1/* 2 * Multi-buffer SHA1 algorithm hash compute routine 3 * 4 * This file is provided under a dual BSD/GPLv2 license. When using or 5 * redistributing this file, you may do so under either license. 6 * 7 * GPL LICENSE SUMMARY 8 * 9 * Copyright(c) 2014 Intel Corporation. 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of version 2 of the GNU General Public License as 13 * published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * Contact Information: 21 * James Guilford <james.guilford@intel.com> 22 * Tim Chen <tim.c.chen@linux.intel.com> 23 * 24 * BSD LICENSE 25 * 26 * Copyright(c) 2014 Intel Corporation. 27 * 28 * Redistribution and use in source and binary forms, with or without 29 * modification, are permitted provided that the following conditions 30 * are met: 31 * 32 * * Redistributions of source code must retain the above copyright 33 * notice, this list of conditions and the following disclaimer. 34 * * Redistributions in binary form must reproduce the above copyright 35 * notice, this list of conditions and the following disclaimer in 36 * the documentation and/or other materials provided with the 37 * distribution. 38 * * Neither the name of Intel Corporation nor the names of its 39 * contributors may be used to endorse or promote products derived 40 * from this software without specific prior written permission. 41 * 42 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 43 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 44 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 45 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 46 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 47 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 48 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 49 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 50 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 51 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 52 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 53 */ 54 55#include <linux/linkage.h> 56#include "sha1_mb_mgr_datastruct.S" 57 58## code to compute oct SHA1 using SSE-256 59## outer calling routine takes care of save and restore of XMM registers 60 61## Function clobbers: rax, rcx, rdx, rbx, rsi, rdi, r9-r15# ymm0-15 62## 63## Linux clobbers: rax rbx rcx rdx rsi r9 r10 r11 r12 r13 r14 r15 64## Linux preserves: rdi rbp r8 65## 66## clobbers ymm0-15 67 68 69# TRANSPOSE8 r0, r1, r2, r3, r4, r5, r6, r7, t0, t1 70# "transpose" data in {r0...r7} using temps {t0...t1} 71# Input looks like: {r0 r1 r2 r3 r4 r5 r6 r7} 72# r0 = {a7 a6 a5 a4 a3 a2 a1 a0} 73# r1 = {b7 b6 b5 b4 b3 b2 b1 b0} 74# r2 = {c7 c6 c5 c4 c3 c2 c1 c0} 75# r3 = {d7 d6 d5 d4 d3 d2 d1 d0} 76# r4 = {e7 e6 e5 e4 e3 e2 e1 e0} 77# r5 = {f7 f6 f5 f4 f3 f2 f1 f0} 78# r6 = {g7 g6 g5 g4 g3 g2 g1 g0} 79# r7 = {h7 h6 h5 h4 h3 h2 h1 h0} 80# 81# Output looks like: {r0 r1 r2 r3 r4 r5 r6 r7} 82# r0 = {h0 g0 f0 e0 d0 c0 b0 a0} 83# r1 = {h1 g1 f1 e1 d1 c1 b1 a1} 84# r2 = {h2 g2 f2 e2 d2 c2 b2 a2} 85# r3 = {h3 g3 f3 e3 d3 c3 b3 a3} 86# r4 = {h4 g4 f4 e4 d4 c4 b4 a4} 87# r5 = {h5 g5 f5 e5 d5 c5 b5 a5} 88# r6 = {h6 g6 f6 e6 d6 c6 b6 a6} 89# r7 = {h7 g7 f7 e7 d7 c7 b7 a7} 90# 91 92.macro TRANSPOSE8 r0 r1 r2 r3 r4 r5 r6 r7 t0 t1 93 # process top half (r0..r3) {a...d} 94 vshufps $0x44, \r1, \r0, \t0 # t0 = {b5 b4 a5 a4 b1 b0 a1 a0} 95 vshufps $0xEE, \r1, \r0, \r0 # r0 = {b7 b6 a7 a6 b3 b2 a3 a2} 96 vshufps $0x44, \r3, \r2, \t1 # t1 = {d5 d4 c5 c4 d1 d0 c1 c0} 97 vshufps $0xEE, \r3, \r2, \r2 # r2 = {d7 d6 c7 c6 d3 d2 c3 c2} 98 vshufps $0xDD, \t1, \t0, \r3 # r3 = {d5 c5 b5 a5 d1 c1 b1 a1} 99 vshufps $0x88, \r2, \r0, \r1 # r1 = {d6 c6 b6 a6 d2 c2 b2 a2} 100 vshufps $0xDD, \r2, \r0, \r0 # r0 = {d7 c7 b7 a7 d3 c3 b3 a3} 101 vshufps $0x88, \t1, \t0, \t0 # t0 = {d4 c4 b4 a4 d0 c0 b0 a0} 102 103 # use r2 in place of t0 104 # process bottom half (r4..r7) {e...h} 105 vshufps $0x44, \r5, \r4, \r2 # r2 = {f5 f4 e5 e4 f1 f0 e1 e0} 106 vshufps $0xEE, \r5, \r4, \r4 # r4 = {f7 f6 e7 e6 f3 f2 e3 e2} 107 vshufps $0x44, \r7, \r6, \t1 # t1 = {h5 h4 g5 g4 h1 h0 g1 g0} 108 vshufps $0xEE, \r7, \r6, \r6 # r6 = {h7 h6 g7 g6 h3 h2 g3 g2} 109 vshufps $0xDD, \t1, \r2, \r7 # r7 = {h5 g5 f5 e5 h1 g1 f1 e1} 110 vshufps $0x88, \r6, \r4, \r5 # r5 = {h6 g6 f6 e6 h2 g2 f2 e2} 111 vshufps $0xDD, \r6, \r4, \r4 # r4 = {h7 g7 f7 e7 h3 g3 f3 e3} 112 vshufps $0x88, \t1, \r2, \t1 # t1 = {h4 g4 f4 e4 h0 g0 f0 e0} 113 114 vperm2f128 $0x13, \r1, \r5, \r6 # h6...a6 115 vperm2f128 $0x02, \r1, \r5, \r2 # h2...a2 116 vperm2f128 $0x13, \r3, \r7, \r5 # h5...a5 117 vperm2f128 $0x02, \r3, \r7, \r1 # h1...a1 118 vperm2f128 $0x13, \r0, \r4, \r7 # h7...a7 119 vperm2f128 $0x02, \r0, \r4, \r3 # h3...a3 120 vperm2f128 $0x13, \t0, \t1, \r4 # h4...a4 121 vperm2f128 $0x02, \t0, \t1, \r0 # h0...a0 122 123.endm 124## 125## Magic functions defined in FIPS 180-1 126## 127# macro MAGIC_F0 F,B,C,D,T ## F = (D ^ (B & (C ^ D))) 128.macro MAGIC_F0 regF regB regC regD regT 129 vpxor \regD, \regC, \regF 130 vpand \regB, \regF, \regF 131 vpxor \regD, \regF, \regF 132.endm 133 134# macro MAGIC_F1 F,B,C,D,T ## F = (B ^ C ^ D) 135.macro MAGIC_F1 regF regB regC regD regT 136 vpxor \regC, \regD, \regF 137 vpxor \regB, \regF, \regF 138.endm 139 140# macro MAGIC_F2 F,B,C,D,T ## F = ((B & C) | (B & D) | (C & D)) 141.macro MAGIC_F2 regF regB regC regD regT 142 vpor \regC, \regB, \regF 143 vpand \regC, \regB, \regT 144 vpand \regD, \regF, \regF 145 vpor \regT, \regF, \regF 146.endm 147 148# macro MAGIC_F3 F,B,C,D,T ## F = (B ^ C ^ D) 149.macro MAGIC_F3 regF regB regC regD regT 150 MAGIC_F1 \regF,\regB,\regC,\regD,\regT 151.endm 152 153# PROLD reg, imm, tmp 154.macro PROLD reg imm tmp 155 vpsrld $(32-\imm), \reg, \tmp 156 vpslld $\imm, \reg, \reg 157 vpor \tmp, \reg, \reg 158.endm 159 160.macro PROLD_nd reg imm tmp src 161 vpsrld $(32-\imm), \src, \tmp 162 vpslld $\imm, \src, \reg 163 vpor \tmp, \reg, \reg 164.endm 165 166.macro SHA1_STEP_00_15 regA regB regC regD regE regT regF memW immCNT MAGIC 167 vpaddd \immCNT, \regE, \regE 168 vpaddd \memW*32(%rsp), \regE, \regE 169 PROLD_nd \regT, 5, \regF, \regA 170 vpaddd \regT, \regE, \regE 171 \MAGIC \regF, \regB, \regC, \regD, \regT 172 PROLD \regB, 30, \regT 173 vpaddd \regF, \regE, \regE 174.endm 175 176.macro SHA1_STEP_16_79 regA regB regC regD regE regT regF memW immCNT MAGIC 177 vpaddd \immCNT, \regE, \regE 178 offset = ((\memW - 14) & 15) * 32 179 vmovdqu offset(%rsp), W14 180 vpxor W14, W16, W16 181 offset = ((\memW - 8) & 15) * 32 182 vpxor offset(%rsp), W16, W16 183 offset = ((\memW - 3) & 15) * 32 184 vpxor offset(%rsp), W16, W16 185 vpsrld $(32-1), W16, \regF 186 vpslld $1, W16, W16 187 vpor W16, \regF, \regF 188 189 ROTATE_W 190 191 offset = ((\memW - 0) & 15) * 32 192 vmovdqu \regF, offset(%rsp) 193 vpaddd \regF, \regE, \regE 194 PROLD_nd \regT, 5, \regF, \regA 195 vpaddd \regT, \regE, \regE 196 \MAGIC \regF,\regB,\regC,\regD,\regT ## FUN = MAGIC_Fi(B,C,D) 197 PROLD \regB,30, \regT 198 vpaddd \regF, \regE, \regE 199.endm 200 201######################################################################## 202######################################################################## 203######################################################################## 204 205## FRAMESZ plus pushes must be an odd multiple of 8 206YMM_SAVE = (15-15)*32 207FRAMESZ = 32*16 + YMM_SAVE 208_YMM = FRAMESZ - YMM_SAVE 209 210#define VMOVPS vmovups 211 212IDX = %rax 213inp0 = %r9 214inp1 = %r10 215inp2 = %r11 216inp3 = %r12 217inp4 = %r13 218inp5 = %r14 219inp6 = %r15 220inp7 = %rcx 221arg1 = %rdi 222arg2 = %rsi 223RSP_SAVE = %rdx 224 225# ymm0 A 226# ymm1 B 227# ymm2 C 228# ymm3 D 229# ymm4 E 230# ymm5 F AA 231# ymm6 T0 BB 232# ymm7 T1 CC 233# ymm8 T2 DD 234# ymm9 T3 EE 235# ymm10 T4 TMP 236# ymm11 T5 FUN 237# ymm12 T6 K 238# ymm13 T7 W14 239# ymm14 T8 W15 240# ymm15 T9 W16 241 242 243A = %ymm0 244B = %ymm1 245C = %ymm2 246D = %ymm3 247E = %ymm4 248F = %ymm5 249T0 = %ymm6 250T1 = %ymm7 251T2 = %ymm8 252T3 = %ymm9 253T4 = %ymm10 254T5 = %ymm11 255T6 = %ymm12 256T7 = %ymm13 257T8 = %ymm14 258T9 = %ymm15 259 260AA = %ymm5 261BB = %ymm6 262CC = %ymm7 263DD = %ymm8 264EE = %ymm9 265TMP = %ymm10 266FUN = %ymm11 267K = %ymm12 268W14 = %ymm13 269W15 = %ymm14 270W16 = %ymm15 271 272.macro ROTATE_ARGS 273 TMP_ = E 274 E = D 275 D = C 276 C = B 277 B = A 278 A = TMP_ 279.endm 280 281.macro ROTATE_W 282TMP_ = W16 283W16 = W15 284W15 = W14 285W14 = TMP_ 286.endm 287 288# 8 streams x 5 32bit words per digest x 4 bytes per word 289#define DIGEST_SIZE (8*5*4) 290 291.align 32 292 293# void sha1_x8_avx2(void **input_data, UINT128 *digest, UINT32 size) 294# arg 1 : pointer to array[4] of pointer to input data 295# arg 2 : size (in blocks) ;; assumed to be >= 1 296# 297ENTRY(sha1_x8_avx2) 298 299 # save callee-saved clobbered registers to comply with C function ABI 300 push %r12 301 push %r13 302 push %r14 303 push %r15 304 305 #save rsp 306 mov %rsp, RSP_SAVE 307 sub $FRAMESZ, %rsp 308 309 #align rsp to 32 Bytes 310 and $~0x1F, %rsp 311 312 ## Initialize digests 313 vmovdqu 0*32(arg1), A 314 vmovdqu 1*32(arg1), B 315 vmovdqu 2*32(arg1), C 316 vmovdqu 3*32(arg1), D 317 vmovdqu 4*32(arg1), E 318 319 ## transpose input onto stack 320 mov _data_ptr+0*8(arg1),inp0 321 mov _data_ptr+1*8(arg1),inp1 322 mov _data_ptr+2*8(arg1),inp2 323 mov _data_ptr+3*8(arg1),inp3 324 mov _data_ptr+4*8(arg1),inp4 325 mov _data_ptr+5*8(arg1),inp5 326 mov _data_ptr+6*8(arg1),inp6 327 mov _data_ptr+7*8(arg1),inp7 328 329 xor IDX, IDX 330lloop: 331 vmovdqu PSHUFFLE_BYTE_FLIP_MASK(%rip), F 332 I=0 333.rep 2 334 VMOVPS (inp0, IDX), T0 335 VMOVPS (inp1, IDX), T1 336 VMOVPS (inp2, IDX), T2 337 VMOVPS (inp3, IDX), T3 338 VMOVPS (inp4, IDX), T4 339 VMOVPS (inp5, IDX), T5 340 VMOVPS (inp6, IDX), T6 341 VMOVPS (inp7, IDX), T7 342 343 TRANSPOSE8 T0, T1, T2, T3, T4, T5, T6, T7, T8, T9 344 vpshufb F, T0, T0 345 vmovdqu T0, (I*8)*32(%rsp) 346 vpshufb F, T1, T1 347 vmovdqu T1, (I*8+1)*32(%rsp) 348 vpshufb F, T2, T2 349 vmovdqu T2, (I*8+2)*32(%rsp) 350 vpshufb F, T3, T3 351 vmovdqu T3, (I*8+3)*32(%rsp) 352 vpshufb F, T4, T4 353 vmovdqu T4, (I*8+4)*32(%rsp) 354 vpshufb F, T5, T5 355 vmovdqu T5, (I*8+5)*32(%rsp) 356 vpshufb F, T6, T6 357 vmovdqu T6, (I*8+6)*32(%rsp) 358 vpshufb F, T7, T7 359 vmovdqu T7, (I*8+7)*32(%rsp) 360 add $32, IDX 361 I = (I+1) 362.endr 363 # save old digests 364 vmovdqu A,AA 365 vmovdqu B,BB 366 vmovdqu C,CC 367 vmovdqu D,DD 368 vmovdqu E,EE 369 370## 371## perform 0-79 steps 372## 373 vmovdqu K00_19(%rip), K 374## do rounds 0...15 375 I = 0 376.rep 16 377 SHA1_STEP_00_15 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F0 378 ROTATE_ARGS 379 I = (I+1) 380.endr 381 382## do rounds 16...19 383 vmovdqu ((16 - 16) & 15) * 32 (%rsp), W16 384 vmovdqu ((16 - 15) & 15) * 32 (%rsp), W15 385.rep 4 386 SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F0 387 ROTATE_ARGS 388 I = (I+1) 389.endr 390 391## do rounds 20...39 392 vmovdqu K20_39(%rip), K 393.rep 20 394 SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F1 395 ROTATE_ARGS 396 I = (I+1) 397.endr 398 399## do rounds 40...59 400 vmovdqu K40_59(%rip), K 401.rep 20 402 SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F2 403 ROTATE_ARGS 404 I = (I+1) 405.endr 406 407## do rounds 60...79 408 vmovdqu K60_79(%rip), K 409.rep 20 410 SHA1_STEP_16_79 A,B,C,D,E, TMP,FUN, I, K, MAGIC_F3 411 ROTATE_ARGS 412 I = (I+1) 413.endr 414 415 vpaddd AA,A,A 416 vpaddd BB,B,B 417 vpaddd CC,C,C 418 vpaddd DD,D,D 419 vpaddd EE,E,E 420 421 sub $1, arg2 422 jne lloop 423 424 # write out digests 425 vmovdqu A, 0*32(arg1) 426 vmovdqu B, 1*32(arg1) 427 vmovdqu C, 2*32(arg1) 428 vmovdqu D, 3*32(arg1) 429 vmovdqu E, 4*32(arg1) 430 431 # update input pointers 432 add IDX, inp0 433 add IDX, inp1 434 add IDX, inp2 435 add IDX, inp3 436 add IDX, inp4 437 add IDX, inp5 438 add IDX, inp6 439 add IDX, inp7 440 mov inp0, _data_ptr (arg1) 441 mov inp1, _data_ptr + 1*8(arg1) 442 mov inp2, _data_ptr + 2*8(arg1) 443 mov inp3, _data_ptr + 3*8(arg1) 444 mov inp4, _data_ptr + 4*8(arg1) 445 mov inp5, _data_ptr + 5*8(arg1) 446 mov inp6, _data_ptr + 6*8(arg1) 447 mov inp7, _data_ptr + 7*8(arg1) 448 449 ################ 450 ## Postamble 451 452 mov RSP_SAVE, %rsp 453 454 # restore callee-saved clobbered registers 455 pop %r15 456 pop %r14 457 pop %r13 458 pop %r12 459 460 ret 461ENDPROC(sha1_x8_avx2) 462 463 464.section .rodata.cst32.K00_19, "aM", @progbits, 32 465.align 32 466K00_19: 467.octa 0x5A8279995A8279995A8279995A827999 468.octa 0x5A8279995A8279995A8279995A827999 469 470.section .rodata.cst32.K20_39, "aM", @progbits, 32 471.align 32 472K20_39: 473.octa 0x6ED9EBA16ED9EBA16ED9EBA16ED9EBA1 474.octa 0x6ED9EBA16ED9EBA16ED9EBA16ED9EBA1 475 476.section .rodata.cst32.K40_59, "aM", @progbits, 32 477.align 32 478K40_59: 479.octa 0x8F1BBCDC8F1BBCDC8F1BBCDC8F1BBCDC 480.octa 0x8F1BBCDC8F1BBCDC8F1BBCDC8F1BBCDC 481 482.section .rodata.cst32.K60_79, "aM", @progbits, 32 483.align 32 484K60_79: 485.octa 0xCA62C1D6CA62C1D6CA62C1D6CA62C1D6 486.octa 0xCA62C1D6CA62C1D6CA62C1D6CA62C1D6 487 488.section .rodata.cst32.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 32 489.align 32 490PSHUFFLE_BYTE_FLIP_MASK: 491.octa 0x0c0d0e0f08090a0b0405060700010203 492.octa 0x0c0d0e0f08090a0b0405060700010203 493
