sha256-spe-asm.S 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324
  1. /*
  2. * Fast SHA-256 implementation for SPE instruction set (PPC)
  3. *
  4. * This code makes use of the SPE SIMD instruction set as defined in
  5. * http://cache.freescale.com/files/32bit/doc/ref_manual/SPEPIM.pdf
  6. * Implementation is based on optimization guide notes from
  7. * http://cache.freescale.com/files/32bit/doc/app_note/AN2665.pdf
  8. *
  9. * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
  10. *
  11. * This program is free software; you can redistribute it and/or modify it
  12. * under the terms of the GNU General Public License as published by the Free
  13. * Software Foundation; either version 2 of the License, or (at your option)
  14. * any later version.
  15. *
  16. */
  17. #include <asm/ppc_asm.h>
  18. #include <asm/asm-offsets.h>
  19. #define rHP r3 /* pointer to hash values in memory */
  20. #define rKP r24 /* pointer to round constants */
  21. #define rWP r4 /* pointer to input data */
  22. #define rH0 r5 /* 8 32 bit hash values in 8 registers */
  23. #define rH1 r6
  24. #define rH2 r7
  25. #define rH3 r8
  26. #define rH4 r9
  27. #define rH5 r10
  28. #define rH6 r11
  29. #define rH7 r12
  30. #define rW0 r14 /* 64 bit registers. 16 words in 8 registers */
  31. #define rW1 r15
  32. #define rW2 r16
  33. #define rW3 r17
  34. #define rW4 r18
  35. #define rW5 r19
  36. #define rW6 r20
  37. #define rW7 r21
  38. #define rT0 r22 /* 64 bit temporaries */
  39. #define rT1 r23
  40. #define rT2 r0 /* 32 bit temporaries */
  41. #define rT3 r25
  42. #define CMP_KN_LOOP
  43. #define CMP_KC_LOOP \
  44. cmpwi rT1,0;
  45. #define INITIALIZE \
  46. stwu r1,-128(r1); /* create stack frame */ \
  47. evstdw r14,8(r1); /* We must save non volatile */ \
  48. evstdw r15,16(r1); /* registers. Take the chance */ \
  49. evstdw r16,24(r1); /* and save the SPE part too */ \
  50. evstdw r17,32(r1); \
  51. evstdw r18,40(r1); \
  52. evstdw r19,48(r1); \
  53. evstdw r20,56(r1); \
  54. evstdw r21,64(r1); \
  55. evstdw r22,72(r1); \
  56. evstdw r23,80(r1); \
  57. stw r24,88(r1); /* save normal registers */ \
  58. stw r25,92(r1);
  59. #define FINALIZE \
  60. evldw r14,8(r1); /* restore SPE registers */ \
  61. evldw r15,16(r1); \
  62. evldw r16,24(r1); \
  63. evldw r17,32(r1); \
  64. evldw r18,40(r1); \
  65. evldw r19,48(r1); \
  66. evldw r20,56(r1); \
  67. evldw r21,64(r1); \
  68. evldw r22,72(r1); \
  69. evldw r23,80(r1); \
  70. lwz r24,88(r1); /* restore normal registers */ \
  71. lwz r25,92(r1); \
  72. xor r0,r0,r0; \
  73. stw r0,8(r1); /* Delete sensitive data */ \
  74. stw r0,16(r1); /* that we might have pushed */ \
  75. stw r0,24(r1); /* from other context that runs */ \
  76. stw r0,32(r1); /* the same code. Assume that */ \
  77. stw r0,40(r1); /* the lower part of the GPRs */ \
  78. stw r0,48(r1); /* was already overwritten on */ \
  79. stw r0,56(r1); /* the way down to here */ \
  80. stw r0,64(r1); \
  81. stw r0,72(r1); \
  82. stw r0,80(r1); \
  83. addi r1,r1,128; /* cleanup stack frame */
  84. #ifdef __BIG_ENDIAN__
  85. #define LOAD_DATA(reg, off) \
  86. lwz reg,off(rWP); /* load data */
  87. #define NEXT_BLOCK \
  88. addi rWP,rWP,64; /* increment per block */
  89. #else
  90. #define LOAD_DATA(reg, off) \
  91. lwbrx reg,0,rWP; /* load data */ \
  92. addi rWP,rWP,4; /* increment per word */
  93. #define NEXT_BLOCK /* nothing to do */
  94. #endif
  95. #define R_LOAD_W(a, b, c, d, e, f, g, h, w, off) \
  96. LOAD_DATA(w, off) /* 1: W */ \
  97. rotrwi rT0,e,6; /* 1: S1 = e rotr 6 */ \
  98. rotrwi rT1,e,11; /* 1: S1' = e rotr 11 */ \
  99. rotrwi rT2,e,25; /* 1: S1" = e rotr 25 */ \
  100. xor rT0,rT0,rT1; /* 1: S1 = S1 xor S1' */ \
  101. and rT3,e,f; /* 1: ch = e and f */ \
  102. xor rT0,rT0,rT2; /* 1: S1 = S1 xor S1" */ \
  103. andc rT1,g,e; /* 1: ch' = ~e and g */ \
  104. lwz rT2,off(rKP); /* 1: K */ \
  105. xor rT3,rT3,rT1; /* 1: ch = ch xor ch' */ \
  106. add h,h,rT0; /* 1: temp1 = h + S1 */ \
  107. add rT3,rT3,w; /* 1: temp1' = ch + w */ \
  108. rotrwi rT0,a,2; /* 1: S0 = a rotr 2 */ \
  109. add h,h,rT3; /* 1: temp1 = temp1 + temp1' */ \
  110. rotrwi rT1,a,13; /* 1: S0' = a rotr 13 */ \
  111. add h,h,rT2; /* 1: temp1 = temp1 + K */ \
  112. rotrwi rT3,a,22; /* 1: S0" = a rotr 22 */ \
  113. xor rT0,rT0,rT1; /* 1: S0 = S0 xor S0' */ \
  114. add d,d,h; /* 1: d = d + temp1 */ \
  115. xor rT3,rT0,rT3; /* 1: S0 = S0 xor S0" */ \
  116. evmergelo w,w,w; /* shift W */ \
  117. or rT2,a,b; /* 1: maj = a or b */ \
  118. and rT1,a,b; /* 1: maj' = a and b */ \
  119. and rT2,rT2,c; /* 1: maj = maj and c */ \
  120. LOAD_DATA(w, off+4) /* 2: W */ \
  121. or rT2,rT1,rT2; /* 1: maj = maj or maj' */ \
  122. rotrwi rT0,d,6; /* 2: S1 = e rotr 6 */ \
  123. add rT3,rT3,rT2; /* 1: temp2 = S0 + maj */ \
  124. rotrwi rT1,d,11; /* 2: S1' = e rotr 11 */ \
  125. add h,h,rT3; /* 1: h = temp1 + temp2 */ \
  126. rotrwi rT2,d,25; /* 2: S1" = e rotr 25 */ \
  127. xor rT0,rT0,rT1; /* 2: S1 = S1 xor S1' */ \
  128. and rT3,d,e; /* 2: ch = e and f */ \
  129. xor rT0,rT0,rT2; /* 2: S1 = S1 xor S1" */ \
  130. andc rT1,f,d; /* 2: ch' = ~e and g */ \
  131. lwz rT2,off+4(rKP); /* 2: K */ \
  132. xor rT3,rT3,rT1; /* 2: ch = ch xor ch' */ \
  133. add g,g,rT0; /* 2: temp1 = h + S1 */ \
  134. add rT3,rT3,w; /* 2: temp1' = ch + w */ \
  135. rotrwi rT0,h,2; /* 2: S0 = a rotr 2 */ \
  136. add g,g,rT3; /* 2: temp1 = temp1 + temp1' */ \
  137. rotrwi rT1,h,13; /* 2: S0' = a rotr 13 */ \
  138. add g,g,rT2; /* 2: temp1 = temp1 + K */ \
  139. rotrwi rT3,h,22; /* 2: S0" = a rotr 22 */ \
  140. xor rT0,rT0,rT1; /* 2: S0 = S0 xor S0' */ \
  141. or rT2,h,a; /* 2: maj = a or b */ \
  142. xor rT3,rT0,rT3; /* 2: S0 = S0 xor S0" */ \
  143. and rT1,h,a; /* 2: maj' = a and b */ \
  144. and rT2,rT2,b; /* 2: maj = maj and c */ \
  145. add c,c,g; /* 2: d = d + temp1 */ \
  146. or rT2,rT1,rT2; /* 2: maj = maj or maj' */ \
  147. add rT3,rT3,rT2; /* 2: temp2 = S0 + maj */ \
  148. add g,g,rT3 /* 2: h = temp1 + temp2 */
  149. #define R_CALC_W(a, b, c, d, e, f, g, h, w0, w1, w4, w5, w7, k, off) \
  150. rotrwi rT2,e,6; /* 1: S1 = e rotr 6 */ \
  151. evmergelohi rT0,w0,w1; /* w[-15] */ \
  152. rotrwi rT3,e,11; /* 1: S1' = e rotr 11 */ \
  153. evsrwiu rT1,rT0,3; /* s0 = w[-15] >> 3 */ \
  154. xor rT2,rT2,rT3; /* 1: S1 = S1 xor S1' */ \
  155. evrlwi rT0,rT0,25; /* s0' = w[-15] rotr 7 */ \
  156. rotrwi rT3,e,25; /* 1: S1' = e rotr 25 */ \
  157. evxor rT1,rT1,rT0; /* s0 = s0 xor s0' */ \
  158. xor rT2,rT2,rT3; /* 1: S1 = S1 xor S1' */ \
  159. evrlwi rT0,rT0,21; /* s0' = w[-15] rotr 18 */ \
  160. add h,h,rT2; /* 1: temp1 = h + S1 */ \
  161. evxor rT0,rT0,rT1; /* s0 = s0 xor s0' */ \
  162. and rT2,e,f; /* 1: ch = e and f */ \
  163. evaddw w0,w0,rT0; /* w = w[-16] + s0 */ \
  164. andc rT3,g,e; /* 1: ch' = ~e and g */ \
  165. evsrwiu rT0,w7,10; /* s1 = w[-2] >> 10 */ \
  166. xor rT2,rT2,rT3; /* 1: ch = ch xor ch' */ \
  167. evrlwi rT1,w7,15; /* s1' = w[-2] rotr 17 */ \
  168. add h,h,rT2; /* 1: temp1 = temp1 + ch */ \
  169. evxor rT0,rT0,rT1; /* s1 = s1 xor s1' */ \
  170. rotrwi rT2,a,2; /* 1: S0 = a rotr 2 */ \
  171. evrlwi rT1,w7,13; /* s1' = w[-2] rotr 19 */ \
  172. rotrwi rT3,a,13; /* 1: S0' = a rotr 13 */ \
  173. evxor rT0,rT0,rT1; /* s1 = s1 xor s1' */ \
  174. xor rT2,rT2,rT3; /* 1: S0 = S0 xor S0' */ \
  175. evldw rT1,off(rKP); /* k */ \
  176. rotrwi rT3,a,22; /* 1: S0' = a rotr 22 */ \
  177. evaddw w0,w0,rT0; /* w = w + s1 */ \
  178. xor rT2,rT2,rT3; /* 1: S0 = S0 xor S0' */ \
  179. evmergelohi rT0,w4,w5; /* w[-7] */ \
  180. and rT3,a,b; /* 1: maj = a and b */ \
  181. evaddw w0,w0,rT0; /* w = w + w[-7] */ \
  182. CMP_K##k##_LOOP \
  183. add rT2,rT2,rT3; /* 1: temp2 = S0 + maj */ \
  184. evaddw rT1,rT1,w0; /* wk = w + k */ \
  185. xor rT3,a,b; /* 1: maj = a xor b */ \
  186. evmergehi rT0,rT1,rT1; /* wk1/wk2 */ \
  187. and rT3,rT3,c; /* 1: maj = maj and c */ \
  188. add h,h,rT0; /* 1: temp1 = temp1 + wk */ \
  189. add rT2,rT2,rT3; /* 1: temp2 = temp2 + maj */ \
  190. add g,g,rT1; /* 2: temp1 = temp1 + wk */ \
  191. add d,d,h; /* 1: d = d + temp1 */ \
  192. rotrwi rT0,d,6; /* 2: S1 = e rotr 6 */ \
  193. add h,h,rT2; /* 1: h = temp1 + temp2 */ \
  194. rotrwi rT1,d,11; /* 2: S1' = e rotr 11 */ \
  195. rotrwi rT2,d,25; /* 2: S" = e rotr 25 */ \
  196. xor rT0,rT0,rT1; /* 2: S1 = S1 xor S1' */ \
  197. and rT3,d,e; /* 2: ch = e and f */ \
  198. xor rT0,rT0,rT2; /* 2: S1 = S1 xor S1" */ \
  199. andc rT1,f,d; /* 2: ch' = ~e and g */ \
  200. add g,g,rT0; /* 2: temp1 = h + S1 */ \
  201. xor rT3,rT3,rT1; /* 2: ch = ch xor ch' */ \
  202. rotrwi rT0,h,2; /* 2: S0 = a rotr 2 */ \
  203. add g,g,rT3; /* 2: temp1 = temp1 + ch */ \
  204. rotrwi rT1,h,13; /* 2: S0' = a rotr 13 */ \
  205. rotrwi rT3,h,22; /* 2: S0" = a rotr 22 */ \
  206. xor rT0,rT0,rT1; /* 2: S0 = S0 xor S0' */ \
  207. or rT2,h,a; /* 2: maj = a or b */ \
  208. and rT1,h,a; /* 2: maj' = a and b */ \
  209. and rT2,rT2,b; /* 2: maj = maj and c */ \
  210. xor rT3,rT0,rT3; /* 2: S0 = S0 xor S0" */ \
  211. or rT2,rT1,rT2; /* 2: maj = maj or maj' */ \
  212. add c,c,g; /* 2: d = d + temp1 */ \
  213. add rT3,rT3,rT2; /* 2: temp2 = S0 + maj */ \
  214. add g,g,rT3 /* 2: h = temp1 + temp2 */
  215. _GLOBAL(ppc_spe_sha256_transform)
  216. INITIALIZE
  217. mtctr r5
  218. lwz rH0,0(rHP)
  219. lwz rH1,4(rHP)
  220. lwz rH2,8(rHP)
  221. lwz rH3,12(rHP)
  222. lwz rH4,16(rHP)
  223. lwz rH5,20(rHP)
  224. lwz rH6,24(rHP)
  225. lwz rH7,28(rHP)
  226. ppc_spe_sha256_main:
  227. lis rKP,PPC_SPE_SHA256_K@ha
  228. addi rKP,rKP,PPC_SPE_SHA256_K@l
  229. R_LOAD_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7, rW0, 0)
  230. R_LOAD_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5, rW1, 8)
  231. R_LOAD_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3, rW2, 16)
  232. R_LOAD_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1, rW3, 24)
  233. R_LOAD_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7, rW4, 32)
  234. R_LOAD_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5, rW5, 40)
  235. R_LOAD_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3, rW6, 48)
  236. R_LOAD_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1, rW7, 56)
  237. ppc_spe_sha256_16_rounds:
  238. addi rKP,rKP,64
  239. R_CALC_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7,
  240. rW0, rW1, rW4, rW5, rW7, N, 0)
  241. R_CALC_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5,
  242. rW1, rW2, rW5, rW6, rW0, N, 8)
  243. R_CALC_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3,
  244. rW2, rW3, rW6, rW7, rW1, N, 16)
  245. R_CALC_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1,
  246. rW3, rW4, rW7, rW0, rW2, N, 24)
  247. R_CALC_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7,
  248. rW4, rW5, rW0, rW1, rW3, N, 32)
  249. R_CALC_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5,
  250. rW5, rW6, rW1, rW2, rW4, N, 40)
  251. R_CALC_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3,
  252. rW6, rW7, rW2, rW3, rW5, N, 48)
  253. R_CALC_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1,
  254. rW7, rW0, rW3, rW4, rW6, C, 56)
  255. bt gt,ppc_spe_sha256_16_rounds
  256. lwz rW0,0(rHP)
  257. NEXT_BLOCK
  258. lwz rW1,4(rHP)
  259. lwz rW2,8(rHP)
  260. lwz rW3,12(rHP)
  261. lwz rW4,16(rHP)
  262. lwz rW5,20(rHP)
  263. lwz rW6,24(rHP)
  264. lwz rW7,28(rHP)
  265. add rH0,rH0,rW0
  266. stw rH0,0(rHP)
  267. add rH1,rH1,rW1
  268. stw rH1,4(rHP)
  269. add rH2,rH2,rW2
  270. stw rH2,8(rHP)
  271. add rH3,rH3,rW3
  272. stw rH3,12(rHP)
  273. add rH4,rH4,rW4
  274. stw rH4,16(rHP)
  275. add rH5,rH5,rW5
  276. stw rH5,20(rHP)
  277. add rH6,rH6,rW6
  278. stw rH6,24(rHP)
  279. add rH7,rH7,rW7
  280. stw rH7,28(rHP)
  281. bdnz ppc_spe_sha256_main
  282. FINALIZE
  283. blr
  284. .data
  285. .align 5
  286. PPC_SPE_SHA256_K:
  287. .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
  288. .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
  289. .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
  290. .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
  291. .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
  292. .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
  293. .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
  294. .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
  295. .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
  296. .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
  297. .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
  298. .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
  299. .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
  300. .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
  301. .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
  302. .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2