projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 6aa36e8e RS |
1 | #! /usr/bin/env perl |
| 2 | # Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. | |
| 3 | # | |
| 4 | # Licensed under the OpenSSL license (the "License"). You may not use | |
| 5 | # this file except in compliance with the License. You can obtain a copy | |
| 6 | # in the file LICENSE in the source distribution or at | |
| 7 | # https://www.openssl.org/source/license.html | |
| 8 | ||
| 02703c74 AP |
9 | # |
| 10 | # ==================================================================== | |
| 11 | # Written by David Mosberger <David.Mosberger@acm.org> based on the | |
| 12 | # Itanium optimized Crypto code which was released by HP Labs at | |
| 13 | # http://www.hpl.hp.com/research/linux/crypto/. | |
| 14 | # | |
| 15 | # Copyright (c) 2005 Hewlett-Packard Development Company, L.P. | |
| 16 | # | |
| 17 | # Permission is hereby granted, free of charge, to any person obtaining | |
| 18 | # a copy of this software and associated documentation files (the | |
| 19 | # "Software"), to deal in the Software without restriction, including | |
| 20 | # without limitation the rights to use, copy, modify, merge, publish, | |
| 21 | # distribute, sublicense, and/or sell copies of the Software, and to | |
| 22 | # permit persons to whom the Software is furnished to do so, subject to | |
| 23 | # the following conditions: | |
| 24 | # | |
| 25 | # The above copyright notice and this permission notice shall be | |
| 26 | # included in all copies or substantial portions of the Software. | |
| 27 | ||
| 28 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |
| 29 | # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |
| 30 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | |
| 31 | # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | |
| 32 | # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | |
| 33 | # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | |
| 34 | # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ | |
| 35 | ||
| 36 | ||
| 37 | ||
| 38 | # This is a little helper program which generates a software-pipelined | |
| 39 | # for RC4 encryption. The basic algorithm looks like this: | |
| 40 | # | |
| 41 | # for (counter = 0; counter < len; ++counter) | |
| 42 | # { | |
| 43 | # in = inp[counter]; | |
| 44 | # SI = S[I]; | |
| 45 | # J = (SI + J) & 0xff; | |
| 46 | # SJ = S[J]; | |
| 47 | # T = (SI + SJ) & 0xff; | |
| 48 | # S[I] = SJ, S[J] = SI; | |
| 49 | # ST = S[T]; | |
| 50 | # outp[counter] = in ^ ST; | |
| 51 | # I = (I + 1) & 0xff; | |
| 52 | # } | |
| 53 | # | |
| 54 | # Pipelining this loop isn't easy, because the stores to the S[] array | |
| 55 | # need to be observed in the right order. The loop generated by the | |
| 56 | # code below has the following pipeline diagram: | |
| 57 | # | |
| 58 | # cycle | |
| 59 | # | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 | | |
| 60 | # iter | |
| 61 | # 1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx | |
| 62 | # 2: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx | |
| 63 | # 3: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx | |
| 64 | # | |
| 65 | # where: | |
| 66 | # LDI = load of S[I] | |
| 67 | # LDJ = load of S[J] | |
| 68 | # SWP = swap of S[I] and S[J] | |
| 69 | # LDT = load of S[T] | |
| 70 | # | |
| 71 | # Note that in the above diagram, the major trouble-spot is that LDI | |
| 72 | # of the 2nd iteration is performed BEFORE the SWP of the first | |
| 73 | # iteration. Fortunately, this is easy to detect (I of the 1st | |
| 74 | # iteration will be equal to J of the 2nd iteration) and when this | |
| 75 | # happens, we simply forward the proper value from the 1st iteration | |
| 76 | # to the 2nd one. The proper value in this case is simply the value | |
| 77 | # of S[I] from the first iteration (thanks to the fact that SWP | |
| 78 | # simply swaps the contents of S[I] and S[J]). | |
| 79 | # | |
| 80 | # Another potential trouble-spot is in cycle 7, where SWP of the 1st | |
| 81 | # iteration issues at the same time as the LDI of the 3rd iteration. | |
| 82 | # However, thanks to IA-64 execution semantics, this can be taken | |
| 83 | # care of simply by placing LDI later in the instruction-group than | |
| 84 | # SWP. IA-64 CPUs will automatically forward the value if they | |
| 85 | # detect that the SWP and LDI are accessing the same memory-location. | |
| 86 | ||
| 87 | # The core-loop that can be pipelined then looks like this (annotated | |
| 88 | # with McKinley/Madison issue port & latency numbers, assuming L1 | |
| 89 | # cache hits for the most part): | |
| 90 | ||
| 91 | # operation: instruction: issue-ports: latency | |
| 92 | # ------------------ ----------------------------- ------------- ------- | |
| 93 | ||
| 94 | # Data = *inp++ ld1 data = [inp], 1 M0-M1 1 cyc c0 | |
| 95 | # shladd Iptr = I, KeyTable, 3 M0-M3, I0, I1 1 cyc | |
| 96 | # I = (I + 1) & 0xff padd1 nextI = I, one M0-M3, I0, I1 3 cyc | |
| 97 | # ;; | |
| 98 | # SI = S[I] ld8 SI = [Iptr] M0-M1 1 cyc c1 * after SWAP! | |
| 99 | # ;; | |
| 100 | # cmp.eq.unc pBypass = I, J * after J is valid! | |
| 101 | # J = SI + J add J = J, SI M0-M3, I0, I1 1 cyc c2 | |
| 102 | # (pBypass) br.cond.spnt Bypass | |
| 103 | # ;; | |
| 104 | # --------------------------------------------------------------------------------------- | |
| 105 | # J = J & 0xff zxt1 J = J I0, I1, 1 cyc c3 | |
| 106 | # ;; | |
| 107 | # shladd Jptr = J, KeyTable, 3 M0-M3, I0, I1 1 cyc c4 | |
| 108 | # ;; | |
| 109 | # SJ = S[J] ld8 SJ = [Jptr] M0-M1 1 cyc c5 | |
| 110 | # ;; | |
| 111 | # --------------------------------------------------------------------------------------- | |
| 112 | # T = (SI + SJ) add T = SI, SJ M0-M3, I0, I1 1 cyc c6 | |
| 113 | # ;; | |
| 114 | # T = T & 0xff zxt1 T = T I0, I1 1 cyc | |
| 115 | # S[I] = SJ st8 [Iptr] = SJ M2-M3 c7 | |
| 116 | # S[J] = SI st8 [Jptr] = SI M2-M3 | |
| 117 | # ;; | |
| 118 | # shladd Tptr = T, KeyTable, 3 M0-M3, I0, I1 1 cyc c8 | |
| 119 | # ;; | |
| 120 | # --------------------------------------------------------------------------------------- | |
| 121 | # T = S[T] ld8 T = [Tptr] M0-M1 1 cyc c9 | |
| 122 | # ;; | |
| 123 | # data ^= T xor data = data, T M0-M3, I0, I1 1 cyc c10 | |
| 124 | # ;; | |
| 125 | # *out++ = Data ^ T dep word = word, data, 8, POS I0, I1 1 cyc c11 | |
| 126 | # ;; | |
| 127 | # --------------------------------------------------------------------------------------- | |
| 128 | ||
| 129 | # There are several points worth making here: | |
| 130 | ||
| 131 | # - Note that due to the bypass/forwarding-path, the first two | |
| 132 | # phases of the loop are strangly mingled together. In | |
| 133 | # particular, note that the first stage of the pipeline is | |
| 134 | # using the value of "J", as calculated by the second stage. | |
| 135 | # - Each bundle-pair will have exactly 6 instructions. | |
| 136 | # - Pipelined, the loop can execute in 3 cycles/iteration and | |
| 137 | # 4 stages. However, McKinley/Madison can issue "st1" to | |
| 138 | # the same bank at a rate of at most one per 4 cycles. Thus, | |
| 139 | # instead of storing each byte, we accumulate them in a word | |
| 140 | # and then write them back at once with a single "st8" (this | |
| 141 | # implies that the setup code needs to ensure that the output | |
| 142 | # buffer is properly aligned, if need be, by encoding the | |
| 143 | # first few bytes separately). | |
| 144 | # - There is no space for a "br.ctop" instruction. For this | |
| 145 | # reason we can't use module-loop support in IA-64 and have | |
| 146 | # to do a traditional, purely software-pipelined loop. | |
| 147 | # - We can't replace any of the remaining "add/zxt1" pairs with | |
| 148 | # "padd1" because the latency for that instruction is too high | |
| 149 | # and would push the loop to the point where more bypasses | |
| 150 | # would be needed, which we don't have space for. | |
| 151 | # - The above loop runs at around 3.26 cycles/byte, or roughly | |
| 152 | # 440 MByte/sec on a 1.5GHz Madison. This is well below the | |
| 153 | # system bus bandwidth and hence with judicious use of | |
| 154 | # "lfetch" this loop can run at (almost) peak speed even when | |
| 155 | # the input and output data reside in memory. The | |
| 156 | # max. latency that can be tolerated is (PREFETCH_DISTANCE * | |
| 157 | # L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at | |
| 158 | # least) 1-ahead prefetching of 128 byte cache-lines. Note | |
| 159 | # that we do NOT prefetch into L1, since that would only | |
| 160 | # interfere with the S[] table values stored there. This is | |
| 161 | # acceptable because there is a 10 cycle latency between | |
| 162 | # load and first use of the input data. | |
| 163 | # - We use a branch to out-of-line bypass-code of cycle-pressure: | |
| 164 | # we calculate the next J, check for the need to activate the | |
| 165 | # bypass path, and activate the bypass path ALL IN THE SAME | |
| 166 | # CYCLE. If we didn't have these constraints, we could do | |
| 167 | # the bypass with a simple conditional move instruction. | |
| 168 | # Fortunately, the bypass paths get activated relatively | |
| 169 | # infrequently, so the extra branches don't cost all that much | |
| 170 | # (about 0.04 cycles/byte, measured on a 16396 byte file with | |
| 171 | # random input data). | |
| 172 | # | |
| 173 | ||
| 3c9d51ce RL |
174 | $output = pop; |
| 175 | open STDOUT,">$output"; | |
| 176 | ||
| 02703c74 AP |
177 | $phases = 4; # number of stages/phases in the pipelined-loop |
| 178 | $unroll_count = 6; # number of times we unrolled it | |
| 179 | $pComI = (1 << 0); | |
| 180 | $pComJ = (1 << 1); | |
| 181 | $pComT = (1 << 2); | |
| 182 | $pOut = (1 << 3); | |
| 183 | ||
| 184 | $NData = 4; | |
| 185 | $NIP = 3; | |
| 186 | $NJP = 2; | |
| 187 | $NI = 2; | |
| 188 | $NSI = 3; | |
| 189 | $NSJ = 2; | |
| 190 | $NT = 2; | |
| 191 | $NOutWord = 2; | |
| 192 | ||
| 193 | # | |
| 194 | # $threshold is the minimum length before we attempt to use the | |
| 195 | # big software-pipelined loop. It MUST be greater-or-equal | |
| 196 | # to: | |
| 197 | # PHASES * (UNROLL_COUNT + 1) + 7 | |
| 198 | # | |
| 199 | # The "+ 7" comes from the fact we may have to encode up to | |
| 200 | # 7 bytes separately before the output pointer is aligned. | |
| 201 | # | |
| 202 | $threshold = (3 * ($phases * ($unroll_count + 1)) + 7); | |
| 203 | ||
| 204 | sub I { | |
| 205 | local *code = shift; | |
| 206 | local $format = shift; | |
| 4ac210c1 | 207 | $code .= sprintf ("\t\t".$format."\n", @_); |
| 02703c74 AP |
208 | } |
| 209 | ||
| 210 | sub P { | |
| 211 | local *code = shift; | |
| 212 | local $format = shift; | |
| 4ac210c1 | 213 | $code .= sprintf ($format."\n", @_); |
| 02703c74 AP |
214 | } |
| 215 | ||
| 216 | sub STOP { | |
| 217 | local *code = shift; | |
| 218 | $code .=<<___; | |
| 219 | ;; | |
| 220 | ___ | |
| 221 | } | |
| 222 | ||
| 223 | sub emit_body { | |
| 224 | local *c = shift; | |
| 225 | local *bypass = shift; | |
| 226 | local ($iteration, $p) = @_; | |
| 227 | ||
| 228 | local $i0 = $iteration; | |
| 229 | local $i1 = $iteration - 1; | |
| 230 | local $i2 = $iteration - 2; | |
| 231 | local $i3 = $iteration - 3; | |
| 232 | local $iw0 = ($iteration - 3) / 8; | |
| 233 | local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1; | |
| 234 | local $byte_num = ($iteration - 3) % 8; | |
| 235 | local $label = $iteration + 1; | |
| 236 | local $pAny = ($p & 0xf) == 0xf; | |
| 237 | local $pByp = (($p & $pComI) && ($iteration > 0)); | |
| 238 | ||
| 239 | $c.=<<___; | |
| 240 | ////////////////////////////////////////////////// | |
| 241 | ___ | |
| 242 | ||
| 243 | if (($p & 0xf) == 0) { | |
| 2802ec65 | 244 | $c.="#ifdef HOST_IS_BIG_ENDIAN\n"; |
| 4ac210c1 AP |
245 | &I(\$c,"shr.u OutWord[%u] = OutWord[%u], 32;;", |
| 246 | $iw1 % $NOutWord, $iw1 % $NOutWord); | |
| 247 | $c.="#endif\n"; | |
| 02703c74 AP |
248 | &I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord); |
| 249 | return; | |
| 250 | } | |
| 251 | ||
| 252 | # Cycle 0 | |
| 253 | &I(\$c, "{ .mmi") if ($pAny); | |
| 254 | &I(\$c, "ld1 Data[%u] = [InPtr], 1", $i0 % $NData) if ($p & $pComI); | |
| 255 | &I(\$c, "padd1 I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI); | |
| 256 | &I(\$c, "zxt1 J = J") if ($p & $pComJ); | |
| 257 | &I(\$c, "}") if ($pAny); | |
| 258 | &I(\$c, "{ .mmi") if ($pAny); | |
| 259 | &I(\$c, "LKEY T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT) if ($p & $pOut); | |
| 260 | &I(\$c, "add T[%u] = SI[%u], SJ[%u]", | |
| 261 | $i0 % $NT, $i2 % $NSI, $i1 % $NSJ) if ($p & $pComT); | |
| 262 | &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI); | |
| 263 | &I(\$c, "}") if ($pAny); | |
| 264 | &STOP(\$c); | |
| 265 | ||
| 266 | # Cycle 1 | |
| 267 | &I(\$c, "{ .mmi") if ($pAny); | |
| 268 | &I(\$c, "SKEY [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT); | |
| 269 | &I(\$c, "SKEY [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT); | |
| 270 | &I(\$c, "zxt1 T[%u] = T[%u]", $i0 % $NT, $i0 % $NT) if ($p & $pComT); | |
| 271 | &I(\$c, "}") if ($pAny); | |
| 272 | &I(\$c, "{ .mmi") if ($pAny); | |
| 273 | &I(\$c, "LKEY SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI); | |
| 274 | &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP) if ($p & $pComJ); | |
| 275 | &I(\$c, "xor Data[%u] = Data[%u], T[%u]", | |
| 276 | $i3 % $NData, $i3 % $NData, $i1 % $NT) if ($p & $pOut); | |
| 277 | &I(\$c, "}") if ($pAny); | |
| 278 | &STOP(\$c); | |
| 279 | ||
| 280 | # Cycle 2 | |
| 281 | &I(\$c, "{ .mmi") if ($pAny); | |
| 282 | &I(\$c, "LKEY SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ); | |
| 283 | &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI) if ($pByp); | |
| 284 | &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8", | |
| 285 | $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut); | |
| 286 | &I(\$c, "}") if ($pAny); | |
| 287 | &I(\$c, "{ .mmb") if ($pAny); | |
| 288 | &I(\$c, "add J = J, SI[%u]", $i0 % $NSI) if ($p & $pComI); | |
| 289 | &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT) if ($p & $pComT); | |
| 290 | &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp); | |
| 291 | &I(\$c, "}") if ($pAny); | |
| 292 | &STOP(\$c); | |
| 293 | ||
| 294 | &P(\$c, ".rc4Resume%u:", $label) if ($pByp); | |
| 295 | if ($byte_num == 0 && $iteration >= $phases) { | |
| 296 | &I(\$c, "st8 [OutPtr] = OutWord[%u], 8", | |
| 297 | $iw1 % $NOutWord) if ($p & $pOut); | |
| 298 | if ($iteration == (1 + $unroll_count) * $phases - 1) { | |
| 299 | if ($unroll_count == 6) { | |
| 300 | &I(\$c, "mov OutWord[%u] = OutWord[%u]", | |
| 301 | $iw1 % $NOutWord, $iw0 % $NOutWord); | |
| 302 | } | |
| 303 | &I(\$c, "lfetch.nt1 [InPrefetch], %u", | |
| 304 | $unroll_count * $phases); | |
| 305 | &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u", | |
| 306 | $unroll_count * $phases); | |
| 307 | &I(\$c, "br.cloop.sptk.few .rc4Loop"); | |
| 308 | } | |
| 309 | } | |
| 310 | ||
| 311 | if ($pByp) { | |
| 312 | &P(\$bypass, ".rc4Bypass%u:", $label); | |
| 313 | &I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI); | |
| 314 | &I(\$bypass, "nop 0"); | |
| 315 | &I(\$bypass, "nop 0"); | |
| 316 | &I(\$bypass, ";;"); | |
| 317 | &I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI); | |
| 318 | &I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI); | |
| 319 | &I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label); | |
| 4ac210c1 | 320 | &I(\$bypass, ";;"); |
| 02703c74 AP |
321 | } |
| 322 | } | |
| 323 | ||
| 324 | $code=<<___; | |
| 325 | .ident \"rc4-ia64.s, version 3.0\" | |
| 326 | .ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\" | |
| 327 | ||
| 328 | #define LCSave r8 | |
| 329 | #define PRSave r9 | |
| 330 | ||
| 331 | /* Inputs become invalid once rotation begins! */ | |
| 332 | ||
| 333 | #define StateTable in0 | |
| 334 | #define DataLen in1 | |
| 335 | #define InputBuffer in2 | |
| 336 | #define OutputBuffer in3 | |
| 337 | ||
| 338 | #define KTable r14 | |
| 339 | #define J r15 | |
| 340 | #define InPtr r16 | |
| 341 | #define OutPtr r17 | |
| 342 | #define InPrefetch r18 | |
| 343 | #define OutPrefetch r19 | |
| 344 | #define One r20 | |
| 345 | #define LoopCount r21 | |
| 346 | #define Remainder r22 | |
| 347 | #define IFinal r23 | |
| 348 | #define EndPtr r24 | |
| 349 | ||
| 350 | #define tmp0 r25 | |
| 351 | #define tmp1 r26 | |
| 352 | ||
| 353 | #define pBypass p6 | |
| 354 | #define pDone p7 | |
| 355 | #define pSmall p8 | |
| 356 | #define pAligned p9 | |
| 357 | #define pUnaligned p10 | |
| 358 | ||
| 359 | #define pComputeI pPhase[0] | |
| 360 | #define pComputeJ pPhase[1] | |
| 361 | #define pComputeT pPhase[2] | |
| 362 | #define pOutput pPhase[3] | |
| 363 | ||
| 364 | #define RetVal r8 | |
| 365 | #define L_OK p7 | |
| 366 | #define L_NOK p8 | |
| 367 | ||
| 368 | #define _NINPUTS 4 | |
| 369 | #define _NOUTPUT 0 | |
| 370 | ||
| 371 | #define _NROTATE 24 | |
| 372 | #define _NLOCALS (_NROTATE - _NINPUTS - _NOUTPUT) | |
| 373 | ||
| 374 | #ifndef SZ | |
| 375 | # define SZ 4 // this must be set to sizeof(RC4_INT) | |
| 376 | #endif | |
| 377 | ||
| 378 | #if SZ == 1 | |
| 379 | # define LKEY ld1 | |
| 380 | # define SKEY st1 | |
| 381 | # define KEYADDR(dst, i) add dst = i, KTable | |
| 382 | #elif SZ == 2 | |
| 383 | # define LKEY ld2 | |
| 384 | # define SKEY st2 | |
| 385 | # define KEYADDR(dst, i) shladd dst = i, 1, KTable | |
| 386 | #elif SZ == 4 | |
| 387 | # define LKEY ld4 | |
| 388 | # define SKEY st4 | |
| 389 | # define KEYADDR(dst, i) shladd dst = i, 2, KTable | |
| 390 | #else | |
| 391 | # define LKEY ld8 | |
| 392 | # define SKEY st8 | |
| 393 | # define KEYADDR(dst, i) shladd dst = i, 3, KTable | |
| 394 | #endif | |
| 395 | ||
| 396 | #if defined(_HPUX_SOURCE) && !defined(_LP64) | |
| 397 | # define ADDP addp4 | |
| 398 | #else | |
| 399 | # define ADDP add | |
| 400 | #endif | |
| 401 | ||
| 402 | /* Define a macro for the bit number of the n-th byte: */ | |
| 403 | ||
| 4ac210c1 | 404 | #if defined(_HPUX_SOURCE) || defined(B_ENDIAN) |
| 2802ec65 | 405 | # define HOST_IS_BIG_ENDIAN |
| 02703c74 | 406 | # define BYTE_POS(n) (56 - (8 * (n))) |
| 4ac210c1 AP |
407 | #else |
| 408 | # define BYTE_POS(n) (8 * (n)) | |
| 02703c74 AP |
409 | #endif |
| 410 | ||
| 411 | /* | |
| 412 | We must perform the first phase of the pipeline explicitly since | |
| 413 | we will always load from the stable the first time. The br.cexit | |
| 414 | will never be taken since regardless of the number of bytes because | |
| 415 | the epilogue count is 4. | |
| 416 | */ | |
| 4ac210c1 AP |
417 | /* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX |
| 418 | assembler failed on original macro with syntax error. <appro> */ | |
| 419 | #define MODSCHED_RC4_PROLOGUE \\ | |
| 02703c74 AP |
420 | { \\ |
| 421 | ld1 Data[0] = [InPtr], 1; \\ | |
| 422 | add IFinal = 1, I[1]; \\ | |
| 423 | KEYADDR(IPr[0], I[1]); \\ | |
| 424 | } ;; \\ | |
| 425 | { \\ | |
| 426 | LKEY SI[0] = [IPr[0]]; \\ | |
| 427 | mov pr.rot = 0x10000; \\ | |
| 428 | mov ar.ec = 4; \\ | |
| 429 | } ;; \\ | |
| 430 | { \\ | |
| 431 | add J = J, SI[0]; \\ | |
| 432 | zxt1 I[0] = IFinal; \\ | |
| 4ac210c1 AP |
433 | br.cexit.spnt.few .+16; /* never taken */ \\ |
| 434 | } ;; | |
| 435 | #define MODSCHED_RC4_LOOP(label) \\ | |
| 02703c74 AP |
436 | label: \\ |
| 437 | { .mmi; \\ | |
| 438 | (pComputeI) ld1 Data[0] = [InPtr], 1; \\ | |
| 439 | (pComputeI) add IFinal = 1, I[1]; \\ | |
| 440 | (pComputeJ) zxt1 J = J; \\ | |
| 441 | }{ .mmi; \\ | |
| 442 | (pOutput) LKEY T[1] = [T[1]]; \\ | |
| 443 | (pComputeT) add T[0] = SI[2], SJ[1]; \\ | |
| 444 | (pComputeI) KEYADDR(IPr[0], I[1]); \\ | |
| 445 | } ;; \\ | |
| 446 | { .mmi; \\ | |
| 447 | (pComputeT) SKEY [IPr[2]] = SJ[1]; \\ | |
| 448 | (pComputeT) SKEY [JP[1]] = SI[2]; \\ | |
| 449 | (pComputeT) zxt1 T[0] = T[0]; \\ | |
| 450 | }{ .mmi; \\ | |
| 451 | (pComputeI) LKEY SI[0] = [IPr[0]]; \\ | |
| 452 | (pComputeJ) KEYADDR(JP[0], J); \\ | |
| 453 | (pComputeI) cmp.eq.unc pBypass, p0 = I[1], J; \\ | |
| 454 | } ;; \\ | |
| 455 | { .mmi; \\ | |
| 456 | (pComputeJ) LKEY SJ[0] = [JP[0]]; \\ | |
| 457 | (pOutput) xor Data[3] = Data[3], T[1]; \\ | |
| 458 | nop 0x0; \\ | |
| 459 | }{ .mmi; \\ | |
| 460 | (pComputeT) KEYADDR(T[0], T[0]); \\ | |
| 461 | (pBypass) mov SI[0] = SI[1]; \\ | |
| 462 | (pComputeI) zxt1 I[0] = IFinal; \\ | |
| 463 | } ;; \\ | |
| 464 | { .mmb; \\ | |
| 465 | (pOutput) st1 [OutPtr] = Data[3], 1; \\ | |
| 466 | (pComputeI) add J = J, SI[0]; \\ | |
| 467 | br.ctop.sptk.few label; \\ | |
| 468 | } ;; | |
| 469 | ||
| 470 | .text | |
| 471 | ||
| 472 | .align 32 | |
| 473 | ||
| 474 | .type RC4, \@function | |
| 475 | .global RC4 | |
| 476 | ||
| 477 | .proc RC4 | |
| 478 | .prologue | |
| 479 | ||
| 480 | RC4: | |
| 481 | { | |
| 482 | .mmi | |
| 483 | alloc r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE | |
| 484 | ||
| 485 | .rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\ | |
| 486 | OutWord[2] | |
| 487 | .rotp pPhase[4] | |
| 488 | ||
| 4ac210c1 AP |
489 | ADDP InPrefetch = 0, InputBuffer |
| 490 | ADDP KTable = 0, StateTable | |
| 02703c74 | 491 | } |
| 02703c74 | 492 | { |
| 4ac210c1 AP |
493 | .mmi |
| 494 | ADDP InPtr = 0, InputBuffer | |
| 495 | ADDP OutPtr = 0, OutputBuffer | |
| 496 | mov RetVal = r0 | |
| 02703c74 | 497 | } |
| 02703c74 AP |
498 | ;; |
| 499 | { | |
| 500 | .mmi | |
| 501 | lfetch.nt1 [InPrefetch], 0x80 | |
| 4ac210c1 | 502 | ADDP OutPrefetch = 0, OutputBuffer |
| 02703c74 AP |
503 | } |
| 504 | { // Return 0 if the input length is nonsensical | |
| 505 | .mib | |
| 4ac210c1 AP |
506 | ADDP StateTable = 0, StateTable |
| 507 | cmp.ge.unc L_NOK, L_OK = r0, DataLen | |
| 02703c74 AP |
508 | (L_NOK) br.ret.sptk.few rp |
| 509 | } | |
| 510 | ;; | |
| 511 | { | |
| 512 | .mib | |
| 4ac210c1 AP |
513 | cmp.eq.or L_NOK, L_OK = r0, InPtr |
| 514 | cmp.eq.or L_NOK, L_OK = r0, OutPtr | |
| 515 | nop 0x0 | |
| 02703c74 | 516 | } |
| 02703c74 | 517 | { |
| 4ac210c1 AP |
518 | .mib |
| 519 | cmp.eq.or L_NOK, L_OK = r0, StateTable | |
| 520 | nop 0x0 | |
| 02703c74 AP |
521 | (L_NOK) br.ret.sptk.few rp |
| 522 | } | |
| 523 | ;; | |
| 4ac210c1 | 524 | LKEY I[1] = [KTable], SZ |
| 02703c74 AP |
525 | /* Prefetch the state-table. It contains 256 elements of size SZ */ |
| 526 | ||
| 527 | #if SZ == 1 | |
| 528 | ADDP tmp0 = 1*128, StateTable | |
| 529 | #elif SZ == 2 | |
| 530 | ADDP tmp0 = 3*128, StateTable | |
| 531 | ADDP tmp1 = 2*128, StateTable | |
| 532 | #elif SZ == 4 | |
| 533 | ADDP tmp0 = 7*128, StateTable | |
| 534 | ADDP tmp1 = 6*128, StateTable | |
| 535 | #elif SZ == 8 | |
| 536 | ADDP tmp0 = 15*128, StateTable | |
| 537 | ADDP tmp1 = 14*128, StateTable | |
| 538 | #endif | |
| 539 | ;; | |
| 540 | #if SZ >= 8 | |
| 541 | lfetch.fault.nt1 [tmp0], -256 // 15 | |
| 542 | lfetch.fault.nt1 [tmp1], -256;; | |
| 543 | lfetch.fault.nt1 [tmp0], -256 // 13 | |
| 544 | lfetch.fault.nt1 [tmp1], -256;; | |
| 545 | lfetch.fault.nt1 [tmp0], -256 // 11 | |
| 546 | lfetch.fault.nt1 [tmp1], -256;; | |
| 547 | lfetch.fault.nt1 [tmp0], -256 // 9 | |
| 548 | lfetch.fault.nt1 [tmp1], -256;; | |
| 549 | #endif | |
| 550 | #if SZ >= 4 | |
| 551 | lfetch.fault.nt1 [tmp0], -256 // 7 | |
| 552 | lfetch.fault.nt1 [tmp1], -256;; | |
| 553 | lfetch.fault.nt1 [tmp0], -256 // 5 | |
| 554 | lfetch.fault.nt1 [tmp1], -256;; | |
| 555 | #endif | |
| 556 | #if SZ >= 2 | |
| 557 | lfetch.fault.nt1 [tmp0], -256 // 3 | |
| 558 | lfetch.fault.nt1 [tmp1], -256;; | |
| 559 | #endif | |
| 4ac210c1 AP |
560 | { |
| 561 | .mii | |
| 02703c74 | 562 | lfetch.fault.nt1 [tmp0] // 1 |
| 4ac210c1 AP |
563 | add I[1]=1,I[1];; |
| 564 | zxt1 I[1]=I[1] | |
| 565 | } | |
| 02703c74 AP |
566 | { |
| 567 | .mmi | |
| 568 | lfetch.nt1 [InPrefetch], 0x80 | |
| 569 | lfetch.excl.nt1 [OutPrefetch], 0x80 | |
| 570 | .save pr, PRSave | |
| 571 | mov PRSave = pr | |
| 572 | } ;; | |
| 573 | { | |
| 574 | .mmi | |
| 575 | lfetch.excl.nt1 [OutPrefetch], 0x80 | |
| 4ac210c1 AP |
576 | LKEY J = [KTable], SZ |
| 577 | ADDP EndPtr = DataLen, InPtr | |
| 02703c74 AP |
578 | } ;; |
| 579 | { | |
| 580 | .mmi | |
| 02703c74 AP |
581 | ADDP EndPtr = -1, EndPtr // Make it point to |
| 582 | // last data byte. | |
| 02703c74 AP |
583 | mov One = 1 |
| 584 | .save ar.lc, LCSave | |
| 585 | mov LCSave = ar.lc | |
| 586 | .body | |
| 587 | } ;; | |
| 588 | { | |
| 589 | .mmb | |
| 590 | sub Remainder = 0, OutPtr | |
| 591 | cmp.gtu pSmall, p0 = $threshold, DataLen | |
| 592 | (pSmall) br.cond.dpnt .rc4Remainder // Data too small for | |
| 593 | // big loop. | |
| 594 | } ;; | |
| 595 | { | |
| 596 | .mmi | |
| 597 | and Remainder = 0x7, Remainder | |
| 598 | ;; | |
| 599 | cmp.eq pAligned, pUnaligned = Remainder, r0 | |
| 600 | nop 0x0 | |
| 601 | } ;; | |
| 602 | { | |
| 603 | .mmb | |
| 4ac210c1 | 604 | .pred.rel "mutex",pUnaligned,pAligned |
| 02703c74 AP |
605 | (pUnaligned) add Remainder = -1, Remainder |
| 606 | (pAligned) sub Remainder = EndPtr, InPtr | |
| 607 | (pAligned) br.cond.dptk.many .rc4Aligned | |
| 608 | } ;; | |
| 609 | { | |
| 610 | .mmi | |
| 611 | nop 0x0 | |
| 612 | nop 0x0 | |
| 613 | mov.i ar.lc = Remainder | |
| 614 | } | |
| 615 | ||
| 616 | /* Do the initial few bytes via the compact, modulo-scheduled loop | |
| 617 | until the output pointer is 8-byte-aligned. */ | |
| 618 | ||
| 4ac210c1 AP |
619 | MODSCHED_RC4_PROLOGUE |
| 620 | MODSCHED_RC4_LOOP(.RC4AlignLoop) | |
| 02703c74 AP |
621 | |
| 622 | { | |
| 623 | .mib | |
| 624 | sub Remainder = EndPtr, InPtr | |
| 625 | zxt1 IFinal = IFinal | |
| 626 | clrrrb // Clear CFM.rrb.pr so | |
| 627 | ;; // next "mov pr.rot = N" | |
| 628 | // does the right thing. | |
| 629 | } | |
| 630 | { | |
| 631 | .mmi | |
| 632 | mov I[1] = IFinal | |
| 633 | nop 0x0 | |
| 634 | nop 0x0 | |
| 635 | } ;; | |
| 636 | ||
| 637 | ||
| 638 | .rc4Aligned: | |
| 639 | ||
| 640 | /* | |
| 641 | Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases) | |
| 642 | */ | |
| 643 | ||
| 644 | { | |
| 645 | .mlx | |
| 646 | add LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder | |
| 647 | movl Remainder = 0xaaaaaaaaaaaaaaab | |
| 648 | } ;; | |
| 649 | { | |
| 650 | .mmi | |
| 651 | setf.sig f6 = LoopCount // M2, M3 6 cyc | |
| 652 | setf.sig f7 = Remainder // M2, M3 6 cyc | |
| 653 | nop 0x0 | |
| 654 | } ;; | |
| 655 | { | |
| 656 | .mfb | |
| 657 | nop 0x0 | |
| 658 | xmpy.hu f6 = f6, f7 | |
| 659 | nop 0x0 | |
| 660 | } ;; | |
| 661 | { | |
| 662 | .mmi | |
| 4ac210c1 | 663 | getf.sig LoopCount = f6;; // M2 5 cyc |
| 02703c74 AP |
664 | nop 0x0 |
| 665 | shr.u LoopCount = LoopCount, 4 | |
| 666 | } ;; | |
| 667 | { | |
| 668 | .mmi | |
| 669 | nop 0x0 | |
| 670 | nop 0x0 | |
| 671 | mov.i ar.lc = LoopCount | |
| 672 | } ;; | |
| 673 | ||
| 674 | /* Now comes the unrolled loop: */ | |
| 675 | ||
| 676 | .rc4Prologue: | |
| 677 | ___ | |
| 678 | ||
| 679 | $iteration = 0; | |
| 680 | ||
| 681 | # Generate the prologue: | |
| 682 | $predicates = 1; | |
| 683 | for ($i = 0; $i < $phases; ++$i) { | |
| 684 | &emit_body (\$code, \$bypass, $iteration++, $predicates); | |
| 685 | $predicates = ($predicates << 1) | 1; | |
| 686 | } | |
| 687 | ||
| 688 | $code.=<<___; | |
| 689 | .rc4Loop: | |
| 690 | ___ | |
| 691 | ||
| 692 | # Generate the body: | |
| 693 | for ($i = 0; $i < $unroll_count*$phases; ++$i) { | |
| 694 | &emit_body (\$code, \$bypass, $iteration++, $predicates); | |
| 695 | } | |
| 696 | ||
| 697 | $code.=<<___; | |
| 698 | .rc4Epilogue: | |
| 699 | ___ | |
| 700 | ||
| 701 | # Generate the epilogue: | |
| 702 | for ($i = 0; $i < $phases; ++$i) { | |
| 703 | $predicates <<= 1; | |
| 704 | &emit_body (\$code, \$bypass, $iteration++, $predicates); | |
| 705 | } | |
| 706 | ||
| 707 | $code.=<<___; | |
| 708 | { | |
| 709 | .mmi | |
| 710 | lfetch.nt1 [EndPtr] // fetch line with last byte | |
| 711 | mov IFinal = I[1] | |
| 712 | nop 0x0 | |
| 713 | } | |
| 714 | ||
| 715 | .rc4Remainder: | |
| 716 | { | |
| 717 | .mmi | |
| 718 | sub Remainder = EndPtr, InPtr // Calculate | |
| 719 | // # of bytes | |
| 720 | // left - 1 | |
| 721 | nop 0x0 | |
| 722 | nop 0x0 | |
| 723 | } ;; | |
| 724 | { | |
| 725 | .mib | |
| 726 | cmp.eq pDone, p0 = -1, Remainder // done already? | |
| 727 | mov.i ar.lc = Remainder | |
| 728 | (pDone) br.cond.dptk.few .rc4Complete | |
| 729 | } | |
| 730 | ||
| 731 | /* Do the remaining bytes via the compact, modulo-scheduled loop */ | |
| 732 | ||
| 4ac210c1 AP |
733 | MODSCHED_RC4_PROLOGUE |
| 734 | MODSCHED_RC4_LOOP(.RC4RestLoop) | |
| 02703c74 AP |
735 | |
| 736 | .rc4Complete: | |
| 737 | { | |
| 738 | .mmi | |
| 4ac210c1 AP |
739 | add KTable = -SZ, KTable |
| 740 | add IFinal = -1, IFinal | |
| 02703c74 AP |
741 | mov ar.lc = LCSave |
| 742 | } ;; | |
| 743 | { | |
| 744 | .mii | |
| 4ac210c1 AP |
745 | SKEY [KTable] = J,-SZ |
| 746 | zxt1 IFinal = IFinal | |
| 747 | mov pr = PRSave, 0x1FFFF | |
| 748 | } ;; | |
| 02703c74 AP |
749 | { |
| 750 | .mib | |
| 4ac210c1 AP |
751 | SKEY [KTable] = IFinal |
| 752 | add RetVal = 1, r0 | |
| 02703c74 AP |
753 | br.ret.sptk.few rp |
| 754 | } ;; | |
| 755 | ___ | |
| 756 | ||
| 757 | # Last but not least, emit the code for the bypass-code of the unrolled loop: | |
| 758 | ||
| 759 | $code.=$bypass; | |
| 760 | ||
| 761 | $code.=<<___; | |
| 762 | .endp RC4 | |
| 763 | ___ | |
| 764 | ||
| 765 | print $code; | |
| 3c9d51ce RL |
766 | |
| 767 | close STDOUT; |