3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
12 # This is AESNI-CBC+SHA256 stitch implementation. The idea, as spelled
13 # in http://download.intel.com/design/intarch/papers/323686.pdf, is
14 # that since AESNI-CBC encrypt exhibit *very* low instruction-level
15 # parallelism, interleaving it with another algorithm would allow to
16 # utilize processor resources better and achieve better performance.
17 # SHA256 instruction sequences(*) are taken from sha512-x86_64.pl and
18 # AESNI code is weaved into it. As SHA256 dominates execution time,
19 # stitch performance does not depend on AES key length. Below are
20 # performance numbers in cycles per processed byte, less is better,
21 # for standalone AESNI-CBC encrypt, standalone SHA256, and stitched
24 # AES-128/-192/-256+SHA256 this(**)gain
25 # Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43%
26 # Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50%
27 # Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59%
28 # Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
30 # (*) there are XOP, AVX1 and AVX2 code pathes, meaning that
31 # Westmere is omitted from loop, this is because gain was not
32 # estimated high enough to justify the effort;
33 # (**) these are EVP-free results, results obtained with 'speed
34 # -evp aes-256-cbc-hmac-sha256' will vary by percent or two;
38 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
40 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
42 $0 =~ m/(.*[\/\\])[^\
/\\]+$/; $dir=$1;
43 ( $xlate="${dir}x86_64-xlate.pl" and -f
$xlate ) or
44 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f
$xlate) or
45 die "can't locate x86_64-xlate.pl";
47 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
48 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
49 $avx = ($1>=2.19) + ($1>=2.22);
52 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM
} =~ /nasm/) &&
53 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
54 $avx = ($1>=2.09) + ($1>=2.10);
57 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM
} =~ /ml64/) &&
58 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
59 $avx = ($1>=10) + ($1>=11);
62 $shaext=$avx; ### set to zero if compiling for 1.0.1
63 $avx=1 if (!$shaext && $avx);
65 open OUT
,"| \"$^X\" $xlate $flavour $output";
68 $func="aesni_cbc_sha256_enc";
71 @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
72 "%r8d","%r9d","%r10d","%r11d");
73 ($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%esi");
80 ########################################################################
81 # void aesni_cbc_sha256_enc(const void *inp,
88 ($inp, $out, $len, $key, $ivp, $ctx, $in0) =
89 ("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
93 $_inp="16*$SZ+0*8(%rsp)";
94 $_out="16*$SZ+1*8(%rsp)";
95 $_end="16*$SZ+2*8(%rsp)";
96 $_key="16*$SZ+3*8(%rsp)";
97 $_ivp="16*$SZ+4*8(%rsp)";
98 $_ctx="16*$SZ+5*8(%rsp)";
99 $_in0="16*$SZ+6*8(%rsp)";
100 $_rsp="16*$SZ+7*8(%rsp)";
106 .extern OPENSSL_ia32cap_P
108 .type
$func,\
@abi-omnipotent
114 lea OPENSSL_ia32cap_P
(%rip),%r11
116 cmp \
$0,`$win64?"%rcx":"%rdi"`
121 $code.=<<___
if ($shaext);
122 bt \
$61,%r10 # check for SHA
129 test \
$`1<<11`,%r10d # check for XOP
132 $code.=<<___
if ($avx>1);
133 and \
$`1<<8|1<<5|1<<3`,%r11d # check for BMI2+AVX2+BMI1
134 cmp \
$`1<<8|1<<5|1<<3`,%r11d
138 and \
$`1<<30`,%eax # mask "Intel CPU" bit
139 and \
$`1<<28|1<<9`,%r10d # mask AVX+SSSE3 bits
141 cmp \
$`1<<28|1<<9|1<<30`,%r10d
148 cmp \
$0,`$win64?"%rcx":"%rdi"`
156 .type
$TABLE,\
@object
158 .long
0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
159 .long
0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
160 .long
0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
161 .long
0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
162 .long
0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
163 .long
0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
164 .long
0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
165 .long
0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
166 .long
0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
167 .long
0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
168 .long
0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
169 .long
0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
170 .long
0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
171 .long
0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
172 .long
0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
173 .long
0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
174 .long
0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
175 .long
0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
176 .long
0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
177 .long
0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
178 .long
0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
179 .long
0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
180 .long
0xd192e819,0xd6990624,0xf40e3585,0x106aa070
181 .long
0xd192e819,0xd6990624,0xf40e3585,0x106aa070
182 .long
0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
183 .long
0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
184 .long
0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
185 .long
0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
186 .long
0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
187 .long
0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
188 .long
0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
189 .long
0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
191 .long
0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
192 .long
0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
193 .long
0,0,0,0, 0,0,0,0, -1,-1,-1,-1
194 .long
0,0,0,0, 0,0,0,0
195 .asciz
"AESNI-CBC+SHA256 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
199 ######################################################################
203 ($iv,$inout,$roundkey,$temp,
204 $mask10,$mask12,$mask14,$offload)=map("%xmm$_",(8..15));
208 ## &vmovdqu ($roundkey,"0x00-0x80($inp)");'
209 ## &vmovdqu ($inout,($inp));
210 ## &mov ($_inp,$inp);
212 '&vpxor ($inout,$inout,$roundkey);'.
213 ' &vmovdqu ($roundkey,"0x10-0x80($inp)");',
215 '&vpxor ($inout,$inout,$iv);',
217 '&vaesenc ($inout,$inout,$roundkey);'.
218 ' &vmovdqu ($roundkey,"0x20-0x80($inp)");',
220 '&vaesenc ($inout,$inout,$roundkey);'.
221 ' &vmovdqu ($roundkey,"0x30-0x80($inp)");',
223 '&vaesenc ($inout,$inout,$roundkey);'.
224 ' &vmovdqu ($roundkey,"0x40-0x80($inp)");',
226 '&vaesenc ($inout,$inout,$roundkey);'.
227 ' &vmovdqu ($roundkey,"0x50-0x80($inp)");',
229 '&vaesenc ($inout,$inout,$roundkey);'.
230 ' &vmovdqu ($roundkey,"0x60-0x80($inp)");',
232 '&vaesenc ($inout,$inout,$roundkey);'.
233 ' &vmovdqu ($roundkey,"0x70-0x80($inp)");',
235 '&vaesenc ($inout,$inout,$roundkey);'.
236 ' &vmovdqu ($roundkey,"0x80-0x80($inp)");',
238 '&vaesenc ($inout,$inout,$roundkey);'.
239 ' &vmovdqu ($roundkey,"0x90-0x80($inp)");',
241 '&vaesenc ($inout,$inout,$roundkey);'.
242 ' &vmovdqu ($roundkey,"0xa0-0x80($inp)");',
244 '&vaesenclast ($temp,$inout,$roundkey);'.
245 ' &vaesenc ($inout,$inout,$roundkey);'.
246 ' &vmovdqu ($roundkey,"0xb0-0x80($inp)");',
248 '&vpand ($iv,$temp,$mask10);'.
249 ' &vaesenc ($inout,$inout,$roundkey);'.
250 ' &vmovdqu ($roundkey,"0xc0-0x80($inp)");',
252 '&vaesenclast ($temp,$inout,$roundkey);'.
253 ' &vaesenc ($inout,$inout,$roundkey);'.
254 ' &vmovdqu ($roundkey,"0xd0-0x80($inp)");',
256 '&vpand ($temp,$temp,$mask12);'.
257 ' &vaesenc ($inout,$inout,$roundkey);'.
258 '&vmovdqu ($roundkey,"0xe0-0x80($inp)");',
260 '&vpor ($iv,$iv,$temp);'.
261 ' &vaesenclast ($temp,$inout,$roundkey);'.
262 ' &vmovdqu ($roundkey,"0x00-0x80($inp)");'
264 ## &mov ($inp,$_inp);
265 ## &mov ($out,$_out);
266 ## &vpand ($temp,$temp,$mask14);
267 ## &vpor ($iv,$iv,$temp);
268 ## &vmovdqu ($iv,($out,$inp);
269 ## &lea (inp,16($inp));
273 my ($a,$b,$c,$d,$e,$f,$g,$h);
275 sub AUTOLOAD
() # thunk [simplified] 32-bit style perlasm
276 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
278 $arg = "\$$arg" if ($arg*1 eq $arg);
279 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
284 '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
286 '&ror ($a0,$Sigma1[2]-$Sigma1[1])',
291 '&ror ($a1,$Sigma0[2]-$Sigma0[1])',
292 '&xor ($a4,$g)', # f^g
294 '&ror ($a0,$Sigma1[1]-$Sigma1[0])',
296 '&and ($a4,$e)', # (f^g)&e
298 @aesni_cbc_block[$aesni_cbc_idx++].
300 '&add ($h,$SZ*($i&15)."(%rsp)")', # h+=X[i]+K[i]
303 '&ror ($a1,$Sigma0[1]-$Sigma0[0])',
304 '&xor ($a4,$g)', # Ch(e,f,g)=((f^g)&e)^g
305 '&xor ($a2,$b)', # a^b, b^c in next round
307 '&ror ($a0,$Sigma1[0])', # Sigma1(e)
308 '&add ($h,$a4)', # h+=Ch(e,f,g)
309 '&and ($a3,$a2)', # (b^c)&(a^b)
312 '&add ($h,$a0)', # h+=Sigma1(e)
313 '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b)
315 '&add ($d,$h)', # d+=h
316 '&ror ($a1,$Sigma0[0])', # Sigma0(a)
317 '&add ($h,$a3)', # h+=Maj(a,b,c)
320 '&add ($a1,$h);'. # h+=Sigma0(a)
321 '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
326 ######################################################################
330 .type
${func
}_xop
,\
@function,6
334 mov
`($win64?56:8)`(%rsp),$in0 # load 7th parameter
341 mov
%rsp,%r11 # copy %rsp
342 sub \
$`$framesz+$win64*16*10`,%rsp
343 and \
$-64,%rsp # align stack frame
346 sub $inp,$out # re-bias
348 add
$inp,$len # end of input
350 #mov $inp,$_inp # saved later
353 #mov $key,$_key # remains resident in $inp register
359 $code.=<<___
if ($win64);
360 movaps
%xmm6,`$framesz+16*0`(%rsp)
361 movaps
%xmm7,`$framesz+16*1`(%rsp)
362 movaps
%xmm8,`$framesz+16*2`(%rsp)
363 movaps
%xmm9,`$framesz+16*3`(%rsp)
364 movaps
%xmm10,`$framesz+16*4`(%rsp)
365 movaps
%xmm11,`$framesz+16*5`(%rsp)
366 movaps
%xmm12,`$framesz+16*6`(%rsp)
367 movaps
%xmm13,`$framesz+16*7`(%rsp)
368 movaps
%xmm14,`$framesz+16*8`(%rsp)
369 movaps
%xmm15,`$framesz+16*9`(%rsp)
375 mov
$inp,%r12 # borrow $a4
376 lea
0x80($key),$inp # size optimization, reassign
377 lea
$TABLE+`$SZ*2*$rounds+32`(%rip),%r13 # borrow $a0
378 mov
0xf0-0x80($inp),%r14d # rounds, borrow $a1
379 mov
$ctx,%r15 # borrow $a2
380 mov
$in0,%rsi # borrow $a3
381 vmovdqu
($ivp),$iv # load IV
393 vmovdqa
0x00(%r13,%r14,8),$mask14
394 vmovdqa
0x10(%r13,%r14,8),$mask12
395 vmovdqa
0x20(%r13,%r14,8),$mask10
396 vmovdqu
0x00-0x80($inp),$roundkey
399 if ($SZ==4) { # SHA256
400 my @X = map("%xmm$_",(0..3));
401 my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
406 vmovdqa
$TABLE+`$SZ*2*$rounds`(%rip),$t3
407 vmovdqu
0x00(%rsi,%r12),@X[0]
408 vmovdqu
0x10(%rsi,%r12),@X[1]
409 vmovdqu
0x20(%rsi,%r12),@X[2]
410 vmovdqu
0x30(%rsi,%r12),@X[3]
411 vpshufb
$t3,@X[0],@X[0]
412 lea
$TABLE(%rip),$Tbl
413 vpshufb
$t3,@X[1],@X[1]
414 vpshufb
$t3,@X[2],@X[2]
415 vpaddd
0x00($Tbl),@X[0],$t0
416 vpshufb
$t3,@X[3],@X[3]
417 vpaddd
0x20($Tbl),@X[1],$t1
418 vpaddd
0x40($Tbl),@X[2],$t2
419 vpaddd
0x60($Tbl),@X[3],$t3
420 vmovdqa
$t0,0x00(%rsp)
422 vmovdqa
$t1,0x10(%rsp)
424 vmovdqa
$t2,0x20(%rsp)
426 vmovdqa
$t3,0x30(%rsp)
432 sub \
$-16*2*$SZ,$Tbl # size optimization
433 vmovdqu
(%r12),$inout # $a4
436 sub XOP_256_00_47
() {
440 my @insns = (&$body,&$body,&$body,&$body); # 104 instructions
442 &vpalignr
($t0,@X[1],@X[0],$SZ); # X[1..4]
445 &vpalignr
($t3,@X[3],@X[2],$SZ); # X[9..12]
448 &vprotd
($t1,$t0,8*$SZ-$sigma0[1]);
451 &vpsrld
($t0,$t0,$sigma0[2]);
454 &vpaddd
(@X[0],@X[0],$t3); # X[0..3] += X[9..12]
459 &vprotd
($t2,$t1,$sigma0[1]-$sigma0[0]);
462 &vpxor
($t0,$t0,$t1);
467 &vprotd
($t3,@X[3],8*$SZ-$sigma1[1]);
470 &vpxor
($t0,$t0,$t2); # sigma0(X[1..4])
473 &vpsrld
($t2,@X[3],$sigma1[2]);
476 &vpaddd
(@X[0],@X[0],$t0); # X[0..3] += sigma0(X[1..4])
479 &vprotd
($t1,$t3,$sigma1[1]-$sigma1[0]);
482 &vpxor
($t3,$t3,$t2);
487 &vpxor
($t3,$t3,$t1); # sigma1(X[14..15])
492 &vpsrldq
($t3,$t3,8);
497 &vpaddd
(@X[0],@X[0],$t3); # X[0..1] += sigma1(X[14..15])
502 &vprotd
($t3,@X[0],8*$SZ-$sigma1[1]);
505 &vpsrld
($t2,@X[0],$sigma1[2]);
508 &vprotd
($t1,$t3,$sigma1[1]-$sigma1[0]);
511 &vpxor
($t3,$t3,$t2);
516 &vpxor
($t3,$t3,$t1); # sigma1(X[16..17])
521 &vpslldq
($t3,$t3,8); # 22 instructions
526 &vpaddd
(@X[0],@X[0],$t3); # X[2..3] += sigma1(X[16..17])
531 &vpaddd
($t2,@X[0],16*2*$j."($Tbl)");
532 foreach (@insns) { eval; } # remaining instructions
533 &vmovdqa
(16*$j."(%rsp)",$t2);
537 for ($i=0,$j=0; $j<4; $j++) {
538 &XOP_256_00_47
($j,\
&body_00_15
,@X);
539 push(@X,shift(@X)); # rotate(@X)
541 &mov
("%r12",$_inp); # borrow $a4
542 &vpand
($temp,$temp,$mask14);
543 &mov
("%r15",$_out); # borrow $a2
544 &vpor
($iv,$iv,$temp);
545 &vmovdqu
("(%r15,%r12)",$iv); # write output
546 &lea
("%r12","16(%r12)"); # inp++
548 &cmpb
($SZ-1+16*2*$SZ."($Tbl)",0);
549 &jne
(".Lxop_00_47");
551 &vmovdqu
($inout,"(%r12)");
555 for ($i=0; $i<16; ) {
556 foreach(body_00_15
()) { eval; }
560 mov
$_inp,%r12 # borrow $a4
561 mov
$_out,%r13 # borrow $a0
562 mov
$_ctx,%r15 # borrow $a2
563 mov
$_in0,%rsi # borrow $a3
565 vpand
$mask14,$temp,$temp
568 vmovdqu
$iv,(%r13,%r12) # write output
569 lea
16(%r12),%r12 # inp++
595 vmovdqu
$iv,($ivp) # output IV
598 $code.=<<___
if ($win64);
599 movaps
`$framesz+16*0`(%rsp),%xmm6
600 movaps
`$framesz+16*1`(%rsp),%xmm7
601 movaps
`$framesz+16*2`(%rsp),%xmm8
602 movaps
`$framesz+16*3`(%rsp),%xmm9
603 movaps
`$framesz+16*4`(%rsp),%xmm10
604 movaps
`$framesz+16*5`(%rsp),%xmm11
605 movaps
`$framesz+16*6`(%rsp),%xmm12
606 movaps
`$framesz+16*7`(%rsp),%xmm13
607 movaps
`$framesz+16*8`(%rsp),%xmm14
608 movaps
`$framesz+16*9`(%rsp),%xmm15
620 .size
${func
}_xop
,.-${func
}_xop
622 ######################################################################
625 local *ror
= sub { &shrd
(@_[0],@_) };
628 .type
${func
}_avx
,\
@function,6
632 mov
`($win64?56:8)`(%rsp),$in0 # load 7th parameter
639 mov
%rsp,%r11 # copy %rsp
640 sub \
$`$framesz+$win64*16*10`,%rsp
641 and \
$-64,%rsp # align stack frame
644 sub $inp,$out # re-bias
646 add
$inp,$len # end of input
648 #mov $inp,$_inp # saved later
651 #mov $key,$_key # remains resident in $inp register
657 $code.=<<___
if ($win64);
658 movaps
%xmm6,`$framesz+16*0`(%rsp)
659 movaps
%xmm7,`$framesz+16*1`(%rsp)
660 movaps
%xmm8,`$framesz+16*2`(%rsp)
661 movaps
%xmm9,`$framesz+16*3`(%rsp)
662 movaps
%xmm10,`$framesz+16*4`(%rsp)
663 movaps
%xmm11,`$framesz+16*5`(%rsp)
664 movaps
%xmm12,`$framesz+16*6`(%rsp)
665 movaps
%xmm13,`$framesz+16*7`(%rsp)
666 movaps
%xmm14,`$framesz+16*8`(%rsp)
667 movaps
%xmm15,`$framesz+16*9`(%rsp)
673 mov
$inp,%r12 # borrow $a4
674 lea
0x80($key),$inp # size optimization, reassign
675 lea
$TABLE+`$SZ*2*$rounds+32`(%rip),%r13 # borrow $a0
676 mov
0xf0-0x80($inp),%r14d # rounds, borrow $a1
677 mov
$ctx,%r15 # borrow $a2
678 mov
$in0,%rsi # borrow $a3
679 vmovdqu
($ivp),$iv # load IV
691 vmovdqa
0x00(%r13,%r14,8),$mask14
692 vmovdqa
0x10(%r13,%r14,8),$mask12
693 vmovdqa
0x20(%r13,%r14,8),$mask10
694 vmovdqu
0x00-0x80($inp),$roundkey
696 if ($SZ==4) { # SHA256
697 my @X = map("%xmm$_",(0..3));
698 my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7));
704 vmovdqa
$TABLE+`$SZ*2*$rounds`(%rip),$t3
705 vmovdqu
0x00(%rsi,%r12),@X[0]
706 vmovdqu
0x10(%rsi,%r12),@X[1]
707 vmovdqu
0x20(%rsi,%r12),@X[2]
708 vmovdqu
0x30(%rsi,%r12),@X[3]
709 vpshufb
$t3,@X[0],@X[0]
710 lea
$TABLE(%rip),$Tbl
711 vpshufb
$t3,@X[1],@X[1]
712 vpshufb
$t3,@X[2],@X[2]
713 vpaddd
0x00($Tbl),@X[0],$t0
714 vpshufb
$t3,@X[3],@X[3]
715 vpaddd
0x20($Tbl),@X[1],$t1
716 vpaddd
0x40($Tbl),@X[2],$t2
717 vpaddd
0x60($Tbl),@X[3],$t3
718 vmovdqa
$t0,0x00(%rsp)
720 vmovdqa
$t1,0x10(%rsp)
722 vmovdqa
$t2,0x20(%rsp)
724 vmovdqa
$t3,0x30(%rsp)
730 sub \
$-16*2*$SZ,$Tbl # size optimization
731 vmovdqu
(%r12),$inout # $a4
734 sub Xupdate_256_AVX
() {
736 '&vpalignr ($t0,@X[1],@X[0],$SZ)', # X[1..4]
737 '&vpalignr ($t3,@X[3],@X[2],$SZ)', # X[9..12]
738 '&vpsrld ($t2,$t0,$sigma0[0]);',
739 '&vpaddd (@X[0],@X[0],$t3)', # X[0..3] += X[9..12]
740 '&vpsrld ($t3,$t0,$sigma0[2])',
741 '&vpslld ($t1,$t0,8*$SZ-$sigma0[1]);',
742 '&vpxor ($t0,$t3,$t2)',
743 '&vpshufd ($t3,@X[3],0b11111010)',# X[14..15]
744 '&vpsrld ($t2,$t2,$sigma0[1]-$sigma0[0]);',
745 '&vpxor ($t0,$t0,$t1)',
746 '&vpslld ($t1,$t1,$sigma0[1]-$sigma0[0]);',
747 '&vpxor ($t0,$t0,$t2)',
748 '&vpsrld ($t2,$t3,$sigma1[2]);',
749 '&vpxor ($t0,$t0,$t1)', # sigma0(X[1..4])
750 '&vpsrlq ($t3,$t3,$sigma1[0]);',
751 '&vpaddd (@X[0],@X[0],$t0)', # X[0..3] += sigma0(X[1..4])
752 '&vpxor ($t2,$t2,$t3);',
753 '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])',
754 '&vpxor ($t2,$t2,$t3)', # sigma1(X[14..15])
755 '&vpshufd ($t2,$t2,0b10000100)',
756 '&vpsrldq ($t2,$t2,8)',
757 '&vpaddd (@X[0],@X[0],$t2)', # X[0..1] += sigma1(X[14..15])
758 '&vpshufd ($t3,@X[0],0b01010000)',# X[16..17]
759 '&vpsrld ($t2,$t3,$sigma1[2])',
760 '&vpsrlq ($t3,$t3,$sigma1[0])',
761 '&vpxor ($t2,$t2,$t3);',
762 '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])',
763 '&vpxor ($t2,$t2,$t3)',
764 '&vpshufd ($t2,$t2,0b11101000)',
765 '&vpslldq ($t2,$t2,8)',
766 '&vpaddd (@X[0],@X[0],$t2)' # X[2..3] += sigma1(X[16..17])
770 sub AVX_256_00_47
() {
774 my @insns = (&$body,&$body,&$body,&$body); # 104 instructions
776 foreach (Xupdate_256_AVX
()) { # 29 instructions
782 &vpaddd
($t2,@X[0],16*2*$j."($Tbl)");
783 foreach (@insns) { eval; } # remaining instructions
784 &vmovdqa
(16*$j."(%rsp)",$t2);
788 for ($i=0,$j=0; $j<4; $j++) {
789 &AVX_256_00_47
($j,\
&body_00_15
,@X);
790 push(@X,shift(@X)); # rotate(@X)
792 &mov
("%r12",$_inp); # borrow $a4
793 &vpand
($temp,$temp,$mask14);
794 &mov
("%r15",$_out); # borrow $a2
795 &vpor
($iv,$iv,$temp);
796 &vmovdqu
("(%r15,%r12)",$iv); # write output
797 &lea
("%r12","16(%r12)"); # inp++
799 &cmpb
($SZ-1+16*2*$SZ."($Tbl)",0);
800 &jne
(".Lavx_00_47");
802 &vmovdqu
($inout,"(%r12)");
806 for ($i=0; $i<16; ) {
807 foreach(body_00_15
()) { eval; }
812 mov
$_inp,%r12 # borrow $a4
813 mov
$_out,%r13 # borrow $a0
814 mov
$_ctx,%r15 # borrow $a2
815 mov
$_in0,%rsi # borrow $a3
817 vpand
$mask14,$temp,$temp
820 vmovdqu
$iv,(%r13,%r12) # write output
821 lea
16(%r12),%r12 # inp++
846 vmovdqu
$iv,($ivp) # output IV
849 $code.=<<___
if ($win64);
850 movaps
`$framesz+16*0`(%rsp),%xmm6
851 movaps
`$framesz+16*1`(%rsp),%xmm7
852 movaps
`$framesz+16*2`(%rsp),%xmm8
853 movaps
`$framesz+16*3`(%rsp),%xmm9
854 movaps
`$framesz+16*4`(%rsp),%xmm10
855 movaps
`$framesz+16*5`(%rsp),%xmm11
856 movaps
`$framesz+16*6`(%rsp),%xmm12
857 movaps
`$framesz+16*7`(%rsp),%xmm13
858 movaps
`$framesz+16*8`(%rsp),%xmm14
859 movaps
`$framesz+16*9`(%rsp),%xmm15
871 .size
${func
}_avx
,.-${func
}_avx
875 ######################################################################
878 my $a5=$SZ==4?
"%esi":"%rsi"; # zap $inp
883 # at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f
885 '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'.
887 '&add ($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)', # h+=X[i]+K[i]
888 '&and ($a4,$e)', # f&e
889 '&rorx ($a0,$e,$Sigma1[2])',
890 '&rorx ($a2,$e,$Sigma1[1])',
892 '&lea ($a,"($a,$a1)")', # h+=Sigma0(a) from the past
893 '&lea ($h,"($h,$a4)")',
894 '&andn ($a4,$e,$g)', # ~e&g
897 '&rorx ($a1,$e,$Sigma1[0])',
898 '&lea ($h,"($h,$a4)")', # h+=Ch(e,f,g)=(e&f)+(~e&g)
899 '&xor ($a0,$a1)', # Sigma1(e)
902 '&rorx ($a4,$a,$Sigma0[2])',
903 '&lea ($h,"($h,$a0)")', # h+=Sigma1(e)
904 '&xor ($a2,$b)', # a^b, b^c in next round
905 '&rorx ($a1,$a,$Sigma0[1])',
907 '&rorx ($a0,$a,$Sigma0[0])',
908 '&lea ($d,"($d,$h)")', # d+=h
909 '&and ($a3,$a2)', # (b^c)&(a^b)
910 @aesni_cbc_block[$aesni_cbc_idx++].
913 '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b)
914 '&xor ($a1,$a0)', # Sigma0(a)
915 '&lea ($h,"($h,$a3)");'. # h+=Maj(a,b,c)
916 '&mov ($a4,$e)', # copy of f in future
918 '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;'
920 # and at the finish one has to $a+=$a1
924 .type
${func
}_avx2
,\
@function,6
928 mov
`($win64?56:8)`(%rsp),$in0 # load 7th parameter
935 mov
%rsp,%r11 # copy %rsp
936 sub \
$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp
937 and \
$-256*$SZ,%rsp # align stack frame
938 add \
$`2*$SZ*($rounds-8)`,%rsp
941 sub $inp,$out # re-bias
943 add
$inp,$len # end of input
945 #mov $inp,$_inp # saved later
946 #mov $out,$_out # kept in $offload
948 #mov $key,$_key # remains resident in $inp register
954 $code.=<<___
if ($win64);
955 movaps
%xmm6,`$framesz+16*0`(%rsp)
956 movaps
%xmm7,`$framesz+16*1`(%rsp)
957 movaps
%xmm8,`$framesz+16*2`(%rsp)
958 movaps
%xmm9,`$framesz+16*3`(%rsp)
959 movaps
%xmm10,`$framesz+16*4`(%rsp)
960 movaps
%xmm11,`$framesz+16*5`(%rsp)
961 movaps
%xmm12,`$framesz+16*6`(%rsp)
962 movaps
%xmm13,`$framesz+16*7`(%rsp)
963 movaps
%xmm14,`$framesz+16*8`(%rsp)
964 movaps
%xmm15,`$framesz+16*9`(%rsp)
970 mov
$inp,%r13 # borrow $a0
971 vpinsrq \
$1,$out,$offload,$offload
972 lea
0x80($key),$inp # size optimization, reassign
973 lea
$TABLE+`$SZ*2*$rounds+32`(%rip),%r12 # borrow $a4
974 mov
0xf0-0x80($inp),%r14d # rounds, borrow $a1
975 mov
$ctx,%r15 # borrow $a2
976 mov
$in0,%rsi # borrow $a3
977 vmovdqu
($ivp),$iv # load IV
980 vmovdqa
0x00(%r12,%r14,8),$mask14
981 vmovdqa
0x10(%r12,%r14,8),$mask12
982 vmovdqa
0x20(%r12,%r14,8),$mask10
984 sub \
$-16*$SZ,%r13 # inp++, size optimization
986 lea
(%rsi,%r13),%r12 # borrow $a0
988 cmp $len,%r13 # $_end
990 cmove
%rsp,%r12 # next block or random data
996 vmovdqu
0x00-0x80($inp),$roundkey
998 if ($SZ==4) { # SHA256
999 my @X = map("%ymm$_",(0..3));
1000 my ($t0,$t1,$t2,$t3) = map("%ymm$_",(4..7));
1006 vmovdqa
$TABLE+`$SZ*2*$rounds`(%rip),$t3
1007 vmovdqu
-16*$SZ+0(%rsi,%r13),%xmm0
1008 vmovdqu
-16*$SZ+16(%rsi,%r13),%xmm1
1009 vmovdqu
-16*$SZ+32(%rsi,%r13),%xmm2
1010 vmovdqu
-16*$SZ+48(%rsi,%r13),%xmm3
1012 vinserti128 \
$1,(%r12),@X[0],@X[0]
1013 vinserti128 \
$1,16(%r12),@X[1],@X[1]
1014 vpshufb
$t3,@X[0],@X[0]
1015 vinserti128 \
$1,32(%r12),@X[2],@X[2]
1016 vpshufb
$t3,@X[1],@X[1]
1017 vinserti128 \
$1,48(%r12),@X[3],@X[3]
1019 lea
$TABLE(%rip),$Tbl
1020 vpshufb
$t3,@X[2],@X[2]
1021 lea
-16*$SZ(%r13),%r13
1022 vpaddd
0x00($Tbl),@X[0],$t0
1023 vpshufb
$t3,@X[3],@X[3]
1024 vpaddd
0x20($Tbl),@X[1],$t1
1025 vpaddd
0x40($Tbl),@X[2],$t2
1026 vpaddd
0x60($Tbl),@X[3],$t3
1027 vmovdqa
$t0,0x00(%rsp)
1029 vmovdqa
$t1,0x20(%rsp)
1030 lea
-$PUSH8(%rsp),%rsp
1032 vmovdqa
$t2,0x00(%rsp)
1034 vmovdqa
$t3,0x20(%rsp)
1036 sub \
$-16*2*$SZ,$Tbl # size optimization
1041 vmovdqu
(%r13),$inout
1042 vpinsrq \
$0,%r13,$offload,$offload
1045 sub AVX2_256_00_47
() {
1049 my @insns = (&$body,&$body,&$body,&$body); # 96 instructions
1050 my $base = "+2*$PUSH8(%rsp)";
1052 &lea
("%rsp","-$PUSH8(%rsp)") if (($j%2)==0);
1053 foreach (Xupdate_256_AVX
()) { # 29 instructions
1055 eval(shift(@insns));
1056 eval(shift(@insns));
1057 eval(shift(@insns));
1059 &vpaddd
($t2,@X[0],16*2*$j."($Tbl)");
1060 foreach (@insns) { eval; } # remaining instructions
1061 &vmovdqa
((32*$j)%$PUSH8."(%rsp)",$t2);
1064 for ($i=0,$j=0; $j<4; $j++) {
1065 &AVX2_256_00_47
($j,\
&bodyx_00_15
,@X);
1066 push(@X,shift(@X)); # rotate(@X)
1068 &vmovq
("%r13",$offload); # borrow $a0
1069 &vpextrq
("%r15",$offload,1); # borrow $a2
1070 &vpand
($temp,$temp,$mask14);
1071 &vpor
($iv,$iv,$temp);
1072 &vmovdqu
("(%r15,%r13)",$iv); # write output
1073 &lea
("%r13","16(%r13)"); # inp++
1075 &lea
($Tbl,16*2*$SZ."($Tbl)");
1076 &cmpb
(($SZ-1)."($Tbl)",0);
1077 &jne
(".Lavx2_00_47");
1079 &vmovdqu
($inout,"(%r13)");
1080 &vpinsrq
($offload,$offload,"%r13",0);
1083 for ($i=0; $i<16; ) {
1084 my $base=$i<8?
"+$PUSH8(%rsp)":"(%rsp)";
1085 foreach(bodyx_00_15
()) { eval; }
1089 vpextrq \
$1,$offload,%r12 # $_out, borrow $a4
1090 vmovq
$offload,%r13 # $_inp, borrow $a0
1091 mov
`2*$SZ*$rounds+5*8`(%rsp),%r15 # $_ctx, borrow $a2
1093 lea
`2*$SZ*($rounds-8)`(%rsp),$Tbl
1095 vpand
$mask14,$temp,$temp
1097 vmovdqu
$iv,(%r12,%r13) # write output
1118 cmp `$PUSH8+2*8`($Tbl),%r13 # $_end
1128 vmovdqu
(%r13),$inout
1129 vpinsrq \
$0,%r13,$offload,$offload
1132 for ($i=0; $i<16; ) {
1133 my $base="+16($Tbl)";
1134 foreach(bodyx_00_15
()) { eval; }
1135 &lea
($Tbl,"-$PUSH8($Tbl)") if ($i==8);
1138 vmovq
$offload,%r13 # borrow $a0
1139 vpextrq \
$1,$offload,%r15 # borrow $a2
1140 vpand
$mask14,$temp,$temp
1142 lea
-$PUSH8($Tbl),$Tbl
1143 vmovdqu
$iv,(%r15,%r13) # write output
1144 lea
16(%r13),%r13 # inp++
1148 mov
`2*$SZ*$rounds+5*8`(%rsp),%r15 # $_ctx, borrow $a2
1149 lea
16*$SZ(%r13),%r13
1150 mov
`2*$SZ*$rounds+6*8`(%rsp),%rsi # $_in0, borrow $a3
1152 lea
`2*$SZ*($rounds-8)`(%rsp),%rsp
1161 lea
(%rsi,%r13),%r12
1167 cmove
%rsp,%r12 # next block or stale data
1183 vmovdqu
$iv,($ivp) # output IV
1186 $code.=<<___
if ($win64);
1187 movaps
`$framesz+16*0`(%rsp),%xmm6
1188 movaps
`$framesz+16*1`(%rsp),%xmm7
1189 movaps
`$framesz+16*2`(%rsp),%xmm8
1190 movaps
`$framesz+16*3`(%rsp),%xmm9
1191 movaps
`$framesz+16*4`(%rsp),%xmm10
1192 movaps
`$framesz+16*5`(%rsp),%xmm11
1193 movaps
`$framesz+16*6`(%rsp),%xmm12
1194 movaps
`$framesz+16*7`(%rsp),%xmm13
1195 movaps
`$framesz+16*8`(%rsp),%xmm14
1196 movaps
`$framesz+16*9`(%rsp),%xmm15
1208 .size
${func
}_avx2
,.-${func
}_avx2
1213 my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10");
1215 my ($rounds,$Tbl)=("%r11d","%rbx");
1217 my ($iv,$in,$rndkey0)=map("%xmm$_",(6,14,15));
1218 my @rndkey=("%xmm4","%xmm5");
1222 my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..3,7..9));
1223 my @MSG=map("%xmm$_",(10..13));
1227 my ($n,$k)=($r/10,$r%10);
1230 movups
`16*$n`($in0),$in # load input
1233 $code.=<<___
if ($n);
1234 movups
$iv,`16*($n-1)`($out,$in0) # write output
1238 movups
`32+16*$k-112`($key),$rndkey[1]
1239 aesenc
$rndkey[0],$iv
1246 movups
`32+16*($k+0)-112`($key),$rndkey[1]
1247 aesenc
$rndkey[0],$iv
1248 movups
`32+16*($k+1)-112`($key),$rndkey[0]
1249 aesenc
$rndkey[1],$iv
1251 movups
`32+16*($k+2)-112`($key),$rndkey[1]
1252 aesenc
$rndkey[0],$iv
1253 movups
`32+16*($k+3)-112`($key),$rndkey[0]
1254 aesenc
$rndkey[1],$iv
1256 aesenclast
$rndkey[0],$iv
1257 movups
16-112($key),$rndkey[1] # forward reference
1262 movups
`32+16*$k-112`($key),$rndkey[1]
1263 aesenc
$rndkey[0],$iv
1266 $r++; unshift(@rndkey,pop(@rndkey));
1273 .type
${func
}_shaext
,\
@function,6
1276 mov
`($win64?56:8)`(%rsp),$inp # load 7th argument
1278 $code.=<<___
if ($win64);
1279 lea
`-8-10*16`(%rsp),%rsp
1280 movaps
%xmm6,-8-10*16(%rax)
1281 movaps
%xmm7,-8-9*16(%rax)
1282 movaps
%xmm8,-8-8*16(%rax)
1283 movaps
%xmm9,-8-7*16(%rax)
1284 movaps
%xmm10,-8-6*16(%rax)
1285 movaps
%xmm11,-8-5*16(%rax)
1286 movaps
%xmm12,-8-4*16(%rax)
1287 movaps
%xmm13,-8-3*16(%rax)
1288 movaps
%xmm14,-8-2*16(%rax)
1289 movaps
%xmm15,-8-1*16(%rax)
1293 lea K256
+0x80(%rip),$Tbl
1294 movdqu
($ctx),$ABEF # DCBA
1295 movdqu
16($ctx),$CDGH # HGFE
1296 movdqa
0x200-0x80($Tbl),$TMP # byte swap mask
1298 mov
240($key),$rounds
1300 movups
($key),$rndkey0 # $key[0]
1301 movups
16($key),$rndkey[0] # forward reference
1302 lea
112($key),$key # size optimization
1304 pshufd \
$0x1b,$ABEF,$Wi # ABCD
1305 pshufd \
$0xb1,$ABEF,$ABEF # CDAB
1306 pshufd \
$0x1b,$CDGH,$CDGH # EFGH
1307 movdqa
$TMP,$BSWAP # offload
1308 palignr \
$8,$CDGH,$ABEF # ABEF
1309 punpcklqdq
$Wi,$CDGH # CDGH
1315 movdqu
($inp),@MSG[0]
1316 movdqu
0x10($inp),@MSG[1]
1317 movdqu
0x20($inp),@MSG[2]
1319 movdqu
0x30($inp),@MSG[3]
1321 movdqa
0*32-0x80($Tbl),$Wi
1324 movdqa
$CDGH,$CDGH_SAVE # offload
1325 movdqa
$ABEF,$ABEF_SAVE # offload
1329 sha256rnds2
$ABEF,$CDGH # 0-3
1330 pshufd \
$0x0e,$Wi,$Wi
1334 sha256rnds2
$CDGH,$ABEF
1336 movdqa
1*32-0x80($Tbl),$Wi
1343 sha256rnds2
$ABEF,$CDGH # 4-7
1344 pshufd \
$0x0e,$Wi,$Wi
1348 sha256rnds2
$CDGH,$ABEF
1350 movdqa
2*32-0x80($Tbl),$Wi
1353 sha256msg1
@MSG[1],@MSG[0]
1357 sha256rnds2
$ABEF,$CDGH # 8-11
1358 pshufd \
$0x0e,$Wi,$Wi
1360 palignr \
$4,@MSG[2],$TMP
1365 sha256rnds2
$CDGH,$ABEF
1367 movdqa
3*32-0x80($Tbl),$Wi
1369 sha256msg2
@MSG[3],@MSG[0]
1370 sha256msg1
@MSG[2],@MSG[1]
1374 sha256rnds2
$ABEF,$CDGH # 12-15
1375 pshufd \
$0x0e,$Wi,$Wi
1380 palignr \
$4,@MSG[3],$TMP
1382 sha256rnds2
$CDGH,$ABEF
1384 for($i=4;$i<16-3;$i++) {
1385 &$aesenc() if (($r%10)==0);
1387 movdqa
$i*32-0x80($Tbl),$Wi
1389 sha256msg2
@MSG[0],@MSG[1]
1390 sha256msg1
@MSG[3],@MSG[2]
1394 sha256rnds2
$ABEF,$CDGH # 16-19...
1395 pshufd \
$0x0e,$Wi,$Wi
1397 palignr \
$4,@MSG[0],$TMP
1401 &$aesenc() if ($r==19);
1403 sha256rnds2
$CDGH,$ABEF
1405 push(@MSG,shift(@MSG));
1408 movdqa
13*32-0x80($Tbl),$Wi
1410 sha256msg2
@MSG[0],@MSG[1]
1411 sha256msg1
@MSG[3],@MSG[2]
1415 sha256rnds2
$ABEF,$CDGH # 52-55
1416 pshufd \
$0x0e,$Wi,$Wi
1418 palignr \
$4,@MSG[0],$TMP
1424 sha256rnds2
$CDGH,$ABEF
1426 movdqa
14*32-0x80($Tbl),$Wi
1428 sha256msg2
@MSG[1],@MSG[2]
1433 sha256rnds2
$ABEF,$CDGH # 56-59
1434 pshufd \
$0x0e,$Wi,$Wi
1438 sha256rnds2
$CDGH,$ABEF
1440 movdqa
15*32-0x80($Tbl),$Wi
1446 sha256rnds2
$ABEF,$CDGH # 60-63
1447 pshufd \
$0x0e,$Wi,$Wi
1451 sha256rnds2
$CDGH,$ABEF
1452 #pxor $CDGH,$rndkey0 # black magic
1454 while ($r<40) { &$aesenc(); } # remaining aesenc's
1456 #xorps $CDGH,$rndkey0 # black magic
1457 paddd
$CDGH_SAVE,$CDGH
1458 paddd
$ABEF_SAVE,$ABEF
1461 movups
$iv,48($out,$in0) # write output
1465 pshufd \
$0xb1,$CDGH,$CDGH # DCHG
1466 pshufd \
$0x1b,$ABEF,$TMP # FEBA
1467 pshufd \
$0xb1,$ABEF,$ABEF # BAFE
1468 punpckhqdq
$CDGH,$ABEF # DCBA
1469 palignr \
$8,$TMP,$CDGH # HGFE
1471 movups
$iv,($ivp) # write IV
1473 movdqu
$CDGH,16($ctx)
1475 $code.=<<___
if ($win64);
1476 movaps
0*16(%rsp),%xmm6
1477 movaps
1*16(%rsp),%xmm7
1478 movaps
2*16(%rsp),%xmm8
1479 movaps
3*16(%rsp),%xmm9
1480 movaps
4*16(%rsp),%xmm10
1481 movaps
5*16(%rsp),%xmm11
1482 movaps
6*16(%rsp),%xmm12
1483 movaps
7*16(%rsp),%xmm13
1484 movaps
8*16(%rsp),%xmm14
1485 movaps
9*16(%rsp),%xmm15
1486 lea
8+10*16(%rsp),%rsp
1491 .size
${func
}_shaext
,.-${func
}_shaext
1496 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1497 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1504 $code.=<<___
if ($avx);
1505 .extern __imp_RtlVirtualUnwind
1506 .type se_handler
,\
@abi-omnipotent
1520 mov
120($context),%rax # pull context->Rax
1521 mov
248($context),%rbx # pull context->Rip
1523 mov
8($disp),%rsi # disp->ImageBase
1524 mov
56($disp),%r11 # disp->HanderlData
1526 mov
0(%r11),%r10d # HandlerData[0]
1527 lea
(%rsi,%r10),%r10 # prologue label
1528 cmp %r10,%rbx # context->Rip<prologue label
1531 mov
152($context),%rax # pull context->Rsp
1533 mov
4(%r11),%r10d # HandlerData[1]
1534 lea
(%rsi,%r10),%r10 # epilogue label
1535 cmp %r10,%rbx # context->Rip>=epilogue label
1538 $code.=<<___
if ($shaext);
1539 lea aesni_cbc_sha256_enc_shaext
(%rip),%r10
1544 lea
512($context),%rdi # &context.Xmm6
1546 .long
0xa548f3fc # cld; rep movsq
1547 lea
168(%rax),%rax # adjust stack pointer
1551 $code.=<<___
if ($avx>1);
1552 lea
.Lavx2_shortcut
(%rip),%r10
1553 cmp %r10,%rbx # context->Rip<avx2_shortcut
1557 add \
$`2*$SZ*($rounds-8)`,%rax
1561 mov
%rax,%rsi # put aside Rsp
1562 mov
16*$SZ+7*8(%rax),%rax # pull $_rsp
1571 mov
%rbx,144($context) # restore context->Rbx
1572 mov
%rbp,160($context) # restore context->Rbp
1573 mov
%r12,216($context) # restore context->R12
1574 mov
%r13,224($context) # restore context->R13
1575 mov
%r14,232($context) # restore context->R14
1576 mov
%r15,240($context) # restore context->R15
1578 lea
16*$SZ+8*8(%rsi),%rsi # Xmm6- save area
1579 lea
512($context),%rdi # &context.Xmm6
1581 .long
0xa548f3fc # cld; rep movsq
1586 mov
%rax,152($context) # restore context->Rsp
1587 mov
%rsi,168($context) # restore context->Rsi
1588 mov
%rdi,176($context) # restore context->Rdi
1590 mov
40($disp),%rdi # disp->ContextRecord
1591 mov
$context,%rsi # context
1592 mov \
$154,%ecx # sizeof(CONTEXT)
1593 .long
0xa548f3fc # cld; rep movsq
1596 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1597 mov
8(%rsi),%rdx # arg2, disp->ImageBase
1598 mov
0(%rsi),%r8 # arg3, disp->ControlPc
1599 mov
16(%rsi),%r9 # arg4, disp->FunctionEntry
1600 mov
40(%rsi),%r10 # disp->ContextRecord
1601 lea
56(%rsi),%r11 # &disp->HandlerData
1602 lea
24(%rsi),%r12 # &disp->EstablisherFrame
1603 mov
%r10,32(%rsp) # arg5
1604 mov
%r11,40(%rsp) # arg6
1605 mov
%r12,48(%rsp) # arg7
1606 mov
%rcx,56(%rsp) # arg8, (NULL)
1607 call
*__imp_RtlVirtualUnwind
(%rip)
1609 mov \
$1,%eax # ExceptionContinueSearch
1621 .size se_handler
,.-se_handler
1624 .rva
.LSEH_begin_
${func
}_xop
1625 .rva
.LSEH_end_
${func
}_xop
1626 .rva
.LSEH_info_
${func
}_xop
1628 .rva
.LSEH_begin_
${func
}_avx
1629 .rva
.LSEH_end_
${func
}_avx
1630 .rva
.LSEH_info_
${func
}_avx
1632 $code.=<<___
if ($avx>1);
1633 .rva
.LSEH_begin_
${func
}_avx2
1634 .rva
.LSEH_end_
${func
}_avx2
1635 .rva
.LSEH_info_
${func
}_avx2
1637 $code.=<<___
if ($shaext);
1638 .rva
.LSEH_begin_
${func
}_shaext
1639 .rva
.LSEH_end_
${func
}_shaext
1640 .rva
.LSEH_info_
${func
}_shaext
1642 $code.=<<___
if ($avx);
1645 .LSEH_info_
${func
}_xop
:
1648 .rva
.Lprologue_xop
,.Lepilogue_xop
# HandlerData[]
1650 .LSEH_info_
${func
}_avx
:
1653 .rva
.Lprologue_avx
,.Lepilogue_avx
# HandlerData[]
1655 $code.=<<___
if ($avx>1);
1656 .LSEH_info_
${func
}_avx2
:
1659 .rva
.Lprologue_avx2
,.Lepilogue_avx2
# HandlerData[]
1661 $code.=<<___
if ($shaext);
1662 .LSEH_info_
${func
}_shaext
:
1665 .rva
.Lprologue_shaext
,.Lepilogue_shaext
# HandlerData[]
1669 ####################################################################
1671 local *opcode
=shift;
1675 $rex|=0x04 if($dst>=8);
1676 $rex|=0x01 if($src>=8);
1677 unshift @opcode,$rex|0x40 if($rex);
1682 "sha256rnds2" => 0xcb,
1683 "sha256msg1" => 0xcc,
1684 "sha256msg2" => 0xcd );
1689 if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
1690 my @opcode=(0x0f,0x38);
1691 rex
(\
@opcode,$2,$1);
1692 push @opcode,$opcodelet{$instr};
1693 push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M
1694 return ".byte\t".join(',',@opcode);
1696 return $instr."\t".@_[0];
1701 $code =~ s/\`([^\`]*)\`/eval $1/gem;
1702 $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem;
projects / thirdparty / openssl.git / blob