2 # Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12 # project. The module is, however, dual licensed under OpenSSL and
13 # CRYPTOGAMS licenses depending on where you obtain it. For further
14 # details see http://www.openssl.org/~appro/cryptogams/.
15 # ====================================================================
17 # Multi-buffer AES-NI procedures process several independent buffers
18 # in parallel by interleaving independent instructions.
20 # Cycles per byte for interleave factor 4:
23 # ---------------------------
24 # Westmere 5.00/4=1.25 5.13/4=1.28
25 # Atom 15.0/4=3.75 ?15.7/4=3.93
26 # Sandy Bridge 5.06/4=1.27 5.18/4=1.29
27 # Ivy Bridge 5.06/4=1.27 5.14/4=1.29
28 # Haswell 4.44/4=1.11 4.44/4=1.11
29 # Bulldozer 5.75/4=1.44 5.76/4=1.44
31 # Cycles per byte for interleave factor 8 (not implemented for
32 # pre-AVX processors, where higher interleave factor incidentally
33 # doesn't result in improvement):
36 # ---------------------------
37 # Sandy Bridge 5.06/8=0.64 7.10/8=0.89(*)
38 # Ivy Bridge 5.06/8=0.64 7.14/8=0.89(*)
39 # Haswell 5.00/8=0.63 5.00/8=0.63
40 # Bulldozer 5.75/8=0.72 5.77/8=0.72
42 # (*) Sandy/Ivy Bridge are known to handle high interleave factors
47 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
49 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
51 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
52 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
53 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
54 die "can't locate x86_64-xlate.pl";
58 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
59 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
60 $avx = ($1>=2.19) + ($1>=2.22);
63 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
64 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
65 $avx = ($1>=2.09) + ($1>=2.10);
68 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
69 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
70 $avx = ($1>=10) + ($1>=11);
73 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
74 $avx = ($2>=3.0) + ($2>3.0);
77 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"";
80 # void aesni_multi_cbc_encrypt (
81 # struct { void *inp,*out; int blocks; double iv[2]; } inp[8];
83 # int num); /* 1 or 2 */
85 $inp="%rdi"; # 1st arg
86 $key="%rsi"; # 2nd arg
89 @inptr=map("%r$_",(8..11));
90 @outptr=map("%r$_",(12..15));
92 ($rndkey0,$rndkey1)=("%xmm0","%xmm1");
93 @out=map("%xmm$_",(2..5));
94 @inp=map("%xmm$_",(6..9));
95 ($counters,$mask,$zero)=map("%xmm$_",(10..12));
97 ($rounds,$one,$sink,$offset)=("%eax","%ecx","%rbp","%rbx");
102 .extern OPENSSL_ia32cap_P
104 .globl aesni_multi_cbc_encrypt
105 .type aesni_multi_cbc_encrypt,\@function,3
107 aesni_multi_cbc_encrypt:
109 $code.=<<___ if ($avx);
112 mov OPENSSL_ia32cap_P+4(%rip),%ecx
113 test \$`1<<28`,%ecx # AVX bit
114 jnz _avx_cbc_enc_shortcut
128 $code.=<<___ if ($win64);
131 movaps %xmm7,0x10(%rsp)
132 movaps %xmm8,0x20(%rsp)
133 movaps %xmm9,0x30(%rsp)
134 movaps %xmm10,0x40(%rsp)
135 movaps %xmm11,0x50(%rsp)
136 movaps %xmm12,0x60(%rsp)
137 movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler
138 movaps %xmm14,-0x58(%rax)
139 movaps %xmm15,-0x48(%rax)
145 # +16 input sink [original %rsp and $num]
150 mov %rax,16(%rsp) # original %rsp
153 movdqu ($key),$zero # 0-round key
154 lea 0x78($key),$key # size optimization
158 mov $num,24(%rsp) # original $num
161 for($i=0;$i<4;$i++) {
163 mov `40*$i+16-40*2`($inp),$one # borrow $one for number of blocks
164 mov `40*$i+0-40*2`($inp),@inptr[$i]
166 mov `40*$i+8-40*2`($inp),@outptr[$i]
167 cmovg $one,$num # find maximum
169 movdqu `40*$i+24-40*2`($inp),@out[$i] # load IV
170 mov $one,`32+4*$i`(%rsp) # initialize counters
171 cmovle %rsp,@inptr[$i] # cancel input
178 movups 0x10-0x78($key),$rndkey1
180 movups 0x20-0x78($key),$rndkey0
182 mov 0xf0-0x78($key),$rounds
184 movdqu (@inptr[0]),@inp[0] # load inputs
186 movdqu (@inptr[1]),@inp[1]
188 movdqu (@inptr[2]),@inp[2]
190 movdqu (@inptr[3]),@inp[3]
193 movdqa 32(%rsp),$counters # load counters
200 lea 16(%rsp),$sink # sink pointer
201 mov \$1,$one # constant of 1
204 aesenc $rndkey1,@out[0]
205 prefetcht0 31(@inptr[0],$offset) # prefetch input
206 prefetcht0 31(@inptr[1],$offset)
207 aesenc $rndkey1,@out[1]
208 prefetcht0 31(@inptr[2],$offset)
209 prefetcht0 31(@inptr[2],$offset)
210 aesenc $rndkey1,@out[2]
211 aesenc $rndkey1,@out[3]
212 movups 0x30-0x78($key),$rndkey1
214 for($i=0;$i<4;$i++) {
215 my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
217 cmp `32+4*$i`(%rsp),$one
218 aesenc $rndkey,@out[0]
219 aesenc $rndkey,@out[1]
220 aesenc $rndkey,@out[2]
221 cmovge $sink,@inptr[$i] # cancel input
222 cmovg $sink,@outptr[$i] # sink output
223 aesenc $rndkey,@out[3]
224 movups `0x40+16*$i-0x78`($key),$rndkey
228 movdqa $counters,$mask
229 aesenc $rndkey0,@out[0]
230 prefetcht0 15(@outptr[0],$offset) # prefetch output
231 prefetcht0 15(@outptr[1],$offset)
232 aesenc $rndkey0,@out[1]
233 prefetcht0 15(@outptr[2],$offset)
234 prefetcht0 15(@outptr[3],$offset)
235 aesenc $rndkey0,@out[2]
236 aesenc $rndkey0,@out[3]
237 movups 0x80-0x78($key),$rndkey0
240 aesenc $rndkey1,@out[0]
242 movdqu -0x78($key),$zero # reload 0-round key
243 aesenc $rndkey1,@out[1]
244 paddd $mask,$counters # decrement counters
245 movdqa $counters,32(%rsp) # update counters
246 aesenc $rndkey1,@out[2]
247 aesenc $rndkey1,@out[3]
248 movups 0x90-0x78($key),$rndkey1
252 aesenc $rndkey0,@out[0]
253 aesenc $rndkey0,@out[1]
254 aesenc $rndkey0,@out[2]
255 aesenc $rndkey0,@out[3]
256 movups 0xa0-0x78($key),$rndkey0
260 aesenc $rndkey1,@out[0]
261 aesenc $rndkey1,@out[1]
262 aesenc $rndkey1,@out[2]
263 aesenc $rndkey1,@out[3]
264 movups 0xb0-0x78($key),$rndkey1
266 aesenc $rndkey0,@out[0]
267 aesenc $rndkey0,@out[1]
268 aesenc $rndkey0,@out[2]
269 aesenc $rndkey0,@out[3]
270 movups 0xc0-0x78($key),$rndkey0
274 aesenc $rndkey1,@out[0]
275 aesenc $rndkey1,@out[1]
276 aesenc $rndkey1,@out[2]
277 aesenc $rndkey1,@out[3]
278 movups 0xd0-0x78($key),$rndkey1
280 aesenc $rndkey0,@out[0]
281 aesenc $rndkey0,@out[1]
282 aesenc $rndkey0,@out[2]
283 aesenc $rndkey0,@out[3]
284 movups 0xe0-0x78($key),$rndkey0
289 aesenc $rndkey1,@out[0]
290 aesenc $rndkey1,@out[1]
291 aesenc $rndkey1,@out[2]
292 aesenc $rndkey1,@out[3]
293 movdqu (@inptr[0],$offset),@inp[0]
294 movdqu 0x10-0x78($key),$rndkey1
296 aesenclast $rndkey0,@out[0]
297 movdqu (@inptr[1],$offset),@inp[1]
299 aesenclast $rndkey0,@out[1]
300 movdqu (@inptr[2],$offset),@inp[2]
302 aesenclast $rndkey0,@out[2]
303 movdqu (@inptr[3],$offset),@inp[3]
305 aesenclast $rndkey0,@out[3]
306 movdqu 0x20-0x78($key),$rndkey0
309 movups @out[0],-16(@outptr[0],$offset)
311 movups @out[1],-16(@outptr[1],$offset)
313 movups @out[2],-16(@outptr[2],$offset)
315 movups @out[3],-16(@outptr[3],$offset)
321 mov 16(%rsp),%rax # original %rsp
324 #pxor @inp[0],@out[0]
325 #pxor @inp[1],@out[1]
326 #movdqu @out[0],`40*0+24-40*2`($inp) # output iv FIX ME!
327 #pxor @inp[2],@out[2]
328 #movdqu @out[1],`40*1+24-40*2`($inp)
329 #pxor @inp[3],@out[3]
330 #movdqu @out[2],`40*2+24-40*2`($inp) # won't fix, let caller
331 #movdqu @out[3],`40*3+24-40*2`($inp) # figure this out...
333 lea `40*4`($inp),$inp
335 jnz .Lenc4x_loop_grande
339 $code.=<<___ if ($win64);
340 movaps -0xd8(%rax),%xmm6
341 movaps -0xc8(%rax),%xmm7
342 movaps -0xb8(%rax),%xmm8
343 movaps -0xa8(%rax),%xmm9
344 movaps -0x98(%rax),%xmm10
345 movaps -0x88(%rax),%xmm11
346 movaps -0x78(%rax),%xmm12
347 #movaps -0x68(%rax),%xmm13
348 #movaps -0x58(%rax),%xmm14
349 #movaps -0x48(%rax),%xmm15
361 .size aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt
363 .globl aesni_multi_cbc_decrypt
364 .type aesni_multi_cbc_decrypt,\@function,3
366 aesni_multi_cbc_decrypt:
368 $code.=<<___ if ($avx);
371 mov OPENSSL_ia32cap_P+4(%rip),%ecx
372 test \$`1<<28`,%ecx # AVX bit
373 jnz _avx_cbc_dec_shortcut
387 $code.=<<___ if ($win64);
390 movaps %xmm7,0x10(%rsp)
391 movaps %xmm8,0x20(%rsp)
392 movaps %xmm9,0x30(%rsp)
393 movaps %xmm10,0x40(%rsp)
394 movaps %xmm11,0x50(%rsp)
395 movaps %xmm12,0x60(%rsp)
396 movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler
397 movaps %xmm14,-0x58(%rax)
398 movaps %xmm15,-0x48(%rax)
404 # +16 input sink [original %rsp and $num]
409 mov %rax,16(%rsp) # original %rsp
412 movdqu ($key),$zero # 0-round key
413 lea 0x78($key),$key # size optimization
417 mov $num,24(%rsp) # original $num
420 for($i=0;$i<4;$i++) {
422 mov `40*$i+16-40*2`($inp),$one # borrow $one for number of blocks
423 mov `40*$i+0-40*2`($inp),@inptr[$i]
425 mov `40*$i+8-40*2`($inp),@outptr[$i]
426 cmovg $one,$num # find maximum
428 movdqu `40*$i+24-40*2`($inp),@inp[$i] # load IV
429 mov $one,`32+4*$i`(%rsp) # initialize counters
430 cmovle %rsp,@inptr[$i] # cancel input
437 movups 0x10-0x78($key),$rndkey1
438 movups 0x20-0x78($key),$rndkey0
439 mov 0xf0-0x78($key),$rounds
440 movdqu (@inptr[0]),@out[0] # load inputs
441 movdqu (@inptr[1]),@out[1]
443 movdqu (@inptr[2]),@out[2]
445 movdqu (@inptr[3]),@out[3]
448 movdqa 32(%rsp),$counters # load counters
455 lea 16(%rsp),$sink # sink pointer
456 mov \$1,$one # constant of 1
459 aesdec $rndkey1,@out[0]
460 prefetcht0 31(@inptr[0],$offset) # prefetch input
461 prefetcht0 31(@inptr[1],$offset)
462 aesdec $rndkey1,@out[1]
463 prefetcht0 31(@inptr[2],$offset)
464 prefetcht0 31(@inptr[3],$offset)
465 aesdec $rndkey1,@out[2]
466 aesdec $rndkey1,@out[3]
467 movups 0x30-0x78($key),$rndkey1
469 for($i=0;$i<4;$i++) {
470 my $rndkey = ($i&1) ? $rndkey1 : $rndkey0;
472 cmp `32+4*$i`(%rsp),$one
473 aesdec $rndkey,@out[0]
474 aesdec $rndkey,@out[1]
475 aesdec $rndkey,@out[2]
476 cmovge $sink,@inptr[$i] # cancel input
477 cmovg $sink,@outptr[$i] # sink output
478 aesdec $rndkey,@out[3]
479 movups `0x40+16*$i-0x78`($key),$rndkey
483 movdqa $counters,$mask
484 aesdec $rndkey0,@out[0]
485 prefetcht0 15(@outptr[0],$offset) # prefetch output
486 prefetcht0 15(@outptr[1],$offset)
487 aesdec $rndkey0,@out[1]
488 prefetcht0 15(@outptr[2],$offset)
489 prefetcht0 15(@outptr[3],$offset)
490 aesdec $rndkey0,@out[2]
491 aesdec $rndkey0,@out[3]
492 movups 0x80-0x78($key),$rndkey0
495 aesdec $rndkey1,@out[0]
497 movdqu -0x78($key),$zero # reload 0-round key
498 aesdec $rndkey1,@out[1]
499 paddd $mask,$counters # decrement counters
500 movdqa $counters,32(%rsp) # update counters
501 aesdec $rndkey1,@out[2]
502 aesdec $rndkey1,@out[3]
503 movups 0x90-0x78($key),$rndkey1
507 aesdec $rndkey0,@out[0]
508 aesdec $rndkey0,@out[1]
509 aesdec $rndkey0,@out[2]
510 aesdec $rndkey0,@out[3]
511 movups 0xa0-0x78($key),$rndkey0
515 aesdec $rndkey1,@out[0]
516 aesdec $rndkey1,@out[1]
517 aesdec $rndkey1,@out[2]
518 aesdec $rndkey1,@out[3]
519 movups 0xb0-0x78($key),$rndkey1
521 aesdec $rndkey0,@out[0]
522 aesdec $rndkey0,@out[1]
523 aesdec $rndkey0,@out[2]
524 aesdec $rndkey0,@out[3]
525 movups 0xc0-0x78($key),$rndkey0
529 aesdec $rndkey1,@out[0]
530 aesdec $rndkey1,@out[1]
531 aesdec $rndkey1,@out[2]
532 aesdec $rndkey1,@out[3]
533 movups 0xd0-0x78($key),$rndkey1
535 aesdec $rndkey0,@out[0]
536 aesdec $rndkey0,@out[1]
537 aesdec $rndkey0,@out[2]
538 aesdec $rndkey0,@out[3]
539 movups 0xe0-0x78($key),$rndkey0
544 aesdec $rndkey1,@out[0]
545 aesdec $rndkey1,@out[1]
546 aesdec $rndkey1,@out[2]
547 pxor $rndkey0,@inp[0]
548 pxor $rndkey0,@inp[1]
549 aesdec $rndkey1,@out[3]
550 movdqu 0x10-0x78($key),$rndkey1
551 pxor $rndkey0,@inp[2]
552 pxor $rndkey0,@inp[3]
553 movdqu 0x20-0x78($key),$rndkey0
555 aesdeclast @inp[0],@out[0]
556 aesdeclast @inp[1],@out[1]
557 movdqu -16(@inptr[0],$offset),@inp[0] # load next IV
558 movdqu -16(@inptr[1],$offset),@inp[1]
559 aesdeclast @inp[2],@out[2]
560 aesdeclast @inp[3],@out[3]
561 movdqu -16(@inptr[2],$offset),@inp[2]
562 movdqu -16(@inptr[3],$offset),@inp[3]
564 movups @out[0],-16(@outptr[0],$offset)
565 movdqu (@inptr[0],$offset),@out[0]
566 movups @out[1],-16(@outptr[1],$offset)
567 movdqu (@inptr[1],$offset),@out[1]
569 movups @out[2],-16(@outptr[2],$offset)
570 movdqu (@inptr[2],$offset),@out[2]
572 movups @out[3],-16(@outptr[3],$offset)
573 movdqu (@inptr[3],$offset),@out[3]
580 mov 16(%rsp),%rax # original %rsp
583 lea `40*4`($inp),$inp
585 jnz .Ldec4x_loop_grande
589 $code.=<<___ if ($win64);
590 movaps -0xd8(%rax),%xmm6
591 movaps -0xc8(%rax),%xmm7
592 movaps -0xb8(%rax),%xmm8
593 movaps -0xa8(%rax),%xmm9
594 movaps -0x98(%rax),%xmm10
595 movaps -0x88(%rax),%xmm11
596 movaps -0x78(%rax),%xmm12
597 #movaps -0x68(%rax),%xmm13
598 #movaps -0x58(%rax),%xmm14
599 #movaps -0x48(%rax),%xmm15
611 .size aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt
615 my @ptr=map("%r$_",(8..15));
618 my @out=map("%xmm$_",(2..9));
619 my @inp=map("%xmm$_",(10..13));
620 my ($counters,$zero)=("%xmm14","%xmm15");
623 .type aesni_multi_cbc_encrypt_avx,\@function,3
625 aesni_multi_cbc_encrypt_avx:
626 _avx_cbc_enc_shortcut:
635 $code.=<<___ if ($win64);
638 movaps %xmm7,0x10(%rsp)
639 movaps %xmm8,0x20(%rsp)
640 movaps %xmm9,0x30(%rsp)
641 movaps %xmm10,0x40(%rsp)
642 movaps %xmm11,0x50(%rsp)
643 movaps %xmm12,-0x78(%rax)
644 movaps %xmm13,-0x68(%rax)
645 movaps %xmm14,-0x58(%rax)
646 movaps %xmm15,-0x48(%rax)
652 # +16 input sink [original %rsp and $num]
654 # +64 distances between inputs and outputs
655 # +128 off-load area for @inp[0..3]
659 mov %rax,16(%rsp) # original %rsp
663 vmovdqu ($key),$zero # 0-round key
664 lea 0x78($key),$key # size optimization
669 #mov $num,24(%rsp) # original $num
672 for($i=0;$i<8;$i++) {
673 my $temp = $i ? $offload : $offset;
675 mov `40*$i+16-40*4`($inp),$one # borrow $one for number of blocks
676 mov `40*$i+0-40*4`($inp),@ptr[$i] # input pointer
678 mov `40*$i+8-40*4`($inp),$temp # output pointer
679 cmovg $one,$num # find maximum
681 vmovdqu `40*$i+24-40*4`($inp),@out[$i] # load IV
682 mov $one,`32+4*$i`(%rsp) # initialize counters
683 cmovle %rsp,@ptr[$i] # cancel input
684 sub @ptr[$i],$temp # distance between input and output
685 mov $temp,`64+8*$i`(%rsp) # initialize distances
692 vmovups 0x10-0x78($key),$rndkey1
693 vmovups 0x20-0x78($key),$rndkey0
694 mov 0xf0-0x78($key),$rounds
696 vpxor (@ptr[0]),$zero,@inp[0] # load inputs and xor with 0-round
697 lea 128(%rsp),$offload # offload area
698 vpxor (@ptr[1]),$zero,@inp[1]
699 vpxor (@ptr[2]),$zero,@inp[2]
700 vpxor (@ptr[3]),$zero,@inp[3]
701 vpxor @inp[0],@out[0],@out[0]
702 vpxor (@ptr[4]),$zero,@inp[0]
703 vpxor @inp[1],@out[1],@out[1]
704 vpxor (@ptr[5]),$zero,@inp[1]
705 vpxor @inp[2],@out[2],@out[2]
706 vpxor (@ptr[6]),$zero,@inp[2]
707 vpxor @inp[3],@out[3],@out[3]
708 vpxor (@ptr[7]),$zero,@inp[3]
709 vpxor @inp[0],@out[4],@out[4]
710 mov \$1,$one # constant of 1
711 vpxor @inp[1],@out[5],@out[5]
712 vpxor @inp[2],@out[6],@out[6]
713 vpxor @inp[3],@out[7],@out[7]
719 for($i=0;$i<8;$i++) {
720 my $rndkey=($i&1)?$rndkey0:$rndkey1;
722 vaesenc $rndkey,@out[0],@out[0]
723 cmp 32+4*$i(%rsp),$one
725 $code.=<<___ if ($i);
726 mov 64+8*$i(%rsp),$offset
729 vaesenc $rndkey,@out[1],@out[1]
730 prefetcht0 31(@ptr[$i]) # prefetch input
731 vaesenc $rndkey,@out[2],@out[2]
733 $code.=<<___ if ($i>1);
734 prefetcht0 15(@ptr[$i-2]) # prefetch output
737 vaesenc $rndkey,@out[3],@out[3]
738 lea (@ptr[$i],$offset),$offset
739 cmovge %rsp,@ptr[$i] # cancel input
740 vaesenc $rndkey,@out[4],@out[4]
741 cmovg %rsp,$offset # sink output
742 vaesenc $rndkey,@out[5],@out[5]
744 vaesenc $rndkey,@out[6],@out[6]
745 vpxor 16(@ptr[$i]),$zero,@inp[$i%4] # load input and xor with 0-round
746 mov $offset,64+8*$i(%rsp)
747 vaesenc $rndkey,@out[7],@out[7]
748 vmovups `16*(3+$i)-0x78`($key),$rndkey
749 lea 16(@ptr[$i],$offset),@ptr[$i] # switch to output
751 $code.=<<___ if ($i<4)
752 vmovdqu @inp[$i%4],`16*$i`($offload) # off-load
756 vmovdqu 32(%rsp),$counters
757 prefetcht0 15(@ptr[$i-2]) # prefetch output
758 prefetcht0 15(@ptr[$i-1])
762 vaesenc $rndkey1,@out[0],@out[0]
763 vaesenc $rndkey1,@out[1],@out[1]
764 vaesenc $rndkey1,@out[2],@out[2]
765 vaesenc $rndkey1,@out[3],@out[3]
766 vaesenc $rndkey1,@out[4],@out[4]
767 vaesenc $rndkey1,@out[5],@out[5]
768 vaesenc $rndkey1,@out[6],@out[6]
769 vaesenc $rndkey1,@out[7],@out[7]
770 vmovups 0xb0-0x78($key),$rndkey1
772 vaesenc $rndkey0,@out[0],@out[0]
773 vaesenc $rndkey0,@out[1],@out[1]
774 vaesenc $rndkey0,@out[2],@out[2]
775 vaesenc $rndkey0,@out[3],@out[3]
776 vaesenc $rndkey0,@out[4],@out[4]
777 vaesenc $rndkey0,@out[5],@out[5]
778 vaesenc $rndkey0,@out[6],@out[6]
779 vaesenc $rndkey0,@out[7],@out[7]
780 vmovups 0xc0-0x78($key),$rndkey0
783 vaesenc $rndkey1,@out[0],@out[0]
784 vaesenc $rndkey1,@out[1],@out[1]
785 vaesenc $rndkey1,@out[2],@out[2]
786 vaesenc $rndkey1,@out[3],@out[3]
787 vaesenc $rndkey1,@out[4],@out[4]
788 vaesenc $rndkey1,@out[5],@out[5]
789 vaesenc $rndkey1,@out[6],@out[6]
790 vaesenc $rndkey1,@out[7],@out[7]
791 vmovups 0xd0-0x78($key),$rndkey1
793 vaesenc $rndkey0,@out[0],@out[0]
794 vaesenc $rndkey0,@out[1],@out[1]
795 vaesenc $rndkey0,@out[2],@out[2]
796 vaesenc $rndkey0,@out[3],@out[3]
797 vaesenc $rndkey0,@out[4],@out[4]
798 vaesenc $rndkey0,@out[5],@out[5]
799 vaesenc $rndkey0,@out[6],@out[6]
800 vaesenc $rndkey0,@out[7],@out[7]
801 vmovups 0xe0-0x78($key),$rndkey0
804 vaesenc $rndkey1,@out[0],@out[0]
805 vpxor $zero,$zero,$zero
806 vaesenc $rndkey1,@out[1],@out[1]
807 vaesenc $rndkey1,@out[2],@out[2]
808 vpcmpgtd $zero,$counters,$zero
809 vaesenc $rndkey1,@out[3],@out[3]
810 vaesenc $rndkey1,@out[4],@out[4]
811 vpaddd $counters,$zero,$zero # decrement counters
812 vmovdqu 48(%rsp),$counters
813 vaesenc $rndkey1,@out[5],@out[5]
814 mov 64(%rsp),$offset # pre-load 1st offset
815 vaesenc $rndkey1,@out[6],@out[6]
816 vaesenc $rndkey1,@out[7],@out[7]
817 vmovups 0x10-0x78($key),$rndkey1
819 vaesenclast $rndkey0,@out[0],@out[0]
820 vmovdqa $zero,32(%rsp) # update counters
821 vpxor $zero,$zero,$zero
822 vaesenclast $rndkey0,@out[1],@out[1]
823 vaesenclast $rndkey0,@out[2],@out[2]
824 vpcmpgtd $zero,$counters,$zero
825 vaesenclast $rndkey0,@out[3],@out[3]
826 vaesenclast $rndkey0,@out[4],@out[4]
827 vpaddd $zero,$counters,$counters # decrement counters
828 vmovdqu -0x78($key),$zero # 0-round
829 vaesenclast $rndkey0,@out[5],@out[5]
830 vaesenclast $rndkey0,@out[6],@out[6]
831 vmovdqa $counters,48(%rsp) # update counters
832 vaesenclast $rndkey0,@out[7],@out[7]
833 vmovups 0x20-0x78($key),$rndkey0
835 vmovups @out[0],-16(@ptr[0]) # write output
836 sub $offset,@ptr[0] # switch to input
837 vpxor 0x00($offload),@out[0],@out[0]
838 vmovups @out[1],-16(@ptr[1])
839 sub `64+1*8`(%rsp),@ptr[1]
840 vpxor 0x10($offload),@out[1],@out[1]
841 vmovups @out[2],-16(@ptr[2])
842 sub `64+2*8`(%rsp),@ptr[2]
843 vpxor 0x20($offload),@out[2],@out[2]
844 vmovups @out[3],-16(@ptr[3])
845 sub `64+3*8`(%rsp),@ptr[3]
846 vpxor 0x30($offload),@out[3],@out[3]
847 vmovups @out[4],-16(@ptr[4])
848 sub `64+4*8`(%rsp),@ptr[4]
849 vpxor @inp[0],@out[4],@out[4]
850 vmovups @out[5],-16(@ptr[5])
851 sub `64+5*8`(%rsp),@ptr[5]
852 vpxor @inp[1],@out[5],@out[5]
853 vmovups @out[6],-16(@ptr[6])
854 sub `64+6*8`(%rsp),@ptr[6]
855 vpxor @inp[2],@out[6],@out[6]
856 vmovups @out[7],-16(@ptr[7])
857 sub `64+7*8`(%rsp),@ptr[7]
858 vpxor @inp[3],@out[7],@out[7]
863 mov 16(%rsp),%rax # original %rsp
865 #lea `40*8`($inp),$inp
867 #jnz .Lenc8x_loop_grande
872 $code.=<<___ if ($win64);
873 movaps -0xd8(%rax),%xmm6
874 movaps -0xc8(%rax),%xmm7
875 movaps -0xb8(%rax),%xmm8
876 movaps -0xa8(%rax),%xmm9
877 movaps -0x98(%rax),%xmm10
878 movaps -0x88(%rax),%xmm11
879 movaps -0x78(%rax),%xmm12
880 movaps -0x68(%rax),%xmm13
881 movaps -0x58(%rax),%xmm14
882 movaps -0x48(%rax),%xmm15
894 .size aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx
896 .type aesni_multi_cbc_decrypt_avx,\@function,3
898 aesni_multi_cbc_decrypt_avx:
899 _avx_cbc_dec_shortcut:
908 $code.=<<___ if ($win64);
911 movaps %xmm7,0x10(%rsp)
912 movaps %xmm8,0x20(%rsp)
913 movaps %xmm9,0x30(%rsp)
914 movaps %xmm10,0x40(%rsp)
915 movaps %xmm11,0x50(%rsp)
916 movaps %xmm12,-0x78(%rax)
917 movaps %xmm13,-0x68(%rax)
918 movaps %xmm14,-0x58(%rax)
919 movaps %xmm15,-0x48(%rax)
925 # +16 input sink [original %rsp and $num]
927 # +64 distances between inputs and outputs
928 # +128 off-load area for @inp[0..3]
929 # +192 IV/input offload
934 mov %rax,16(%rsp) # original %rsp
938 vmovdqu ($key),$zero # 0-round key
939 lea 0x78($key),$key # size optimization
944 #mov $num,24(%rsp) # original $num
947 for($i=0;$i<8;$i++) {
948 my $temp = $i ? $offload : $offset;
950 mov `40*$i+16-40*4`($inp),$one # borrow $one for number of blocks
951 mov `40*$i+0-40*4`($inp),@ptr[$i] # input pointer
953 mov `40*$i+8-40*4`($inp),$temp # output pointer
954 cmovg $one,$num # find maximum
956 vmovdqu `40*$i+24-40*4`($inp),@out[$i] # load IV
957 mov $one,`32+4*$i`(%rsp) # initialize counters
958 cmovle %rsp,@ptr[$i] # cancel input
959 sub @ptr[$i],$temp # distance between input and output
960 mov $temp,`64+8*$i`(%rsp) # initialize distances
961 vmovdqu @out[$i],`192+16*$i`(%rsp) # offload IV
968 vmovups 0x10-0x78($key),$rndkey1
969 vmovups 0x20-0x78($key),$rndkey0
970 mov 0xf0-0x78($key),$rounds
971 lea 192+128(%rsp),$offload # offload area
973 vmovdqu (@ptr[0]),@out[0] # load inputs
974 vmovdqu (@ptr[1]),@out[1]
975 vmovdqu (@ptr[2]),@out[2]
976 vmovdqu (@ptr[3]),@out[3]
977 vmovdqu (@ptr[4]),@out[4]
978 vmovdqu (@ptr[5]),@out[5]
979 vmovdqu (@ptr[6]),@out[6]
980 vmovdqu (@ptr[7]),@out[7]
981 vmovdqu @out[0],0x00($offload) # offload inputs
982 vpxor $zero,@out[0],@out[0] # xor inputs with 0-round
983 vmovdqu @out[1],0x10($offload)
984 vpxor $zero,@out[1],@out[1]
985 vmovdqu @out[2],0x20($offload)
986 vpxor $zero,@out[2],@out[2]
987 vmovdqu @out[3],0x30($offload)
988 vpxor $zero,@out[3],@out[3]
989 vmovdqu @out[4],0x40($offload)
990 vpxor $zero,@out[4],@out[4]
991 vmovdqu @out[5],0x50($offload)
992 vpxor $zero,@out[5],@out[5]
993 vmovdqu @out[6],0x60($offload)
994 vpxor $zero,@out[6],@out[6]
995 vmovdqu @out[7],0x70($offload)
996 vpxor $zero,@out[7],@out[7]
998 mov \$1,$one # constant of 1
1004 for($i=0;$i<8;$i++) {
1005 my $rndkey=($i&1)?$rndkey0:$rndkey1;
1007 vaesdec $rndkey,@out[0],@out[0]
1008 cmp 32+4*$i(%rsp),$one
1010 $code.=<<___ if ($i);
1011 mov 64+8*$i(%rsp),$offset
1014 vaesdec $rndkey,@out[1],@out[1]
1015 prefetcht0 31(@ptr[$i]) # prefetch input
1016 vaesdec $rndkey,@out[2],@out[2]
1018 $code.=<<___ if ($i>1);
1019 prefetcht0 15(@ptr[$i-2]) # prefetch output
1022 vaesdec $rndkey,@out[3],@out[3]
1023 lea (@ptr[$i],$offset),$offset
1024 cmovge %rsp,@ptr[$i] # cancel input
1025 vaesdec $rndkey,@out[4],@out[4]
1026 cmovg %rsp,$offset # sink output
1027 vaesdec $rndkey,@out[5],@out[5]
1028 sub @ptr[$i],$offset
1029 vaesdec $rndkey,@out[6],@out[6]
1030 vmovdqu 16(@ptr[$i]),@inp[$i%4] # load input
1031 mov $offset,64+8*$i(%rsp)
1032 vaesdec $rndkey,@out[7],@out[7]
1033 vmovups `16*(3+$i)-0x78`($key),$rndkey
1034 lea 16(@ptr[$i],$offset),@ptr[$i] # switch to output
1036 $code.=<<___ if ($i<4);
1037 vmovdqu @inp[$i%4],`128+16*$i`(%rsp) # off-load
1041 vmovdqu 32(%rsp),$counters
1042 prefetcht0 15(@ptr[$i-2]) # prefetch output
1043 prefetcht0 15(@ptr[$i-1])
1047 vaesdec $rndkey1,@out[0],@out[0]
1048 vaesdec $rndkey1,@out[1],@out[1]
1049 vaesdec $rndkey1,@out[2],@out[2]
1050 vaesdec $rndkey1,@out[3],@out[3]
1051 vaesdec $rndkey1,@out[4],@out[4]
1052 vaesdec $rndkey1,@out[5],@out[5]
1053 vaesdec $rndkey1,@out[6],@out[6]
1054 vaesdec $rndkey1,@out[7],@out[7]
1055 vmovups 0xb0-0x78($key),$rndkey1
1057 vaesdec $rndkey0,@out[0],@out[0]
1058 vaesdec $rndkey0,@out[1],@out[1]
1059 vaesdec $rndkey0,@out[2],@out[2]
1060 vaesdec $rndkey0,@out[3],@out[3]
1061 vaesdec $rndkey0,@out[4],@out[4]
1062 vaesdec $rndkey0,@out[5],@out[5]
1063 vaesdec $rndkey0,@out[6],@out[6]
1064 vaesdec $rndkey0,@out[7],@out[7]
1065 vmovups 0xc0-0x78($key),$rndkey0
1068 vaesdec $rndkey1,@out[0],@out[0]
1069 vaesdec $rndkey1,@out[1],@out[1]
1070 vaesdec $rndkey1,@out[2],@out[2]
1071 vaesdec $rndkey1,@out[3],@out[3]
1072 vaesdec $rndkey1,@out[4],@out[4]
1073 vaesdec $rndkey1,@out[5],@out[5]
1074 vaesdec $rndkey1,@out[6],@out[6]
1075 vaesdec $rndkey1,@out[7],@out[7]
1076 vmovups 0xd0-0x78($key),$rndkey1
1078 vaesdec $rndkey0,@out[0],@out[0]
1079 vaesdec $rndkey0,@out[1],@out[1]
1080 vaesdec $rndkey0,@out[2],@out[2]
1081 vaesdec $rndkey0,@out[3],@out[3]
1082 vaesdec $rndkey0,@out[4],@out[4]
1083 vaesdec $rndkey0,@out[5],@out[5]
1084 vaesdec $rndkey0,@out[6],@out[6]
1085 vaesdec $rndkey0,@out[7],@out[7]
1086 vmovups 0xe0-0x78($key),$rndkey0
1089 vaesdec $rndkey1,@out[0],@out[0]
1090 vpxor $zero,$zero,$zero
1091 vaesdec $rndkey1,@out[1],@out[1]
1092 vaesdec $rndkey1,@out[2],@out[2]
1093 vpcmpgtd $zero,$counters,$zero
1094 vaesdec $rndkey1,@out[3],@out[3]
1095 vaesdec $rndkey1,@out[4],@out[4]
1096 vpaddd $counters,$zero,$zero # decrement counters
1097 vmovdqu 48(%rsp),$counters
1098 vaesdec $rndkey1,@out[5],@out[5]
1099 mov 64(%rsp),$offset # pre-load 1st offset
1100 vaesdec $rndkey1,@out[6],@out[6]
1101 vaesdec $rndkey1,@out[7],@out[7]
1102 vmovups 0x10-0x78($key),$rndkey1
1104 vaesdeclast $rndkey0,@out[0],@out[0]
1105 vmovdqa $zero,32(%rsp) # update counters
1106 vpxor $zero,$zero,$zero
1107 vaesdeclast $rndkey0,@out[1],@out[1]
1108 vpxor 0x00($offload),@out[0],@out[0] # xor with IV
1109 vaesdeclast $rndkey0,@out[2],@out[2]
1110 vpxor 0x10($offload),@out[1],@out[1]
1111 vpcmpgtd $zero,$counters,$zero
1112 vaesdeclast $rndkey0,@out[3],@out[3]
1113 vpxor 0x20($offload),@out[2],@out[2]
1114 vaesdeclast $rndkey0,@out[4],@out[4]
1115 vpxor 0x30($offload),@out[3],@out[3]
1116 vpaddd $zero,$counters,$counters # decrement counters
1117 vmovdqu -0x78($key),$zero # 0-round
1118 vaesdeclast $rndkey0,@out[5],@out[5]
1119 vpxor 0x40($offload),@out[4],@out[4]
1120 vaesdeclast $rndkey0,@out[6],@out[6]
1121 vpxor 0x50($offload),@out[5],@out[5]
1122 vmovdqa $counters,48(%rsp) # update counters
1123 vaesdeclast $rndkey0,@out[7],@out[7]
1124 vpxor 0x60($offload),@out[6],@out[6]
1125 vmovups 0x20-0x78($key),$rndkey0
1127 vmovups @out[0],-16(@ptr[0]) # write output
1128 sub $offset,@ptr[0] # switch to input
1129 vmovdqu 128+0(%rsp),@out[0]
1130 vpxor 0x70($offload),@out[7],@out[7]
1131 vmovups @out[1],-16(@ptr[1])
1132 sub `64+1*8`(%rsp),@ptr[1]
1133 vmovdqu @out[0],0x00($offload)
1134 vpxor $zero,@out[0],@out[0]
1135 vmovdqu 128+16(%rsp),@out[1]
1136 vmovups @out[2],-16(@ptr[2])
1137 sub `64+2*8`(%rsp),@ptr[2]
1138 vmovdqu @out[1],0x10($offload)
1139 vpxor $zero,@out[1],@out[1]
1140 vmovdqu 128+32(%rsp),@out[2]
1141 vmovups @out[3],-16(@ptr[3])
1142 sub `64+3*8`(%rsp),@ptr[3]
1143 vmovdqu @out[2],0x20($offload)
1144 vpxor $zero,@out[2],@out[2]
1145 vmovdqu 128+48(%rsp),@out[3]
1146 vmovups @out[4],-16(@ptr[4])
1147 sub `64+4*8`(%rsp),@ptr[4]
1148 vmovdqu @out[3],0x30($offload)
1149 vpxor $zero,@out[3],@out[3]
1150 vmovdqu @inp[0],0x40($offload)
1151 vpxor @inp[0],$zero,@out[4]
1152 vmovups @out[5],-16(@ptr[5])
1153 sub `64+5*8`(%rsp),@ptr[5]
1154 vmovdqu @inp[1],0x50($offload)
1155 vpxor @inp[1],$zero,@out[5]
1156 vmovups @out[6],-16(@ptr[6])
1157 sub `64+6*8`(%rsp),@ptr[6]
1158 vmovdqu @inp[2],0x60($offload)
1159 vpxor @inp[2],$zero,@out[6]
1160 vmovups @out[7],-16(@ptr[7])
1161 sub `64+7*8`(%rsp),@ptr[7]
1162 vmovdqu @inp[3],0x70($offload)
1163 vpxor @inp[3],$zero,@out[7]
1169 mov 16(%rsp),%rax # original %rsp
1171 #lea `40*8`($inp),$inp
1173 #jnz .Ldec8x_loop_grande
1178 $code.=<<___ if ($win64);
1179 movaps -0xd8(%rax),%xmm6
1180 movaps -0xc8(%rax),%xmm7
1181 movaps -0xb8(%rax),%xmm8
1182 movaps -0xa8(%rax),%xmm9
1183 movaps -0x98(%rax),%xmm10
1184 movaps -0x88(%rax),%xmm11
1185 movaps -0x78(%rax),%xmm12
1186 movaps -0x68(%rax),%xmm13
1187 movaps -0x58(%rax),%xmm14
1188 movaps -0x48(%rax),%xmm15
1200 .size aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx
1205 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1206 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1213 .extern __imp_RtlVirtualUnwind
1214 .type se_handler,\@abi-omnipotent
1228 mov 120($context),%rax # pull context->Rax
1229 mov 248($context),%rbx # pull context->Rip
1231 mov 8($disp),%rsi # disp->ImageBase
1232 mov 56($disp),%r11 # disp->HandlerData
1234 mov 0(%r11),%r10d # HandlerData[0]
1235 lea (%rsi,%r10),%r10 # prologue label
1236 cmp %r10,%rbx # context->Rip<.Lprologue
1239 mov 152($context),%rax # pull context->Rsp
1241 mov 4(%r11),%r10d # HandlerData[1]
1242 lea (%rsi,%r10),%r10 # epilogue label
1243 cmp %r10,%rbx # context->Rip>=.Lepilogue
1246 mov 16(%rax),%rax # pull saved stack pointer
1254 mov %rbx,144($context) # restore context->Rbx
1255 mov %rbp,160($context) # restore context->Rbp
1256 mov %r12,216($context) # restore cotnext->R12
1257 mov %r13,224($context) # restore cotnext->R13
1258 mov %r14,232($context) # restore cotnext->R14
1259 mov %r15,240($context) # restore cotnext->R15
1261 lea -56-10*16(%rax),%rsi
1262 lea 512($context),%rdi # &context.Xmm6
1264 .long 0xa548f3fc # cld; rep movsq
1269 mov %rax,152($context) # restore context->Rsp
1270 mov %rsi,168($context) # restore context->Rsi
1271 mov %rdi,176($context) # restore context->Rdi
1273 mov 40($disp),%rdi # disp->ContextRecord
1274 mov $context,%rsi # context
1275 mov \$154,%ecx # sizeof(CONTEXT)
1276 .long 0xa548f3fc # cld; rep movsq
1279 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1280 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1281 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1282 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1283 mov 40(%rsi),%r10 # disp->ContextRecord
1284 lea 56(%rsi),%r11 # &disp->HandlerData
1285 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1286 mov %r10,32(%rsp) # arg5
1287 mov %r11,40(%rsp) # arg6
1288 mov %r12,48(%rsp) # arg7
1289 mov %rcx,56(%rsp) # arg8, (NULL)
1290 call *__imp_RtlVirtualUnwind(%rip)
1292 mov \$1,%eax # ExceptionContinueSearch
1304 .size se_handler,.-se_handler
1308 .rva .LSEH_begin_aesni_multi_cbc_encrypt
1309 .rva .LSEH_end_aesni_multi_cbc_encrypt
1310 .rva .LSEH_info_aesni_multi_cbc_encrypt
1311 .rva .LSEH_begin_aesni_multi_cbc_decrypt
1312 .rva .LSEH_end_aesni_multi_cbc_decrypt
1313 .rva .LSEH_info_aesni_multi_cbc_decrypt
1315 $code.=<<___ if ($avx);
1316 .rva .LSEH_begin_aesni_multi_cbc_encrypt_avx
1317 .rva .LSEH_end_aesni_multi_cbc_encrypt_avx
1318 .rva .LSEH_info_aesni_multi_cbc_encrypt_avx
1319 .rva .LSEH_begin_aesni_multi_cbc_decrypt_avx
1320 .rva .LSEH_end_aesni_multi_cbc_decrypt_avx
1321 .rva .LSEH_info_aesni_multi_cbc_decrypt_avx
1326 .LSEH_info_aesni_multi_cbc_encrypt:
1329 .rva .Lenc4x_body,.Lenc4x_epilogue # HandlerData[]
1330 .LSEH_info_aesni_multi_cbc_decrypt:
1333 .rva .Ldec4x_body,.Ldec4x_epilogue # HandlerData[]
1335 $code.=<<___ if ($avx);
1336 .LSEH_info_aesni_multi_cbc_encrypt_avx:
1339 .rva .Lenc8x_body,.Lenc8x_epilogue # HandlerData[]
1340 .LSEH_info_aesni_multi_cbc_decrypt_avx:
1343 .rva .Ldec8x_body,.Ldec8x_epilogue # HandlerData[]
1346 ####################################################################
1349 local *opcode=shift;
1353 $rex|=0x04 if($dst>=8);
1354 $rex|=0x01 if($src>=8);
1355 push @opcode,$rex|0x40 if($rex);
1362 if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
1363 rex(\@opcode,$4,$3);
1364 push @opcode,0x0f,0x3a,0xdf;
1365 push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M
1367 push @opcode,$c=~/^0/?oct($c):$c;
1368 return ".byte\t".join(',',@opcode);
1370 elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
1373 "aesenc" => 0xdc, "aesenclast" => 0xdd,
1374 "aesdec" => 0xde, "aesdeclast" => 0xdf
1376 return undef if (!defined($opcodelet{$1}));
1377 rex(\@opcode,$3,$2);
1378 push @opcode,0x0f,0x38,$opcodelet{$1};
1379 push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
1380 return ".byte\t".join(',',@opcode);
1382 elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) {
1384 "aesenc" => 0xdc, "aesenclast" => 0xdd,
1385 "aesdec" => 0xde, "aesdeclast" => 0xdf
1387 return undef if (!defined($opcodelet{$1}));
1389 push @opcode,0x44 if ($3>=8);
1390 push @opcode,0x0f,0x38,$opcodelet{$1};
1391 push @opcode,0x44|(($3&7)<<3),0x24; # ModR/M
1392 push @opcode,($off=~/^0/?oct($off):$off)&0xff;
1393 return ".byte\t".join(',',@opcode);
1398 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
1399 $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
projects / oweals / openssl.git / blob