip<.Lprologue
1882 jb .Lcommon_seh_tail
1884 mov 152($context),%rax # pull context->Rsp
1886 lea .Lepilogue(%rip),%r10
1887 cmp %r10,%rbx # context->Rip>=.Lepilogue
1888 jae .Lcommon_seh_tail
1890 mov `16*4`(%rax),%rax # pull saved stack pointer
1897 mov %rbx,144($context) # restore context->Rbx
1898 mov %rbp,160($context) # restore context->Rbp
1899 mov %r12,216($context) # restore context->R12
1900 mov %r13,224($context) # restore context->R13
1901 mov %r14,232($context) # restore context->R14
1903 jmp .Lcommon_seh_tail
1904 .size se_handler,.-se_handler
1907 $code.=<<___ if ($shaext);
1908 .type shaext_handler,\@abi-omnipotent
1922 mov 120($context),%rax # pull context->Rax
1923 mov 248($context),%rbx # pull context->Rip
1925 lea .Lprologue_shaext(%rip),%r10
1926 cmp %r10,%rbx # context->Rip<.Lprologue
1927 jb .Lcommon_seh_tail
1929 lea .Lepilogue_shaext(%rip),%r10
1930 cmp %r10,%rbx # context->Rip>=.Lepilogue
1931 jae .Lcommon_seh_tail
1933 lea -8-4*16(%rax),%rsi
1934 lea 512($context),%rdi # &context.Xmm6
1936 .long 0xa548f3fc # cld; rep movsq
1938 jmp .Lcommon_seh_tail
1939 .size shaext_handler,.-shaext_handler
1943 .type ssse3_handler,\@abi-omnipotent
1957 mov 120($context),%rax # pull context->Rax
1958 mov 248($context),%rbx # pull context->Rip
1960 mov 8($disp),%rsi # disp->ImageBase
1961 mov 56($disp),%r11 # disp->HandlerData
1963 mov 0(%r11),%r10d # HandlerData[0]
1964 lea (%rsi,%r10),%r10 # prologue label
1965 cmp %r10,%rbx # context->Rip<prologue label
1966 jb .Lcommon_seh_tail
1968 mov 208($context),%rax # pull context->R11
1970 mov 4(%r11),%r10d # HandlerData[1]
1971 lea (%rsi,%r10),%r10 # epilogue label
1972 cmp %r10,%rbx # context->Rip>=epilogue label
1973 jae .Lcommon_seh_tail
1975 lea -40-6*16(%rax),%rsi
1976 lea 512($context),%rdi # &context.Xmm6
1978 .long 0xa548f3fc # cld; rep movsq
1985 mov %rbx,144($context) # restore context->Rbx
1986 mov %rbp,160($context) # restore context->Rbp
1987 mov %r12,216($context) # restore cotnext->R12
1988 mov %r13,224($context) # restore cotnext->R13
1989 mov %r14,232($context) # restore cotnext->R14
1994 mov %rax,152($context) # restore context->Rsp
1995 mov %rsi,168($context) # restore context->Rsi
1996 mov %rdi,176($context) # restore context->Rdi
1998 mov 40($disp),%rdi # disp->ContextRecord
1999 mov $context,%rsi # context
2000 mov \$154,%ecx # sizeof(CONTEXT)
2001 .long 0xa548f3fc # cld; rep movsq
2004 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
2005 mov 8(%rsi),%rdx # arg2, disp->ImageBase
2006 mov 0(%rsi),%r8 # arg3, disp->ControlPc
2007 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
2008 mov 40(%rsi),%r10 # disp->ContextRecord
2009 lea 56(%rsi),%r11 # &disp->HandlerData
2010 lea 24(%rsi),%r12 # &disp->EstablisherFrame
2011 mov %r10,32(%rsp) # arg5
2012 mov %r11,40(%rsp) # arg6
2013 mov %r12,48(%rsp) # arg7
2014 mov %rcx,56(%rsp) # arg8, (NULL)
2015 call *__imp_RtlVirtualUnwind(%rip)
2017 mov \$1,%eax # ExceptionContinueSearch
2029 .size ssse3_handler,.-ssse3_handler
2033 .rva .LSEH_begin_sha1_block_data_order
2034 .rva .LSEH_end_sha1_block_data_order
2035 .rva .LSEH_info_sha1_block_data_order
2037 $code.=<<___ if ($shaext);
2038 .rva .LSEH_begin_sha1_block_data_order_shaext
2039 .rva .LSEH_end_sha1_block_data_order_shaext
2040 .rva .LSEH_info_sha1_block_data_order_shaext
2043 .rva .LSEH_begin_sha1_block_data_order_ssse3
2044 .rva .LSEH_end_sha1_block_data_order_ssse3
2045 .rva .LSEH_info_sha1_block_data_order_ssse3
2047 $code.=<<___ if ($avx);
2048 .rva .LSEH_begin_sha1_block_data_order_avx
2049 .rva .LSEH_end_sha1_block_data_order_avx
2050 .rva .LSEH_info_sha1_block_data_order_avx
2052 $code.=<<___ if ($avx>1);
2053 .rva .LSEH_begin_sha1_block_data_order_avx2
2054 .rva .LSEH_end_sha1_block_data_order_avx2
2055 .rva .LSEH_info_sha1_block_data_order_avx2
2060 .LSEH_info_sha1_block_data_order:
2064 $code.=<<___ if ($shaext);
2065 .LSEH_info_sha1_block_data_order_shaext:
2070 .LSEH_info_sha1_block_data_order_ssse3:
2073 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[]
2075 $code.=<<___ if ($avx);
2076 .LSEH_info_sha1_block_data_order_avx:
2079 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[]
2081 $code.=<<___ if ($avx>1);
2082 .LSEH_info_sha1_block_data_order_avx2:
2085 .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[]
2089 ####################################################################
2092 if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-7]),\s*%xmm([0-7])/) {
2093 my @opcode=(0x0f,0x3a,0xcc);
2094 push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
2096 push @opcode,$c=~/^0/?oct($c):$c;
2097 return ".byte\t".join(',',@opcode);
2099 return "sha1rnds4\t".@_[0];
2106 "sha1nexte" => 0xc8,
2108 "sha1msg2" => 0xca );
2110 if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
2111 my @opcode=(0x0f,0x38);
2113 $rex|=0x04 if ($2>=8);
2114 $rex|=0x01 if ($1>=8);
2115 unshift @opcode,0x40|$rex if ($rex);
2116 push @opcode,$opcodelet{$instr};
2117 push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M
2118 return ".byte\t".join(',',@opcode);
2120 return $instr."\t".@_[0];
2124 foreach (split("\n",$code)) {
2125 s/\`([^\`]*)\`/eval $1/geo;
2127 s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo or
2128 s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo;
projects / openssl.git / blob