Halaman utama Jelajahi Bantuan
Masuk
phcoder
/
grub-savannah-mirror
cermin dari https://git.savannah.gnu.org/git/grub.git
Liatin 1
Bintangi 0
Fork 0
Berkas Masalah 0 Wiki
Cabang: master
Ranting Tag
grub-savanna...
/
grub-core
/
lib
/
libgcrypt
/
cipher
/
sha256-avx-amd64.S

sha256-avx-amd64.S 17 KB
Permalink Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512 
  1. /*
    2. 

  2. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    3. 

  3. ; Copyright (c) 2012, Intel Corporation
    4. 

  4. ;
    5. 

  5. ; All rights reserved.
    6. 

  6. ;
    7. 

  7. ; Redistribution and use in source and binary forms, with or without
    8. 

  8. ; modification, are permitted provided that the following conditions are
    9. 

  9. ; met:
    10. 

  10. ;
    11. 

  11. ; * Redistributions of source code must retain the above copyright
    12. 

  12. ;   notice, this list of conditions and the following disclaimer.
    13. 

  13. ;
    14. 

  14. ; * Redistributions in binary form must reproduce the above copyright
    15. 

  15. ;   notice, this list of conditions and the following disclaimer in the
    16. 

  16. ;   documentation and/or other materials provided with the
    17. 

  17. ;   distribution.
    18. 

  18. ;
    19. 

  19. ; * Neither the name of the Intel Corporation nor the names of its
    20. 

  20. ;   contributors may be used to endorse or promote products derived from
    21. 

  21. ;   this software without specific prior written permission.
    22. 

  22. ;
    23. 

  23. ;
    24. 

  24. ; THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY
    25. 

  25. ; EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    26. 

  26. ; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    27. 

  27. ; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR
    28. 

  28. ; CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
    29. 

  29. ; EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
    30. 

  30. ; PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
    31. 

  31. ; PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
    32. 

  32. ; LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    33. 

  33. ; NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
    34. 

  34. ; SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    35. 

  35. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    36. 

  36. ;
    37. 

  37. ; This code is described in an Intel White-Paper:
    38. 

  38. ; "Fast SHA-256 Implementations on Intel Architecture Processors"
    39. 

  39. ;
    40. 

  40. ; To find it, surf to http://www.intel.com/p/en_US/embedded
    41. 

  41. ; and search for that title.
    42. 

  42. ; The paper is expected to be released roughly at the end of April, 2012
    43. 

  43. ;
    44. 

  44. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    45. 

  45. ; This code schedules 1 blocks at a time, with 4 lanes per block
    46. 

  46. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    47. 

  47. */
    48. 

  48. /*
    49. 

  49.  * Conversion to GAS assembly and integration to libgcrypt
    50. 

  50.  *  by Jussi Kivilinna <jussi.kivilinna@iki.fi>
    51. 

  51.  *
    52. 

  52.  * Note: Based on the SSSE3 implementation.
    53. 

  53.  */
    54. 

  54. 

  55. #ifdef __x86_64
    56. 

  56. #include <config.h>
    57. 

  57. #if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
    58. 

  58.      defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
    59. 

  59.     defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \
    60. 

  60.     defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA256)
    61. 

  61. 

  62. #include "asm-common-amd64.h"
    63. 

  63. 

  64. .intel_syntax noprefix
    65. 

  65. 

  66. #define	VMOVDQ vmovdqu /* assume buffers not aligned */
    67. 

  67. 

  68. #define ROR(p1, p2) \
    69. 

  69. 	/* shld is faster than ror on Intel Sandybridge */ \
    70. 

  70. 	shld	p1, p1, (32 - p2);
    71. 

  71. 

  72. /*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Define Macros*/
    73. 

  73. 

  74. /* addm [mem], reg
    75. 

  75.  * Add reg to mem using reg-mem add and store */
    76. 

  76. #define addm(p1, p2) \
    77. 

  77. 	add	p2, p1; \
    78. 

  78. 	mov	p1, p2;
    79. 

  79. 

  80. /*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;*/
    81. 

  81. 

  82. /* COPY_XMM_AND_BSWAP xmm, [mem], byte_flip_mask
    83. 

  83.  * Load xmm with mem and byte swap each dword */
    84. 

  84. #define COPY_XMM_AND_BSWAP(p1, p2, p3) \
    85. 

  85. 	VMOVDQ p1, p2; \
    86. 

  86. 	vpshufb p1, p1, p3;
    87. 

  87. 

  88. /*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;*/
    89. 

  89. 

  90. #define X0 xmm4
    91. 

  91. #define X1 xmm5
    92. 

  92. #define X2 xmm6
    93. 

  93. #define X3 xmm7
    94. 

  94. 

  95. #define XTMP0 xmm0
    96. 

  96. #define XTMP1 xmm1
    97. 

  97. #define XTMP2 xmm2
    98. 

  98. #define XTMP3 xmm3
    99. 

  99. #define XTMP4 xmm8
    100. 

  100. #define XFER xmm9
    101. 

  101. 

  102. #define SHUF_00BA xmm10 /* shuffle xBxA -> 00BA */
    103. 

  103. #define SHUF_DC00 xmm11 /* shuffle xDxC -> DC00 */
    104. 

  104. #define BYTE_FLIP_MASK xmm12
    105. 

  105. 

  106. #define NUM_BLKS rdx	/* 3rd arg */
    107. 

  107. #define CTX rsi	/* 2nd arg */
    108. 

  108. #define INP rdi	/* 1st arg */
    109. 

  109. 

  110. #define SRND rdi	/* clobbers INP */
    111. 

  111. #define c ecx
    112. 

  112. #define d r8d
    113. 

  113. #define e edx
    114. 

  114. 

  115. #define TBL rbp
    116. 

  116. #define a eax
    117. 

  117. #define b ebx
    118. 

  118. 

  119. #define f r9d
    120. 

  120. #define g r10d
    121. 

  121. #define h r11d
    122. 

  122. 

  123. #define y0 r13d
    124. 

  124. #define y1 r14d
    125. 

  125. #define y2 r15d
    126. 

  126. 

  127. 

  128. 

  129. #define _INP_END_SIZE	8
    130. 

  130. #define _INP_SIZE	8
    131. 

  131. #define _XFER_SIZE	8
    132. 

  132. #define _XMM_SAVE_SIZE	0
    133. 

  133. /* STACK_SIZE plus pushes must be an odd multiple of 8 */
    134. 

  134. #define _ALIGN_SIZE	8
    135. 

  135. 

  136. #define _INP_END	0
    137. 

  137. #define _INP		(_INP_END  + _INP_END_SIZE)
    138. 

  138. #define _XFER		(_INP      + _INP_SIZE)
    139. 

  139. #define _XMM_SAVE	(_XFER     + _XFER_SIZE + _ALIGN_SIZE)
    140. 

  140. #define STACK_SIZE	(_XMM_SAVE + _XMM_SAVE_SIZE)
    141. 

  141. 

  142. 

  143. #define FOUR_ROUNDS_AND_SCHED_0(X0, X1, X2, X3, a, b, c, d, e, f, g, h) \
    144. 

  144. 		/* compute s0 four at a time and s1 two at a time */; \
    145. 

  145. 		/* compute W[-16] + W[-7] 4 at a time */; \
    146. 

  146. 	mov	y0, e		/* y0 = e */; \
    147. 

  147. 	ROR(	y0, (25-11))	/* y0 = e >> (25-11) */; \
    148. 

  148. 	mov	y1, a		/* y1 = a */; \
    149. 

  149. 		vpalignr	XTMP0, X3, X2, 4	/* XTMP0 = W[-7] */; \
    150. 

  150. 	ROR(	y1, (22-13))	/* y1 = a >> (22-13) */; \
    151. 

  151. 	xor	y0, e		/* y0 = e ^ (e >> (25-11)) */; \
    152. 

  152. 	mov	y2, f		/* y2 = f */; \
    153. 

  153. 	ROR(	y0, (11-6))	/* y0 = (e >> (11-6)) ^ (e >> (25-6)) */; \
    154. 

  154. 	xor	y1, a		/* y1 = a ^ (a >> (22-13) */; \
    155. 

  155. 	xor	y2, g		/* y2 = f^g */; \
    156. 

  156. 		vpaddd	XTMP0, XTMP0, X0	/* XTMP0 = W[-7] + W[-16] */; \
    157. 

  157. 	xor	y0, e		/* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */; \
    158. 

  158. 	and	y2, e		/* y2 = (f^g)&e */; \
    159. 

  159. 	ROR(	y1, (13-2))	/* y1 = (a >> (13-2)) ^ (a >> (22-2)) */; \
    160. 

  160. 		/* compute s0 */; \
    161. 

  161. 		vpalignr	XTMP1, X1, X0, 4	/* XTMP1 = W[-15] */; \
    162. 

  162. 	xor	y1, a		/* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */; \
    163. 

  163. 	ROR(	y0, 6)		/* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */; \
    164. 

  164. 	xor	y2, g		/* y2 = CH = ((f^g)&e)^g */; \
    165. 

  165. 	ROR(	y1, 2)		/* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */; \
    166. 

  166. 	add	y2, y0		/* y2 = S1 + CH */; \
    167. 

  167. 	add	y2, [rsp + _XFER + 0*4]	/* y2 = k + w + S1 + CH */; \
    168. 

  168. 	mov	y0, a		/* y0 = a */; \
    169. 

  169. 	add	h, y2		/* h = h + S1 + CH + k + w */; \
    170. 

  170. 	mov	y2, a		/* y2 = a */; \
    171. 

  171. 		vpslld	XTMP2, XTMP1, (32-7); \
    172. 

  172. 	or	y0, c		/* y0 = a|c */; \
    173. 

  173. 	add	d, h		/* d = d + h + S1 + CH + k + w */; \
    174. 

  174. 	and	y2, c		/* y2 = a&c */; \
    175. 

  175. 		vpsrld	XTMP3, XTMP1, 7; \
    176. 

  176. 	and	y0, b		/* y0 = (a|c)&b */; \
    177. 

  177. 	add	h, y1		/* h = h + S1 + CH + k + w + S0 */; \
    178. 

  178. 		vpor	XTMP3, XTMP3, XTMP2	/* XTMP1 = W[-15] ror 7 */; \
    179. 

  179. 	or	y0, y2		/* y0 = MAJ = (a|c)&b)|(a&c) */; \
    180. 

  180. 	lea	h, [h + y0]	/* h = h + S1 + CH + k + w + S0 + MAJ */
    181. 

  181. 

  182. #define FOUR_ROUNDS_AND_SCHED_1(X0, X1, X2, X3, a, b, c, d, e, f, g, h) \
    183. 

  183. 	mov	y0, e		/* y0 = e */; \
    184. 

  184. 	mov	y1, a		/* y1 = a */; \
    185. 

  185. 	ROR(	y0, (25-11))	/* y0 = e >> (25-11) */; \
    186. 

  186. 	xor	y0, e		/* y0 = e ^ (e >> (25-11)) */; \
    187. 

  187. 	mov	y2, f		/* y2 = f */; \
    188. 

  188. 	ROR(	y1, (22-13))	/* y1 = a >> (22-13) */; \
    189. 

  189. 		vpslld	XTMP2, XTMP1, (32-18); \
    190. 

  190. 	xor	y1, a		/* y1 = a ^ (a >> (22-13) */; \
    191. 

  191. 	ROR(	y0, (11-6))	/* y0 = (e >> (11-6)) ^ (e >> (25-6)) */; \
    192. 

  192. 	xor	y2, g		/* y2 = f^g */; \
    193. 

  193. 		vpsrld	XTMP4, XTMP1, 18; \
    194. 

  194. 	ROR(	y1, (13-2))	/* y1 = (a >> (13-2)) ^ (a >> (22-2)) */; \
    195. 

  195. 	xor	y0, e		/* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */; \
    196. 

  196. 	and	y2, e		/* y2 = (f^g)&e */; \
    197. 

  197. 	ROR(	y0, 6)		/* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */; \
    198. 

  198. 		vpxor	XTMP4, XTMP4, XTMP3; \
    199. 

  199. 	xor	y1, a		/* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */; \
    200. 

  200. 	xor	y2, g		/* y2 = CH = ((f^g)&e)^g */; \
    201. 

  201. 		vpsrld	XTMP1, XTMP1, 3	/* XTMP4 = W[-15] >> 3 */; \
    202. 

  202. 	add	y2, y0		/* y2 = S1 + CH */; \
    203. 

  203. 	add	y2, [rsp + _XFER + 1*4]	/* y2 = k + w + S1 + CH */; \
    204. 

  204. 	ROR(	y1, 2)		/* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */; \
    205. 

  205. 		vpxor	XTMP1, XTMP1, XTMP2	/* XTMP1 = W[-15] ror 7 ^ W[-15] ror 18 */; \
    206. 

  206. 	mov	y0, a		/* y0 = a */; \
    207. 

  207. 	add	h, y2		/* h = h + S1 + CH + k + w */; \
    208. 

  208. 	mov	y2, a		/* y2 = a */; \
    209. 

  209. 		vpxor	XTMP1, XTMP1, XTMP4	/* XTMP1 = s0 */; \
    210. 

  210. 	or	y0, c		/* y0 = a|c */; \
    211. 

  211. 	add	d, h		/* d = d + h + S1 + CH + k + w */; \
    212. 

  212. 	and	y2, c		/* y2 = a&c */; \
    213. 

  213. 		/* compute low s1 */; \
    214. 

  214. 		vpshufd	XTMP2, X3, 0b11111010	/* XTMP2 = W[-2] {BBAA} */; \
    215. 

  215. 	and	y0, b		/* y0 = (a|c)&b */; \
    216. 

  216. 	add	h, y1		/* h = h + S1 + CH + k + w + S0 */; \
    217. 

  217. 		vpaddd	XTMP0, XTMP0, XTMP1	/* XTMP0 = W[-16] + W[-7] + s0 */; \
    218. 

  218. 	or	y0, y2		/* y0 = MAJ = (a|c)&b)|(a&c) */; \
    219. 

  219. 	lea	h, [h + y0]	/* h = h + S1 + CH + k + w + S0 + MAJ */
    220. 

  220. 

  221. #define FOUR_ROUNDS_AND_SCHED_2(X0, X1, X2, X3, a, b, c, d, e, f, g, h) \
    222. 

  222. 	mov	y0, e		/* y0 = e */; \
    223. 

  223. 	mov	y1, a		/* y1 = a */; \
    224. 

  224. 	ROR(	y0, (25-11))	/* y0 = e >> (25-11) */; \
    225. 

  225. 	xor	y0, e		/* y0 = e ^ (e >> (25-11)) */; \
    226. 

  226. 	ROR(	y1, (22-13))	/* y1 = a >> (22-13) */; \
    227. 

  227. 	mov	y2, f		/* y2 = f */; \
    228. 

  228. 	xor	y1, a		/* y1 = a ^ (a >> (22-13) */; \
    229. 

  229. 	ROR(	y0, (11-6))	/* y0 = (e >> (11-6)) ^ (e >> (25-6)) */; \
    230. 

  230. 		vpsrlq	XTMP3, XTMP2, 17	/* XTMP2 = W[-2] ror 17 {xBxA} */; \
    231. 

  231. 	xor	y2, g		/* y2 = f^g */; \
    232. 

  232. 		vpsrlq	XTMP4, XTMP2, 19	/* XTMP3 = W[-2] ror 19 {xBxA} */; \
    233. 

  233. 	xor	y0, e		/* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */; \
    234. 

  234. 	and	y2, e		/* y2 = (f^g)&e */; \
    235. 

  235. 		vpsrld	XTMP2, XTMP2, 10	/* XTMP4 = W[-2] >> 10 {BBAA} */; \
    236. 

  236. 	ROR(	y1, (13-2))	/* y1 = (a >> (13-2)) ^ (a >> (22-2)) */; \
    237. 

  237. 	xor	y1, a		/* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */; \
    238. 

  238. 	xor	y2, g		/* y2 = CH = ((f^g)&e)^g */; \
    239. 

  239. 	ROR(	y0, 6)		/* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */; \
    240. 

  240. 		vpxor	XTMP2, XTMP2, XTMP3; \
    241. 

  241. 	add	y2, y0		/* y2 = S1 + CH */; \
    242. 

  242. 	ROR(	y1, 2)		/* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */; \
    243. 

  243. 	add	y2, [rsp + _XFER + 2*4]	/* y2 = k + w + S1 + CH */; \
    244. 

  244. 		vpxor	XTMP4, XTMP4, XTMP2	/* XTMP4 = s1 {xBxA} */; \
    245. 

  245. 	mov	y0, a		/* y0 = a */; \
    246. 

  246. 	add	h, y2		/* h = h + S1 + CH + k + w */; \
    247. 

  247. 	mov	y2, a		/* y2 = a */; \
    248. 

  248. 		vpshufb	XTMP4, XTMP4, SHUF_00BA	/* XTMP4 = s1 {00BA} */; \
    249. 

  249. 	or	y0, c		/* y0 = a|c */; \
    250. 

  250. 	add	d, h		/* d = d + h + S1 + CH + k + w */; \
    251. 

  251. 	and	y2, c		/* y2 = a&c */; \
    252. 

  252. 		vpaddd	XTMP0, XTMP0, XTMP4	/* XTMP0 = {..., ..., W[1], W[0]} */; \
    253. 

  253. 	and	y0, b		/* y0 = (a|c)&b */; \
    254. 

  254. 	add	h, y1		/* h = h + S1 + CH + k + w + S0 */; \
    255. 

  255. 		/* compute high s1 */; \
    256. 

  256. 		vpshufd	XTMP2, XTMP0, 0b01010000 /* XTMP2 = W[-2] {DDCC} */; \
    257. 

  257. 	or	y0, y2		/* y0 = MAJ = (a|c)&b)|(a&c) */; \
    258. 

  258. 	lea	h, [h + y0]	/* h = h + S1 + CH + k + w + S0 + MAJ */
    259. 

  259. 

  260. #define FOUR_ROUNDS_AND_SCHED_3(X0, X1, X2, X3, a, b, c, d, e, f, g, h) \
    261. 

  261. 	mov	y0, e		/* y0 = e */; \
    262. 

  262. 	ROR(	y0, (25-11))	/* y0 = e >> (25-11) */; \
    263. 

  263. 	mov	y1, a		/* y1 = a */; \
    264. 

  264. 	ROR(	y1, (22-13))	/* y1 = a >> (22-13) */; \
    265. 

  265. 	xor	y0, e		/* y0 = e ^ (e >> (25-11)) */; \
    266. 

  266. 	mov	y2, f		/* y2 = f */; \
    267. 

  267. 	ROR(	y0, (11-6))	/* y0 = (e >> (11-6)) ^ (e >> (25-6)) */; \
    268. 

  268. 		vpsrlq	XTMP3, XTMP2, 17	/* XTMP2 = W[-2] ror 17 {xDxC} */; \
    269. 

  269. 	xor	y1, a		/* y1 = a ^ (a >> (22-13) */; \
    270. 

  270. 	xor	y2, g		/* y2 = f^g */; \
    271. 

  271. 		vpsrlq	X0, XTMP2, 19	/* XTMP3 = W[-2] ror 19 {xDxC} */; \
    272. 

  272. 	xor	y0, e		/* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */; \
    273. 

  273. 	and	y2, e		/* y2 = (f^g)&e */; \
    274. 

  274. 	ROR(	y1, (13-2))	/* y1 = (a >> (13-2)) ^ (a >> (22-2)) */; \
    275. 

  275. 		vpsrld	XTMP2, XTMP2,    10	/* X0 = W[-2] >> 10 {DDCC} */; \
    276. 

  276. 	xor	y1, a		/* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */; \
    277. 

  277. 	ROR(	y0, 6)		/* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */; \
    278. 

  278. 	xor	y2, g		/* y2 = CH = ((f^g)&e)^g */; \
    279. 

  279. 		vpxor	XTMP2, XTMP2, XTMP3; \
    280. 

  280. 	ROR(	y1, 2)		/* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */; \
    281. 

  281. 	add	y2, y0		/* y2 = S1 + CH */; \
    282. 

  282. 	add	y2, [rsp + _XFER + 3*4]	/* y2 = k + w + S1 + CH */; \
    283. 

  283. 		vpxor	X0, X0, XTMP2	/* X0 = s1 {xDxC} */; \
    284. 

  284. 	mov	y0, a		/* y0 = a */; \
    285. 

  285. 	add	h, y2		/* h = h + S1 + CH + k + w */; \
    286. 

  286. 	mov	y2, a		/* y2 = a */; \
    287. 

  287. 		vpshufb	X0, X0, SHUF_DC00	/* X0 = s1 {DC00} */; \
    288. 

  288. 	or	y0, c		/* y0 = a|c */; \
    289. 

  289. 	add	d, h		/* d = d + h + S1 + CH + k + w */; \
    290. 

  290. 	and	y2, c		/* y2 = a&c */; \
    291. 

  291. 		vpaddd	X0, X0, XTMP0	/* X0 = {W[3], W[2], W[1], W[0]} */; \
    292. 

  292. 	and	y0, b		/* y0 = (a|c)&b */; \
    293. 

  293. 	add	h, y1		/* h = h + S1 + CH + k + w + S0 */; \
    294. 

  294. 	or	y0, y2		/* y0 = MAJ = (a|c)&b)|(a&c) */; \
    295. 

  295. 	lea	h, [h + y0]	/* h = h + S1 + CH + k + w + S0 + MAJ */
    296. 

  296. 

  297. #define FOUR_ROUNDS_AND_SCHED(X0, X1, X2, X3, a, b, c, d, e, f, g, h) \
    298. 

  298. 	FOUR_ROUNDS_AND_SCHED_0(X0, X1, X2, X3, a, b, c, d, e, f, g, h); \
    299. 

  299. 	FOUR_ROUNDS_AND_SCHED_1(X0, X1, X2, X3, h, a, b, c, d, e, f, g); \
    300. 

  300. 	FOUR_ROUNDS_AND_SCHED_2(X0, X1, X2, X3, g, h, a, b, c, d, e, f); \
    301. 

  301. 	FOUR_ROUNDS_AND_SCHED_3(X0, X1, X2, X3, f, g, h, a, b, c, d, e);
    302. 

  302. 

  303. /* input is [rsp + _XFER + %1 * 4] */
    304. 

  304. #define DO_ROUND(i1, a, b, c, d, e, f, g, h) \
    305. 

  305. 	mov	y0, e		/* y0 = e */; \
    306. 

  306. 	ROR(	y0, (25-11))	/* y0 = e >> (25-11) */; \
    307. 

  307. 	mov	y1, a		/* y1 = a */; \
    308. 

  308. 	xor	y0, e		/* y0 = e ^ (e >> (25-11)) */; \
    309. 

  309. 	ROR(	y1, (22-13))	/* y1 = a >> (22-13) */; \
    310. 

  310. 	mov	y2, f		/* y2 = f */; \
    311. 

  311. 	xor	y1, a		/* y1 = a ^ (a >> (22-13) */; \
    312. 

  312. 	ROR(	y0, (11-6))	/* y0 = (e >> (11-6)) ^ (e >> (25-6)) */; \
    313. 

  313. 	xor	y2, g		/* y2 = f^g */; \
    314. 

  314. 	xor	y0, e		/* y0 = e ^ (e >> (11-6)) ^ (e >> (25-6)) */; \
    315. 

  315. 	ROR(	y1, (13-2))	/* y1 = (a >> (13-2)) ^ (a >> (22-2)) */; \
    316. 

  316. 	and	y2, e		/* y2 = (f^g)&e */; \
    317. 

  317. 	xor	y1, a		/* y1 = a ^ (a >> (13-2)) ^ (a >> (22-2)) */; \
    318. 

  318. 	ROR(	y0, 6)		/* y0 = S1 = (e>>6) & (e>>11) ^ (e>>25) */; \
    319. 

  319. 	xor	y2, g		/* y2 = CH = ((f^g)&e)^g */; \
    320. 

  320. 	add	y2, y0		/* y2 = S1 + CH */; \
    321. 

  321. 	ROR(	y1, 2)		/* y1 = S0 = (a>>2) ^ (a>>13) ^ (a>>22) */; \
    322. 

  322. 	add	y2, [rsp + _XFER + i1 * 4]	/* y2 = k + w + S1 + CH */; \
    323. 

  323. 	mov	y0, a		/* y0 = a */; \
    324. 

  324. 	add	h, y2		/* h = h + S1 + CH + k + w */; \
    325. 

  325. 	mov	y2, a		/* y2 = a */; \
    326. 

  326. 	or	y0, c		/* y0 = a|c */; \
    327. 

  327. 	add	d, h		/* d = d + h + S1 + CH + k + w */; \
    328. 

  328. 	and	y2, c		/* y2 = a&c */; \
    329. 

  329. 	and	y0, b		/* y0 = (a|c)&b */; \
    330. 

  330. 	add	h, y1		/* h = h + S1 + CH + k + w + S0 */; \
    331. 

  331. 	or	y0, y2		/* y0 = MAJ = (a|c)&b)|(a&c) */; \
    332. 

  332. 	lea	h, [h + y0]	/* h = h + S1 + CH + k + w + S0 + MAJ */
    333. 

  333. 

  334. /*
    335. 

  335. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    336. 

  336. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
    337. 

  337. ;; void sha256_avx(void *input_data, UINT32 digest[8], UINT64 num_blks)
    338. 

  338. ;; arg 1 : pointer to input data
    339. 

  339. ;; arg 2 : pointer to digest
    340. 

  340. ;; arg 3 : Num blocks
    341. 

  341. */
    342. 

  342. .text
    343. 

  343. .globl _gcry_sha256_transform_amd64_avx
    344. 

  344. ELF(.type  _gcry_sha256_transform_amd64_avx,@function;)
    345. 

  345. .align 16
    346. 

  346. _gcry_sha256_transform_amd64_avx:
    347. 

  347. 	CFI_STARTPROC()
    348. 

  348. 	vzeroupper
    349. 

  349. 

  350. 	push	rbx
    351. 

  351. 	CFI_PUSH(rbx)
    352. 

  352. 	push	rbp
    353. 

  353. 	CFI_PUSH(rbp)
    354. 

  354. 	push	r13
    355. 

  355. 	CFI_PUSH(r13)
    356. 

  356. 	push	r14
    357. 

  357. 	CFI_PUSH(r14)
    358. 

  358. 	push	r15
    359. 

  359. 	CFI_PUSH(r15)
    360. 

  360. 

  361. 	sub	rsp, STACK_SIZE
    362. 

  362. 	CFI_ADJUST_CFA_OFFSET(STACK_SIZE);
    363. 

  363. 

  364. 	shl	NUM_BLKS, 6	/* convert to bytes */
    365. 

  365. 	jz	.Ldone_hash
    366. 

  366. 	add	NUM_BLKS, INP	/* pointer to end of data */
    367. 

  367. 	mov	[rsp + _INP_END], NUM_BLKS
    368. 

  368. 

  369. 	/* load initial digest */
    370. 

  370. 	mov	a,[4*0 + CTX]
    371. 

  371. 	mov	b,[4*1 + CTX]
    372. 

  372. 	mov	c,[4*2 + CTX]
    373. 

  373. 	mov	d,[4*3 + CTX]
    374. 

  374. 	mov	e,[4*4 + CTX]
    375. 

  375. 	mov	f,[4*5 + CTX]
    376. 

  376. 	mov	g,[4*6 + CTX]
    377. 

  377. 	mov	h,[4*7 + CTX]
    378. 

  378. 

  379. 	vmovdqa	BYTE_FLIP_MASK, [.LPSHUFFLE_BYTE_FLIP_MASK ADD_RIP]
    380. 

  380. 	vmovdqa	SHUF_00BA, [.L_SHUF_00BA ADD_RIP]
    381. 

  381. 	vmovdqa	SHUF_DC00, [.L_SHUF_DC00 ADD_RIP]
    382. 

  382. 

  383. .Loop0:
    384. 

  384. 	lea	TBL, [.LK256 ADD_RIP]
    385. 

  385. 

  386. 	/* byte swap first 16 dwords */
    387. 

  387. 	COPY_XMM_AND_BSWAP(X0, [INP + 0*16], BYTE_FLIP_MASK)
    388. 

  388. 	COPY_XMM_AND_BSWAP(X1, [INP + 1*16], BYTE_FLIP_MASK)
    389. 

  389. 	COPY_XMM_AND_BSWAP(X2, [INP + 2*16], BYTE_FLIP_MASK)
    390. 

  390. 	COPY_XMM_AND_BSWAP(X3, [INP + 3*16], BYTE_FLIP_MASK)
    391. 

  391. 

  392. 	mov	[rsp + _INP], INP
    393. 

  393. 

  394. 	/* schedule 48 input dwords, by doing 3 rounds of 16 each */
    395. 

  395. 	mov	SRND, 3
    396. 

  396. .align 16
    397. 

  397. .Loop1:
    398. 

  398. 	vpaddd	XFER, X0, [TBL + 0*16]
    399. 

  399. 	vmovdqa	[rsp + _XFER], XFER
    400. 

  400. 	FOUR_ROUNDS_AND_SCHED(X0, X1, X2, X3, a, b, c, d, e, f, g, h)
    401. 

  401. 

  402. 	vpaddd	XFER, X1, [TBL + 1*16]
    403. 

  403. 	vmovdqa	[rsp + _XFER], XFER
    404. 

  404. 	FOUR_ROUNDS_AND_SCHED(X1, X2, X3, X0, e, f, g, h, a, b, c, d)
    405. 

  405. 

  406. 	vpaddd	XFER, X2, [TBL + 2*16]
    407. 

  407. 	vmovdqa	[rsp + _XFER], XFER
    408. 

  408. 	FOUR_ROUNDS_AND_SCHED(X2, X3, X0, X1, a, b, c, d, e, f, g, h)
    409. 

  409. 

  410. 	vpaddd	XFER, X3, [TBL + 3*16]
    411. 

  411. 	vmovdqa	[rsp + _XFER], XFER
    412. 

  412. 	add	TBL, 4*16
    413. 

  413. 	FOUR_ROUNDS_AND_SCHED(X3, X0, X1, X2, e, f, g, h, a, b, c, d)
    414. 

  414. 

  415. 	sub	SRND, 1
    416. 

  416. 	jne	.Loop1
    417. 

  417. 

  418. 	mov	SRND, 2
    419. 

  419. .Loop2:
    420. 

  420. 	vpaddd	X0, X0, [TBL + 0*16]
    421. 

  421. 	vmovdqa	[rsp + _XFER], X0
    422. 

  422. 	DO_ROUND(0, a, b, c, d, e, f, g, h)
    423. 

  423. 	DO_ROUND(1, h, a, b, c, d, e, f, g)
    424. 

  424. 	DO_ROUND(2, g, h, a, b, c, d, e, f)
    425. 

  425. 	DO_ROUND(3, f, g, h, a, b, c, d, e)
    426. 

  426. 	vpaddd	X1, X1, [TBL + 1*16]
    427. 

  427. 	vmovdqa	[rsp + _XFER], X1
    428. 

  428. 	add	TBL, 2*16
    429. 

  429. 	DO_ROUND(0, e, f, g, h, a, b, c, d)
    430. 

  430. 	DO_ROUND(1, d, e, f, g, h, a, b, c)
    431. 

  431. 	DO_ROUND(2, c, d, e, f, g, h, a, b)
    432. 

  432. 	DO_ROUND(3, b, c, d, e, f, g, h, a)
    433. 

  433. 

  434. 	vmovdqa	X0, X2
    435. 

  435. 	vmovdqa	X1, X3
    436. 

  436. 

  437. 	sub	SRND, 1
    438. 

  438. 	jne	.Loop2
    439. 

  439. 

  440. 	addm([4*0 + CTX],a)
    441. 

  441. 	addm([4*1 + CTX],b)
    442. 

  442. 	addm([4*2 + CTX],c)
    443. 

  443. 	addm([4*3 + CTX],d)
    444. 

  444. 	addm([4*4 + CTX],e)
    445. 

  445. 	addm([4*5 + CTX],f)
    446. 

  446. 	addm([4*6 + CTX],g)
    447. 

  447. 	addm([4*7 + CTX],h)
    448. 

  448. 

  449. 	mov	INP, [rsp + _INP]
    450. 

  450. 	add	INP, 64
    451. 

  451. 	cmp	INP, [rsp + _INP_END]
    452. 

  452. 	jne	.Loop0
    453. 

  453. 

  454. .Ldone_hash:
    455. 

  455. 	vzeroall
    456. 

  456. 

  457. 	vmovdqa	[rsp + _XFER], XFER
    458. 

  458. 	xor     eax, eax
    459. 

  459. 

  460. 	add	rsp, STACK_SIZE
    461. 

  461. 	CFI_ADJUST_CFA_OFFSET(-STACK_SIZE);
    462. 

  462. 

  463. 	pop	r15
    464. 

  464. 	CFI_POP(r15)
    465. 

  465. 	pop	r14
    466. 

  466. 	CFI_POP(r14)
    467. 

  467. 	pop	r13
    468. 

  468. 	CFI_POP(r13)
    469. 

  469. 	pop	rbp
    470. 

  470. 	CFI_POP(rbp)
    471. 

  471. 	pop	rbx
    472. 

  472. 	CFI_POP(rbx)
    473. 

  473. 

  474. 	ret_spec_stop
    475. 

  475. 	CFI_ENDPROC()
    476. 

  476. 

  477. 

  478. SECTION_RODATA
    479. 

  479. 

  480. ELF(.type _sha256_avx_consts,@object)
    481. 

  481. _sha256_avx_consts:
    482. 

  482. 

  483. .align 16
    484. 

  484. .LK256:
    485. 

  485. 	.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
    486. 

  486. 	.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
    487. 

  487. 	.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
    488. 

  488. 	.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
    489. 

  489. 	.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
    490. 

  490. 	.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
    491. 

  491. 	.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
    492. 

  492. 	.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
    493. 

  493. 	.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
    494. 

  494. 	.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
    495. 

  495. 	.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
    496. 

  496. 	.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
    497. 

  497. 	.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
    498. 

  498. 	.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
    499. 

  499. 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
    500. 

  500. 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
    501. 

  501. 

  502. .LPSHUFFLE_BYTE_FLIP_MASK: .octa 0x0c0d0e0f08090a0b0405060700010203
    503. 

  503. 

  504. /* shuffle xBxA -> 00BA */
    505. 

  505. .L_SHUF_00BA:              .octa 0xFFFFFFFFFFFFFFFF0b0a090803020100
    506. 

  506. 

  507. /* shuffle xDxC -> DC00 */
    508. 

  508. .L_SHUF_DC00:              .octa 0x0b0a090803020100FFFFFFFFFFFFFFFF
    509. 

  509. 

  510. #endif
    511. 

  511. #endif
    512. 

  512.