Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Branch: OpenSSL-fips-2_0-stable
Branches Tags
openssl
/
crypto
/
sha
/
asm
/
sha256-c64xplus.pl

sha256-c64xplus.pl 8.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292 
  1. #!/usr/bin/env perl
    2. 

  2. #
    3. 

  3. # ====================================================================
    4. 

  4. # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
    5. 

  5. # project. The module is, however, dual licensed under OpenSSL and
    6. 

  6. # CRYPTOGAMS licenses depending on where you obtain it. For further
    7. 

  7. # details see http://www.openssl.org/~appro/cryptogams/.
    8. 

  8. # ====================================================================
    9. 

  9. #
    10. 

  10. # SHA256 for C64x+.
    11. 

  11. #
    12. 

  12. # January 2012
    13. 

  13. #
    14. 

  14. # Performance is just below 10 cycles per processed byte, which is
    15. 

  15. # almost 40% faster than compiler-generated code. Unroll is unlikely
    16. 

  16. # to give more than ~8% improvement...
    17. 

  17. #
    18. 

  18. # !!! Note that this module uses AMR, which means that all interrupt
    19. 

  19. # service routines are expected to preserve it and for own well-being
    20. 

  20. # zero it upon entry.
    21. 

  21. 

  22. while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
    23. 

  23. open STDOUT,">$output";
    24. 

  24. 

  25. ($CTXA,$INP,$NUM) = ("A4","B4","A6");            # arguments
    26. 

  26.  $K256="A3";
    27. 

  27. 

  28. ($A,$Actx,$B,$Bctx,$C,$Cctx,$D,$Dctx,$T2,$S0,$s1,$t0a,$t1a,$t2a,$X9,$X14)
    29. 

  29. 	=map("A$_",(16..31));
    30. 

  30. ($E,$Ectx,$F,$Fctx,$G,$Gctx,$H,$Hctx,$T1,$S1,$s0,$t0e,$t1e,$t2e,$X1,$X15)
    31. 

  31. 	=map("B$_",(16..31));
    32. 

  32. 

  33. ($Xia,$Xib)=("A5","B5");			# circular/ring buffer
    34. 

  34.  $CTXB=$t2e;
    35. 

  35. 

  36. ($Xn,$X0,$K)=("B7","B8","B9");
    37. 

  37. ($Maj,$Ch)=($T2,"B6");
    38. 

  38. 

  39. $code.=<<___;
    40. 

  40. 	.text
    41. 

  41. 

  42. 	.asg	B3,RA
    43. 

  43. 	.asg	A15,FP
    44. 

  44. 	.asg	B15,SP
    45. 

  45. 

  46. 	.if	.BIG_ENDIAN
    47. 

  47. 	.asg	SWAP2,MV
    48. 

  48. 	.asg	SWAP4,MV
    49. 

  49. 	.endif
    50. 

  50. 

  51. 	.global	_sha256_block_data_order
    52. 

  52. _sha256_block_data_order:
    53. 

  53. 	.asmfunc stack_usage(64)
    54. 

  54. 	MV	$NUM,A0				; reassign $NUM
    55. 

  55. ||	MVK	-64,B0
    56. 

  56.   [!A0]	BNOP	RA				; if ($NUM==0) return;
    57. 

  57. || [A0]	STW	FP,*SP--[16]			; save frame pointer and alloca(64)
    58. 

  58. || [A0]	MV	SP,FP
    59. 

  59.    [A0]	ADDKPC	_sha256_block_data_order,B2
    60. 

  60. || [A0]	AND	B0,SP,SP			; align stack at 64 bytes
    61. 

  61.    [A0]	MVK	0x00404,B1
    62. 

  62. || [A0]	MVKL	(K256-_sha256_block_data_order),$K256
    63. 

  63.    [A0]	MVKH	0x50000,B1
    64. 

  64. || [A0]	MVKH	(K256-_sha256_block_data_order),$K256
    65. 

  65.    [A0]	MVC	B1,AMR				; setup circular addressing
    66. 

  66. || [A0]	MV	SP,$Xia
    67. 

  67.    [A0]	MV	SP,$Xib
    68. 

  68. || [A0]	ADD	B2,$K256,$K256
    69. 

  69. || [A0]	MV	$CTXA,$CTXB
    70. 

  70. || [A0]	SUBAW	SP,2,SP				; reserve two words above buffer
    71. 

  71. 	LDW	*${CTXA}[0],$A			; load ctx
    72. 

  72. ||	LDW	*${CTXB}[4],$E
    73. 

  73. 	LDW	*${CTXA}[1],$B
    74. 

  74. ||	LDW	*${CTXB}[5],$F
    75. 

  75. 	LDW	*${CTXA}[2],$C
    76. 

  76. ||	LDW	*${CTXB}[6],$G
    77. 

  77. 	LDW	*${CTXA}[3],$D
    78. 

  78. ||	LDW	*${CTXB}[7],$H
    79. 

  79. 

  80. 	LDNW	*$INP++,$Xn			; pre-fetch input
    81. 

  81. 	LDW	*$K256++,$K			; pre-fetch K256[0]
    82. 

  82. 	MVK	14,B0				; loop counters
    83. 

  83. 	MVK	47,B1
    84. 

  84. ||	ADDAW	$Xia,9,$Xia
    85. 

  85. outerloop?:
    86. 

  86. 	SUB	A0,1,A0
    87. 

  87. ||	MV	$A,$Actx
    88. 

  88. ||	MV	$E,$Ectx
    89. 

  89. ||	MVD	$B,$Bctx
    90. 

  90. ||	MVD	$F,$Fctx
    91. 

  91. 	MV	$C,$Cctx
    92. 

  92. ||	MV	$G,$Gctx
    93. 

  93. ||	MVD	$D,$Dctx
    94. 

  94. ||	MVD	$H,$Hctx
    95. 

  95. ||	SWAP4	$Xn,$X0
    96. 

  96. 

  97. 	SPLOOPD	8				; BODY_00_14
    98. 

  98. ||	MVC	B0,ILC
    99. 

  99. ||	SWAP2	$X0,$X0
    100. 

  100. 

  101. 	LDNW	*$INP++,$Xn
    102. 

  102. ||	ROTL	$A,30,$S0
    103. 

  103. ||	OR	$A,$B,$Maj
    104. 

  104. ||	AND	$A,$B,$t2a
    105. 

  105. ||	ROTL	$E,26,$S1
    106. 

  106. ||	AND	$F,$E,$Ch
    107. 

  107. ||	ANDN	$G,$E,$t2e
    108. 

  108. 	ROTL	$A,19,$t0a
    109. 

  109. ||	AND	$C,$Maj,$Maj
    110. 

  110. ||	ROTL	$E,21,$t0e
    111. 

  111. ||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
    112. 

  112. 	ROTL	$A,10,$t1a
    113. 

  113. ||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
    114. 

  114. ||	ROTL	$E,7,$t1e
    115. 

  115. ||	ADD	$K,$H,$T1			; T1 = h + K256[i]
    116. 

  116. 	ADD	$X0,$T1,$T1			; T1 += X[i];
    117. 

  117. ||	STW	$X0,*$Xib++
    118. 

  118. ||	XOR	$t0a,$S0,$S0
    119. 

  119. ||	XOR	$t0e,$S1,$S1
    120. 

  120. 	XOR	$t1a,$S0,$S0			; Sigma0(a)
    121. 

  121. ||	XOR	$t1e,$S1,$S1			; Sigma1(e)
    122. 

  122. ||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
    123. 

  123. ||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
    124. 

  124. 	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
    125. 

  125. ||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
    126. 

  126. ||	ROTL	$G,0,$H				; h = g
    127. 

  127. ||	MV	$F,$G				; g = f
    128. 

  128. ||	MV	$X0,$X14
    129. 

  129. ||	SWAP4	$Xn,$X0
    130. 

  130. 	SWAP2	$X0,$X0
    131. 

  131. ||	MV	$E,$F				; f = e
    132. 

  132. ||	ADD	$D,$T1,$E			; e = d + T1
    133. 

  133. ||	MV	$C,$D				; d = c
    134. 

  134. 	MV	$B,$C				; c = b
    135. 

  135. ||	MV	$A,$B				; b = a
    136. 

  136. ||	ADD	$T1,$T2,$A			; a = T1 + T2
    137. 

  137. 	SPKERNEL
    138. 

  138. 

  139. 	ROTL	$A,30,$S0			; BODY_15
    140. 

  140. ||	OR	$A,$B,$Maj
    141. 

  141. ||	AND	$A,$B,$t2a
    142. 

  142. ||	ROTL	$E,26,$S1
    143. 

  143. ||	AND	$F,$E,$Ch
    144. 

  144. ||	ANDN	$G,$E,$t2e
    145. 

  145. ||	LDW	*${Xib}[1],$Xn			; modulo-scheduled
    146. 

  146. 	ROTL	$A,19,$t0a
    147. 

  147. ||	AND	$C,$Maj,$Maj
    148. 

  148. ||	ROTL	$E,21,$t0e
    149. 

  149. ||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
    150. 

  150. ||	LDW	*${Xib}[2],$X1			; modulo-scheduled
    151. 

  151. 	ROTL	$A,10,$t1a
    152. 

  152. ||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
    153. 

  153. ||	ROTL	$E,7,$t1e
    154. 

  154. ||	ADD	$K,$H,$T1			; T1 = h + K256[i]
    155. 

  155. 	ADD	$X0,$T1,$T1			; T1 += X[i];
    156. 

  156. ||	STW	$X0,*$Xib++
    157. 

  157. ||	XOR	$t0a,$S0,$S0
    158. 

  158. ||	XOR	$t0e,$S1,$S1
    159. 

  159. 	XOR	$t1a,$S0,$S0			; Sigma0(a)
    160. 

  160. ||	XOR	$t1e,$S1,$S1			; Sigma1(e)
    161. 

  161. ||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
    162. 

  162. ||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
    163. 

  163. 	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
    164. 

  164. ||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
    165. 

  165. ||	ROTL	$G,0,$H				; h = g
    166. 

  166. ||	MV	$F,$G				; g = f
    167. 

  167. ||	MV	$X0,$X15
    168. 

  168. 	MV	$E,$F				; f = e
    169. 

  169. ||	ADD	$D,$T1,$E			; e = d + T1
    170. 

  170. ||	MV	$C,$D				; d = c
    171. 

  171. ||	MV	$Xn,$X0				; modulo-scheduled
    172. 

  172. ||	LDW	*$Xia,$X9			; modulo-scheduled
    173. 

  173. ||	ROTL	$X1,25,$t0e			; modulo-scheduled
    174. 

  174. ||	ROTL	$X14,15,$t0a			; modulo-scheduled
    175. 

  175. 	SHRU	$X1,3,$s0			; modulo-scheduled
    176. 

  176. ||	SHRU	$X14,10,$s1			; modulo-scheduled
    177. 

  177. ||	ROTL	$B,0,$C				; c = b
    178. 

  178. ||	MV	$A,$B				; b = a
    179. 

  179. ||	ADD	$T1,$T2,$A			; a = T1 + T2
    180. 

  180. 

  181. 	SPLOOPD	10				; BODY_16_63
    182. 

  182. ||	MVC	B1,ILC
    183. 

  183. ||	ROTL	$X1,14,$t1e			; modulo-scheduled
    184. 

  184. ||	ROTL	$X14,13,$t1a			; modulo-scheduled
    185. 

  185. 

  186. 	XOR	$t0e,$s0,$s0
    187. 

  187. ||	XOR	$t0a,$s1,$s1
    188. 

  188. ||	MV	$X15,$X14
    189. 

  189. ||	MV	$X1,$Xn
    190. 

  190. 	XOR	$t1e,$s0,$s0			; sigma0(X[i+1])
    191. 

  191. ||	XOR	$t1a,$s1,$s1			; sigma1(X[i+14])
    192. 

  192. ||	LDW	*${Xib}[2],$X1			; module-scheduled
    193. 

  193. 	ROTL	$A,30,$S0
    194. 

  194. ||	OR	$A,$B,$Maj
    195. 

  195. ||	AND	$A,$B,$t2a
    196. 

  196. ||	ROTL	$E,26,$S1
    197. 

  197. ||	AND	$F,$E,$Ch
    198. 

  198. ||	ANDN	$G,$E,$t2e
    199. 

  199. ||	ADD	$X9,$X0,$X0			; X[i] += X[i+9]
    200. 

  200. 	ROTL	$A,19,$t0a
    201. 

  201. ||	AND	$C,$Maj,$Maj
    202. 

  202. ||	ROTL	$E,21,$t0e
    203. 

  203. ||	XOR	$t2e,$Ch,$Ch			; Ch(e,f,g) = (e&f)^(~e&g)
    204. 

  204. ||	ADD	$s0,$X0,$X0			; X[i] += sigma1(X[i+1])
    205. 

  205. 	ROTL	$A,10,$t1a
    206. 

  206. ||	OR	$t2a,$Maj,$Maj			; Maj(a,b,c) = ((a|b)&c)|(a&b)
    207. 

  207. ||	ROTL	$E,7,$t1e
    208. 

  208. ||	ADD	$H,$K,$T1			; T1 = h + K256[i]
    209. 

  209. ||	ADD	$s1,$X0,$X0			; X[i] += sigma1(X[i+14])
    210. 

  210. 	XOR	$t0a,$S0,$S0
    211. 

  211. ||	XOR	$t0e,$S1,$S1
    212. 

  212. ||	ADD	$X0,$T1,$T1			; T1 += X[i]
    213. 

  213. ||	STW	$X0,*$Xib++
    214. 

  214. 	XOR	$t1a,$S0,$S0			; Sigma0(a)
    215. 

  215. ||	XOR	$t1e,$S1,$S1			; Sigma1(e)
    216. 

  216. ||	ADD	$Ch,$T1,$T1			; T1 += Ch(e,f,g)
    217. 

  217. ||	MV	$X0,$X15
    218. 

  218. ||	ROTL	$G,0,$H				; h = g
    219. 

  219. ||	LDW	*$K256++,$K			; pre-fetch K256[i+1]
    220. 

  220. 	ADD	$S1,$T1,$T1			; T1 += Sigma1(e)
    221. 

  221. ||	ADD	$S0,$Maj,$T2			; T2 = Sigma0(a) + Maj(a,b,c)
    222. 

  222. ||	MV	$F,$G				; g = f
    223. 

  223. ||	MV	$Xn,$X0				; modulo-scheduled
    224. 

  224. ||	LDW	*++$Xia,$X9			; modulo-scheduled
    225. 

  225. ||	ROTL	$X1,25,$t0e			; module-scheduled
    226. 

  226. ||	ROTL	$X14,15,$t0a			; modulo-scheduled
    227. 

  227. 	ROTL	$X1,14,$t1e			; modulo-scheduled
    228. 

  228. ||	ROTL	$X14,13,$t1a			; modulo-scheduled
    229. 

  229. ||	MV	$E,$F				; f = e
    230. 

  230. ||	ADD	$D,$T1,$E			; e = d + T1
    231. 

  231. ||	MV	$C,$D				; d = c
    232. 

  232. ||	MV	$B,$C				; c = b
    233. 

  233. 	MV	$A,$B				; b = a
    234. 

  234. ||	ADD	$T1,$T2,$A			; a = T1 + T2
    235. 

  235. ||	SHRU	$X1,3,$s0			; modulo-scheduled
    236. 

  236. ||	SHRU	$X14,10,$s1			; modulo-scheduled
    237. 

  237. 	SPKERNEL
    238. 

  238. 

  239.    [A0]	B	outerloop?
    240. 

  240. || [A0]	LDNW	*$INP++,$Xn			; pre-fetch input
    241. 

  241. || [A0]	ADDK	-260,$K256			; rewind K256
    242. 

  242. ||	ADD	$Actx,$A,$A			; accumulate ctx
    243. 

  243. ||	ADD	$Ectx,$E,$E
    244. 

  244. ||	ADD	$Bctx,$B,$B
    245. 

  245. 	ADD	$Fctx,$F,$F
    246. 

  246. ||	ADD	$Cctx,$C,$C
    247. 

  247. ||	ADD	$Gctx,$G,$G
    248. 

  248. ||	ADD	$Dctx,$D,$D
    249. 

  249. ||	ADD	$Hctx,$H,$H
    250. 

  250. || [A0]	LDW	*$K256++,$K			; pre-fetch K256[0]
    251. 

  251. 

  252.   [!A0]	BNOP	RA
    253. 

  253. ||[!A0]	MV	$CTXA,$CTXB
    254. 

  254.   [!A0]	MV	FP,SP				; restore stack pointer
    255. 

  255. ||[!A0]	LDW	*FP[0],FP			; restore frame pointer
    256. 

  256.   [!A0]	STW	$A,*${CTXA}[0]  		; save ctx
    257. 

  257. ||[!A0]	STW	$E,*${CTXB}[4]
    258. 

  258. ||[!A0]	MVK	0,B0
    259. 

  259.   [!A0]	STW	$B,*${CTXA}[1]
    260. 

  260. ||[!A0]	STW	$F,*${CTXB}[5]
    261. 

  261. ||[!A0]	MVC	B0,AMR				; clear AMR
    262. 

  262. 	STW	$C,*${CTXA}[2]
    263. 

  263. ||	STW	$G,*${CTXB}[6]
    264. 

  264. 	STW	$D,*${CTXA}[3]
    265. 

  265. ||	STW	$H,*${CTXB}[7]
    266. 

  266. 	.endasmfunc
    267. 

  267. 

  268. 	.sect	".const:sha_asm"
    269. 

  269. 	.align	128
    270. 

  270. K256:
    271. 

  271. 	.uword	0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
    272. 

  272. 	.uword	0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
    273. 

  273. 	.uword	0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
    274. 

  274. 	.uword	0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
    275. 

  275. 	.uword	0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
    276. 

  276. 	.uword	0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
    277. 

  277. 	.uword	0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
    278. 

  278. 	.uword	0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
    279. 

  279. 	.uword	0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
    280. 

  280. 	.uword	0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
    281. 

  281. 	.uword	0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
    282. 

  282. 	.uword	0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
    283. 

  283. 	.uword	0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
    284. 

  284. 	.uword	0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
    285. 

  285. 	.uword	0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
    286. 

  286. 	.uword	0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
    287. 

  287. 	.cstring "SHA256 block transform for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
    288. 

  288. 	.align	4
    289. 

  289. 

  290. ___
    291. 

  291. 

  292. print $code;
    293.