3 # ====================================================================
4 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # sha1_block procedure for x86_64.
12 # It was brought to my attention that on EM64T compiler-generated code
13 # was far behind 32-bit assembler implementation. This is unlike on
14 # Opteron where compiler-generated code was only 15% behind 32-bit
15 # assembler, which originally made it hard to motivate the effort.
16 # There was suggestion to mechanically translate 32-bit code, but I
17 # dismissed it, reasoning that x86_64 offers enough register bank
18 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19 # implementation:-) However! While 64-bit code does perform better
20 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21 # x86_64 does offer larger *addressable* bank, but out-of-order core
22 # reaches for even more registers through dynamic aliasing, and EM64T
23 # core must have managed to run-time optimize even 32-bit code just as
24 # good as 64-bit one. Performance improvement is summarized in the
27 # gcc 3.4 32-bit asm cycles/byte
28 # Opteron +45% +20% 6.8
29 # Xeon P4 +65% +0% 9.9
34 # The code was revised to minimize code size and to maximize
35 # "distance" between instructions producing input to 'lea'
36 # instruction and the 'lea' instruction itself, which is essential
37 # for Intel Atom core.
41 # Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
42 # is to offload message schedule denoted by Wt in NIST specification,
43 # or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
44 # for background and implementation details. The only difference from
45 # 32-bit code is that 64-bit code doesn't have to spill @X[] elements
46 # to free temporary registers.
50 # Add AVX code path. See sha1-586.pl for further information.
52 ######################################################################
53 # Current performance is summarized in following table. Numbers are
54 # CPU clock cycles spent to process single byte (less is better).
59 # Core2 6.7 6.1/+10% -
60 # Atom 11.0 9.7/+13% -
61 # Westmere 7.1 5.6/+27% -
62 # Sandy Bridge 7.9 6.3/+25% 5.2/+51%
66 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
68 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
70 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
71 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
72 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
73 die "can't locate x86_64-xlate.pl";
75 $avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
76 =~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
78 $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
79 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
81 $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
82 `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
85 open OUT,"| \"$^X\" $xlate $flavour $output";
88 $ctx="%rdi"; # 1st arg
89 $inp="%rsi"; # 2nd arg
90 $num="%rdx"; # 3rd arg
92 # reassign arguments in order to produce more compact code
110 my ($i,$a,$b,$c,$d,$e)=@_;
112 $code.=<<___ if ($i==0);
113 mov `4*$i`($inp),$xi[0]
115 mov $xi[0],`4*$i`(%rsp)
117 $code.=<<___ if ($i<15);
119 mov `4*$j`($inp),$xi[1]
124 lea 0x5a827999($xi[0],$e),$e
126 mov $xi[1],`4*$j`(%rsp)
132 $code.=<<___ if ($i>=15);
133 mov `4*($j%16)`(%rsp),$xi[1]
136 xor `4*(($j+2)%16)`(%rsp),$xi[1]
139 xor `4*(($j+8)%16)`(%rsp),$xi[1]
141 lea 0x5a827999($xi[0],$e),$e
142 xor `4*(($j+13)%16)`(%rsp),$xi[1]
147 mov $xi[1],`4*($j%16)`(%rsp)
150 unshift(@xi,pop(@xi));
154 my ($i,$a,$b,$c,$d,$e)=@_;
156 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
157 $code.=<<___ if ($i<79);
158 mov `4*($j%16)`(%rsp),$xi[1]
161 xor `4*(($j+2)%16)`(%rsp),$xi[1]
165 xor `4*(($j+8)%16)`(%rsp),$xi[1]
168 xor `4*(($j+13)%16)`(%rsp),$xi[1]
173 $code.=<<___ if ($i<76);
174 mov $xi[1],`4*($j%16)`(%rsp)
176 $code.=<<___ if ($i==79);
187 unshift(@xi,pop(@xi));
191 my ($i,$a,$b,$c,$d,$e)=@_;
194 mov `4*($j%16)`(%rsp),$xi[1]
197 xor `4*(($j+2)%16)`(%rsp),$xi[1]
200 xor `4*(($j+8)%16)`(%rsp),$xi[1]
202 lea 0x8f1bbcdc($xi[0],$e),$e
204 xor `4*(($j+13)%16)`(%rsp),$xi[1]
210 mov $xi[1],`4*($j%16)`(%rsp)
213 unshift(@xi,pop(@xi));
218 .extern OPENSSL_ia32cap_P
220 .globl sha1_block_data_order
221 .type sha1_block_data_order,\@function,3
223 sha1_block_data_order:
224 mov OPENSSL_ia32cap_P+0(%rip),%r9d
225 mov OPENSSL_ia32cap_P+4(%rip),%r8d
226 test \$`1<<9`,%r8d # check SSSE3 bit
229 $code.=<<___ if ($avx);
230 and \$`1<<28`,%r8d # mask AVX bit
231 and \$`1<<30`,%r9d # mask "Intel CPU" bit
233 cmp \$`1<<28|1<<30`,%r8d
246 mov %rdi,$ctx # reassigned argument
248 mov %rsi,$inp # reassigned argument
250 mov %rdx,$num # reassigned argument
251 mov %r11,`16*4`(%rsp)
264 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
265 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
266 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
267 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
281 lea `16*4`($inp),$inp
284 mov `16*4`(%rsp),%rsi
292 .size sha1_block_data_order,.-sha1_block_data_order
296 my @X=map("%xmm$_",(4..7,0..3));
297 my @Tx=map("%xmm$_",(8..10));
298 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
299 my @T=("%esi","%edi");
303 my $_rol=sub { &rol(@_) };
304 my $_ror=sub { &ror(@_) };
307 .type sha1_block_data_order_ssse3,\@function,3
309 sha1_block_data_order_ssse3:
314 lea `-64-($win64?5*16:0)`(%rsp),%rsp
316 $code.=<<___ if ($win64);
317 movaps %xmm6,64+0(%rsp)
318 movaps %xmm7,64+16(%rsp)
319 movaps %xmm8,64+32(%rsp)
320 movaps %xmm9,64+48(%rsp)
321 movaps %xmm10,64+64(%rsp)
325 mov %rdi,$ctx # reassigned argument
326 mov %rsi,$inp # reassigned argument
327 mov %rdx,$num # reassigned argument
331 lea K_XX_XX(%rip),$K_XX_XX
333 mov 0($ctx),$A # load context
337 mov $B,@T[0] # magic seed
340 movdqa 64($K_XX_XX),@X[2] # pbswap mask
341 movdqa 0($K_XX_XX),@Tx[1] # K_00_19
342 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
343 movdqu 16($inp),@X[-3&7]
344 movdqu 32($inp),@X[-2&7]
345 movdqu 48($inp),@X[-1&7]
346 pshufb @X[2],@X[-4&7] # byte swap
348 pshufb @X[2],@X[-3&7]
349 pshufb @X[2],@X[-2&7]
350 pshufb @X[2],@X[-1&7]
351 paddd @Tx[1],@X[-4&7] # add K_00_19
352 paddd @Tx[1],@X[-3&7]
353 paddd @Tx[1],@X[-2&7]
354 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU
355 psubd @Tx[1],@X[-4&7] # restore X[]
356 movdqa @X[-3&7],16(%rsp)
357 psubd @Tx[1],@X[-3&7]
358 movdqa @X[-2&7],32(%rsp)
359 psubd @Tx[1],@X[-2&7]
363 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
364 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
366 $arg = "\$$arg" if ($arg*1 eq $arg);
367 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
370 sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
373 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
376 &movdqa (@X[0],@X[-3&7]);
379 &movdqa (@Tx[0],@X[-1&7]);
380 &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]"
384 &paddd (@Tx[1],@X[-1&7]);
387 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords
390 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
394 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
400 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
403 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
407 &movdqa (@Tx[2],@X[0]);
408 &movdqa (@Tx[0],@X[0]);
414 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword
415 &paddd (@X[0],@X[0]);
424 &movdqa (@Tx[1],@Tx[2]);
429 &por (@X[0],@Tx[0]); # "X[0]"<<<=1
436 &pxor (@X[0],@Tx[2]);
439 &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX
443 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2
445 foreach (@insns) { eval; } # remaining instructions [if any]
447 $Xi++; push(@X,shift(@X)); # "rotate" X[]
448 push(@Tx,shift(@Tx));
451 sub Xupdate_ssse3_32_79()
454 my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions
457 &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8);
458 eval(shift(@insns)); # body_20_39
459 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
460 &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]"
463 eval(shift(@insns)); # rol
465 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
467 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
469 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
470 } else { # ... or load next one
471 &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
473 &paddd (@Tx[1],@X[-1&7]);
474 eval(shift(@insns)); # ror
477 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]"
478 eval(shift(@insns)); # body_20_39
481 eval(shift(@insns)); # rol
483 &movdqa (@Tx[0],@X[0]);
484 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
487 eval(shift(@insns)); # ror
491 eval(shift(@insns)); # body_20_39
495 eval(shift(@insns)); # rol
498 eval(shift(@insns)); # ror
501 &por (@X[0],@Tx[0]); # "X[0]"<<<=2
502 eval(shift(@insns)); # body_20_39
504 &movdqa (@Tx[1],@X[0]) if ($Xi<19);
506 eval(shift(@insns)); # rol
509 eval(shift(@insns)); # rol
512 foreach (@insns) { eval; } # remaining instructions
514 $Xi++; push(@X,shift(@X)); # "rotate" X[]
515 push(@Tx,shift(@Tx));
518 sub Xuplast_ssse3_80()
521 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
525 &paddd (@Tx[1],@X[-1&7]);
531 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
533 foreach (@insns) { eval; } # remaining instructions
536 &je (".Ldone_ssse3");
538 unshift(@Tx,pop(@Tx));
540 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask
541 &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19
542 &movdqu (@X[-4&7],"0($inp)"); # load input
543 &movdqu (@X[-3&7],"16($inp)");
544 &movdqu (@X[-2&7],"32($inp)");
545 &movdqu (@X[-1&7],"48($inp)");
546 &pshufb (@X[-4&7],@X[2]); # byte swap
555 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
560 &pshufb (@X[($Xi-3)&7],@X[2]);
563 &paddd (@X[($Xi-4)&7],@Tx[1]);
568 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU
571 &psubd (@X[($Xi-4)&7],@Tx[1]);
573 foreach (@insns) { eval; }
580 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
583 foreach (@insns) { eval; }
588 '($a,$b,$c,$d,$e)=@V;'.
589 '&add ($e,eval(4*($j&15))."(%rsp)");', # X[]+K xfer
591 '&mov (@T[1],$a);', # $b in next round
593 '&and (@T[0],$c);', # ($b&($c^$d))
594 '&xor ($c,$d);', # restore $c
597 '&$_ror ($b,$j?7:2);', # $b>>>2
598 '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
604 '($a,$b,$c,$d,$e)=@V;'.
605 '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer
606 '&xor (@T[0],$d);', # ($b^$d)
607 '&mov (@T[1],$a);', # $b in next round
609 '&xor (@T[0],$c);', # ($b^$d^$c)
611 '&$_ror ($b,7);', # $b>>>2
612 '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
618 '($a,$b,$c,$d,$e)=@V;'.
621 '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer
623 '&and (@T[0],$c);', # ($b&($c^$d))
624 '&$_ror ($b,7);', # $b>>>2
626 '&mov (@T[1],$a);', # $b in next round
629 '&xor ($c,$d);', # restore $c
630 '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
637 &Xupdate_ssse3_16_31(\&body_00_19);
638 &Xupdate_ssse3_16_31(\&body_00_19);
639 &Xupdate_ssse3_16_31(\&body_00_19);
640 &Xupdate_ssse3_16_31(\&body_00_19);
641 &Xupdate_ssse3_32_79(\&body_00_19);
642 &Xupdate_ssse3_32_79(\&body_20_39);
643 &Xupdate_ssse3_32_79(\&body_20_39);
644 &Xupdate_ssse3_32_79(\&body_20_39);
645 &Xupdate_ssse3_32_79(\&body_20_39);
646 &Xupdate_ssse3_32_79(\&body_20_39);
647 &Xupdate_ssse3_32_79(\&body_40_59);
648 &Xupdate_ssse3_32_79(\&body_40_59);
649 &Xupdate_ssse3_32_79(\&body_40_59);
650 &Xupdate_ssse3_32_79(\&body_40_59);
651 &Xupdate_ssse3_32_79(\&body_40_59);
652 &Xupdate_ssse3_32_79(\&body_20_39);
653 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done"
655 $saved_j=$j; @saved_V=@V;
657 &Xloop_ssse3(\&body_20_39);
658 &Xloop_ssse3(\&body_20_39);
659 &Xloop_ssse3(\&body_20_39);
662 add 0($ctx),$A # update context
669 mov @T[0],$B # magic seed
678 $j=$saved_j; @V=@saved_V;
680 &Xtail_ssse3(\&body_20_39);
681 &Xtail_ssse3(\&body_20_39);
682 &Xtail_ssse3(\&body_20_39);
685 add 0($ctx),$A # update context
696 $code.=<<___ if ($win64);
697 movaps 64+0(%rsp),%xmm6
698 movaps 64+16(%rsp),%xmm7
699 movaps 64+32(%rsp),%xmm8
700 movaps 64+48(%rsp),%xmm9
701 movaps 64+64(%rsp),%xmm10
704 lea `64+($win64?5*16:0)`(%rsp),%rsi
711 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
716 my @X=map("%xmm$_",(4..7,0..3));
717 my @Tx=map("%xmm$_",(8..10));
718 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
719 my @T=("%esi","%edi");
723 my $_rol=sub { &shld(@_[0],@_) };
724 my $_ror=sub { &shrd(@_[0],@_) };
727 .type sha1_block_data_order_avx,\@function,3
729 sha1_block_data_order_avx:
734 lea `-64-($win64?5*16:0)`(%rsp),%rsp
736 $code.=<<___ if ($win64);
737 movaps %xmm6,64+0(%rsp)
738 movaps %xmm7,64+16(%rsp)
739 movaps %xmm8,64+32(%rsp)
740 movaps %xmm9,64+48(%rsp)
741 movaps %xmm10,64+64(%rsp)
745 mov %rdi,$ctx # reassigned argument
746 mov %rsi,$inp # reassigned argument
747 mov %rdx,$num # reassigned argument
752 lea K_XX_XX(%rip),$K_XX_XX
754 mov 0($ctx),$A # load context
758 mov $B,@T[0] # magic seed
761 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask
762 vmovdqa 0($K_XX_XX),@Tx[1] # K_00_19
763 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
764 vmovdqu 16($inp),@X[-3&7]
765 vmovdqu 32($inp),@X[-2&7]
766 vmovdqu 48($inp),@X[-1&7]
767 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
769 vpshufb @X[2],@X[-3&7],@X[-3&7]
770 vpshufb @X[2],@X[-2&7],@X[-2&7]
771 vpshufb @X[2],@X[-1&7],@X[-1&7]
772 vpaddd @Tx[1],@X[-4&7],@X[0] # add K_00_19
773 vpaddd @Tx[1],@X[-3&7],@X[1]
774 vpaddd @Tx[1],@X[-2&7],@X[2]
775 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU
776 vmovdqa @X[1],16(%rsp)
777 vmovdqa @X[2],32(%rsp)
781 sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
784 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
789 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
793 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]);
796 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
799 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
803 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
809 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
812 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
816 &vpsrld (@Tx[0],@X[0],31);
822 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
823 &vpaddd (@X[0],@X[0],@X[0]);
829 &vpsrld (@Tx[1],@Tx[2],30);
830 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
836 &vpslld (@Tx[2],@Tx[2],2);
837 &vpxor (@X[0],@X[0],@Tx[1]);
843 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
846 &vmovdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX
851 foreach (@insns) { eval; } # remaining instructions [if any]
853 $Xi++; push(@X,shift(@X)); # "rotate" X[]
854 push(@Tx,shift(@Tx));
857 sub Xupdate_avx_32_79()
860 my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions
863 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
864 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
865 eval(shift(@insns)); # body_20_39
868 eval(shift(@insns)); # rol
870 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
872 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
874 &vmovdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
875 } else { # ... or load next one
876 &vmovdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
878 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]);
879 eval(shift(@insns)); # ror
882 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
883 eval(shift(@insns)); # body_20_39
886 eval(shift(@insns)); # rol
888 &vpsrld (@Tx[0],@X[0],30);
889 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
892 eval(shift(@insns)); # ror
895 &vpslld (@X[0],@X[0],2);
896 eval(shift(@insns)); # body_20_39
899 eval(shift(@insns)); # rol
902 eval(shift(@insns)); # ror
905 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
906 eval(shift(@insns)); # body_20_39
908 &vmovdqa (@Tx[1],@X[0]) if ($Xi<19);
910 eval(shift(@insns)); # rol
913 eval(shift(@insns)); # rol
916 foreach (@insns) { eval; } # remaining instructions
918 $Xi++; push(@X,shift(@X)); # "rotate" X[]
919 push(@Tx,shift(@Tx));
925 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
929 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]);
935 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
937 foreach (@insns) { eval; } # remaining instructions
942 unshift(@Tx,pop(@Tx));
944 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask
945 &vmovdqa(@Tx[1],"0($K_XX_XX)"); # K_00_19
946 &vmovdqu(@X[-4&7],"0($inp)"); # load input
947 &vmovdqu(@X[-3&7],"16($inp)");
948 &vmovdqu(@X[-2&7],"32($inp)");
949 &vmovdqu(@X[-1&7],"48($inp)");
950 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap
959 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
964 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
967 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]);
972 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU
976 foreach (@insns) { eval; }
983 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
986 foreach (@insns) { eval; }
993 &Xupdate_avx_16_31(\&body_00_19);
994 &Xupdate_avx_16_31(\&body_00_19);
995 &Xupdate_avx_16_31(\&body_00_19);
996 &Xupdate_avx_16_31(\&body_00_19);
997 &Xupdate_avx_32_79(\&body_00_19);
998 &Xupdate_avx_32_79(\&body_20_39);
999 &Xupdate_avx_32_79(\&body_20_39);
1000 &Xupdate_avx_32_79(\&body_20_39);
1001 &Xupdate_avx_32_79(\&body_20_39);
1002 &Xupdate_avx_32_79(\&body_20_39);
1003 &Xupdate_avx_32_79(\&body_40_59);
1004 &Xupdate_avx_32_79(\&body_40_59);
1005 &Xupdate_avx_32_79(\&body_40_59);
1006 &Xupdate_avx_32_79(\&body_40_59);
1007 &Xupdate_avx_32_79(\&body_40_59);
1008 &Xupdate_avx_32_79(\&body_20_39);
1009 &Xuplast_avx_80(\&body_20_39); # can jump to "done"
1011 $saved_j=$j; @saved_V=@V;
1013 &Xloop_avx(\&body_20_39);
1014 &Xloop_avx(\&body_20_39);
1015 &Xloop_avx(\&body_20_39);
1018 add 0($ctx),$A # update context
1025 mov @T[0],$B # magic seed
1034 $j=$saved_j; @V=@saved_V;
1036 &Xtail_avx(\&body_20_39);
1037 &Xtail_avx(\&body_20_39);
1038 &Xtail_avx(\&body_20_39);
1043 add 0($ctx),$A # update context
1054 $code.=<<___ if ($win64);
1055 movaps 64+0(%rsp),%xmm6
1056 movaps 64+16(%rsp),%xmm7
1057 movaps 64+32(%rsp),%xmm8
1058 movaps 64+48(%rsp),%xmm9
1059 movaps 64+64(%rsp),%xmm10
1062 lea `64+($win64?5*16:0)`(%rsp),%rsi
1069 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
1075 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1076 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1077 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1078 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1079 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1083 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1087 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1088 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1096 .extern __imp_RtlVirtualUnwind
1097 .type se_handler,\@abi-omnipotent
1111 mov 120($context),%rax # pull context->Rax
1112 mov 248($context),%rbx # pull context->Rip
1114 lea .Lprologue(%rip),%r10
1115 cmp %r10,%rbx # context->Rip<.Lprologue
1116 jb .Lcommon_seh_tail
1118 mov 152($context),%rax # pull context->Rsp
1120 lea .Lepilogue(%rip),%r10
1121 cmp %r10,%rbx # context->Rip>=.Lepilogue
1122 jae .Lcommon_seh_tail
1124 mov `16*4`(%rax),%rax # pull saved stack pointer
1131 mov %rbx,144($context) # restore context->Rbx
1132 mov %rbp,160($context) # restore context->Rbp
1133 mov %r12,216($context) # restore context->R12
1134 mov %r13,224($context) # restore context->R13
1136 jmp .Lcommon_seh_tail
1137 .size se_handler,.-se_handler
1139 .type ssse3_handler,\@abi-omnipotent
1153 mov 120($context),%rax # pull context->Rax
1154 mov 248($context),%rbx # pull context->Rip
1156 mov 8($disp),%rsi # disp->ImageBase
1157 mov 56($disp),%r11 # disp->HandlerData
1159 mov 0(%r11),%r10d # HandlerData[0]
1160 lea (%rsi,%r10),%r10 # prologue label
1161 cmp %r10,%rbx # context->Rip<prologue label
1162 jb .Lcommon_seh_tail
1164 mov 152($context),%rax # pull context->Rsp
1166 mov 4(%r11),%r10d # HandlerData[1]
1167 lea (%rsi,%r10),%r10 # epilogue label
1168 cmp %r10,%rbx # context->Rip>=epilogue label
1169 jae .Lcommon_seh_tail
1172 lea 512($context),%rdi # &context.Xmm6
1174 .long 0xa548f3fc # cld; rep movsq
1175 lea `24+64+5*16`(%rax),%rax # adjust stack pointer
1180 mov %rbx,144($context) # restore context->Rbx
1181 mov %rbp,160($context) # restore context->Rbp
1182 mov %r12,216($context) # restore cotnext->R12
1187 mov %rax,152($context) # restore context->Rsp
1188 mov %rsi,168($context) # restore context->Rsi
1189 mov %rdi,176($context) # restore context->Rdi
1191 mov 40($disp),%rdi # disp->ContextRecord
1192 mov $context,%rsi # context
1193 mov \$154,%ecx # sizeof(CONTEXT)
1194 .long 0xa548f3fc # cld; rep movsq
1197 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1198 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1199 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1200 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1201 mov 40(%rsi),%r10 # disp->ContextRecord
1202 lea 56(%rsi),%r11 # &disp->HandlerData
1203 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1204 mov %r10,32(%rsp) # arg5
1205 mov %r11,40(%rsp) # arg6
1206 mov %r12,48(%rsp) # arg7
1207 mov %rcx,56(%rsp) # arg8, (NULL)
1208 call *__imp_RtlVirtualUnwind(%rip)
1210 mov \$1,%eax # ExceptionContinueSearch
1222 .size ssse3_handler,.-ssse3_handler
1226 .rva .LSEH_begin_sha1_block_data_order
1227 .rva .LSEH_end_sha1_block_data_order
1228 .rva .LSEH_info_sha1_block_data_order
1229 .rva .LSEH_begin_sha1_block_data_order_ssse3
1230 .rva .LSEH_end_sha1_block_data_order_ssse3
1231 .rva .LSEH_info_sha1_block_data_order_ssse3
1233 $code.=<<___ if ($avx);
1234 .rva .LSEH_begin_sha1_block_data_order_avx
1235 .rva .LSEH_end_sha1_block_data_order_avx
1236 .rva .LSEH_info_sha1_block_data_order_avx
1241 .LSEH_info_sha1_block_data_order:
1244 .LSEH_info_sha1_block_data_order_ssse3:
1247 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[]
1249 $code.=<<___ if ($avx);
1250 .LSEH_info_sha1_block_data_order_avx:
1253 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[]
1257 ####################################################################
1259 $code =~ s/\`([^\`]*)\`/eval $1/gem;
tuxillo's projects / dragonfly.git / blob