sha2/amd64/sha512-x86_64.pl

55553f719b521a0bb4deab6efc944cd30c1a56aada#!/usr/bin/env perl
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# ====================================================================
55553f719b521a0bb4deab6efc944cd30c1a56aada# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
55553f719b521a0bb4deab6efc944cd30c1a56aada# project. Rights for redistribution and usage in source and binary
55553f719b521a0bb4deab6efc944cd30c1a56aada# forms are granted according to the OpenSSL license.
55553f719b521a0bb4deab6efc944cd30c1a56aada# ====================================================================
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# sha256/512_block procedure for x86_64.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# 40% improvement over compiler-generated code on Opteron. On EM64T
55553f719b521a0bb4deab6efc944cd30c1a56aada# sha256 was observed to run >80% faster and sha512 - >40%. No magical
55553f719b521a0bb4deab6efc944cd30c1a56aada# tricks, just straight implementation... I really wonder why gcc
55553f719b521a0bb4deab6efc944cd30c1a56aada# [being armed with inline assembler] fails to generate as fast code.
55553f719b521a0bb4deab6efc944cd30c1a56aada# The only thing which is cool about this module is that it's very
55553f719b521a0bb4deab6efc944cd30c1a56aada# same instruction sequence used for both SHA-256 and SHA-512. In
55553f719b521a0bb4deab6efc944cd30c1a56aada# former case the instructions operate on 32-bit operands, while in
55553f719b521a0bb4deab6efc944cd30c1a56aada# latter - on 64-bit ones. All I had to do is to get one flavor right,
55553f719b521a0bb4deab6efc944cd30c1a56aada# the other one passed the test right away:-)
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# sha256_block runs in ~1005 cycles on Opteron, which gives you
55553f719b521a0bb4deab6efc944cd30c1a56aada# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock
55553f719b521a0bb4deab6efc944cd30c1a56aada# frequency in GHz. sha512_block runs in ~1275 cycles, which results
55553f719b521a0bb4deab6efc944cd30c1a56aada# in 128*1000/1275=100MBps per GHz. Is there room for improvement?
55553f719b521a0bb4deab6efc944cd30c1a56aada# Well, if you compare it to IA-64 implementation, which maintains
55553f719b521a0bb4deab6efc944cd30c1a56aada# X[16] in register bank[!], tends to 4 instructions per CPU clock
55553f719b521a0bb4deab6efc944cd30c1a56aada# cycle and runs in 1003 cycles, 1275 is very good result for 3-way
55553f719b521a0bb4deab6efc944cd30c1a56aada# issue Opteron pipeline and X[16] maintained in memory. So that *if*
55553f719b521a0bb4deab6efc944cd30c1a56aada# there is a way to improve it, *then* the only way would be to try to
55553f719b521a0bb4deab6efc944cd30c1a56aada# offload X[16] updates to SSE unit, but that would require "deeper"
55553f719b521a0bb4deab6efc944cd30c1a56aada# loop unroll, which in turn would naturally cause size blow-up, not
55553f719b521a0bb4deab6efc944cd30c1a56aada# to mention increased complexity! And once again, only *if* it's
55553f719b521a0bb4deab6efc944cd30c1a56aada# actually possible to noticeably improve overall ILP, instruction
55553f719b521a0bb4deab6efc944cd30c1a56aada# level parallelism, on a given CPU implementation in this case.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# Special note on Intel EM64T. While Opteron CPU exhibits perfect
55553f719b521a0bb4deab6efc944cd30c1a56aada# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
55553f719b521a0bb4deab6efc944cd30c1a56aada# [currently available] EM64T CPUs apparently are far from it. On the
55553f719b521a0bb4deab6efc944cd30c1a56aada# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
55553f719b521a0bb4deab6efc944cd30c1a56aada# sha256_block:-( This is presumably because 64-bit shifts/rotates
55553f719b521a0bb4deab6efc944cd30c1a56aada# apparently are not atomic instructions, but implemented in microcode.
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# OpenSolaris OS modifications
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# Sun elects to use this software under the BSD license.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# This source originates from OpenSSL file sha512-x86_64.pl at
55553f719b521a0bb4deab6efc944cd30c1a56aada# ftp://ftp.openssl.org/snapshot/openssl-0.9.8-stable-SNAP-20080131.tar.gz
55553f719b521a0bb4deab6efc944cd30c1a56aada# (presumably for future OpenSSL release 0.9.8h), with these changes:
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# 1. Added perl "use strict" and declared variables.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# 2. Added OpenSolaris ENTRY_NP/SET_SIZE macros from
55553f719b521a0bb4deab6efc944cd30c1a56aada# /usr/include/sys/asm_linkage.h, .ident keywords, and lint(1B) guards.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# 3. Removed x86_64-xlate.pl script (not needed for as(1) or gas(1)
55553f719b521a0bb4deab6efc944cd30c1a56aada# assemblers).  Replaced the .picmeup macro with assembler code.
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# 4. Added 8 to $ctx, as OpenSolaris OS has an extra 4-byte field, "algotype",
55553f719b521a0bb4deab6efc944cd30c1a56aada# at the beginning of SHA2_CTX (the next field is 8-byte aligned).
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadause strict;
55553f719b521a0bb4deab6efc944cd30c1a56aadamy ($code, $func, $TABLE, $SZ, @Sigma0, @Sigma1, @sigma0, @sigma1, $rounds,
55553f719b521a0bb4deab6efc944cd30c1a56aada    @ROT, $A, $B, $C, $D, $E, $F, $G, $H, $T1, $a0, $a1, $a2, $i,
55553f719b521a0bb4deab6efc944cd30c1a56aada    $ctx, $round, $inp, $Tbl, $_ctx, $_inp, $_end, $_rsp, $framesz);
55553f719b521a0bb4deab6efc944cd30c1a56aadamy $output = shift;
55553f719b521a0bb4deab6efc944cd30c1a56aadaopen STDOUT,">$output";
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# OpenSSL library:
55553f719b521a0bb4deab6efc944cd30c1a56aada# void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
55553f719b521a0bb4deab6efc944cd30c1a56aada# void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# OpenSolaris OS:
55553f719b521a0bb4deab6efc944cd30c1a56aada# void SHA512TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num);
55553f719b521a0bb4deab6efc944cd30c1a56aada# void SHA256TransformBlocks(SHA2_CTX *ctx, const void *in, size_t num);
55553f719b521a0bb4deab6efc944cd30c1a56aada# Note: the OpenSolaris SHA2 structure has an extra 8 byte field at the
55553f719b521a0bb4deab6efc944cd30c1a56aada# beginning (over OpenSSL's SHA512 or SHA256 structure).
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadaif ($output =~ /512/) {
55553f719b521a0bb4deab6efc944cd30c1a56aada    $func="SHA512TransformBlocks";
55553f719b521a0bb4deab6efc944cd30c1a56aada    $TABLE="K512";
55553f719b521a0bb4deab6efc944cd30c1a56aada    $SZ=8;
55553f719b521a0bb4deab6efc944cd30c1a56aada    @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx",
55553f719b521a0bb4deab6efc944cd30c1a56aada                    "%r8", "%r9", "%r10","%r11");
55553f719b521a0bb4deab6efc944cd30c1a56aada    ($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15");
55553f719b521a0bb4deab6efc944cd30c1a56aada    @Sigma0=(28,34,39);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @Sigma1=(14,18,41);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @sigma0=(1,  8, 7);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @sigma1=(19,61, 6);
55553f719b521a0bb4deab6efc944cd30c1a56aada    $rounds=80;
55553f719b521a0bb4deab6efc944cd30c1a56aada} else {
55553f719b521a0bb4deab6efc944cd30c1a56aada    $func="SHA256TransformBlocks";
55553f719b521a0bb4deab6efc944cd30c1a56aada    $TABLE="K256";
55553f719b521a0bb4deab6efc944cd30c1a56aada    $SZ=4;
55553f719b521a0bb4deab6efc944cd30c1a56aada    @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx",
55553f719b521a0bb4deab6efc944cd30c1a56aada                    "%r8d","%r9d","%r10d","%r11d");
55553f719b521a0bb4deab6efc944cd30c1a56aada    ($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d");
55553f719b521a0bb4deab6efc944cd30c1a56aada    @Sigma0=( 2,13,22);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @Sigma1=( 6,11,25);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @sigma0=( 7,18, 3);
55553f719b521a0bb4deab6efc944cd30c1a56aada    @sigma1=(17,19,10);
55553f719b521a0bb4deab6efc944cd30c1a56aada    $rounds=64;
55553f719b521a0bb4deab6efc944cd30c1a56aada}
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$ctx="%rdi";    # 1st arg
55553f719b521a0bb4deab6efc944cd30c1a56aada$round="%rdi";  # zaps $ctx
55553f719b521a0bb4deab6efc944cd30c1a56aada$inp="%rsi";    # 2nd arg
55553f719b521a0bb4deab6efc944cd30c1a56aada$Tbl="%rbp";
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$_ctx="16*$SZ+0*8(%rsp)";
55553f719b521a0bb4deab6efc944cd30c1a56aada$_inp="16*$SZ+1*8(%rsp)";
55553f719b521a0bb4deab6efc944cd30c1a56aada$_end="16*$SZ+2*8(%rsp)";
55553f719b521a0bb4deab6efc944cd30c1a56aada$_rsp="16*$SZ+3*8(%rsp)";
55553f719b521a0bb4deab6efc944cd30c1a56aada$framesz="16*$SZ+4*8";
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadasub ROUND_00_15()
55553f719b521a0bb4deab6efc944cd30c1a56aada{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $e,$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $e,$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $f,$a2
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$Sigma1[0],$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$Sigma1[1],$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $g,$a2          # f^g
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a1,$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$`$Sigma1[2]-$Sigma1[1]`,$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada    and $e,$a2          # (f^g)&e
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $T1,`$SZ*($i&0xf)`(%rsp)
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a1,$a0         # Sigma1(e)
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $g,$a2          # Ch(e,f,g)=((f^g)&e)^g
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $h,$T1          # T1+=h
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $a,$h
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $a0,$T1         # T1+=Sigma1(e)
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $a2,$T1         # T1+=Ch(e,f,g)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $a,$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $a,$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$Sigma0[0],$h
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$Sigma0[1],$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $a,$a2
55553f719b521a0bb4deab6efc944cd30c1a56aada    add ($Tbl,$round,$SZ),$T1   # T1+=K[round]
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a0,$h
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$`$Sigma0[2]-$Sigma0[1]`,$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    or  $c,$a1          # a|c
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a0,$h          # h=Sigma0(a)
55553f719b521a0bb4deab6efc944cd30c1a56aada    and $c,$a2          # a&c
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $T1,$d          # d+=T1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    and $b,$a1          # (a|c)&b
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $T1,$h          # h+=T1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    or  $a2,$a1         # Maj(a,b,c)=((a|c)&b)|(a&c)
55553f719b521a0bb4deab6efc944cd30c1a56aada    lea 1($round),$round    # round++
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $a1,$h          # h+=Maj(a,b,c)
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada}
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadasub ROUND_16_XX()
55553f719b521a0bb4deab6efc944cd30c1a56aada{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov `$SZ*(($i+1)&0xf)`(%rsp),$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov `$SZ*(($i+14)&0xf)`(%rsp),$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $a0,$a2
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    shr \$$sigma0[2],$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$sigma0[0],$a2
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a2,$a0
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$`$sigma0[1]-$sigma0[0]`,$a2
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a2,$a0         # sigma0(X[(i+1)&0xf])
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $T1,$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    shr \$$sigma1[2],$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$$sigma1[0],$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a1,$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada    ror \$`$sigma1[1]-$sigma1[0]`,$a1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $a1,$T1         # sigma1(X[(i+14)&0xf])
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $a0,$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add `$SZ*(($i+9)&0xf)`(%rsp),$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add `$SZ*($i&0xf)`(%rsp),$T1
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada    &ROUND_00_15(@_);
55553f719b521a0bb4deab6efc944cd30c1a56aada}
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada# Execution begins here
55553f719b521a0bb4deab6efc944cd30c1a56aada#
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$code=<<___;
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson#if defined(lint) || defined(__lint)
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson#include <sys/stdint.h>
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson#include <sys/sha2.h>
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson/* ARGSUSED */
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Andersonvoid
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson$func(SHA2_CTX *ctx, const void *in, size_t num)
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson{
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson}
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson#else
55553f719b521a0bb4deab6efc944cd30c1a56aada#include <sys/asm_linkage.h>
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadaENTRY_NP($func)
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %rbx
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %rbp
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %r12
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %r13
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %r14
55553f719b521a0bb4deab6efc944cd30c1a56aada    push    %r15
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov %rsp,%rbp       # copy %rsp
55553f719b521a0bb4deab6efc944cd30c1a56aada    shl \$4,%rdx        # num*16
55553f719b521a0bb4deab6efc944cd30c1a56aada    sub \$$framesz,%rsp
55553f719b521a0bb4deab6efc944cd30c1a56aada    lea ($inp,%rdx,$SZ),%rdx    # inp+num*16*$SZ
55553f719b521a0bb4deab6efc944cd30c1a56aada    and \$-64,%rsp      # align stack frame
55553f719b521a0bb4deab6efc944cd30c1a56aada    add \$8,$ctx        # Skip OpenSolaris field, "algotype"
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $ctx,$_ctx      # save ctx, 1st arg
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $inp,$_inp      # save inp, 2nd arg
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov %rdx,$_end      # save end pointer, "3rd" arg
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov %rbp,$_rsp      # save copy of %rsp
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    /.picmeup $Tbl
55553f719b521a0bb4deab6efc944cd30c1a56aada    / The .picmeup pseudo-directive, from perlasm/x86_64_xlate.pl, puts
55553f719b521a0bb4deab6efc944cd30c1a56aada    / the address of the "next" instruction into the target register
55553f719b521a0bb4deab6efc944cd30c1a56aada    / ($Tbl).  This generates these 2 instructions:
55553f719b521a0bb4deab6efc944cd30c1a56aada    lea .Llea(%rip),$Tbl
55553f719b521a0bb4deab6efc944cd30c1a56aada    /nop    / .picmeup generates a nop for mod 8 alignment--not needed here
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada.Llea:
55553f719b521a0bb4deab6efc944cd30c1a56aada    lea $TABLE-.($Tbl),$Tbl
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*0($ctx),$A
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*1($ctx),$B
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*2($ctx),$C
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*3($ctx),$D
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*4($ctx),$E
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*5($ctx),$F
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*6($ctx),$G
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $SZ*7($ctx),$H
55553f719b521a0bb4deab6efc944cd30c1a56aada    jmp .Lloop
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada.align  16
55553f719b521a0bb4deab6efc944cd30c1a56aada.Lloop:
55553f719b521a0bb4deab6efc944cd30c1a56aada    xor $round,$round
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada    for($i=0;$i<16;$i++) {
55553f719b521a0bb4deab6efc944cd30c1a56aada        $code.="    mov $SZ*$i($inp),$T1\n";
55553f719b521a0bb4deab6efc944cd30c1a56aada        $code.="    bswap   $T1\n";
55553f719b521a0bb4deab6efc944cd30c1a56aada        &ROUND_00_15($i,@ROT);
55553f719b521a0bb4deab6efc944cd30c1a56aada        unshift(@ROT,pop(@ROT));
55553f719b521a0bb4deab6efc944cd30c1a56aada    }
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada    jmp .Lrounds_16_xx
55553f719b521a0bb4deab6efc944cd30c1a56aada.align  16
55553f719b521a0bb4deab6efc944cd30c1a56aada.Lrounds_16_xx:
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada    for(;$i<32;$i++) {
55553f719b521a0bb4deab6efc944cd30c1a56aada        &ROUND_16_XX($i,@ROT);
55553f719b521a0bb4deab6efc944cd30c1a56aada        unshift(@ROT,pop(@ROT));
55553f719b521a0bb4deab6efc944cd30c1a56aada    }
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada    cmp \$$rounds,$round
55553f719b521a0bb4deab6efc944cd30c1a56aada    jb  .Lrounds_16_xx
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $_ctx,$ctx
55553f719b521a0bb4deab6efc944cd30c1a56aada    lea 16*$SZ($inp),$inp
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*0($ctx),$A
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*1($ctx),$B
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*2($ctx),$C
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*3($ctx),$D
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*4($ctx),$E
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*5($ctx),$F
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*6($ctx),$G
55553f719b521a0bb4deab6efc944cd30c1a56aada    add $SZ*7($ctx),$H
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    cmp $_end,$inp
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $A,$SZ*0($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $B,$SZ*1($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $C,$SZ*2($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $D,$SZ*3($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $E,$SZ*4($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $F,$SZ*5($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $G,$SZ*6($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $H,$SZ*7($ctx)
55553f719b521a0bb4deab6efc944cd30c1a56aada    jb  .Lloop
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    mov $_rsp,%rsp
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %r15
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %r14
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %r13
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %r12
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %rbp
55553f719b521a0bb4deab6efc944cd30c1a56aada    pop %rbx
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada    ret
55553f719b521a0bb4deab6efc944cd30c1a56aadaSET_SIZE($func)
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aadaif ($SZ==4) {
55553f719b521a0bb4deab6efc944cd30c1a56aada# SHA256
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada.align  64
55553f719b521a0bb4deab6efc944cd30c1a56aada.type   $TABLE,\@object
55553f719b521a0bb4deab6efc944cd30c1a56aada$TABLE:
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0xd192e819,0xd6990624,0xf40e3585,0x106aa070
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
55553f719b521a0bb4deab6efc944cd30c1a56aada    .long   0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada} else {
55553f719b521a0bb4deab6efc944cd30c1a56aada# SHA512
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada.align  64
55553f719b521a0bb4deab6efc944cd30c1a56aada.type   $TABLE,\@object
55553f719b521a0bb4deab6efc944cd30c1a56aada$TABLE:
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x428a2f98d728ae22,0x7137449123ef65cd
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x3956c25bf348b538,0x59f111f1b605d019
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x923f82a4af194f9b,0xab1c5ed5da6d8118
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xd807aa98a3030242,0x12835b0145706fbe
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x72be5d74f27b896f,0x80deb1fe3b1696b1
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x9bdc06a725c71235,0xc19bf174cf692694
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xe49b69c19ef14ad2,0xefbe4786384f25e3
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x2de92c6f592b0275,0x4a7484aa6ea6e483
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x5cb0a9dcbd41fbd4,0x76f988da831153b5
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x983e5152ee66dfab,0xa831c66d2db43210
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xb00327c898fb213f,0xbf597fc7beef0ee4
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xc6e00bf33da88fc2,0xd5a79147930aa725
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x06ca6351e003826f,0x142929670a0e6e70
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x27b70a8546d22ffc,0x2e1b21385c26c926
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x4d2c6dfc5ac42aed,0x53380d139d95b3df
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x650a73548baf63de,0x766a0abb3c77b2a8
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x81c2c92e47edaee6,0x92722c851482353b
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xa2bfe8a14cf10364,0xa81a664bbc423001
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xc24b8b70d0f89791,0xc76c51a30654be30
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xd192e819d6ef5218,0xd69906245565a910
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xf40e35855771202a,0x106aa07032bbd1b8
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x19a4c116b8d2d0c8,0x1e376c085141ab53
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x748f82ee5defb2fc,0x78a5636f43172f60
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x84c87814a1f0ab72,0x8cc702081a6439ec
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x90befffa23631e28,0xa4506cebde82bde9
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xbef9a3f7b2c67915,0xc67178f2e372532b
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xca273eceea26619c,0xd186b8c721c0c207
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x06f067aa72176fba,0x0a637dc5a2c898a6
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x113f9804bef90dae,0x1b710b35131c471b
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x28db77f523047d84,0x32caab7b40c72493
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x4cc5d4becb3e42b6,0x597f299cfc657e2a
55553f719b521a0bb4deab6efc944cd30c1a56aada    .quad   0x5fcb6fab3ad6faec,0x6c44198c4a475817
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada}
55553f719b521a0bb4deab6efc944cd30c1a56aada$code.=<<___;
55553f719b521a0bb4deab6efc944cd30c1a56aada#endif /* !lint && !__lint */
55553f719b521a0bb4deab6efc944cd30c1a56aada___
55553f719b521a0bb4deab6efc944cd30c1a56aada
55553f719b521a0bb4deab6efc944cd30c1a56aada$code =~ s/\`([^\`]*)\`/eval $1/gem;
55553f719b521a0bb4deab6efc944cd30c1a56aadaprint $code;
55553f719b521a0bb4deab6efc944cd30c1a56aadaclose STDOUT;