5a057868b4c9332c427579152d6a54a10364155e
[openssl.git] / crypto / sha / asm / sha256-c64xplus.pl
1 #!/usr/bin/env perl
2 #
3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
9 #
10 # SHA256 for C64x+.
11 #
12 # January 2012
13 #
14 # Performance is just below 10 cycles per processed byte, which is
15 # almost 40% faster than compiler-generated code. Unroll is unlikely
16 # to give more than ~8% improvement...
17 #
18 # !!! Note that this module uses AMR, which means that all interrupt
19 # service routines are expected to preserve it and for own well-being
20 # zero it upon entry.
21
22 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
23 open STDOUT,">$output";
24
25 ($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
26  $K256="A3";
27
28 ($A,$Actx,$B,$Bctx,$C,$Cctx,$D,$Dctx,$T2,$S0,$s1,$t0a,$t1a,$t2a,$X9,$X14)
29         =map("A$_",(16..31));
30 ($E,$Ectx,$F,$Fctx,$G,$Gctx,$H,$Hctx,$T1,$S1,$s0,$t0e,$t1e,$t2e,$X1,$X15)
31         =map("B$_",(16..31));
32
33 ($Xia,$Xib)=("A5","B5");                        # circular/ring buffer
34  $CTXB=$t2e;
35
36 ($Xn,$X0,$K)=("B7","B8","B9");
37 ($Maj,$Ch)=($T2,"B6");
38
39 $code.=<<___;
40         .text
41         .if     __TI_EABI__
42         .nocmp
43         .endif
44
45         .asg    B3,RA
46         .asg    A15,FP
47         .asg    B15,SP
48
49         .if     .BIG_ENDIAN
50         .asg    SWAP2,MV
51         .asg    SWAP4,MV
52         .endif
53
54         .global _sha256_block_data_order
55 _sha256_block_data_order:
56         .asmfunc stack_usage(64)
57         MV      $NUM,A0                         ; reassign $NUM
58 ||      MVK     -64,B0
59   [!A0] BNOP    RA                              ; if ($NUM==0) return;
60 || [A0] STW     FP,*SP--[16]                    ; save frame pointer and alloca(64)
61 || [A0] MV      SP,FP
62    [A0] ADDKPC  _sha256_block_data_order,B2
63 || [A0] AND     B0,SP,SP                        ; align stack at 64 bytes
64         .if     __TI_EABI__
65    [A0] MVK     0x00404,B1
66 || [A0] MVKL    \$PCR_OFFSET(K256,_sha256_block_data_order),$K256
67    [A0] MVKH    0x50000,B1
68 || [A0] MVKH    \$PCR_OFFSET(K256,_sha256_block_data_order),$K256
69         .else
70    [A0] MVK     0x00404,B1
71 || [A0] MVKL    (K256-_sha256_block_data_order),$K256
72    [A0] MVKH    0x50000,B1
73 || [A0] MVKH    (K256-_sha256_block_data_order),$K256
74         .endif
75    [A0] MVC     B1,AMR                          ; setup circular addressing
76 || [A0] MV      SP,$Xia
77    [A0] MV      SP,$Xib
78 || [A0] ADD     B2,$K256,$K256
79 || [A0] MV      $CTXA,$CTXB
80 || [A0] SUBAW   SP,2,SP                         ; reserve two words above buffer
81         LDW     *${CTXA}[0],$A                  ; load ctx
82 ||      LDW     *${CTXB}[4],$E
83         LDW     *${CTXA}[1],$B
84 ||      LDW     *${CTXB}[5],$F
85         LDW     *${CTXA}[2],$C
86 ||      LDW     *${CTXB}[6],$G
87         LDW     *${CTXA}[3],$D
88 ||      LDW     *${CTXB}[7],$H
89
90         LDNW    *$INP++,$Xn                     ; pre-fetch input
91         LDW     *$K256++,$K                     ; pre-fetch K256[0]
92         MVK     14,B0                           ; loop counters
93         MVK     47,B1
94 ||      ADDAW   $Xia,9,$Xia
95 outerloop?:
96         SUB     A0,1,A0
97 ||      MV      $A,$Actx
98 ||      MV      $E,$Ectx
99 ||      MVD     $B,$Bctx
100 ||      MVD     $F,$Fctx
101         MV      $C,$Cctx
102 ||      MV      $G,$Gctx
103 ||      MVD     $D,$Dctx
104 ||      MVD     $H,$Hctx
105 ||      SWAP4   $Xn,$X0
106
107         SPLOOPD 8                               ; BODY_00_14
108 ||      MVC     B0,ILC
109 ||      SWAP2   $X0,$X0
110
111         LDNW    *$INP++,$Xn
112 ||      ROTL    $A,30,$S0
113 ||      OR      $A,$B,$Maj
114 ||      AND     $A,$B,$t2a
115 ||      ROTL    $E,26,$S1
116 ||      AND     $F,$E,$Ch
117 ||      ANDN    $G,$E,$t2e
118         ROTL    $A,19,$t0a
119 ||      AND     $C,$Maj,$Maj
120 ||      ROTL    $E,21,$t0e
121 ||      XOR     $t2e,$Ch,$Ch                    ; Ch(e,f,g) = (e&f)^(~e&g)
122         ROTL    $A,10,$t1a
123 ||      OR      $t2a,$Maj,$Maj                  ; Maj(a,b,c) = ((a|b)&c)|(a&b)
124 ||      ROTL    $E,7,$t1e
125 ||      ADD     $K,$H,$T1                       ; T1 = h + K256[i]
126         ADD     $X0,$T1,$T1                     ; T1 += X[i];
127 ||      STW     $X0,*$Xib++
128 ||      XOR     $t0a,$S0,$S0
129 ||      XOR     $t0e,$S1,$S1
130         XOR     $t1a,$S0,$S0                    ; Sigma0(a)
131 ||      XOR     $t1e,$S1,$S1                    ; Sigma1(e)
132 ||      LDW     *$K256++,$K                     ; pre-fetch K256[i+1]
133 ||      ADD     $Ch,$T1,$T1                     ; T1 += Ch(e,f,g)
134         ADD     $S1,$T1,$T1                     ; T1 += Sigma1(e)
135 ||      ADD     $S0,$Maj,$T2                    ; T2 = Sigma0(a) + Maj(a,b,c)
136 ||      ROTL    $G,0,$H                         ; h = g
137 ||      MV      $F,$G                           ; g = f
138 ||      MV      $X0,$X14
139 ||      SWAP4   $Xn,$X0
140         SWAP2   $X0,$X0
141 ||      MV      $E,$F                           ; f = e
142 ||      ADD     $D,$T1,$E                       ; e = d + T1
143 ||      MV      $C,$D                           ; d = c
144         MV      $B,$C                           ; c = b
145 ||      MV      $A,$B                           ; b = a
146 ||      ADD     $T1,$T2,$A                      ; a = T1 + T2
147         SPKERNEL
148
149         ROTL    $A,30,$S0                       ; BODY_15
150 ||      OR      $A,$B,$Maj
151 ||      AND     $A,$B,$t2a
152 ||      ROTL    $E,26,$S1
153 ||      AND     $F,$E,$Ch
154 ||      ANDN    $G,$E,$t2e
155 ||      LDW     *${Xib}[1],$Xn                  ; modulo-scheduled
156         ROTL    $A,19,$t0a
157 ||      AND     $C,$Maj,$Maj
158 ||      ROTL    $E,21,$t0e
159 ||      XOR     $t2e,$Ch,$Ch                    ; Ch(e,f,g) = (e&f)^(~e&g)
160 ||      LDW     *${Xib}[2],$X1                  ; modulo-scheduled
161         ROTL    $A,10,$t1a
162 ||      OR      $t2a,$Maj,$Maj                  ; Maj(a,b,c) = ((a|b)&c)|(a&b)
163 ||      ROTL    $E,7,$t1e
164 ||      ADD     $K,$H,$T1                       ; T1 = h + K256[i]
165         ADD     $X0,$T1,$T1                     ; T1 += X[i];
166 ||      STW     $X0,*$Xib++
167 ||      XOR     $t0a,$S0,$S0
168 ||      XOR     $t0e,$S1,$S1
169         XOR     $t1a,$S0,$S0                    ; Sigma0(a)
170 ||      XOR     $t1e,$S1,$S1                    ; Sigma1(e)
171 ||      LDW     *$K256++,$K                     ; pre-fetch K256[i+1]
172 ||      ADD     $Ch,$T1,$T1                     ; T1 += Ch(e,f,g)
173         ADD     $S1,$T1,$T1                     ; T1 += Sigma1(e)
174 ||      ADD     $S0,$Maj,$T2                    ; T2 = Sigma0(a) + Maj(a,b,c)
175 ||      ROTL    $G,0,$H                         ; h = g
176 ||      MV      $F,$G                           ; g = f
177 ||      MV      $X0,$X15
178         MV      $E,$F                           ; f = e
179 ||      ADD     $D,$T1,$E                       ; e = d + T1
180 ||      MV      $C,$D                           ; d = c
181 ||      MV      $Xn,$X0                         ; modulo-scheduled
182 ||      LDW     *$Xia,$X9                       ; modulo-scheduled
183 ||      ROTL    $X1,25,$t0e                     ; modulo-scheduled
184 ||      ROTL    $X14,15,$t0a                    ; modulo-scheduled
185         SHRU    $X1,3,$s0                       ; modulo-scheduled
186 ||      SHRU    $X14,10,$s1                     ; modulo-scheduled
187 ||      ROTL    $B,0,$C                         ; c = b
188 ||      MV      $A,$B                           ; b = a
189 ||      ADD     $T1,$T2,$A                      ; a = T1 + T2
190
191         SPLOOPD 10                              ; BODY_16_63
192 ||      MVC     B1,ILC
193 ||      ROTL    $X1,14,$t1e                     ; modulo-scheduled
194 ||      ROTL    $X14,13,$t1a                    ; modulo-scheduled
195
196         XOR     $t0e,$s0,$s0
197 ||      XOR     $t0a,$s1,$s1
198 ||      MV      $X15,$X14
199 ||      MV      $X1,$Xn
200         XOR     $t1e,$s0,$s0                    ; sigma0(X[i+1])
201 ||      XOR     $t1a,$s1,$s1                    ; sigma1(X[i+14])
202 ||      LDW     *${Xib}[2],$X1                  ; module-scheduled
203         ROTL    $A,30,$S0
204 ||      OR      $A,$B,$Maj
205 ||      AND     $A,$B,$t2a
206 ||      ROTL    $E,26,$S1
207 ||      AND     $F,$E,$Ch
208 ||      ANDN    $G,$E,$t2e
209 ||      ADD     $X9,$X0,$X0                     ; X[i] += X[i+9]
210         ROTL    $A,19,$t0a
211 ||      AND     $C,$Maj,$Maj
212 ||      ROTL    $E,21,$t0e
213 ||      XOR     $t2e,$Ch,$Ch                    ; Ch(e,f,g) = (e&f)^(~e&g)
214 ||      ADD     $s0,$X0,$X0                     ; X[i] += sigma1(X[i+1])
215         ROTL    $A,10,$t1a
216 ||      OR      $t2a,$Maj,$Maj                  ; Maj(a,b,c) = ((a|b)&c)|(a&b)
217 ||      ROTL    $E,7,$t1e
218 ||      ADD     $H,$K,$T1                       ; T1 = h + K256[i]
219 ||      ADD     $s1,$X0,$X0                     ; X[i] += sigma1(X[i+14])
220         XOR     $t0a,$S0,$S0
221 ||      XOR     $t0e,$S1,$S1
222 ||      ADD     $X0,$T1,$T1                     ; T1 += X[i]
223 ||      STW     $X0,*$Xib++
224         XOR     $t1a,$S0,$S0                    ; Sigma0(a)
225 ||      XOR     $t1e,$S1,$S1                    ; Sigma1(e)
226 ||      ADD     $Ch,$T1,$T1                     ; T1 += Ch(e,f,g)
227 ||      MV      $X0,$X15
228 ||      ROTL    $G,0,$H                         ; h = g
229 ||      LDW     *$K256++,$K                     ; pre-fetch K256[i+1]
230         ADD     $S1,$T1,$T1                     ; T1 += Sigma1(e)
231 ||      ADD     $S0,$Maj,$T2                    ; T2 = Sigma0(a) + Maj(a,b,c)
232 ||      MV      $F,$G                           ; g = f
233 ||      MV      $Xn,$X0                         ; modulo-scheduled
234 ||      LDW     *++$Xia,$X9                     ; modulo-scheduled
235 ||      ROTL    $X1,25,$t0e                     ; module-scheduled
236 ||      ROTL    $X14,15,$t0a                    ; modulo-scheduled
237         ROTL    $X1,14,$t1e                     ; modulo-scheduled
238 ||      ROTL    $X14,13,$t1a                    ; modulo-scheduled
239 ||      MV      $E,$F                           ; f = e
240 ||      ADD     $D,$T1,$E                       ; e = d + T1
241 ||      MV      $C,$D                           ; d = c
242 ||      MV      $B,$C                           ; c = b
243         MV      $A,$B                           ; b = a
244 ||      ADD     $T1,$T2,$A                      ; a = T1 + T2
245 ||      SHRU    $X1,3,$s0                       ; modulo-scheduled
246 ||      SHRU    $X14,10,$s1                     ; modulo-scheduled
247         SPKERNEL
248
249    [A0] B       outerloop?
250 || [A0] LDNW    *$INP++,$Xn                     ; pre-fetch input
251 || [A0] ADDK    -260,$K256                      ; rewind K256
252 ||      ADD     $Actx,$A,$A                     ; accumulate ctx
253 ||      ADD     $Ectx,$E,$E
254 ||      ADD     $Bctx,$B,$B
255         ADD     $Fctx,$F,$F
256 ||      ADD     $Cctx,$C,$C
257 ||      ADD     $Gctx,$G,$G
258 ||      ADD     $Dctx,$D,$D
259 ||      ADD     $Hctx,$H,$H
260 || [A0] LDW     *$K256++,$K                     ; pre-fetch K256[0]
261
262   [!A0] BNOP    RA
263 ||[!A0] MV      $CTXA,$CTXB
264   [!A0] MV      FP,SP                           ; restore stack pointer
265 ||[!A0] LDW     *FP[0],FP                       ; restore frame pointer
266   [!A0] STW     $A,*${CTXA}[0]                  ; save ctx
267 ||[!A0] STW     $E,*${CTXB}[4]
268 ||[!A0] MVK     0,B0
269   [!A0] STW     $B,*${CTXA}[1]
270 ||[!A0] STW     $F,*${CTXB}[5]
271 ||[!A0] MVC     B0,AMR                          ; clear AMR
272         STW     $C,*${CTXA}[2]
273 ||      STW     $G,*${CTXB}[6]
274         STW     $D,*${CTXA}[3]
275 ||      STW     $H,*${CTXB}[7]
276         .endasmfunc
277
278         .sect   ".const:sha_asm"
279         .align  128
280 K256:
281         .uword  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
282         .uword  0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
283         .uword  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
284         .uword  0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
285         .uword  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
286         .uword  0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
287         .uword  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
288         .uword  0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
289         .uword  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
290         .uword  0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
291         .uword  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
292         .uword  0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
293         .uword  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
294         .uword  0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
295         .uword  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
296         .uword  0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
297         .cstring "SHA256 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
298         .align  4
299
300 ___
301
302 print $code;