2 # Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
17 # sha1_block procedure for x86_64.
19 # It was brought to my attention that on EM64T compiler-generated code
20 # was far behind 32-bit assembler implementation. This is unlike on
21 # Opteron where compiler-generated code was only 15% behind 32-bit
22 # assembler, which originally made it hard to motivate the effort.
23 # There was suggestion to mechanically translate 32-bit code, but I
24 # dismissed it, reasoning that x86_64 offers enough register bank
25 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
26 # implementation:-) However! While 64-bit code does perform better
27 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
28 # x86_64 does offer larger *addressable* bank, but out-of-order core
29 # reaches for even more registers through dynamic aliasing, and EM64T
30 # core must have managed to run-time optimize even 32-bit code just as
31 # good as 64-bit one. Performance improvement is summarized in the
34 # gcc 3.4 32-bit asm cycles/byte
35 # Opteron +45% +20% 6.8
36 # Xeon P4 +65% +0% 9.9
41 # The code was revised to minimize code size and to maximize
42 # "distance" between instructions producing input to 'lea'
43 # instruction and the 'lea' instruction itself, which is essential
44 # for Intel Atom core.
48 # Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
49 # is to offload message schedule denoted by Wt in NIST specification,
50 # or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
51 # for background and implementation details. The only difference from
52 # 32-bit code is that 64-bit code doesn't have to spill @X[] elements
53 # to free temporary registers.
57 # Add AVX code path. See sha1-586.pl for further information.
61 # Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions
62 # and loading pair of consecutive blocks to 256-bit %ymm registers)
63 # did not provide impressive performance improvement till a crucial
64 # hint regarding the number of Xupdate iterations to pre-compute in
65 # advance was provided by Ilya Albrekht of Intel Corp.
69 # Add support for Intel SHA Extensions.
71 ######################################################################
72 # Current performance is summarized in following table. Numbers are
73 # CPU clock cycles spent to process single byte (less is better).
78 # Core2 6.55 6.05/+8% -
79 # Westmere 6.73 5.30/+27% -
80 # Sandy Bridge 7.70 6.10/+26% 4.99/+54%
81 # Ivy Bridge 6.06 4.67/+30% 4.60/+32%
82 # Haswell 5.45 4.15/+31% 3.57/+53%
83 # Skylake 5.18 4.06/+28% 3.54/+46%
84 # Bulldozer 9.11 5.95/+53%
85 # VIA Nano 9.32 7.15/+30%
87 # Silvermont 13.1(*) 9.37/+40%
88 # Goldmont 8.13 6.42/+27% 1.70/+380%(**)
90 # (*) obviously suboptimal result, nothing was done about it,
91 # because SSSE3 code is compiled unconditionally;
96 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
98 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
100 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
101 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
102 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
103 die "can't locate x86_64-xlate.pl";
105 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
106 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
107 $avx = ($1>=2.19) + ($1>=2.22);
110 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
111 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
112 $avx = ($1>=2.09) + ($1>=2.10);
115 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
116 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
117 $avx = ($1>=10) + ($1>=11);
120 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
121 $avx = ($2>=3.0) + ($2>3.0);
124 $shaext=1; ### set to zero if compiling for 1.0.1
125 $avx=1 if (!$shaext && $avx);
127 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
130 $ctx="%rdi"; # 1st arg
131 $inp="%rsi"; # 2nd arg
132 $num="%rdx"; # 3rd arg
134 # reassign arguments in order to produce more compact code
142 @xi=("%edx","%ebp","%r14d");
152 my ($i,$a,$b,$c,$d,$e)=@_;
154 $code.=<<___ if ($i==0);
155 mov `4*$i`($inp),$xi[0]
158 $code.=<<___ if ($i<15);
159 mov `4*$j`($inp),$xi[1]
161 mov $xi[0],`4*$i`(%rsp)
167 lea 0x5a827999($xi[0],$e),$e
173 $code.=<<___ if ($i>=15);
174 xor `4*($j%16)`(%rsp),$xi[1]
176 mov $xi[0],`4*($i%16)`(%rsp)
178 xor `4*(($j+2)%16)`(%rsp),$xi[1]
181 xor `4*(($j+8)%16)`(%rsp),$xi[1]
183 lea 0x5a827999($xi[0],$e),$e
190 push(@xi,shift(@xi));
194 my ($i,$a,$b,$c,$d,$e)=@_;
196 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
197 $code.=<<___ if ($i<79);
198 xor `4*($j%16)`(%rsp),$xi[1]
200 `"mov $xi[0],".4*($i%16)."(%rsp)" if ($i<72)`
202 xor `4*(($j+2)%16)`(%rsp),$xi[1]
205 xor `4*(($j+8)%16)`(%rsp),$xi[1]
213 $code.=<<___ if ($i==79);
224 push(@xi,shift(@xi));
228 my ($i,$a,$b,$c,$d,$e)=@_;
231 xor `4*($j%16)`(%rsp),$xi[1]
233 mov $xi[0],`4*($i%16)`(%rsp)
235 xor `4*(($j+2)%16)`(%rsp),$xi[1]
238 xor `4*(($j+8)%16)`(%rsp),$xi[1]
239 lea 0x8f1bbcdc($xi[0],$e),$e
249 push(@xi,shift(@xi));
254 .extern OPENSSL_ia32cap_P
256 .globl sha1_block_data_order
257 .type sha1_block_data_order,\@function,3
259 sha1_block_data_order:
260 mov OPENSSL_ia32cap_P+0(%rip),%r9d
261 mov OPENSSL_ia32cap_P+4(%rip),%r8d
262 mov OPENSSL_ia32cap_P+8(%rip),%r10d
263 test \$`1<<9`,%r8d # check SSSE3 bit
266 $code.=<<___ if ($shaext);
267 test \$`1<<29`,%r10d # check SHA bit
270 $code.=<<___ if ($avx>1);
271 and \$`1<<3|1<<5|1<<8`,%r10d # check AVX2+BMI1+BMI2
272 cmp \$`1<<3|1<<5|1<<8`,%r10d
275 $code.=<<___ if ($avx);
276 and \$`1<<28`,%r8d # mask AVX bit
277 and \$`1<<30`,%r9d # mask "Intel CPU" bit
279 cmp \$`1<<28|1<<30`,%r8d
293 mov %rdi,$ctx # reassigned argument
295 mov %rsi,$inp # reassigned argument
297 mov %rdx,$num # reassigned argument
298 mov %rax,`16*4`(%rsp)
311 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
312 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
313 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
314 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
328 lea `16*4`($inp),$inp
331 mov `16*4`(%rsp),%rsi
340 .size sha1_block_data_order,.-sha1_block_data_order
343 ######################################################################
344 # Intel SHA Extensions implementation of SHA1 update function.
346 my ($ctx,$inp,$num)=("%rdi","%rsi","%rdx");
347 my ($ABCD,$E,$E_,$BSWAP,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(0..3,8,9));
348 my @MSG=map("%xmm$_",(4..7));
351 .type sha1_block_data_order_shaext,\@function,3
353 sha1_block_data_order_shaext:
356 $code.=<<___ if ($win64);
357 lea `-8-4*16`(%rsp),%rsp
358 movaps %xmm6,-8-4*16(%rax)
359 movaps %xmm7,-8-3*16(%rax)
360 movaps %xmm8,-8-2*16(%rax)
361 movaps %xmm9,-8-1*16(%rax)
367 movdqa K_XX_XX+0xa0(%rip),$BSWAP # byte-n-word swap
369 movdqu ($inp),@MSG[0]
370 pshufd \$0b00011011,$ABCD,$ABCD # flip word order
371 movdqu 0x10($inp),@MSG[1]
372 pshufd \$0b00011011,$E,$E # flip word order
373 movdqu 0x20($inp),@MSG[2]
374 pshufb $BSWAP,@MSG[0]
375 movdqu 0x30($inp),@MSG[3]
376 pshufb $BSWAP,@MSG[1]
377 pshufb $BSWAP,@MSG[2]
378 movdqa $E,$E_SAVE # offload $E
379 pshufb $BSWAP,@MSG[3]
385 lea 0x40($inp),%r8 # next input block
388 movdqa $ABCD,$ABCD_SAVE # offload $ABCD
390 for($i=0;$i<20-4;$i+=2) {
392 sha1msg1 @MSG[1],@MSG[0]
394 sha1rnds4 \$`int($i/5)`,$E,$ABCD # 0-3...
395 sha1nexte @MSG[1],$E_
397 sha1msg1 @MSG[2],@MSG[1]
398 sha1msg2 @MSG[3],@MSG[0]
401 sha1rnds4 \$`int(($i+1)/5)`,$E_,$ABCD
404 sha1msg2 @MSG[0],@MSG[1]
406 push(@MSG,shift(@MSG)); push(@MSG,shift(@MSG));
409 movdqu ($inp),@MSG[0]
411 sha1rnds4 \$3,$E,$ABCD # 64-67
412 sha1nexte @MSG[1],$E_
413 movdqu 0x10($inp),@MSG[1]
414 pshufb $BSWAP,@MSG[0]
417 sha1rnds4 \$3,$E_,$ABCD # 68-71
419 movdqu 0x20($inp),@MSG[2]
420 pshufb $BSWAP,@MSG[1]
423 sha1rnds4 \$3,$E,$ABCD # 72-75
424 sha1nexte @MSG[3],$E_
425 movdqu 0x30($inp),@MSG[3]
426 pshufb $BSWAP,@MSG[2]
429 sha1rnds4 \$3,$E_,$ABCD # 76-79
431 pshufb $BSWAP,@MSG[3]
433 paddd $ABCD_SAVE,$ABCD
434 movdqa $E,$E_SAVE # offload $E
438 pshufd \$0b00011011,$ABCD,$ABCD
439 pshufd \$0b00011011,$E,$E
443 $code.=<<___ if ($win64);
444 movaps -8-4*16(%rax),%xmm6
445 movaps -8-3*16(%rax),%xmm7
446 movaps -8-2*16(%rax),%xmm8
447 movaps -8-1*16(%rax),%xmm9
453 .size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
458 my @X=map("%xmm$_",(4..7,0..3));
459 my @Tx=map("%xmm$_",(8..10));
461 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
462 my @T=("%esi","%edi");
467 my $_rol=sub { &rol(@_) };
468 my $_ror=sub { &ror(@_) };
474 jmp .Lalign32_$sn # see "Decoded ICache" in manual
482 .type sha1_block_data_order_ssse3,\@function,3
484 sha1_block_data_order_ssse3:
490 push %r13 # redundant, done to share Win64 SE handler
492 lea `-64-($win64?6*16:0)`(%rsp),%rsp
494 $code.=<<___ if ($win64);
495 movaps %xmm6,-40-6*16(%rax)
496 movaps %xmm7,-40-5*16(%rax)
497 movaps %xmm8,-40-4*16(%rax)
498 movaps %xmm9,-40-3*16(%rax)
499 movaps %xmm10,-40-2*16(%rax)
500 movaps %xmm11,-40-1*16(%rax)
504 mov %rax,%r14 # original %rsp
506 mov %rdi,$ctx # reassigned argument
507 mov %rsi,$inp # reassigned argument
508 mov %rdx,$num # reassigned argument
512 lea K_XX_XX+64(%rip),$K_XX_XX
514 mov 0($ctx),$A # load context
518 mov $B,@T[0] # magic seed
524 movdqa 64($K_XX_XX),@X[2] # pbswap mask
525 movdqa -64($K_XX_XX),@Tx[1] # K_00_19
526 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
527 movdqu 16($inp),@X[-3&7]
528 movdqu 32($inp),@X[-2&7]
529 movdqu 48($inp),@X[-1&7]
530 pshufb @X[2],@X[-4&7] # byte swap
531 pshufb @X[2],@X[-3&7]
532 pshufb @X[2],@X[-2&7]
534 paddd @Tx[1],@X[-4&7] # add K_00_19
535 pshufb @X[2],@X[-1&7]
536 paddd @Tx[1],@X[-3&7]
537 paddd @Tx[1],@X[-2&7]
538 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU
539 psubd @Tx[1],@X[-4&7] # restore X[]
540 movdqa @X[-3&7],16(%rsp)
541 psubd @Tx[1],@X[-3&7]
542 movdqa @X[-2&7],32(%rsp)
543 psubd @Tx[1],@X[-2&7]
547 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
548 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
550 $arg = "\$$arg" if ($arg*1 eq $arg);
551 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
554 sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
557 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
560 eval(shift(@insns)); # ror
561 &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]);
563 &movdqa (@Tx[0],@X[-1&7]);
564 &paddd (@Tx[1],@X[-1&7]);
568 &punpcklqdq(@X[0],@X[-3&7]); # compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8);
570 eval(shift(@insns)); # rol
572 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords
576 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
578 eval(shift(@insns)); # ror
579 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
584 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
586 eval(shift(@insns)); # rol
587 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
591 &movdqa (@Tx[2],@X[0]);
594 eval(shift(@insns)); # ror
595 &movdqa (@Tx[0],@X[0]);
598 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword
599 &paddd (@X[0],@X[0]);
605 eval(shift(@insns)); # rol
607 &movdqa (@Tx[1],@Tx[2]);
613 eval(shift(@insns)); # ror
614 &por (@X[0],@Tx[0]); # "X[0]"<<<=1
620 &pxor (@X[0],@Tx[2]);
622 &movdqa (@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)"); # K_XX_XX
623 eval(shift(@insns)); # rol
627 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2
628 &pshufd (@Tx[1],@X[-1&7],0xee) if ($Xi==7); # was &movdqa (@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79
630 foreach (@insns) { eval; } # remaining instructions [if any]
632 $Xi++; push(@X,shift(@X)); # "rotate" X[]
633 push(@Tx,shift(@Tx));
636 sub Xupdate_ssse3_32_79()
639 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
642 eval(shift(@insns)) if ($Xi==8);
643 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
644 eval(shift(@insns)) if ($Xi==8);
645 eval(shift(@insns)); # body_20_39
647 eval(shift(@insns)) if (@insns[1] =~ /_ror/);
648 eval(shift(@insns)) if (@insns[0] =~ /_ror/);
649 &punpcklqdq(@Tx[0],@X[-1&7]); # compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8);
651 eval(shift(@insns)); # rol
653 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
657 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
658 } else { # ... or load next one
659 &movdqa (@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
661 eval(shift(@insns)); # ror
662 &paddd (@Tx[1],@X[-1&7]);
665 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]"
666 eval(shift(@insns)); # body_20_39
669 eval(shift(@insns)); # rol
670 eval(shift(@insns)) if (@insns[0] =~ /_ror/);
672 &movdqa (@Tx[0],@X[0]);
675 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
676 eval(shift(@insns)); # ror
678 eval(shift(@insns)); # body_20_39
684 eval(shift(@insns)) if (@insns[0] =~ /_rol/);# rol
687 eval(shift(@insns)); # ror
689 &por (@X[0],@Tx[0]); # "X[0]"<<<=2
691 eval(shift(@insns)); # body_20_39
692 eval(shift(@insns)) if (@insns[1] =~ /_rol/);
693 eval(shift(@insns)) if (@insns[0] =~ /_rol/);
694 &pshufd(@Tx[1],@X[-1&7],0xee) if ($Xi<19); # was &movdqa (@Tx[1],@X[0])
696 eval(shift(@insns)); # rol
699 eval(shift(@insns)); # rol
702 foreach (@insns) { eval; } # remaining instructions
704 $Xi++; push(@X,shift(@X)); # "rotate" X[]
705 push(@Tx,shift(@Tx));
708 sub Xuplast_ssse3_80()
711 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
718 &paddd (@Tx[1],@X[-1&7]);
722 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
724 foreach (@insns) { eval; } # remaining instructions
727 &je (".Ldone_ssse3");
729 unshift(@Tx,pop(@Tx));
731 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask
732 &movdqa (@Tx[1],"-64($K_XX_XX)"); # K_00_19
733 &movdqu (@X[-4&7],"0($inp)"); # load input
734 &movdqu (@X[-3&7],"16($inp)");
735 &movdqu (@X[-2&7],"32($inp)");
736 &movdqu (@X[-1&7],"48($inp)");
737 &pshufb (@X[-4&7],@X[2]); # byte swap
746 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
752 &pshufb (@X[($Xi-3)&7],@X[2]);
757 &paddd (@X[($Xi-4)&7],@Tx[1]);
762 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU
767 &psubd (@X[($Xi-4)&7],@Tx[1]);
769 foreach (@insns) { eval; }
776 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
779 foreach (@insns) { eval; }
782 sub body_00_19 () { # ((c^d)&b)^d
783 # on start @T[0]=(c^d)&b
784 return &body_20_39() if ($rx==19); $rx++;
786 '($a,$b,$c,$d,$e)=@V;'.
787 '&$_ror ($b,$j?7:2)', # $b>>>2
789 '&mov (@T[1],$a)', # $b for next round
791 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
792 '&xor ($b,$c)', # $c^$d for next round
796 '&and (@T[1],$b)', # ($b&($c^$d)) for next round
798 '&xor ($b,$c)', # restore $b
799 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
803 sub body_20_39 () { # b^d^c
805 return &body_40_59() if ($rx==39); $rx++;
807 '($a,$b,$c,$d,$e)=@V;'.
808 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
809 '&xor (@T[0],$d) if($j==19);'.
810 '&xor (@T[0],$c) if($j> 19)', # ($b^$d^$c)
811 '&mov (@T[1],$a)', # $b for next round
815 '&xor (@T[1],$c) if ($j< 79)', # $b^$d for next round
817 '&$_ror ($b,7)', # $b>>>2
818 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
822 sub body_40_59 () { # ((b^c)&(c^d))^c
823 # on entry @T[0]=(b^c), (c^=d)
826 '($a,$b,$c,$d,$e)=@V;'.
827 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
828 '&and (@T[0],$c) if ($j>=40)', # (b^c)&(c^d)
829 '&xor ($c,$d) if ($j>=40)', # restore $c
831 '&$_ror ($b,7)', # $b>>>2
832 '&mov (@T[1],$a)', # $b for next round
837 '&xor (@T[1],$c) if ($j==59);'.
838 '&xor (@T[1],$b) if ($j< 59)', # b^c for next round
840 '&xor ($b,$c) if ($j< 59)', # c^d for next round
841 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
848 &Xupdate_ssse3_16_31(\&body_00_19);
849 &Xupdate_ssse3_16_31(\&body_00_19);
850 &Xupdate_ssse3_16_31(\&body_00_19);
851 &Xupdate_ssse3_16_31(\&body_00_19);
852 &Xupdate_ssse3_32_79(\&body_00_19);
853 &Xupdate_ssse3_32_79(\&body_20_39);
854 &Xupdate_ssse3_32_79(\&body_20_39);
855 &Xupdate_ssse3_32_79(\&body_20_39);
856 &Xupdate_ssse3_32_79(\&body_20_39);
857 &Xupdate_ssse3_32_79(\&body_20_39);
858 &Xupdate_ssse3_32_79(\&body_40_59);
859 &Xupdate_ssse3_32_79(\&body_40_59);
860 &Xupdate_ssse3_32_79(\&body_40_59);
861 &Xupdate_ssse3_32_79(\&body_40_59);
862 &Xupdate_ssse3_32_79(\&body_40_59);
863 &Xupdate_ssse3_32_79(\&body_20_39);
864 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done"
866 $saved_j=$j; @saved_V=@V;
868 &Xloop_ssse3(\&body_20_39);
869 &Xloop_ssse3(\&body_20_39);
870 &Xloop_ssse3(\&body_20_39);
873 add 0($ctx),$A # update context
880 mov @T[0],$B # magic seed
892 $j=$saved_j; @V=@saved_V;
894 &Xtail_ssse3(\&body_20_39);
895 &Xtail_ssse3(\&body_20_39);
896 &Xtail_ssse3(\&body_20_39);
899 add 0($ctx),$A # update context
910 $code.=<<___ if ($win64);
911 movaps -40-6*16(%r14),%xmm6
912 movaps -40-5*16(%r14),%xmm7
913 movaps -40-4*16(%r14),%xmm8
914 movaps -40-3*16(%r14),%xmm9
915 movaps -40-2*16(%r14),%xmm10
916 movaps -40-1*16(%r14),%xmm11
928 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
932 $Xi=4; # reset variables
933 @X=map("%xmm$_",(4..7,0..3));
934 @Tx=map("%xmm$_",(8..10));
938 my $done_avx_label=".Ldone_avx";
940 my $_rol=sub { &shld(@_[0],@_) };
941 my $_ror=sub { &shrd(@_[0],@_) };
944 .type sha1_block_data_order_avx,\@function,3
946 sha1_block_data_order_avx:
952 push %r13 # redundant, done to share Win64 SE handler
954 lea `-64-($win64?6*16:0)`(%rsp),%rsp
957 $code.=<<___ if ($win64);
958 vmovaps %xmm6,-40-6*16(%rax)
959 vmovaps %xmm7,-40-5*16(%rax)
960 vmovaps %xmm8,-40-4*16(%rax)
961 vmovaps %xmm9,-40-3*16(%rax)
962 vmovaps %xmm10,-40-2*16(%rax)
963 vmovaps %xmm11,-40-1*16(%rax)
967 mov %rax,%r14 # original %rsp
969 mov %rdi,$ctx # reassigned argument
970 mov %rsi,$inp # reassigned argument
971 mov %rdx,$num # reassigned argument
975 lea K_XX_XX+64(%rip),$K_XX_XX
977 mov 0($ctx),$A # load context
981 mov $B,@T[0] # magic seed
987 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask
988 vmovdqa -64($K_XX_XX),$Kx # K_00_19
989 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
990 vmovdqu 16($inp),@X[-3&7]
991 vmovdqu 32($inp),@X[-2&7]
992 vmovdqu 48($inp),@X[-1&7]
993 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
995 vpshufb @X[2],@X[-3&7],@X[-3&7]
996 vpshufb @X[2],@X[-2&7],@X[-2&7]
997 vpshufb @X[2],@X[-1&7],@X[-1&7]
998 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
999 vpaddd $Kx,@X[-3&7],@X[1]
1000 vpaddd $Kx,@X[-2&7],@X[2]
1001 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU
1002 vmovdqa @X[1],16(%rsp)
1003 vmovdqa @X[2],32(%rsp)
1007 sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
1010 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
1011 my ($a,$b,$c,$d,$e);
1013 eval(shift(@insns));
1014 eval(shift(@insns));
1015 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1016 eval(shift(@insns));
1017 eval(shift(@insns));
1019 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1020 eval(shift(@insns));
1021 eval(shift(@insns));
1022 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1023 eval(shift(@insns));
1024 eval(shift(@insns));
1025 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1026 eval(shift(@insns));
1027 eval(shift(@insns));
1029 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1030 eval(shift(@insns));
1031 eval(shift(@insns));
1032 eval(shift(@insns));
1033 eval(shift(@insns));
1035 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1036 eval(shift(@insns));
1037 eval(shift(@insns));
1038 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1039 eval(shift(@insns));
1040 eval(shift(@insns));
1042 &vpsrld (@Tx[0],@X[0],31);
1043 eval(shift(@insns));
1044 eval(shift(@insns));
1045 eval(shift(@insns));
1046 eval(shift(@insns));
1048 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1049 &vpaddd (@X[0],@X[0],@X[0]);
1050 eval(shift(@insns));
1051 eval(shift(@insns));
1052 eval(shift(@insns));
1053 eval(shift(@insns));
1055 &vpsrld (@Tx[1],@Tx[2],30);
1056 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1057 eval(shift(@insns));
1058 eval(shift(@insns));
1059 eval(shift(@insns));
1060 eval(shift(@insns));
1062 &vpslld (@Tx[2],@Tx[2],2);
1063 &vpxor (@X[0],@X[0],@Tx[1]);
1064 eval(shift(@insns));
1065 eval(shift(@insns));
1066 eval(shift(@insns));
1067 eval(shift(@insns));
1069 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1070 eval(shift(@insns));
1071 eval(shift(@insns));
1072 &vmovdqa ($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1073 eval(shift(@insns));
1074 eval(shift(@insns));
1077 foreach (@insns) { eval; } # remaining instructions [if any]
1079 $Xi++; push(@X,shift(@X)); # "rotate" X[]
1082 sub Xupdate_avx_32_79()
1085 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
1086 my ($a,$b,$c,$d,$e);
1088 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
1089 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
1090 eval(shift(@insns)); # body_20_39
1091 eval(shift(@insns));
1092 eval(shift(@insns));
1093 eval(shift(@insns)); # rol
1095 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
1096 eval(shift(@insns));
1097 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
1098 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1099 &vmovdqa ($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
1100 eval(shift(@insns)); # ror
1101 eval(shift(@insns));
1103 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
1104 eval(shift(@insns)); # body_20_39
1105 eval(shift(@insns));
1106 eval(shift(@insns));
1107 eval(shift(@insns)); # rol
1109 &vpsrld (@Tx[0],@X[0],30);
1110 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1111 eval(shift(@insns));
1112 eval(shift(@insns));
1113 eval(shift(@insns)); # ror
1114 eval(shift(@insns));
1116 &vpslld (@X[0],@X[0],2);
1117 eval(shift(@insns)); # body_20_39
1118 eval(shift(@insns));
1119 eval(shift(@insns));
1120 eval(shift(@insns)); # rol
1121 eval(shift(@insns));
1122 eval(shift(@insns));
1123 eval(shift(@insns)); # ror
1124 eval(shift(@insns));
1126 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
1127 eval(shift(@insns)); # body_20_39
1128 eval(shift(@insns));
1129 eval(shift(@insns));
1130 eval(shift(@insns)); # rol
1131 eval(shift(@insns));
1132 eval(shift(@insns));
1133 eval(shift(@insns)); # rol
1134 eval(shift(@insns));
1136 foreach (@insns) { eval; } # remaining instructions
1138 $Xi++; push(@X,shift(@X)); # "rotate" X[]
1141 sub Xuplast_avx_80()
1144 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1145 my ($a,$b,$c,$d,$e);
1147 eval(shift(@insns));
1148 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1149 eval(shift(@insns));
1150 eval(shift(@insns));
1151 eval(shift(@insns));
1152 eval(shift(@insns));
1154 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
1156 foreach (@insns) { eval; } # remaining instructions
1159 &je ($done_avx_label);
1161 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask
1162 &vmovdqa($Kx,"-64($K_XX_XX)"); # K_00_19
1163 &vmovdqu(@X[-4&7],"0($inp)"); # load input
1164 &vmovdqu(@X[-3&7],"16($inp)");
1165 &vmovdqu(@X[-2&7],"32($inp)");
1166 &vmovdqu(@X[-1&7],"48($inp)");
1167 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap
1176 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1177 my ($a,$b,$c,$d,$e);
1179 eval(shift(@insns));
1180 eval(shift(@insns));
1181 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
1182 eval(shift(@insns));
1183 eval(shift(@insns));
1184 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],$Kx);
1185 eval(shift(@insns));
1186 eval(shift(@insns));
1187 eval(shift(@insns));
1188 eval(shift(@insns));
1189 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU
1190 eval(shift(@insns));
1191 eval(shift(@insns));
1193 foreach (@insns) { eval; }
1200 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1201 my ($a,$b,$c,$d,$e);
1203 foreach (@insns) { eval; }
1210 &Xupdate_avx_16_31(\&body_00_19);
1211 &Xupdate_avx_16_31(\&body_00_19);
1212 &Xupdate_avx_16_31(\&body_00_19);
1213 &Xupdate_avx_16_31(\&body_00_19);
1214 &Xupdate_avx_32_79(\&body_00_19);
1215 &Xupdate_avx_32_79(\&body_20_39);
1216 &Xupdate_avx_32_79(\&body_20_39);
1217 &Xupdate_avx_32_79(\&body_20_39);
1218 &Xupdate_avx_32_79(\&body_20_39);
1219 &Xupdate_avx_32_79(\&body_20_39);
1220 &Xupdate_avx_32_79(\&body_40_59);
1221 &Xupdate_avx_32_79(\&body_40_59);
1222 &Xupdate_avx_32_79(\&body_40_59);
1223 &Xupdate_avx_32_79(\&body_40_59);
1224 &Xupdate_avx_32_79(\&body_40_59);
1225 &Xupdate_avx_32_79(\&body_20_39);
1226 &Xuplast_avx_80(\&body_20_39); # can jump to "done"
1228 $saved_j=$j; @saved_V=@V;
1230 &Xloop_avx(\&body_20_39);
1231 &Xloop_avx(\&body_20_39);
1232 &Xloop_avx(\&body_20_39);
1235 add 0($ctx),$A # update context
1242 mov @T[0],$B # magic seed
1254 $j=$saved_j; @V=@saved_V;
1256 &Xtail_avx(\&body_20_39);
1257 &Xtail_avx(\&body_20_39);
1258 &Xtail_avx(\&body_20_39);
1263 add 0($ctx),$A # update context
1274 $code.=<<___ if ($win64);
1275 movaps -40-6*16(%r14),%xmm6
1276 movaps -40-5*16(%r14),%xmm7
1277 movaps -40-4*16(%r14),%xmm8
1278 movaps -40-3*16(%r14),%xmm9
1279 movaps -40-2*16(%r14),%xmm10
1280 movaps -40-1*16(%r14),%xmm11
1292 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
1297 $Xi=4; # reset variables
1298 @X=map("%ymm$_",(4..7,0..3));
1299 @Tx=map("%ymm$_",(8..10));
1303 my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi");
1304 my ($a5,$t0)=("%r12d","%edi");
1306 my ($A,$F,$B,$C,$D,$E)=@ROTX;
1311 .type sha1_block_data_order_avx2,\@function,3
1313 sha1_block_data_order_avx2:
1323 $code.=<<___ if ($win64);
1324 lea -6*16(%rsp),%rsp
1325 vmovaps %xmm6,-40-6*16(%rax)
1326 vmovaps %xmm7,-40-5*16(%rax)
1327 vmovaps %xmm8,-40-4*16(%rax)
1328 vmovaps %xmm9,-40-3*16(%rax)
1329 vmovaps %xmm10,-40-2*16(%rax)
1330 vmovaps %xmm11,-40-1*16(%rax)
1334 mov %rax,%r14 # original %rsp
1335 mov %rdi,$ctx # reassigned argument
1336 mov %rsi,$inp # reassigned argument
1337 mov %rdx,$num # reassigned argument
1344 lea K_XX_XX+64(%rip),$K_XX_XX
1346 mov 0($ctx),$A # load context
1348 cmovae $inp,$frame # next or same block
1353 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1355 vmovdqu ($inp),%xmm0
1356 vmovdqu 16($inp),%xmm1
1357 vmovdqu 32($inp),%xmm2
1358 vmovdqu 48($inp),%xmm3
1360 vinserti128 \$1,($frame),@X[-4&7],@X[-4&7]
1361 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1362 vpshufb @X[2],@X[-4&7],@X[-4&7]
1363 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1364 vpshufb @X[2],@X[-3&7],@X[-3&7]
1365 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1366 vpshufb @X[2],@X[-2&7],@X[-2&7]
1367 vmovdqu -64($K_XX_XX),$Kx # K_00_19
1368 vpshufb @X[2],@X[-1&7],@X[-1&7]
1370 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
1371 vpaddd $Kx,@X[-3&7],@X[1]
1372 vmovdqu @X[0],0(%rsp) # X[]+K xfer to IALU
1373 vpaddd $Kx,@X[-2&7],@X[2]
1374 vmovdqu @X[1],32(%rsp)
1375 vpaddd $Kx,@X[-1&7],@X[3]
1376 vmovdqu @X[2],64(%rsp)
1377 vmovdqu @X[3],96(%rsp)
1379 for (;$Xi<8;$Xi++) { # Xupdate_avx2_16_31
1382 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1383 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1384 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1385 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1386 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1387 &vpsrld (@Tx[0],@X[0],31);
1388 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1389 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1390 &vpaddd (@X[0],@X[0],@X[0]);
1391 &vpsrld (@Tx[1],@Tx[2],30);
1392 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1393 &vpslld (@Tx[2],@Tx[2],2);
1394 &vpxor (@X[0],@X[0],@Tx[1]);
1395 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1396 &vpaddd (@Tx[1],@X[0],$Kx);
1397 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1399 push(@X,shift(@X)); # "rotate" X[]
1402 lea 128(%rsp),$frame
1411 sub bodyx_00_19 () { # 8 instructions, 3 cycles critical path
1412 # at start $f=(b&c)^(~b&d), $b>>>=2
1413 return &bodyx_20_39() if ($rx==19); $rx++;
1415 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1417 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1418 '&lea ($frame,"256($frame)") if ($j%32==31);',
1419 '&andn ($t0,$a,$c)', # ~b&d for next round
1421 '&add ($e,$f)', # e+=(b&c)^(~b&d)
1422 '&rorx ($a5,$a,27)', # a<<<5
1423 '&rorx ($f,$a,2)', # b>>>2 for next round
1424 '&and ($a,$b)', # b&c for next round
1426 '&add ($e,$a5)', # e+=a<<<5
1427 '&xor ($a,$t0);'. # f=(b&c)^(~b&d) for next round
1429 'unshift(@ROTX,pop(@ROTX)); $j++;'
1433 sub bodyx_20_39 () { # 7 instructions, 2 cycles critical path
1434 # on entry $f=b^c^d, $b>>>=2
1435 return &bodyx_40_59() if ($rx==39); $rx++;
1437 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1439 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1440 '&lea ($frame,"256($frame)") if ($j%32==31);',
1442 '&lea ($e,"($e,$f)")', # e+=b^c^d
1443 '&rorx ($a5,$a,27)', # a<<<5
1444 '&rorx ($f,$a,2) if ($j<79)', # b>>>2 in next round
1445 '&xor ($a,$b) if ($j<79)', # b^c for next round
1447 '&add ($e,$a5)', # e+=a<<<5
1448 '&xor ($a,$c) if ($j<79);'. # f=b^c^d for next round
1450 'unshift(@ROTX,pop(@ROTX)); $j++;'
1454 sub bodyx_40_59 () { # 10 instructions, 3 cycles critical path
1455 # on entry $f=((b^c)&(c^d)), $b>>>=2
1458 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1460 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1461 '&lea ($frame,"256($frame)") if ($j%32==31);',
1462 '&xor ($f,$c) if ($j>39)', # (b^c)&(c^d)^c
1463 '&mov ($t0,$b) if ($j<59)', # count on zero latency
1464 '&xor ($t0,$c) if ($j<59)', # c^d for next round
1466 '&lea ($e,"($e,$f)")', # e+=(b^c)&(c^d)^c
1467 '&rorx ($a5,$a,27)', # a<<<5
1468 '&rorx ($f,$a,2)', # b>>>2 in next round
1469 '&xor ($a,$b)', # b^c for next round
1471 '&add ($e,$a5)', # e+=a<<<5
1472 '&and ($a,$t0) if ($j< 59);'. # f=(b^c)&(c^d) for next round
1473 '&xor ($a,$c) if ($j==59);'. # f=b^c^d for next round
1475 'unshift(@ROTX,pop(@ROTX)); $j++;'
1479 sub Xupdate_avx2_16_31() # recall that $Xi starts wtih 4
1482 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 instructions
1483 my ($a,$b,$c,$d,$e);
1485 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1486 eval(shift(@insns));
1487 eval(shift(@insns));
1488 eval(shift(@insns));
1489 eval(shift(@insns));
1491 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1492 eval(shift(@insns));
1493 eval(shift(@insns));
1494 eval(shift(@insns));
1496 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1497 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1498 eval(shift(@insns));
1499 eval(shift(@insns));
1501 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1502 eval(shift(@insns));
1503 eval(shift(@insns));
1504 eval(shift(@insns));
1505 eval(shift(@insns));
1507 &vpsrld (@Tx[0],@X[0],31);
1508 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1509 eval(shift(@insns));
1510 eval(shift(@insns));
1511 eval(shift(@insns));
1513 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1514 &vpaddd (@X[0],@X[0],@X[0]);
1515 eval(shift(@insns));
1516 eval(shift(@insns));
1518 &vpsrld (@Tx[1],@Tx[2],30);
1519 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1520 eval(shift(@insns));
1521 eval(shift(@insns));
1523 &vpslld (@Tx[2],@Tx[2],2);
1524 &vpxor (@X[0],@X[0],@Tx[1]);
1525 eval(shift(@insns));
1526 eval(shift(@insns));
1528 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1529 eval(shift(@insns));
1530 eval(shift(@insns));
1531 eval(shift(@insns));
1533 &vpaddd (@Tx[1],@X[0],$Kx);
1534 eval(shift(@insns));
1535 eval(shift(@insns));
1536 eval(shift(@insns));
1537 &vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1539 foreach (@insns) { eval; } # remaining instructions [if any]
1542 push(@X,shift(@X)); # "rotate" X[]
1545 sub Xupdate_avx2_32_79()
1548 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 to 50 instructions
1549 my ($a,$b,$c,$d,$e);
1551 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
1552 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
1553 eval(shift(@insns));
1554 eval(shift(@insns));
1556 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
1557 &vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
1558 eval(shift(@insns));
1559 eval(shift(@insns));
1560 eval(shift(@insns));
1562 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
1563 eval(shift(@insns));
1564 eval(shift(@insns));
1565 eval(shift(@insns));
1567 &vpsrld (@Tx[0],@X[0],30);
1568 &vpslld (@X[0],@X[0],2);
1569 eval(shift(@insns));
1570 eval(shift(@insns));
1571 eval(shift(@insns));
1573 #&vpslld (@X[0],@X[0],2);
1574 eval(shift(@insns));
1575 eval(shift(@insns));
1576 eval(shift(@insns));
1578 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
1579 eval(shift(@insns));
1580 eval(shift(@insns));
1581 eval(shift(@insns));
1582 eval(shift(@insns));
1584 &vpaddd (@Tx[1],@X[0],$Kx);
1585 eval(shift(@insns));
1586 eval(shift(@insns));
1587 eval(shift(@insns));
1588 eval(shift(@insns));
1590 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1592 foreach (@insns) { eval; } # remaining instructions
1595 push(@X,shift(@X)); # "rotate" X[]
1601 my @insns = (&$body,&$body,&$body,&$body,&$body); # 32 instructions
1602 my ($a,$b,$c,$d,$e);
1604 foreach (@insns) { eval; }
1608 &Xupdate_avx2_32_79(\&bodyx_00_19);
1609 &Xupdate_avx2_32_79(\&bodyx_00_19);
1610 &Xupdate_avx2_32_79(\&bodyx_00_19);
1611 &Xupdate_avx2_32_79(\&bodyx_00_19);
1613 &Xupdate_avx2_32_79(\&bodyx_20_39);
1614 &Xupdate_avx2_32_79(\&bodyx_20_39);
1615 &Xupdate_avx2_32_79(\&bodyx_20_39);
1616 &Xupdate_avx2_32_79(\&bodyx_20_39);
1619 &Xupdate_avx2_32_79(\&bodyx_40_59);
1620 &Xupdate_avx2_32_79(\&bodyx_40_59);
1621 &Xupdate_avx2_32_79(\&bodyx_40_59);
1622 &Xupdate_avx2_32_79(\&bodyx_40_59);
1624 &Xloop_avx2(\&bodyx_20_39);
1625 &Xloop_avx2(\&bodyx_20_39);
1626 &Xloop_avx2(\&bodyx_20_39);
1627 &Xloop_avx2(\&bodyx_20_39);
1630 lea 128($inp),$frame
1631 lea 128($inp),%rdi # borrow $t0
1633 cmovae $inp,$frame # next or previous block
1635 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1636 add 0($ctx),@ROTX[0] # update context
1637 add 4($ctx),@ROTX[1]
1638 add 8($ctx),@ROTX[3]
1639 mov @ROTX[0],0($ctx)
1640 add 12($ctx),@ROTX[4]
1641 mov @ROTX[1],4($ctx)
1642 mov @ROTX[0],$A # A=d
1643 add 16($ctx),@ROTX[5]
1645 mov @ROTX[3],8($ctx)
1646 mov @ROTX[4],$D # D=b
1647 #xchg @ROTX[5],$F # F=c, C=f
1648 mov @ROTX[4],12($ctx)
1649 mov @ROTX[1],$F # F=e
1650 mov @ROTX[5],16($ctx)
1652 mov @ROTX[5],$E # E=c
1654 #xchg $F,$E # E=c, F=e
1660 $Xi=4; # reset variables
1661 @X=map("%ymm$_",(4..7,0..3));
1664 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1665 cmp $num,%rdi # borrowed $t0
1668 vmovdqu -64(%rdi),%xmm0 # low part of @X[-4&7]
1669 vmovdqu -48(%rdi),%xmm1
1670 vmovdqu -32(%rdi),%xmm2
1671 vmovdqu -16(%rdi),%xmm3
1672 vinserti128 \$1,0($frame),@X[-4&7],@X[-4&7]
1673 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1674 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1675 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1680 lea 128+16(%rsp),$frame
1687 $rx=$j=0; @ROTX=($A,$F,$B,$C,$D,$E);
1689 &Xloop_avx2 (\&bodyx_00_19);
1690 &Xloop_avx2 (\&bodyx_00_19);
1691 &Xloop_avx2 (\&bodyx_00_19);
1692 &Xloop_avx2 (\&bodyx_00_19);
1694 &Xloop_avx2 (\&bodyx_20_39);
1695 &vmovdqu ($Kx,"-64($K_XX_XX)"); # K_00_19
1696 &vpshufb (@X[-4&7],@X[-4&7],@X[2]); # byte swap
1697 &Xloop_avx2 (\&bodyx_20_39);
1698 &vpshufb (@X[-3&7],@X[-3&7],@X[2]);
1699 &vpaddd (@Tx[0],@X[-4&7],$Kx); # add K_00_19
1700 &Xloop_avx2 (\&bodyx_20_39);
1701 &vmovdqu ("0(%rsp)",@Tx[0]);
1702 &vpshufb (@X[-2&7],@X[-2&7],@X[2]);
1703 &vpaddd (@Tx[1],@X[-3&7],$Kx);
1704 &Xloop_avx2 (\&bodyx_20_39);
1705 &vmovdqu ("32(%rsp)",@Tx[1]);
1706 &vpshufb (@X[-1&7],@X[-1&7],@X[2]);
1707 &vpaddd (@X[2],@X[-2&7],$Kx);
1709 &Xloop_avx2 (\&bodyx_40_59);
1711 &vmovdqu ("64(%rsp)",@X[2]);
1712 &vpaddd (@X[3],@X[-1&7],$Kx);
1713 &Xloop_avx2 (\&bodyx_40_59);
1714 &vmovdqu ("96(%rsp)",@X[3]);
1715 &Xloop_avx2 (\&bodyx_40_59);
1716 &Xupdate_avx2_16_31(\&bodyx_40_59);
1718 &Xupdate_avx2_16_31(\&bodyx_20_39);
1719 &Xupdate_avx2_16_31(\&bodyx_20_39);
1720 &Xupdate_avx2_16_31(\&bodyx_20_39);
1721 &Xloop_avx2 (\&bodyx_20_39);
1724 lea 128(%rsp),$frame
1726 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1727 add 0($ctx),@ROTX[0] # update context
1728 add 4($ctx),@ROTX[1]
1729 add 8($ctx),@ROTX[3]
1730 mov @ROTX[0],0($ctx)
1731 add 12($ctx),@ROTX[4]
1732 mov @ROTX[1],4($ctx)
1733 mov @ROTX[0],$A # A=d
1734 add 16($ctx),@ROTX[5]
1736 mov @ROTX[3],8($ctx)
1737 mov @ROTX[4],$D # D=b
1738 #xchg @ROTX[5],$F # F=c, C=f
1739 mov @ROTX[4],12($ctx)
1740 mov @ROTX[1],$F # F=e
1741 mov @ROTX[5],16($ctx)
1743 mov @ROTX[5],$E # E=c
1745 #xchg $F,$E # E=c, F=e
1753 $code.=<<___ if ($win64);
1754 movaps -40-6*16(%r14),%xmm6
1755 movaps -40-5*16(%r14),%xmm7
1756 movaps -40-4*16(%r14),%xmm8
1757 movaps -40-3*16(%r14),%xmm9
1758 movaps -40-2*16(%r14),%xmm10
1759 movaps -40-1*16(%r14),%xmm11
1771 .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
1778 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1779 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1780 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1781 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1782 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1783 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1784 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1785 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1786 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1787 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1788 .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
1792 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1796 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1797 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1805 .extern __imp_RtlVirtualUnwind
1806 .type se_handler,\@abi-omnipotent
1820 mov 120($context),%rax # pull context->Rax
1821 mov 248($context),%rbx # pull context->Rip
1823 lea .Lprologue(%rip),%r10
1824 cmp %r10,%rbx # context->Rip<.Lprologue
1825 jb .Lcommon_seh_tail
1827 mov 152($context),%rax # pull context->Rsp
1829 lea .Lepilogue(%rip),%r10
1830 cmp %r10,%rbx # context->Rip>=.Lepilogue
1831 jae .Lcommon_seh_tail
1833 mov `16*4`(%rax),%rax # pull saved stack pointer
1840 mov %rbx,144($context) # restore context->Rbx
1841 mov %rbp,160($context) # restore context->Rbp
1842 mov %r12,216($context) # restore context->R12
1843 mov %r13,224($context) # restore context->R13
1844 mov %r14,232($context) # restore context->R14
1846 jmp .Lcommon_seh_tail
1847 .size se_handler,.-se_handler
1850 $code.=<<___ if ($shaext);
1851 .type shaext_handler,\@abi-omnipotent
1865 mov 120($context),%rax # pull context->Rax
1866 mov 248($context),%rbx # pull context->Rip
1868 lea .Lprologue_shaext(%rip),%r10
1869 cmp %r10,%rbx # context->Rip<.Lprologue
1870 jb .Lcommon_seh_tail
1872 lea .Lepilogue_shaext(%rip),%r10
1873 cmp %r10,%rbx # context->Rip>=.Lepilogue
1874 jae .Lcommon_seh_tail
1876 lea -8-4*16(%rax),%rsi
1877 lea 512($context),%rdi # &context.Xmm6
1879 .long 0xa548f3fc # cld; rep movsq
1881 jmp .Lcommon_seh_tail
1882 .size shaext_handler,.-shaext_handler
1886 .type ssse3_handler,\@abi-omnipotent
1900 mov 120($context),%rax # pull context->Rax
1901 mov 248($context),%rbx # pull context->Rip
1903 mov 8($disp),%rsi # disp->ImageBase
1904 mov 56($disp),%r11 # disp->HandlerData
1906 mov 0(%r11),%r10d # HandlerData[0]
1907 lea (%rsi,%r10),%r10 # prologue label
1908 cmp %r10,%rbx # context->Rip<prologue label
1909 jb .Lcommon_seh_tail
1911 mov 152($context),%rax # pull context->Rsp
1913 mov 4(%r11),%r10d # HandlerData[1]
1914 lea (%rsi,%r10),%r10 # epilogue label
1915 cmp %r10,%rbx # context->Rip>=epilogue label
1916 jae .Lcommon_seh_tail
1918 mov 232($context),%rax # pull context->R14
1920 lea -40-6*16(%rax),%rsi
1921 lea 512($context),%rdi # &context.Xmm6
1923 .long 0xa548f3fc # cld; rep movsq
1930 mov %rbx,144($context) # restore context->Rbx
1931 mov %rbp,160($context) # restore context->Rbp
1932 mov %r12,216($context) # restore cotnext->R12
1933 mov %r13,224($context) # restore cotnext->R13
1934 mov %r14,232($context) # restore cotnext->R14
1939 mov %rax,152($context) # restore context->Rsp
1940 mov %rsi,168($context) # restore context->Rsi
1941 mov %rdi,176($context) # restore context->Rdi
1943 mov 40($disp),%rdi # disp->ContextRecord
1944 mov $context,%rsi # context
1945 mov \$154,%ecx # sizeof(CONTEXT)
1946 .long 0xa548f3fc # cld; rep movsq
1949 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1950 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1951 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1952 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1953 mov 40(%rsi),%r10 # disp->ContextRecord
1954 lea 56(%rsi),%r11 # &disp->HandlerData
1955 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1956 mov %r10,32(%rsp) # arg5
1957 mov %r11,40(%rsp) # arg6
1958 mov %r12,48(%rsp) # arg7
1959 mov %rcx,56(%rsp) # arg8, (NULL)
1960 call *__imp_RtlVirtualUnwind(%rip)
1962 mov \$1,%eax # ExceptionContinueSearch
1974 .size ssse3_handler,.-ssse3_handler
1978 .rva .LSEH_begin_sha1_block_data_order
1979 .rva .LSEH_end_sha1_block_data_order
1980 .rva .LSEH_info_sha1_block_data_order
1982 $code.=<<___ if ($shaext);
1983 .rva .LSEH_begin_sha1_block_data_order_shaext
1984 .rva .LSEH_end_sha1_block_data_order_shaext
1985 .rva .LSEH_info_sha1_block_data_order_shaext
1988 .rva .LSEH_begin_sha1_block_data_order_ssse3
1989 .rva .LSEH_end_sha1_block_data_order_ssse3
1990 .rva .LSEH_info_sha1_block_data_order_ssse3
1992 $code.=<<___ if ($avx);
1993 .rva .LSEH_begin_sha1_block_data_order_avx
1994 .rva .LSEH_end_sha1_block_data_order_avx
1995 .rva .LSEH_info_sha1_block_data_order_avx
1997 $code.=<<___ if ($avx>1);
1998 .rva .LSEH_begin_sha1_block_data_order_avx2
1999 .rva .LSEH_end_sha1_block_data_order_avx2
2000 .rva .LSEH_info_sha1_block_data_order_avx2
2005 .LSEH_info_sha1_block_data_order:
2009 $code.=<<___ if ($shaext);
2010 .LSEH_info_sha1_block_data_order_shaext:
2015 .LSEH_info_sha1_block_data_order_ssse3:
2018 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[]
2020 $code.=<<___ if ($avx);
2021 .LSEH_info_sha1_block_data_order_avx:
2024 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[]
2026 $code.=<<___ if ($avx>1);
2027 .LSEH_info_sha1_block_data_order_avx2:
2030 .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[]
2034 ####################################################################
2037 if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-7]),\s*%xmm([0-7])/) {
2038 my @opcode=(0x0f,0x3a,0xcc);
2039 push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
2041 push @opcode,$c=~/^0/?oct($c):$c;
2042 return ".byte\t".join(',',@opcode);
2044 return "sha1rnds4\t".@_[0];
2051 "sha1nexte" => 0xc8,
2053 "sha1msg2" => 0xca );
2055 if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
2056 my @opcode=(0x0f,0x38);
2058 $rex|=0x04 if ($2>=8);
2059 $rex|=0x01 if ($1>=8);
2060 unshift @opcode,0x40|$rex if ($rex);
2061 push @opcode,$opcodelet{$instr};
2062 push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M
2063 return ".byte\t".join(',',@opcode);
2065 return $instr."\t".@_[0];
2069 foreach (split("\n",$code)) {
2070 s/\`([^\`]*)\`/eval $1/geo;
2072 s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo or
2073 s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo;
projects / openssl.git / blob