12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154 |
- #! /usr/bin/env perl
- # Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the Apache License 2.0 (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
- # in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
- #
- # ====================================================================
- # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
- # project. The module is, however, dual licensed under OpenSSL and
- # CRYPTOGAMS licenses depending on where you obtain it. For further
- # details see http://www.openssl.org/~appro/cryptogams/.
- # ====================================================================
- #
- # January 2015
- #
- # ChaCha20 for x86.
- #
- # Performance in cycles per byte out of large buffer.
- #
- # 1xIALU/gcc 4xSSSE3
- # Pentium 17.5/+80%
- # PIII 14.2/+60%
- # P4 18.6/+84%
- # Core2 9.56/+89% 4.83
- # Westmere 9.50/+45% 3.35
- # Sandy Bridge 10.5/+47% 3.20
- # Haswell 8.15/+50% 2.83
- # Skylake 7.53/+22% 2.75
- # Silvermont 17.4/+36% 8.35
- # Goldmont 13.4/+40% 4.36
- # Sledgehammer 10.2/+54%
- # Bulldozer 13.4/+50% 4.38(*)
- #
- # (*) Bulldozer actually executes 4xXOP code path that delivers 3.55;
- $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
- push(@INC,"${dir}","${dir}../../perlasm");
- require "x86asm.pl";
- $output = pop and open STDOUT,">$output";
- &asm_init($ARGV[0],$ARGV[$#ARGV] eq "386");
- $xmm=$ymm=0;
- for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
- $ymm=1 if ($xmm &&
- `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
- =~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
- ($gasver=$1)>=2.19); # first version supporting AVX
- $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" &&
- `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
- $1>=2.03); # first version supporting AVX
- $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
- `ml 2>&1` =~ /Version ([0-9]+)\./ &&
- $1>=10); # first version supporting AVX
- $ymm=1 if ($xmm && !$ymm &&
- `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
- $2>=3.0); # first version supporting AVX
- $a="eax";
- ($b,$b_)=("ebx","ebp");
- ($c,$c_)=("ecx","esi");
- ($d,$d_)=("edx","edi");
- sub QUARTERROUND {
- my ($ai,$bi,$ci,$di,$i)=@_;
- my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next
- my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous
- # a b c d
- #
- # 0 4 8 12 < even round
- # 1 5 9 13
- # 2 6 10 14
- # 3 7 11 15
- # 0 5 10 15 < odd round
- # 1 6 11 12
- # 2 7 8 13
- # 3 4 9 14
- if ($i==0) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==3) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
- } elsif ($i==4) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==7) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
- }
- #&add ($a,$b); # see elsewhere
- &xor ($d,$a);
- &mov (&DWP(4*$cp,"esp"),$c_) if ($ai>0 && $ai<3);
- &rol ($d,16);
- &mov (&DWP(4*$bp,"esp"),$b_) if ($i!=0);
- &add ($c,$d);
- &mov ($c_,&DWP(4*$cn,"esp")) if ($ai>0 && $ai<3);
- &xor ($b,$c);
- &mov ($d_,&DWP(4*$dn,"esp")) if ($di!=$dn);
- &rol ($b,12);
- &mov ($b_,&DWP(4*$bn,"esp")) if ($i<7);
- &mov ($b_,&DWP(128,"esp")) if ($i==7); # loop counter
- &add ($a,$b);
- &xor ($d,$a);
- &mov (&DWP(4*$ai,"esp"),$a);
- &rol ($d,8);
- &mov ($a,&DWP(4*$an,"esp"));
- &add ($c,$d);
- &mov (&DWP(4*$di,"esp"),$d) if ($di!=$dn);
- &mov ($d_,$d) if ($di==$dn);
- &xor ($b,$c);
- &add ($a,$b_) if ($i<7); # elsewhere
- &rol ($b,7);
- ($b,$b_)=($b_,$b);
- ($c,$c_)=($c_,$c);
- ($d,$d_)=($d_,$d);
- }
- &static_label("ssse3_shortcut");
- &static_label("xop_shortcut");
- &static_label("ssse3_data");
- &static_label("pic_point");
- &function_begin("ChaCha20_ctr32");
- &xor ("eax","eax");
- &cmp ("eax",&wparam(2)); # len==0?
- &je (&label("no_data"));
- if ($xmm) {
- &call (&label("pic_point"));
- &set_label("pic_point");
- &blindpop("eax");
- &picmeup("ebp","OPENSSL_ia32cap_P","eax",&label("pic_point"));
- &test (&DWP(0,"ebp"),1<<24); # test FXSR bit
- &jz (&label("x86"));
- &test (&DWP(4,"ebp"),1<<9); # test SSSE3 bit
- &jz (&label("x86"));
- &jmp (&label("ssse3_shortcut"));
- &set_label("x86");
- }
- &mov ("esi",&wparam(3)); # key
- &mov ("edi",&wparam(4)); # counter and nonce
- &stack_push(33);
- &mov ("eax",&DWP(4*0,"esi")); # copy key
- &mov ("ebx",&DWP(4*1,"esi"));
- &mov ("ecx",&DWP(4*2,"esi"));
- &mov ("edx",&DWP(4*3,"esi"));
- &mov (&DWP(64+4*4,"esp"),"eax");
- &mov (&DWP(64+4*5,"esp"),"ebx");
- &mov (&DWP(64+4*6,"esp"),"ecx");
- &mov (&DWP(64+4*7,"esp"),"edx");
- &mov ("eax",&DWP(4*4,"esi"));
- &mov ("ebx",&DWP(4*5,"esi"));
- &mov ("ecx",&DWP(4*6,"esi"));
- &mov ("edx",&DWP(4*7,"esi"));
- &mov (&DWP(64+4*8,"esp"),"eax");
- &mov (&DWP(64+4*9,"esp"),"ebx");
- &mov (&DWP(64+4*10,"esp"),"ecx");
- &mov (&DWP(64+4*11,"esp"),"edx");
- &mov ("eax",&DWP(4*0,"edi")); # copy counter and nonce
- &mov ("ebx",&DWP(4*1,"edi"));
- &mov ("ecx",&DWP(4*2,"edi"));
- &mov ("edx",&DWP(4*3,"edi"));
- &sub ("eax",1);
- &mov (&DWP(64+4*12,"esp"),"eax");
- &mov (&DWP(64+4*13,"esp"),"ebx");
- &mov (&DWP(64+4*14,"esp"),"ecx");
- &mov (&DWP(64+4*15,"esp"),"edx");
- &jmp (&label("entry"));
- &set_label("outer_loop",16);
- &mov (&wparam(1),$b); # save input
- &mov (&wparam(0),$a); # save output
- &mov (&wparam(2),$c); # save len
- &set_label("entry");
- &mov ($a,0x61707865);
- &mov (&DWP(4*1,"esp"),0x3320646e);
- &mov (&DWP(4*2,"esp"),0x79622d32);
- &mov (&DWP(4*3,"esp"),0x6b206574);
- &mov ($b, &DWP(64+4*5,"esp")); # copy key material
- &mov ($b_,&DWP(64+4*6,"esp"));
- &mov ($c, &DWP(64+4*10,"esp"));
- &mov ($c_,&DWP(64+4*11,"esp"));
- &mov ($d, &DWP(64+4*13,"esp"));
- &mov ($d_,&DWP(64+4*14,"esp"));
- &mov (&DWP(4*5,"esp"),$b);
- &mov (&DWP(4*6,"esp"),$b_);
- &mov (&DWP(4*10,"esp"),$c);
- &mov (&DWP(4*11,"esp"),$c_);
- &mov (&DWP(4*13,"esp"),$d);
- &mov (&DWP(4*14,"esp"),$d_);
- &mov ($b, &DWP(64+4*7,"esp"));
- &mov ($d_,&DWP(64+4*15,"esp"));
- &mov ($d, &DWP(64+4*12,"esp"));
- &mov ($b_,&DWP(64+4*4,"esp"));
- &mov ($c, &DWP(64+4*8,"esp"));
- &mov ($c_,&DWP(64+4*9,"esp"));
- &add ($d,1); # counter value
- &mov (&DWP(4*7,"esp"),$b);
- &mov (&DWP(4*15,"esp"),$d_);
- &mov (&DWP(64+4*12,"esp"),$d); # save counter value
- &mov ($b,10); # loop counter
- &jmp (&label("loop"));
- &set_label("loop",16);
- &add ($a,$b_); # elsewhere
- &mov (&DWP(128,"esp"),$b); # save loop counter
- &mov ($b,$b_);
- &QUARTERROUND(0, 4, 8, 12, 0);
- &QUARTERROUND(1, 5, 9, 13, 1);
- &QUARTERROUND(2, 6,10, 14, 2);
- &QUARTERROUND(3, 7,11, 15, 3);
- &QUARTERROUND(0, 5,10, 15, 4);
- &QUARTERROUND(1, 6,11, 12, 5);
- &QUARTERROUND(2, 7, 8, 13, 6);
- &QUARTERROUND(3, 4, 9, 14, 7);
- &dec ($b);
- &jnz (&label("loop"));
- &mov ($b,&wparam(2)); # load len
- &add ($a,0x61707865); # accumulate key material
- &add ($b_,&DWP(64+4*4,"esp"));
- &add ($c, &DWP(64+4*8,"esp"));
- &add ($c_,&DWP(64+4*9,"esp"));
- &cmp ($b,64);
- &jb (&label("tail"));
- &mov ($b,&wparam(1)); # load input pointer
- &add ($d, &DWP(64+4*12,"esp"));
- &add ($d_,&DWP(64+4*14,"esp"));
- &xor ($a, &DWP(4*0,$b)); # xor with input
- &xor ($b_,&DWP(4*4,$b));
- &mov (&DWP(4*0,"esp"),$a);
- &mov ($a,&wparam(0)); # load output pointer
- &xor ($c, &DWP(4*8,$b));
- &xor ($c_,&DWP(4*9,$b));
- &xor ($d, &DWP(4*12,$b));
- &xor ($d_,&DWP(4*14,$b));
- &mov (&DWP(4*4,$a),$b_); # write output
- &mov (&DWP(4*8,$a),$c);
- &mov (&DWP(4*9,$a),$c_);
- &mov (&DWP(4*12,$a),$d);
- &mov (&DWP(4*14,$a),$d_);
- &mov ($b_,&DWP(4*1,"esp"));
- &mov ($c, &DWP(4*2,"esp"));
- &mov ($c_,&DWP(4*3,"esp"));
- &mov ($d, &DWP(4*5,"esp"));
- &mov ($d_,&DWP(4*6,"esp"));
- &add ($b_,0x3320646e); # accumulate key material
- &add ($c, 0x79622d32);
- &add ($c_,0x6b206574);
- &add ($d, &DWP(64+4*5,"esp"));
- &add ($d_,&DWP(64+4*6,"esp"));
- &xor ($b_,&DWP(4*1,$b));
- &xor ($c, &DWP(4*2,$b));
- &xor ($c_,&DWP(4*3,$b));
- &xor ($d, &DWP(4*5,$b));
- &xor ($d_,&DWP(4*6,$b));
- &mov (&DWP(4*1,$a),$b_);
- &mov (&DWP(4*2,$a),$c);
- &mov (&DWP(4*3,$a),$c_);
- &mov (&DWP(4*5,$a),$d);
- &mov (&DWP(4*6,$a),$d_);
- &mov ($b_,&DWP(4*7,"esp"));
- &mov ($c, &DWP(4*10,"esp"));
- &mov ($c_,&DWP(4*11,"esp"));
- &mov ($d, &DWP(4*13,"esp"));
- &mov ($d_,&DWP(4*15,"esp"));
- &add ($b_,&DWP(64+4*7,"esp"));
- &add ($c, &DWP(64+4*10,"esp"));
- &add ($c_,&DWP(64+4*11,"esp"));
- &add ($d, &DWP(64+4*13,"esp"));
- &add ($d_,&DWP(64+4*15,"esp"));
- &xor ($b_,&DWP(4*7,$b));
- &xor ($c, &DWP(4*10,$b));
- &xor ($c_,&DWP(4*11,$b));
- &xor ($d, &DWP(4*13,$b));
- &xor ($d_,&DWP(4*15,$b));
- &lea ($b,&DWP(4*16,$b));
- &mov (&DWP(4*7,$a),$b_);
- &mov ($b_,&DWP(4*0,"esp"));
- &mov (&DWP(4*10,$a),$c);
- &mov ($c,&wparam(2)); # len
- &mov (&DWP(4*11,$a),$c_);
- &mov (&DWP(4*13,$a),$d);
- &mov (&DWP(4*15,$a),$d_);
- &mov (&DWP(4*0,$a),$b_);
- &lea ($a,&DWP(4*16,$a));
- &sub ($c,64);
- &jnz (&label("outer_loop"));
- &jmp (&label("done"));
- &set_label("tail");
- &add ($d, &DWP(64+4*12,"esp"));
- &add ($d_,&DWP(64+4*14,"esp"));
- &mov (&DWP(4*0,"esp"),$a);
- &mov (&DWP(4*4,"esp"),$b_);
- &mov (&DWP(4*8,"esp"),$c);
- &mov (&DWP(4*9,"esp"),$c_);
- &mov (&DWP(4*12,"esp"),$d);
- &mov (&DWP(4*14,"esp"),$d_);
- &mov ($b_,&DWP(4*1,"esp"));
- &mov ($c, &DWP(4*2,"esp"));
- &mov ($c_,&DWP(4*3,"esp"));
- &mov ($d, &DWP(4*5,"esp"));
- &mov ($d_,&DWP(4*6,"esp"));
- &add ($b_,0x3320646e); # accumulate key material
- &add ($c, 0x79622d32);
- &add ($c_,0x6b206574);
- &add ($d, &DWP(64+4*5,"esp"));
- &add ($d_,&DWP(64+4*6,"esp"));
- &mov (&DWP(4*1,"esp"),$b_);
- &mov (&DWP(4*2,"esp"),$c);
- &mov (&DWP(4*3,"esp"),$c_);
- &mov (&DWP(4*5,"esp"),$d);
- &mov (&DWP(4*6,"esp"),$d_);
- &mov ($b_,&DWP(4*7,"esp"));
- &mov ($c, &DWP(4*10,"esp"));
- &mov ($c_,&DWP(4*11,"esp"));
- &mov ($d, &DWP(4*13,"esp"));
- &mov ($d_,&DWP(4*15,"esp"));
- &add ($b_,&DWP(64+4*7,"esp"));
- &add ($c, &DWP(64+4*10,"esp"));
- &add ($c_,&DWP(64+4*11,"esp"));
- &add ($d, &DWP(64+4*13,"esp"));
- &add ($d_,&DWP(64+4*15,"esp"));
- &mov (&DWP(4*7,"esp"),$b_);
- &mov ($b_,&wparam(1)); # load input
- &mov (&DWP(4*10,"esp"),$c);
- &mov ($c,&wparam(0)); # load output
- &mov (&DWP(4*11,"esp"),$c_);
- &xor ($c_,$c_);
- &mov (&DWP(4*13,"esp"),$d);
- &mov (&DWP(4*15,"esp"),$d_);
- &xor ("eax","eax");
- &xor ("edx","edx");
- &set_label("tail_loop");
- &movb ("al",&BP(0,$c_,$b_));
- &movb ("dl",&BP(0,"esp",$c_));
- &lea ($c_,&DWP(1,$c_));
- &xor ("al","dl");
- &mov (&BP(-1,$c,$c_),"al");
- &dec ($b);
- &jnz (&label("tail_loop"));
- &set_label("done");
- &stack_pop(33);
- &set_label("no_data");
- &function_end("ChaCha20_ctr32");
- if ($xmm) {
- my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
- my ($out,$inp,$len)=("edi","esi","ecx");
- sub QUARTERROUND_SSSE3 {
- my ($ai,$bi,$ci,$di,$i)=@_;
- my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next
- my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous
- # a b c d
- #
- # 0 4 8 12 < even round
- # 1 5 9 13
- # 2 6 10 14
- # 3 7 11 15
- # 0 5 10 15 < odd round
- # 1 6 11 12
- # 2 7 8 13
- # 3 4 9 14
- if ($i==0) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==3) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
- } elsif ($i==4) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==7) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
- }
- #&paddd ($xa,$xb); # see elsewhere
- #&pxor ($xd,$xa); # see elsewhere
- &movdqa(&QWP(16*$cp-128,"ebx"),$xc_) if ($ai>0 && $ai<3);
- &pshufb ($xd,&QWP(0,"eax")); # rot16
- &movdqa(&QWP(16*$bp-128,"ebx"),$xb_) if ($i!=0);
- &paddd ($xc,$xd);
- &movdqa($xc_,&QWP(16*$cn-128,"ebx")) if ($ai>0 && $ai<3);
- &pxor ($xb,$xc);
- &movdqa($xb_,&QWP(16*$bn-128,"ebx")) if ($i<7);
- &movdqa ($xa_,$xb); # borrow as temporary
- &pslld ($xb,12);
- &psrld ($xa_,20);
- &por ($xb,$xa_);
- &movdqa($xa_,&QWP(16*$an-128,"ebx"));
- &paddd ($xa,$xb);
- &movdqa($xd_,&QWP(16*$dn-128,"ebx")) if ($di!=$dn);
- &pxor ($xd,$xa);
- &movdqa (&QWP(16*$ai-128,"ebx"),$xa);
- &pshufb ($xd,&QWP(16,"eax")); # rot8
- &paddd ($xc,$xd);
- &movdqa (&QWP(16*$di-128,"ebx"),$xd) if ($di!=$dn);
- &movdqa ($xd_,$xd) if ($di==$dn);
- &pxor ($xb,$xc);
- &paddd ($xa_,$xb_) if ($i<7); # elsewhere
- &movdqa ($xa,$xb); # borrow as temporary
- &pslld ($xb,7);
- &psrld ($xa,25);
- &pxor ($xd_,$xa_) if ($i<7); # elsewhere
- &por ($xb,$xa);
- ($xa,$xa_)=($xa_,$xa);
- ($xb,$xb_)=($xb_,$xb);
- ($xc,$xc_)=($xc_,$xc);
- ($xd,$xd_)=($xd_,$xd);
- }
- &function_begin("ChaCha20_ssse3");
- &set_label("ssse3_shortcut");
- if ($ymm) {
- &test (&DWP(4,"ebp"),1<<11); # test XOP bit
- &jnz (&label("xop_shortcut"));
- }
- &mov ($out,&wparam(0));
- &mov ($inp,&wparam(1));
- &mov ($len,&wparam(2));
- &mov ("edx",&wparam(3)); # key
- &mov ("ebx",&wparam(4)); # counter and nonce
- &mov ("ebp","esp");
- &stack_push (131);
- &and ("esp",-64);
- &mov (&DWP(512,"esp"),"ebp");
- &lea ("eax",&DWP(&label("ssse3_data")."-".
- &label("pic_point"),"eax"));
- &movdqu ("xmm3",&QWP(0,"ebx")); # counter and nonce
- if (defined($gasver) && $gasver>=2.17) { # even though we encode
- # pshufb manually, we
- # handle only register
- # operands, while this
- # segment uses memory
- # operand...
- &cmp ($len,64*4);
- &jb (&label("1x"));
- &mov (&DWP(512+4,"esp"),"edx"); # offload pointers
- &mov (&DWP(512+8,"esp"),"ebx");
- &sub ($len,64*4); # bias len
- &lea ("ebp",&DWP(256+128,"esp")); # size optimization
- &movdqu ("xmm7",&QWP(0,"edx")); # key
- &pshufd ("xmm0","xmm3",0x00);
- &pshufd ("xmm1","xmm3",0x55);
- &pshufd ("xmm2","xmm3",0xaa);
- &pshufd ("xmm3","xmm3",0xff);
- &paddd ("xmm0",&QWP(16*3,"eax")); # fix counters
- &pshufd ("xmm4","xmm7",0x00);
- &pshufd ("xmm5","xmm7",0x55);
- &psubd ("xmm0",&QWP(16*4,"eax"));
- &pshufd ("xmm6","xmm7",0xaa);
- &pshufd ("xmm7","xmm7",0xff);
- &movdqa (&QWP(16*12-128,"ebp"),"xmm0");
- &movdqa (&QWP(16*13-128,"ebp"),"xmm1");
- &movdqa (&QWP(16*14-128,"ebp"),"xmm2");
- &movdqa (&QWP(16*15-128,"ebp"),"xmm3");
- &movdqu ("xmm3",&QWP(16,"edx")); # key
- &movdqa (&QWP(16*4-128,"ebp"),"xmm4");
- &movdqa (&QWP(16*5-128,"ebp"),"xmm5");
- &movdqa (&QWP(16*6-128,"ebp"),"xmm6");
- &movdqa (&QWP(16*7-128,"ebp"),"xmm7");
- &movdqa ("xmm7",&QWP(16*2,"eax")); # sigma
- &lea ("ebx",&DWP(128,"esp")); # size optimization
- &pshufd ("xmm0","xmm3",0x00);
- &pshufd ("xmm1","xmm3",0x55);
- &pshufd ("xmm2","xmm3",0xaa);
- &pshufd ("xmm3","xmm3",0xff);
- &pshufd ("xmm4","xmm7",0x00);
- &pshufd ("xmm5","xmm7",0x55);
- &pshufd ("xmm6","xmm7",0xaa);
- &pshufd ("xmm7","xmm7",0xff);
- &movdqa (&QWP(16*8-128,"ebp"),"xmm0");
- &movdqa (&QWP(16*9-128,"ebp"),"xmm1");
- &movdqa (&QWP(16*10-128,"ebp"),"xmm2");
- &movdqa (&QWP(16*11-128,"ebp"),"xmm3");
- &movdqa (&QWP(16*0-128,"ebp"),"xmm4");
- &movdqa (&QWP(16*1-128,"ebp"),"xmm5");
- &movdqa (&QWP(16*2-128,"ebp"),"xmm6");
- &movdqa (&QWP(16*3-128,"ebp"),"xmm7");
- &lea ($inp,&DWP(128,$inp)); # size optimization
- &lea ($out,&DWP(128,$out)); # size optimization
- &jmp (&label("outer_loop"));
- &set_label("outer_loop",16);
- #&movdqa ("xmm0",&QWP(16*0-128,"ebp")); # copy key material
- &movdqa ("xmm1",&QWP(16*1-128,"ebp"));
- &movdqa ("xmm2",&QWP(16*2-128,"ebp"));
- &movdqa ("xmm3",&QWP(16*3-128,"ebp"));
- #&movdqa ("xmm4",&QWP(16*4-128,"ebp"));
- &movdqa ("xmm5",&QWP(16*5-128,"ebp"));
- &movdqa ("xmm6",&QWP(16*6-128,"ebp"));
- &movdqa ("xmm7",&QWP(16*7-128,"ebp"));
- #&movdqa (&QWP(16*0-128,"ebx"),"xmm0");
- &movdqa (&QWP(16*1-128,"ebx"),"xmm1");
- &movdqa (&QWP(16*2-128,"ebx"),"xmm2");
- &movdqa (&QWP(16*3-128,"ebx"),"xmm3");
- #&movdqa (&QWP(16*4-128,"ebx"),"xmm4");
- &movdqa (&QWP(16*5-128,"ebx"),"xmm5");
- &movdqa (&QWP(16*6-128,"ebx"),"xmm6");
- &movdqa (&QWP(16*7-128,"ebx"),"xmm7");
- #&movdqa ("xmm0",&QWP(16*8-128,"ebp"));
- #&movdqa ("xmm1",&QWP(16*9-128,"ebp"));
- &movdqa ("xmm2",&QWP(16*10-128,"ebp"));
- &movdqa ("xmm3",&QWP(16*11-128,"ebp"));
- &movdqa ("xmm4",&QWP(16*12-128,"ebp"));
- &movdqa ("xmm5",&QWP(16*13-128,"ebp"));
- &movdqa ("xmm6",&QWP(16*14-128,"ebp"));
- &movdqa ("xmm7",&QWP(16*15-128,"ebp"));
- &paddd ("xmm4",&QWP(16*4,"eax")); # counter value
- #&movdqa (&QWP(16*8-128,"ebx"),"xmm0");
- #&movdqa (&QWP(16*9-128,"ebx"),"xmm1");
- &movdqa (&QWP(16*10-128,"ebx"),"xmm2");
- &movdqa (&QWP(16*11-128,"ebx"),"xmm3");
- &movdqa (&QWP(16*12-128,"ebx"),"xmm4");
- &movdqa (&QWP(16*13-128,"ebx"),"xmm5");
- &movdqa (&QWP(16*14-128,"ebx"),"xmm6");
- &movdqa (&QWP(16*15-128,"ebx"),"xmm7");
- &movdqa (&QWP(16*12-128,"ebp"),"xmm4"); # save counter value
- &movdqa ($xa, &QWP(16*0-128,"ebp"));
- &movdqa ($xd, "xmm4");
- &movdqa ($xb_,&QWP(16*4-128,"ebp"));
- &movdqa ($xc, &QWP(16*8-128,"ebp"));
- &movdqa ($xc_,&QWP(16*9-128,"ebp"));
- &mov ("edx",10); # loop counter
- &nop ();
- &set_label("loop",16);
- &paddd ($xa,$xb_); # elsewhere
- &movdqa ($xb,$xb_);
- &pxor ($xd,$xa); # elsewhere
- &QUARTERROUND_SSSE3(0, 4, 8, 12, 0);
- &QUARTERROUND_SSSE3(1, 5, 9, 13, 1);
- &QUARTERROUND_SSSE3(2, 6,10, 14, 2);
- &QUARTERROUND_SSSE3(3, 7,11, 15, 3);
- &QUARTERROUND_SSSE3(0, 5,10, 15, 4);
- &QUARTERROUND_SSSE3(1, 6,11, 12, 5);
- &QUARTERROUND_SSSE3(2, 7, 8, 13, 6);
- &QUARTERROUND_SSSE3(3, 4, 9, 14, 7);
- &dec ("edx");
- &jnz (&label("loop"));
- &movdqa (&QWP(16*4-128,"ebx"),$xb_);
- &movdqa (&QWP(16*8-128,"ebx"),$xc);
- &movdqa (&QWP(16*9-128,"ebx"),$xc_);
- &movdqa (&QWP(16*12-128,"ebx"),$xd);
- &movdqa (&QWP(16*14-128,"ebx"),$xd_);
- my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
- #&movdqa ($xa0,&QWP(16*0-128,"ebx")); # it's there
- &movdqa ($xa1,&QWP(16*1-128,"ebx"));
- &movdqa ($xa2,&QWP(16*2-128,"ebx"));
- &movdqa ($xa3,&QWP(16*3-128,"ebx"));
- for($i=0;$i<256;$i+=64) {
- &paddd ($xa0,&QWP($i+16*0-128,"ebp")); # accumulate key material
- &paddd ($xa1,&QWP($i+16*1-128,"ebp"));
- &paddd ($xa2,&QWP($i+16*2-128,"ebp"));
- &paddd ($xa3,&QWP($i+16*3-128,"ebp"));
- &movdqa ($xt2,$xa0); # "de-interlace" data
- &punpckldq ($xa0,$xa1);
- &movdqa ($xt3,$xa2);
- &punpckldq ($xa2,$xa3);
- &punpckhdq ($xt2,$xa1);
- &punpckhdq ($xt3,$xa3);
- &movdqa ($xa1,$xa0);
- &punpcklqdq ($xa0,$xa2); # "a0"
- &movdqa ($xa3,$xt2);
- &punpcklqdq ($xt2,$xt3); # "a2"
- &punpckhqdq ($xa1,$xa2); # "a1"
- &punpckhqdq ($xa3,$xt3); # "a3"
- #($xa2,$xt2)=($xt2,$xa2);
- &movdqu ($xt0,&QWP(64*0-128,$inp)); # load input
- &movdqu ($xt1,&QWP(64*1-128,$inp));
- &movdqu ($xa2,&QWP(64*2-128,$inp));
- &movdqu ($xt3,&QWP(64*3-128,$inp));
- &lea ($inp,&QWP($i<192?16:(64*4-16*3),$inp));
- &pxor ($xt0,$xa0);
- &movdqa ($xa0,&QWP($i+16*4-128,"ebx")) if ($i<192);
- &pxor ($xt1,$xa1);
- &movdqa ($xa1,&QWP($i+16*5-128,"ebx")) if ($i<192);
- &pxor ($xt2,$xa2);
- &movdqa ($xa2,&QWP($i+16*6-128,"ebx")) if ($i<192);
- &pxor ($xt3,$xa3);
- &movdqa ($xa3,&QWP($i+16*7-128,"ebx")) if ($i<192);
- &movdqu (&QWP(64*0-128,$out),$xt0); # store output
- &movdqu (&QWP(64*1-128,$out),$xt1);
- &movdqu (&QWP(64*2-128,$out),$xt2);
- &movdqu (&QWP(64*3-128,$out),$xt3);
- &lea ($out,&QWP($i<192?16:(64*4-16*3),$out));
- }
- &sub ($len,64*4);
- &jnc (&label("outer_loop"));
- &add ($len,64*4);
- &jz (&label("done"));
- &mov ("ebx",&DWP(512+8,"esp")); # restore pointers
- &lea ($inp,&DWP(-128,$inp));
- &mov ("edx",&DWP(512+4,"esp"));
- &lea ($out,&DWP(-128,$out));
- &movd ("xmm2",&DWP(16*12-128,"ebp")); # counter value
- &movdqu ("xmm3",&QWP(0,"ebx"));
- &paddd ("xmm2",&QWP(16*6,"eax")); # +four
- &pand ("xmm3",&QWP(16*7,"eax"));
- &por ("xmm3","xmm2"); # counter value
- }
- {
- my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
- sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round
- &paddd ($a,$b);
- &pxor ($d,$a);
- &pshufb ($d,$rot16);
- &paddd ($c,$d);
- &pxor ($b,$c);
- &movdqa ($t,$b);
- &psrld ($b,20);
- &pslld ($t,12);
- &por ($b,$t);
- &paddd ($a,$b);
- &pxor ($d,$a);
- &pshufb ($d,$rot24);
- &paddd ($c,$d);
- &pxor ($b,$c);
- &movdqa ($t,$b);
- &psrld ($b,25);
- &pslld ($t,7);
- &por ($b,$t);
- }
- &set_label("1x");
- &movdqa ($a,&QWP(16*2,"eax")); # sigma
- &movdqu ($b,&QWP(0,"edx"));
- &movdqu ($c,&QWP(16,"edx"));
- #&movdqu ($d,&QWP(0,"ebx")); # already loaded
- &movdqa ($rot16,&QWP(0,"eax"));
- &movdqa ($rot24,&QWP(16,"eax"));
- &mov (&DWP(16*3,"esp"),"ebp");
- &movdqa (&QWP(16*0,"esp"),$a);
- &movdqa (&QWP(16*1,"esp"),$b);
- &movdqa (&QWP(16*2,"esp"),$c);
- &movdqa (&QWP(16*3,"esp"),$d);
- &mov ("edx",10);
- &jmp (&label("loop1x"));
- &set_label("outer1x",16);
- &movdqa ($d,&QWP(16*5,"eax")); # one
- &movdqa ($a,&QWP(16*0,"esp"));
- &movdqa ($b,&QWP(16*1,"esp"));
- &movdqa ($c,&QWP(16*2,"esp"));
- &paddd ($d,&QWP(16*3,"esp"));
- &mov ("edx",10);
- &movdqa (&QWP(16*3,"esp"),$d);
- &jmp (&label("loop1x"));
- &set_label("loop1x",16);
- &SSSE3ROUND();
- &pshufd ($c,$c,0b01001110);
- &pshufd ($b,$b,0b00111001);
- &pshufd ($d,$d,0b10010011);
- &nop ();
- &SSSE3ROUND();
- &pshufd ($c,$c,0b01001110);
- &pshufd ($b,$b,0b10010011);
- &pshufd ($d,$d,0b00111001);
- &dec ("edx");
- &jnz (&label("loop1x"));
- &paddd ($a,&QWP(16*0,"esp"));
- &paddd ($b,&QWP(16*1,"esp"));
- &paddd ($c,&QWP(16*2,"esp"));
- &paddd ($d,&QWP(16*3,"esp"));
- &cmp ($len,64);
- &jb (&label("tail"));
- &movdqu ($t,&QWP(16*0,$inp));
- &movdqu ($t1,&QWP(16*1,$inp));
- &pxor ($a,$t); # xor with input
- &movdqu ($t,&QWP(16*2,$inp));
- &pxor ($b,$t1);
- &movdqu ($t1,&QWP(16*3,$inp));
- &pxor ($c,$t);
- &pxor ($d,$t1);
- &lea ($inp,&DWP(16*4,$inp)); # inp+=64
- &movdqu (&QWP(16*0,$out),$a); # write output
- &movdqu (&QWP(16*1,$out),$b);
- &movdqu (&QWP(16*2,$out),$c);
- &movdqu (&QWP(16*3,$out),$d);
- &lea ($out,&DWP(16*4,$out)); # inp+=64
- &sub ($len,64);
- &jnz (&label("outer1x"));
- &jmp (&label("done"));
- &set_label("tail");
- &movdqa (&QWP(16*0,"esp"),$a);
- &movdqa (&QWP(16*1,"esp"),$b);
- &movdqa (&QWP(16*2,"esp"),$c);
- &movdqa (&QWP(16*3,"esp"),$d);
- &xor ("eax","eax");
- &xor ("edx","edx");
- &xor ("ebp","ebp");
- &set_label("tail_loop");
- &movb ("al",&BP(0,"esp","ebp"));
- &movb ("dl",&BP(0,$inp,"ebp"));
- &lea ("ebp",&DWP(1,"ebp"));
- &xor ("al","dl");
- &movb (&BP(-1,$out,"ebp"),"al");
- &dec ($len);
- &jnz (&label("tail_loop"));
- }
- &set_label("done");
- &mov ("esp",&DWP(512,"esp"));
- &function_end("ChaCha20_ssse3");
- &align (64);
- &set_label("ssse3_data");
- &data_byte(0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd);
- &data_byte(0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe);
- &data_word(0x61707865,0x3320646e,0x79622d32,0x6b206574);
- &data_word(0,1,2,3);
- &data_word(4,4,4,4);
- &data_word(1,0,0,0);
- &data_word(4,0,0,0);
- &data_word(0,-1,-1,-1);
- &align (64);
- }
- &asciz ("ChaCha20 for x86, CRYPTOGAMS by <appro\@openssl.org>");
- if ($ymm) {
- my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7));
- my ($out,$inp,$len)=("edi","esi","ecx");
- sub QUARTERROUND_XOP {
- my ($ai,$bi,$ci,$di,$i)=@_;
- my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next
- my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous
- # a b c d
- #
- # 0 4 8 12 < even round
- # 1 5 9 13
- # 2 6 10 14
- # 3 7 11 15
- # 0 5 10 15 < odd round
- # 1 6 11 12
- # 2 7 8 13
- # 3 4 9 14
- if ($i==0) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==3) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn));
- } elsif ($i==4) {
- my $j=4;
- ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp));
- } elsif ($i==7) {
- my $j=0;
- ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn));
- }
- #&vpaddd ($xa,$xa,$xb); # see elsewhere
- #&vpxor ($xd,$xd,$xa); # see elsewhere
- &vmovdqa (&QWP(16*$cp-128,"ebx"),$xc_) if ($ai>0 && $ai<3);
- &vprotd ($xd,$xd,16);
- &vmovdqa (&QWP(16*$bp-128,"ebx"),$xb_) if ($i!=0);
- &vpaddd ($xc,$xc,$xd);
- &vmovdqa ($xc_,&QWP(16*$cn-128,"ebx")) if ($ai>0 && $ai<3);
- &vpxor ($xb,$i!=0?$xb:$xb_,$xc);
- &vmovdqa ($xa_,&QWP(16*$an-128,"ebx"));
- &vprotd ($xb,$xb,12);
- &vmovdqa ($xb_,&QWP(16*$bn-128,"ebx")) if ($i<7);
- &vpaddd ($xa,$xa,$xb);
- &vmovdqa ($xd_,&QWP(16*$dn-128,"ebx")) if ($di!=$dn);
- &vpxor ($xd,$xd,$xa);
- &vpaddd ($xa_,$xa_,$xb_) if ($i<7); # elsewhere
- &vprotd ($xd,$xd,8);
- &vmovdqa (&QWP(16*$ai-128,"ebx"),$xa);
- &vpaddd ($xc,$xc,$xd);
- &vmovdqa (&QWP(16*$di-128,"ebx"),$xd) if ($di!=$dn);
- &vpxor ($xb,$xb,$xc);
- &vpxor ($xd_,$di==$dn?$xd:$xd_,$xa_) if ($i<7); # elsewhere
- &vprotd ($xb,$xb,7);
- ($xa,$xa_)=($xa_,$xa);
- ($xb,$xb_)=($xb_,$xb);
- ($xc,$xc_)=($xc_,$xc);
- ($xd,$xd_)=($xd_,$xd);
- }
- &function_begin("ChaCha20_xop");
- &set_label("xop_shortcut");
- &mov ($out,&wparam(0));
- &mov ($inp,&wparam(1));
- &mov ($len,&wparam(2));
- &mov ("edx",&wparam(3)); # key
- &mov ("ebx",&wparam(4)); # counter and nonce
- &vzeroupper ();
- &mov ("ebp","esp");
- &stack_push (131);
- &and ("esp",-64);
- &mov (&DWP(512,"esp"),"ebp");
- &lea ("eax",&DWP(&label("ssse3_data")."-".
- &label("pic_point"),"eax"));
- &vmovdqu ("xmm3",&QWP(0,"ebx")); # counter and nonce
- &cmp ($len,64*4);
- &jb (&label("1x"));
- &mov (&DWP(512+4,"esp"),"edx"); # offload pointers
- &mov (&DWP(512+8,"esp"),"ebx");
- &sub ($len,64*4); # bias len
- &lea ("ebp",&DWP(256+128,"esp")); # size optimization
- &vmovdqu ("xmm7",&QWP(0,"edx")); # key
- &vpshufd ("xmm0","xmm3",0x00);
- &vpshufd ("xmm1","xmm3",0x55);
- &vpshufd ("xmm2","xmm3",0xaa);
- &vpshufd ("xmm3","xmm3",0xff);
- &vpaddd ("xmm0","xmm0",&QWP(16*3,"eax")); # fix counters
- &vpshufd ("xmm4","xmm7",0x00);
- &vpshufd ("xmm5","xmm7",0x55);
- &vpsubd ("xmm0","xmm0",&QWP(16*4,"eax"));
- &vpshufd ("xmm6","xmm7",0xaa);
- &vpshufd ("xmm7","xmm7",0xff);
- &vmovdqa (&QWP(16*12-128,"ebp"),"xmm0");
- &vmovdqa (&QWP(16*13-128,"ebp"),"xmm1");
- &vmovdqa (&QWP(16*14-128,"ebp"),"xmm2");
- &vmovdqa (&QWP(16*15-128,"ebp"),"xmm3");
- &vmovdqu ("xmm3",&QWP(16,"edx")); # key
- &vmovdqa (&QWP(16*4-128,"ebp"),"xmm4");
- &vmovdqa (&QWP(16*5-128,"ebp"),"xmm5");
- &vmovdqa (&QWP(16*6-128,"ebp"),"xmm6");
- &vmovdqa (&QWP(16*7-128,"ebp"),"xmm7");
- &vmovdqa ("xmm7",&QWP(16*2,"eax")); # sigma
- &lea ("ebx",&DWP(128,"esp")); # size optimization
- &vpshufd ("xmm0","xmm3",0x00);
- &vpshufd ("xmm1","xmm3",0x55);
- &vpshufd ("xmm2","xmm3",0xaa);
- &vpshufd ("xmm3","xmm3",0xff);
- &vpshufd ("xmm4","xmm7",0x00);
- &vpshufd ("xmm5","xmm7",0x55);
- &vpshufd ("xmm6","xmm7",0xaa);
- &vpshufd ("xmm7","xmm7",0xff);
- &vmovdqa (&QWP(16*8-128,"ebp"),"xmm0");
- &vmovdqa (&QWP(16*9-128,"ebp"),"xmm1");
- &vmovdqa (&QWP(16*10-128,"ebp"),"xmm2");
- &vmovdqa (&QWP(16*11-128,"ebp"),"xmm3");
- &vmovdqa (&QWP(16*0-128,"ebp"),"xmm4");
- &vmovdqa (&QWP(16*1-128,"ebp"),"xmm5");
- &vmovdqa (&QWP(16*2-128,"ebp"),"xmm6");
- &vmovdqa (&QWP(16*3-128,"ebp"),"xmm7");
- &lea ($inp,&DWP(128,$inp)); # size optimization
- &lea ($out,&DWP(128,$out)); # size optimization
- &jmp (&label("outer_loop"));
- &set_label("outer_loop",32);
- #&vmovdqa ("xmm0",&QWP(16*0-128,"ebp")); # copy key material
- &vmovdqa ("xmm1",&QWP(16*1-128,"ebp"));
- &vmovdqa ("xmm2",&QWP(16*2-128,"ebp"));
- &vmovdqa ("xmm3",&QWP(16*3-128,"ebp"));
- #&vmovdqa ("xmm4",&QWP(16*4-128,"ebp"));
- &vmovdqa ("xmm5",&QWP(16*5-128,"ebp"));
- &vmovdqa ("xmm6",&QWP(16*6-128,"ebp"));
- &vmovdqa ("xmm7",&QWP(16*7-128,"ebp"));
- #&vmovdqa (&QWP(16*0-128,"ebx"),"xmm0");
- &vmovdqa (&QWP(16*1-128,"ebx"),"xmm1");
- &vmovdqa (&QWP(16*2-128,"ebx"),"xmm2");
- &vmovdqa (&QWP(16*3-128,"ebx"),"xmm3");
- #&vmovdqa (&QWP(16*4-128,"ebx"),"xmm4");
- &vmovdqa (&QWP(16*5-128,"ebx"),"xmm5");
- &vmovdqa (&QWP(16*6-128,"ebx"),"xmm6");
- &vmovdqa (&QWP(16*7-128,"ebx"),"xmm7");
- #&vmovdqa ("xmm0",&QWP(16*8-128,"ebp"));
- #&vmovdqa ("xmm1",&QWP(16*9-128,"ebp"));
- &vmovdqa ("xmm2",&QWP(16*10-128,"ebp"));
- &vmovdqa ("xmm3",&QWP(16*11-128,"ebp"));
- &vmovdqa ("xmm4",&QWP(16*12-128,"ebp"));
- &vmovdqa ("xmm5",&QWP(16*13-128,"ebp"));
- &vmovdqa ("xmm6",&QWP(16*14-128,"ebp"));
- &vmovdqa ("xmm7",&QWP(16*15-128,"ebp"));
- &vpaddd ("xmm4","xmm4",&QWP(16*4,"eax")); # counter value
- #&vmovdqa (&QWP(16*8-128,"ebx"),"xmm0");
- #&vmovdqa (&QWP(16*9-128,"ebx"),"xmm1");
- &vmovdqa (&QWP(16*10-128,"ebx"),"xmm2");
- &vmovdqa (&QWP(16*11-128,"ebx"),"xmm3");
- &vmovdqa (&QWP(16*12-128,"ebx"),"xmm4");
- &vmovdqa (&QWP(16*13-128,"ebx"),"xmm5");
- &vmovdqa (&QWP(16*14-128,"ebx"),"xmm6");
- &vmovdqa (&QWP(16*15-128,"ebx"),"xmm7");
- &vmovdqa (&QWP(16*12-128,"ebp"),"xmm4"); # save counter value
- &vmovdqa ($xa, &QWP(16*0-128,"ebp"));
- &vmovdqa ($xd, "xmm4");
- &vmovdqa ($xb_,&QWP(16*4-128,"ebp"));
- &vmovdqa ($xc, &QWP(16*8-128,"ebp"));
- &vmovdqa ($xc_,&QWP(16*9-128,"ebp"));
- &mov ("edx",10); # loop counter
- &nop ();
- &set_label("loop",32);
- &vpaddd ($xa,$xa,$xb_); # elsewhere
- &vpxor ($xd,$xd,$xa); # elsewhere
- &QUARTERROUND_XOP(0, 4, 8, 12, 0);
- &QUARTERROUND_XOP(1, 5, 9, 13, 1);
- &QUARTERROUND_XOP(2, 6,10, 14, 2);
- &QUARTERROUND_XOP(3, 7,11, 15, 3);
- &QUARTERROUND_XOP(0, 5,10, 15, 4);
- &QUARTERROUND_XOP(1, 6,11, 12, 5);
- &QUARTERROUND_XOP(2, 7, 8, 13, 6);
- &QUARTERROUND_XOP(3, 4, 9, 14, 7);
- &dec ("edx");
- &jnz (&label("loop"));
- &vmovdqa (&QWP(16*4-128,"ebx"),$xb_);
- &vmovdqa (&QWP(16*8-128,"ebx"),$xc);
- &vmovdqa (&QWP(16*9-128,"ebx"),$xc_);
- &vmovdqa (&QWP(16*12-128,"ebx"),$xd);
- &vmovdqa (&QWP(16*14-128,"ebx"),$xd_);
- my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7));
- #&vmovdqa ($xa0,&QWP(16*0-128,"ebx")); # it's there
- &vmovdqa ($xa1,&QWP(16*1-128,"ebx"));
- &vmovdqa ($xa2,&QWP(16*2-128,"ebx"));
- &vmovdqa ($xa3,&QWP(16*3-128,"ebx"));
- for($i=0;$i<256;$i+=64) {
- &vpaddd ($xa0,$xa0,&QWP($i+16*0-128,"ebp")); # accumulate key material
- &vpaddd ($xa1,$xa1,&QWP($i+16*1-128,"ebp"));
- &vpaddd ($xa2,$xa2,&QWP($i+16*2-128,"ebp"));
- &vpaddd ($xa3,$xa3,&QWP($i+16*3-128,"ebp"));
- &vpunpckldq ($xt2,$xa0,$xa1); # "de-interlace" data
- &vpunpckldq ($xt3,$xa2,$xa3);
- &vpunpckhdq ($xa0,$xa0,$xa1);
- &vpunpckhdq ($xa2,$xa2,$xa3);
- &vpunpcklqdq ($xa1,$xt2,$xt3); # "a0"
- &vpunpckhqdq ($xt2,$xt2,$xt3); # "a1"
- &vpunpcklqdq ($xt3,$xa0,$xa2); # "a2"
- &vpunpckhqdq ($xa3,$xa0,$xa2); # "a3"
- &vpxor ($xt0,$xa1,&QWP(64*0-128,$inp));
- &vpxor ($xt1,$xt2,&QWP(64*1-128,$inp));
- &vpxor ($xt2,$xt3,&QWP(64*2-128,$inp));
- &vpxor ($xt3,$xa3,&QWP(64*3-128,$inp));
- &lea ($inp,&QWP($i<192?16:(64*4-16*3),$inp));
- &vmovdqa ($xa0,&QWP($i+16*4-128,"ebx")) if ($i<192);
- &vmovdqa ($xa1,&QWP($i+16*5-128,"ebx")) if ($i<192);
- &vmovdqa ($xa2,&QWP($i+16*6-128,"ebx")) if ($i<192);
- &vmovdqa ($xa3,&QWP($i+16*7-128,"ebx")) if ($i<192);
- &vmovdqu (&QWP(64*0-128,$out),$xt0); # store output
- &vmovdqu (&QWP(64*1-128,$out),$xt1);
- &vmovdqu (&QWP(64*2-128,$out),$xt2);
- &vmovdqu (&QWP(64*3-128,$out),$xt3);
- &lea ($out,&QWP($i<192?16:(64*4-16*3),$out));
- }
- &sub ($len,64*4);
- &jnc (&label("outer_loop"));
- &add ($len,64*4);
- &jz (&label("done"));
- &mov ("ebx",&DWP(512+8,"esp")); # restore pointers
- &lea ($inp,&DWP(-128,$inp));
- &mov ("edx",&DWP(512+4,"esp"));
- &lea ($out,&DWP(-128,$out));
- &vmovd ("xmm2",&DWP(16*12-128,"ebp")); # counter value
- &vmovdqu ("xmm3",&QWP(0,"ebx"));
- &vpaddd ("xmm2","xmm2",&QWP(16*6,"eax"));# +four
- &vpand ("xmm3","xmm3",&QWP(16*7,"eax"));
- &vpor ("xmm3","xmm3","xmm2"); # counter value
- {
- my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7));
- sub XOPROUND {
- &vpaddd ($a,$a,$b);
- &vpxor ($d,$d,$a);
- &vprotd ($d,$d,16);
- &vpaddd ($c,$c,$d);
- &vpxor ($b,$b,$c);
- &vprotd ($b,$b,12);
- &vpaddd ($a,$a,$b);
- &vpxor ($d,$d,$a);
- &vprotd ($d,$d,8);
- &vpaddd ($c,$c,$d);
- &vpxor ($b,$b,$c);
- &vprotd ($b,$b,7);
- }
- &set_label("1x");
- &vmovdqa ($a,&QWP(16*2,"eax")); # sigma
- &vmovdqu ($b,&QWP(0,"edx"));
- &vmovdqu ($c,&QWP(16,"edx"));
- #&vmovdqu ($d,&QWP(0,"ebx")); # already loaded
- &vmovdqa ($rot16,&QWP(0,"eax"));
- &vmovdqa ($rot24,&QWP(16,"eax"));
- &mov (&DWP(16*3,"esp"),"ebp");
- &vmovdqa (&QWP(16*0,"esp"),$a);
- &vmovdqa (&QWP(16*1,"esp"),$b);
- &vmovdqa (&QWP(16*2,"esp"),$c);
- &vmovdqa (&QWP(16*3,"esp"),$d);
- &mov ("edx",10);
- &jmp (&label("loop1x"));
- &set_label("outer1x",16);
- &vmovdqa ($d,&QWP(16*5,"eax")); # one
- &vmovdqa ($a,&QWP(16*0,"esp"));
- &vmovdqa ($b,&QWP(16*1,"esp"));
- &vmovdqa ($c,&QWP(16*2,"esp"));
- &vpaddd ($d,$d,&QWP(16*3,"esp"));
- &mov ("edx",10);
- &vmovdqa (&QWP(16*3,"esp"),$d);
- &jmp (&label("loop1x"));
- &set_label("loop1x",16);
- &XOPROUND();
- &vpshufd ($c,$c,0b01001110);
- &vpshufd ($b,$b,0b00111001);
- &vpshufd ($d,$d,0b10010011);
- &XOPROUND();
- &vpshufd ($c,$c,0b01001110);
- &vpshufd ($b,$b,0b10010011);
- &vpshufd ($d,$d,0b00111001);
- &dec ("edx");
- &jnz (&label("loop1x"));
- &vpaddd ($a,$a,&QWP(16*0,"esp"));
- &vpaddd ($b,$b,&QWP(16*1,"esp"));
- &vpaddd ($c,$c,&QWP(16*2,"esp"));
- &vpaddd ($d,$d,&QWP(16*3,"esp"));
- &cmp ($len,64);
- &jb (&label("tail"));
- &vpxor ($a,$a,&QWP(16*0,$inp)); # xor with input
- &vpxor ($b,$b,&QWP(16*1,$inp));
- &vpxor ($c,$c,&QWP(16*2,$inp));
- &vpxor ($d,$d,&QWP(16*3,$inp));
- &lea ($inp,&DWP(16*4,$inp)); # inp+=64
- &vmovdqu (&QWP(16*0,$out),$a); # write output
- &vmovdqu (&QWP(16*1,$out),$b);
- &vmovdqu (&QWP(16*2,$out),$c);
- &vmovdqu (&QWP(16*3,$out),$d);
- &lea ($out,&DWP(16*4,$out)); # inp+=64
- &sub ($len,64);
- &jnz (&label("outer1x"));
- &jmp (&label("done"));
- &set_label("tail");
- &vmovdqa (&QWP(16*0,"esp"),$a);
- &vmovdqa (&QWP(16*1,"esp"),$b);
- &vmovdqa (&QWP(16*2,"esp"),$c);
- &vmovdqa (&QWP(16*3,"esp"),$d);
- &xor ("eax","eax");
- &xor ("edx","edx");
- &xor ("ebp","ebp");
- &set_label("tail_loop");
- &movb ("al",&BP(0,"esp","ebp"));
- &movb ("dl",&BP(0,$inp,"ebp"));
- &lea ("ebp",&DWP(1,"ebp"));
- &xor ("al","dl");
- &movb (&BP(-1,$out,"ebp"),"al");
- &dec ($len);
- &jnz (&label("tail_loop"));
- }
- &set_label("done");
- &vzeroupper ();
- &mov ("esp",&DWP(512,"esp"));
- &function_end("ChaCha20_xop");
- }
- &asm_finish();
- close STDOUT;
|