From: Mamone Tarsha Date: Fri, 13 Aug 2021 12:06:11 +0000 (+0300) Subject: [S390x] Optimize SHA256 and SHA512 compress functions X-Git-Tag: nettle_3.8_release_20220602~107^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9765f8b9e8cf8fd7366122d18f2e8c2a9d8e967b;p=thirdparty%2Fnettle.git [S390x] Optimize SHA256 and SHA512 compress functions --- diff --git a/fat-s390x.c b/fat-s390x.c index 15fd5fcc..2e4fdec5 100644 --- a/fat-s390x.c +++ b/fat-s390x.c @@ -77,6 +77,8 @@ #define AES_192_CODE 19 #define AES_256_CODE 20 #define SHA_1_CODE 1 +#define SHA_256_CODE 2 +#define SHA_512_CODE 3 #define GHASH_CODE 65 struct s390x_features @@ -86,6 +88,8 @@ struct s390x_features int have_km_aes192; int have_km_aes256; int have_kimd_sha_1; + int have_kimd_sha_256; + int have_kimd_sha_512; int have_kimd_ghash; }; @@ -104,6 +108,8 @@ get_s390x_features (struct s390x_features *features) features->have_km_aes192 = 0; features->have_km_aes256 = 0; features->have_kimd_sha_1 = 0; + features->have_kimd_sha_256 = 0; + features->have_kimd_sha_512 = 0; features->have_kimd_ghash = 0; const char *s = secure_getenv (ENV_OVERRIDE); @@ -118,11 +124,15 @@ get_s390x_features (struct s390x_features *features) else if (MATCH (s, length, "msa", 3)) features->have_kimd_sha_1 = 1; else if (MATCH (s, length, "msa_x1", 6)) + { features->have_km_aes128 = 1; + features->have_kimd_sha_256 = 1; + } else if (MATCH (s, length, "msa_x2", 6)) { features->have_km_aes192 = 1; features->have_km_aes256 = 1; + features->have_kimd_sha_512 = 1; } else if (MATCH (s, length, "msa_x4", 6)) features->have_kimd_ghash = 1; @@ -157,6 +167,10 @@ get_s390x_features (struct s390x_features *features) _nettle_kimd_status(query_status); if (query_status[FACILITY_INDEX(SHA_1_CODE)] & FACILITY_BIT(SHA_1_CODE)) features->have_kimd_sha_1 = 1; + if (query_status[FACILITY_INDEX(SHA_256_CODE)] & FACILITY_BIT(SHA_256_CODE)) + features->have_kimd_sha_256 = 1; + if (query_status[FACILITY_INDEX(SHA_512_CODE)] & FACILITY_BIT(SHA_512_CODE)) + features->have_kimd_sha_512 = 1; } if (facilities[FACILITY_INDEX(FAC_MSA_X4)] & FACILITY_BIT(FAC_MSA_X4)) @@ -242,6 +256,14 @@ DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func) DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c) DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, s390x) +DECLARE_FAT_FUNC(_nettle_sha256_compress, sha256_compress_func) +DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, c) +DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, s390x) + +DECLARE_FAT_FUNC(_nettle_sha512_compress, sha512_compress_func) +DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, c) +DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, s390x) + static void CONSTRUCTOR fat_init (void) { @@ -348,6 +370,30 @@ fat_init (void) { nettle_sha1_compress_vec = _nettle_sha1_compress_c; } + + /* SHA256 */ + if (features.have_kimd_sha_256) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated SHA256 compress code.\n"); + _nettle_sha256_compress_vec = _nettle_sha256_compress_s390x; + } + else + { + _nettle_sha256_compress_vec = _nettle_sha256_compress_c; + } + + /* SHA512 */ + if (features.have_kimd_sha_512) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated SHA512 compress code.\n"); + _nettle_sha512_compress_vec = _nettle_sha512_compress_s390x; + } + else + { + _nettle_sha512_compress_vec = _nettle_sha512_compress_c; + } } /* MEMXOR3 */ @@ -427,3 +473,13 @@ DEFINE_FAT_FUNC(_nettle_gcm_hash, void, DEFINE_FAT_FUNC(nettle_sha1_compress, void, (uint32_t *state, const uint8_t *input), (state, input)) + +/* SHA256 */ +DEFINE_FAT_FUNC(_nettle_sha256_compress, void, + (uint32_t *state, const uint8_t *input, const uint32_t *k), + (state, input, k)) + +/* SHA512 */ +DEFINE_FAT_FUNC(_nettle_sha512_compress, void, + (uint64_t *state, const uint8_t *input, const uint64_t *k), + (state, input, k)) diff --git a/s390x/fat/sha256-compress-2.asm b/s390x/fat/sha256-compress-2.asm new file mode 100644 index 00000000..f4b16181 --- /dev/null +++ b/s390x/fat/sha256-compress-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/sha256-compress-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(_nettle_sha256_compress) picked up by configure + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x1/sha256-compress.asm') diff --git a/s390x/fat/sha512-compress-2.asm b/s390x/fat/sha512-compress-2.asm new file mode 100644 index 00000000..1a3a470d --- /dev/null +++ b/s390x/fat/sha512-compress-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/sha512-compress-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(_nettle_sha512_compress) picked up by configure + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x2/sha512-compress.asm') diff --git a/s390x/msa_x1/sha256-compress.asm b/s390x/msa_x1/sha256-compress.asm new file mode 100644 index 00000000..9a9511fb --- /dev/null +++ b/s390x/msa_x1/sha256-compress.asm @@ -0,0 +1,80 @@ +C s390x/msa_x1/sha256-compress.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-SHA-256 function. +C The parameter block used for the KIMD-SHA-256 function has the following format: +C *----------------------------------------------* +C | H0 (4 bytes) | +C |----------------------------------------------| +C | H1 (4 bytes) | +C |----------------------------------------------| +C | H2 (4 bytes) | +C |----------------------------------------------| +C | H3 (4 bytes) | +C |----------------------------------------------| +C | H4 (4 bytes) | +C |----------------------------------------------| +C | H5 (4 bytes) | +C |----------------------------------------------| +C | H6 (4 bytes) | +C |----------------------------------------------| +C | H7 (4 bytes) | +C *----------------------------------------------* + +.file "sha256-compress.asm" + +.text + +C SHA function code +define(`SHA256_FUNCTION_CODE', `2') +C Size of block +define(`SHA256_BLOCK_SIZE', `64') + +C void +C _nettle_sha256_compress(uint32_t *state, const uint8_t *input, +C const uint32_t *k) + +PROLOGUE(_nettle_sha256_compress) + lghi %r0,SHA256_FUNCTION_CODE C SHA-256 Function Code + lgr %r1,%r2 + lgr %r4,%r3 + lghi %r5,SHA256_BLOCK_SIZE +1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data + brc 1,1b + br RA +EPILOGUE(_nettle_sha256_compress) diff --git a/s390x/msa_x2/sha512-compress.asm b/s390x/msa_x2/sha512-compress.asm new file mode 100644 index 00000000..04cbbcef --- /dev/null +++ b/s390x/msa_x2/sha512-compress.asm @@ -0,0 +1,80 @@ +C s390x/msa_x2/sha512-compress.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-SHA-512 function. +C The parameter block used for the KIMD-SHA-512 function has the following format: +C *----------------------------------------------* +C | H0 (8 bytes) | +C |----------------------------------------------| +C | H1 (8 bytes) | +C |----------------------------------------------| +C | H2 (8 bytes) | +C |----------------------------------------------| +C | H3 (8 bytes) | +C |----------------------------------------------| +C | H4 (8 bytes) | +C |----------------------------------------------| +C | H5 (8 bytes) | +C |----------------------------------------------| +C | H6 (8 bytes) | +C |----------------------------------------------| +C | H7 (8 bytes) | +C *----------------------------------------------* + +.file "sha512-compress.asm" + +.text + +C SHA function code +define(`SHA512_FUNCTION_CODE', `3') +C Size of block +define(`SHA512_BLOCK_SIZE', `128') + +C void +C _nettle_sha512_compress(uint64_t *state, const uint8_t *input, +C const uint64_t *k) + +PROLOGUE(_nettle_sha512_compress) + lghi %r0,SHA512_FUNCTION_CODE C SHA-512 Function Code + lgr %r1,%r2 + lgr %r4,%r3 + lghi %r5,SHA512_BLOCK_SIZE +1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data + brc 1,1b + br RA +EPILOGUE(_nettle_sha512_compress)