3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # sha1_block procedure for x86_64.
12 # It was brought to my attention that on EM64T compiler-generated code
13 # was far behind 32-bit assembler implementation. This is unlike on
14 # Opteron where compiler-generated code was only 15% behind 32-bit
15 # assembler, which originally made it hard to motivate the effort.
16 # There was suggestion to mechanically translate 32-bit code, but I
17 # dismissed it, reasoning that x86_64 offers enough register bank
18 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19 # implementation:-) However! While 64-bit code does perform better
20 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21 # x86_64 does offer larger *addressable* bank, but out-of-order core
22 # reaches for even more registers through dynamic aliasing, and EM64T
23 # core must have managed to run-time optimize even 32-bit code just as
24 # good as 64-bit one. Performance improvement is summarized in the
27 # gcc 3.4 32-bit asm cycles/byte
28 # Opteron +45% +20% 6.8
29 # Xeon P4 +65% +0% 9.9
34 # The code was revised to minimize code size and to maximize
35 # "distance" between instructions producing input to 'lea'
36 # instruction and the 'lea' instruction itself, which is essential
37 # for Intel Atom core.
41 # Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
42 # is to offload message schedule denoted by Wt in NIST specification,
43 # or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
44 # for background and implementation details. The only difference from
45 # 32-bit code is that 64-bit code doesn't have to spill @X[] elements
46 # to free temporary registers.
50 # Add AVX code path. See sha1-586.pl for further information.
54 # Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions
55 # and loading pair of consecutive blocks to 256-bit %ymm registers)
56 # did not provide impressive performance improvement till a crucial
57 # hint regarding the number of Xupdate iterations to pre-compute in
58 # advance was provided by Ilya Albrekht of Intel Corp.
60 ######################################################################
61 # Current performance is summarized in following table. Numbers are
62 # CPU clock cycles spent to process single byte (less is better).
67 # Core2 6.70 6.05/+11% -
68 # Westmere 7.08 5.44/+30% -
69 # Sandy Bridge 7.93 6.16/+28% 4.99/+59%
70 # Ivy Bridge 6.30 4.63/+36% 4.60/+37%
71 # Haswell 5.98 4.12/+45% 3.57/+67%
72 # Bulldozer 10.9 5.95/+82%
73 # VIA Nano 10.2 7.46/+37%
78 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
80 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
82 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
83 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
84 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
85 die "can't locate x86_64-xlate.pl";
87 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
88 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
89 $avx = ($1>=2.19) + ($1>=2.22);
92 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
93 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
94 $avx = ($1>=2.09) + ($1>=2.10);
97 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
98 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
99 $avx = ($1>=10) + ($1>=11);
102 open OUT,"| \"$^X\" $xlate $flavour $output";
105 $ctx="%rdi"; # 1st arg
106 $inp="%rsi"; # 2nd arg
107 $num="%rdx"; # 3rd arg
109 # reassign arguments in order to produce more compact code
127 my ($i,$a,$b,$c,$d,$e)=@_;
129 $code.=<<___ if ($i==0);
130 mov `4*$i`($inp),$xi[0]
132 mov $xi[0],`4*$i`(%rsp)
134 $code.=<<___ if ($i<15);
136 mov `4*$j`($inp),$xi[1]
141 lea 0x5a827999($xi[0],$e),$e
143 mov $xi[1],`4*$j`(%rsp)
149 $code.=<<___ if ($i>=15);
150 mov `4*($j%16)`(%rsp),$xi[1]
153 xor `4*(($j+2)%16)`(%rsp),$xi[1]
156 xor `4*(($j+8)%16)`(%rsp),$xi[1]
158 lea 0x5a827999($xi[0],$e),$e
159 xor `4*(($j+13)%16)`(%rsp),$xi[1]
164 mov $xi[1],`4*($j%16)`(%rsp)
167 unshift(@xi,pop(@xi));
171 my ($i,$a,$b,$c,$d,$e)=@_;
173 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
174 $code.=<<___ if ($i<79);
175 mov `4*($j%16)`(%rsp),$xi[1]
178 xor `4*(($j+2)%16)`(%rsp),$xi[1]
182 xor `4*(($j+8)%16)`(%rsp),$xi[1]
185 xor `4*(($j+13)%16)`(%rsp),$xi[1]
190 $code.=<<___ if ($i<76);
191 mov $xi[1],`4*($j%16)`(%rsp)
193 $code.=<<___ if ($i==79);
204 unshift(@xi,pop(@xi));
208 my ($i,$a,$b,$c,$d,$e)=@_;
211 mov `4*($j%16)`(%rsp),$xi[1]
214 xor `4*(($j+2)%16)`(%rsp),$xi[1]
217 xor `4*(($j+8)%16)`(%rsp),$xi[1]
219 lea 0x8f1bbcdc($xi[0],$e),$e
221 xor `4*(($j+13)%16)`(%rsp),$xi[1]
227 mov $xi[1],`4*($j%16)`(%rsp)
230 unshift(@xi,pop(@xi));
235 .extern OPENSSL_ia32cap_P
237 .globl sha1_block_data_order
238 .type sha1_block_data_order,\@function,3
240 sha1_block_data_order:
241 mov OPENSSL_ia32cap_P+0(%rip),%r9d
242 mov OPENSSL_ia32cap_P+4(%rip),%r8d
243 mov OPENSSL_ia32cap_P+8(%rip),%r10d
244 test \$`1<<9`,%r8d # check SSSE3 bit
247 $code.=<<___ if ($avx>1);
248 and \$`1<<3|1<<5|1<<8`,%r10d # check AVX2+BMI1+BMI2
249 cmp \$`1<<3|1<<5|1<<8`,%r10d
252 $code.=<<___ if ($avx);
253 and \$`1<<28`,%r8d # mask AVX bit
254 and \$`1<<30`,%r9d # mask "Intel CPU" bit
256 cmp \$`1<<28|1<<30`,%r8d
269 mov %rdi,$ctx # reassigned argument
271 mov %rsi,$inp # reassigned argument
273 mov %rdx,$num # reassigned argument
274 mov %r11,`16*4`(%rsp)
287 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
288 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
289 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
290 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
304 lea `16*4`($inp),$inp
307 mov `16*4`(%rsp),%rsi
315 .size sha1_block_data_order,.-sha1_block_data_order
319 my @X=map("%xmm$_",(4..7,0..3));
320 my @Tx=map("%xmm$_",(8..10));
322 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
323 my @T=("%esi","%edi");
328 my $_rol=sub { &rol(@_) };
329 my $_ror=sub { &ror(@_) };
335 jmp .Lalign32_$sn # see "Decoded ICache" in manual
343 .type sha1_block_data_order_ssse3,\@function,3
345 sha1_block_data_order_ssse3:
351 push %r13 # redundant, done to share Win64 SE handler
353 lea `-64-($win64?6*16:0)`(%rsp),%rsp
355 $code.=<<___ if ($win64);
356 movaps %xmm6,-40-6*16(%rax)
357 movaps %xmm7,-40-5*16(%rax)
358 movaps %xmm8,-40-4*16(%rax)
359 movaps %xmm9,-40-3*16(%rax)
360 movaps %xmm10,-40-2*16(%rax)
361 movaps %xmm11,-40-1*16(%rax)
365 mov %rax,%r14 # original %rsp
367 mov %rdi,$ctx # reassigned argument
368 mov %rsi,$inp # reassigned argument
369 mov %rdx,$num # reassigned argument
373 lea K_XX_XX+64(%rip),$K_XX_XX
375 mov 0($ctx),$A # load context
379 mov $B,@T[0] # magic seed
385 movdqa 64($K_XX_XX),@X[2] # pbswap mask
386 movdqa -64($K_XX_XX),@Tx[1] # K_00_19
387 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
388 movdqu 16($inp),@X[-3&7]
389 movdqu 32($inp),@X[-2&7]
390 movdqu 48($inp),@X[-1&7]
391 pshufb @X[2],@X[-4&7] # byte swap
393 pshufb @X[2],@X[-3&7]
394 pshufb @X[2],@X[-2&7]
395 pshufb @X[2],@X[-1&7]
396 paddd @Tx[1],@X[-4&7] # add K_00_19
397 paddd @Tx[1],@X[-3&7]
398 paddd @Tx[1],@X[-2&7]
399 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU
400 psubd @Tx[1],@X[-4&7] # restore X[]
401 movdqa @X[-3&7],16(%rsp)
402 psubd @Tx[1],@X[-3&7]
403 movdqa @X[-2&7],32(%rsp)
404 psubd @Tx[1],@X[-2&7]
408 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
409 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
411 $arg = "\$$arg" if ($arg*1 eq $arg);
412 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
415 sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
418 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
421 &movdqa (@X[0],@X[-3&7]);
424 &movdqa (@Tx[0],@X[-1&7]);
425 &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]"
429 &paddd (@Tx[1],@X[-1&7]);
432 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords
435 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
439 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
445 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
448 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
452 &movdqa (@Tx[2],@X[0]);
453 &movdqa (@Tx[0],@X[0]);
459 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword
460 &paddd (@X[0],@X[0]);
469 &movdqa (@Tx[1],@Tx[2]);
474 &por (@X[0],@Tx[0]); # "X[0]"<<<=1
481 &pxor (@X[0],@Tx[2]);
484 &movdqa (@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)"); # K_XX_XX
488 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2
490 foreach (@insns) { eval; } # remaining instructions [if any]
492 $Xi++; push(@X,shift(@X)); # "rotate" X[]
493 push(@Tx,shift(@Tx));
496 sub Xupdate_ssse3_32_79()
499 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
502 &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8);
503 eval(shift(@insns)); # body_20_39
504 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
505 &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]"
508 eval(shift(@insns)); # rol
510 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
512 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
514 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
515 } else { # ... or load next one
516 &movdqa (@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)");
518 &paddd (@Tx[1],@X[-1&7]);
519 eval(shift(@insns)); # ror
522 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]"
523 eval(shift(@insns)); # body_20_39
526 eval(shift(@insns)); # rol
528 &movdqa (@Tx[0],@X[0]);
529 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
532 eval(shift(@insns)); # ror
536 eval(shift(@insns)); # body_20_39
540 eval(shift(@insns)); # rol
543 eval(shift(@insns)); # ror
546 &por (@X[0],@Tx[0]); # "X[0]"<<<=2
547 eval(shift(@insns)); # body_20_39
549 &movdqa (@Tx[1],@X[0]) if ($Xi<19);
551 eval(shift(@insns)); # rol
554 eval(shift(@insns)); # rol
557 foreach (@insns) { eval; } # remaining instructions
559 $Xi++; push(@X,shift(@X)); # "rotate" X[]
560 push(@Tx,shift(@Tx));
563 sub Xuplast_ssse3_80()
566 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
570 &paddd (@Tx[1],@X[-1&7]);
576 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
578 foreach (@insns) { eval; } # remaining instructions
581 &je (".Ldone_ssse3");
583 unshift(@Tx,pop(@Tx));
585 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask
586 &movdqa (@Tx[1],"-64($K_XX_XX)"); # K_00_19
587 &movdqu (@X[-4&7],"0($inp)"); # load input
588 &movdqu (@X[-3&7],"16($inp)");
589 &movdqu (@X[-2&7],"32($inp)");
590 &movdqu (@X[-1&7],"48($inp)");
591 &pshufb (@X[-4&7],@X[2]); # byte swap
600 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
605 &pshufb (@X[($Xi-3)&7],@X[2]);
609 &paddd (@X[($Xi-4)&7],@Tx[1]);
614 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU
617 &psubd (@X[($Xi-4)&7],@Tx[1]);
619 foreach (@insns) { eval; }
626 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
629 foreach (@insns) { eval; }
632 sub body_00_19 () { # ((c^d)&b)^d
633 # on start @T[0]=(c^d)&b
634 return &body_20_39() if ($rx==19); $rx++;
636 '($a,$b,$c,$d,$e)=@V;'.
637 '&$_ror ($b,$j?7:2)', # $b>>>2
639 '&mov (@T[1],$a)', # $b for next round
641 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
642 '&xor ($b,$c)', # $c^$d for next round
646 '&and (@T[1],$b)', # ($b&($c^$d)) for next round
648 '&xor ($b,$c)', # restore $b
649 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
653 sub body_20_39 () { # b^d^c
655 return &body_40_59() if ($rx==39); $rx++;
657 '($a,$b,$c,$d,$e)=@V;'.
658 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
659 '&xor (@T[0],$d) if($j==19);'.
660 '&xor (@T[0],$c) if($j> 19)', # ($b^$d^$c)
661 '&mov (@T[1],$a)', # $b for next round
665 '&xor (@T[1],$c) if ($j< 79)', # $b^$d for next round
667 '&$_ror ($b,7)', # $b>>>2
668 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
672 sub body_40_59 () { # ((b^c)&(c^d))^c
673 # on entry @T[0]=(b^c), (c^=d)
676 '($a,$b,$c,$d,$e)=@V;'.
677 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
678 '&and (@T[0],$c) if ($j>=40)', # (b^c)&(c^d)
679 '&xor ($c,$d) if ($j>=40)', # restore $c
681 '&$_ror ($b,7)', # $b>>>2
682 '&mov (@T[1],$a)', # $b for next round
687 '&xor (@T[1],$c) if ($j==59);'.
688 '&xor (@T[1],$b) if ($j< 59)', # b^c for next round
690 '&xor ($b,$c) if ($j< 59)', # c^d for next round
691 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
698 &Xupdate_ssse3_16_31(\&body_00_19);
699 &Xupdate_ssse3_16_31(\&body_00_19);
700 &Xupdate_ssse3_16_31(\&body_00_19);
701 &Xupdate_ssse3_16_31(\&body_00_19);
702 &Xupdate_ssse3_32_79(\&body_00_19);
703 &Xupdate_ssse3_32_79(\&body_20_39);
704 &Xupdate_ssse3_32_79(\&body_20_39);
705 &Xupdate_ssse3_32_79(\&body_20_39);
706 &Xupdate_ssse3_32_79(\&body_20_39);
707 &Xupdate_ssse3_32_79(\&body_20_39);
708 &Xupdate_ssse3_32_79(\&body_40_59);
709 &Xupdate_ssse3_32_79(\&body_40_59);
710 &Xupdate_ssse3_32_79(\&body_40_59);
711 &Xupdate_ssse3_32_79(\&body_40_59);
712 &Xupdate_ssse3_32_79(\&body_40_59);
713 &Xupdate_ssse3_32_79(\&body_20_39);
714 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done"
716 $saved_j=$j; @saved_V=@V;
718 &Xloop_ssse3(\&body_20_39);
719 &Xloop_ssse3(\&body_20_39);
720 &Xloop_ssse3(\&body_20_39);
723 add 0($ctx),$A # update context
730 mov @T[0],$B # magic seed
742 $j=$saved_j; @V=@saved_V;
744 &Xtail_ssse3(\&body_20_39);
745 &Xtail_ssse3(\&body_20_39);
746 &Xtail_ssse3(\&body_20_39);
749 add 0($ctx),$A # update context
760 $code.=<<___ if ($win64);
761 movaps -40-6*16(%r14),%xmm6
762 movaps -40-5*16(%r14),%xmm7
763 movaps -40-4*16(%r14),%xmm8
764 movaps -40-3*16(%r14),%xmm9
765 movaps -40-2*16(%r14),%xmm10
766 movaps -40-1*16(%r14),%xmm11
778 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
782 $Xi=4; # reset variables
783 @X=map("%xmm$_",(4..7,0..3));
784 @Tx=map("%xmm$_",(8..10));
788 my $done_avx_label=".Ldone_avx";
790 my $_rol=sub { &shld(@_[0],@_) };
791 my $_ror=sub { &shrd(@_[0],@_) };
794 .type sha1_block_data_order_avx,\@function,3
796 sha1_block_data_order_avx:
802 push %r13 # redundant, done to share Win64 SE handler
804 lea `-64-($win64?6*16:0)`(%rsp),%rsp
807 $code.=<<___ if ($win64);
808 vmovaps %xmm6,-40-6*16(%rax)
809 vmovaps %xmm7,-40-5*16(%rax)
810 vmovaps %xmm8,-40-4*16(%rax)
811 vmovaps %xmm9,-40-3*16(%rax)
812 vmovaps %xmm10,-40-2*16(%rax)
813 vmovaps %xmm11,-40-1*16(%rax)
817 mov %rax,%r14 # original %rsp
819 mov %rdi,$ctx # reassigned argument
820 mov %rsi,$inp # reassigned argument
821 mov %rdx,$num # reassigned argument
825 lea K_XX_XX+64(%rip),$K_XX_XX
827 mov 0($ctx),$A # load context
831 mov $B,@T[0] # magic seed
837 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask
838 vmovdqa -64($K_XX_XX),$Kx # K_00_19
839 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
840 vmovdqu 16($inp),@X[-3&7]
841 vmovdqu 32($inp),@X[-2&7]
842 vmovdqu 48($inp),@X[-1&7]
843 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
845 vpshufb @X[2],@X[-3&7],@X[-3&7]
846 vpshufb @X[2],@X[-2&7],@X[-2&7]
847 vpshufb @X[2],@X[-1&7],@X[-1&7]
848 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
849 vpaddd $Kx,@X[-3&7],@X[1]
850 vpaddd $Kx,@X[-2&7],@X[2]
851 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU
852 vmovdqa @X[1],16(%rsp)
853 vmovdqa @X[2],32(%rsp)
857 sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
860 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
865 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
869 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
872 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
875 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
879 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
885 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
888 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
892 &vpsrld (@Tx[0],@X[0],31);
898 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
899 &vpaddd (@X[0],@X[0],@X[0]);
905 &vpsrld (@Tx[1],@Tx[2],30);
906 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
912 &vpslld (@Tx[2],@Tx[2],2);
913 &vpxor (@X[0],@X[0],@Tx[1]);
919 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
922 &vmovdqa ($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
927 foreach (@insns) { eval; } # remaining instructions [if any]
929 $Xi++; push(@X,shift(@X)); # "rotate" X[]
932 sub Xupdate_avx_32_79()
935 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
938 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
939 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
940 eval(shift(@insns)); # body_20_39
943 eval(shift(@insns)); # rol
945 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
947 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
948 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
949 &vmovdqa ($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
950 eval(shift(@insns)); # ror
953 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
954 eval(shift(@insns)); # body_20_39
957 eval(shift(@insns)); # rol
959 &vpsrld (@Tx[0],@X[0],30);
960 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
963 eval(shift(@insns)); # ror
966 &vpslld (@X[0],@X[0],2);
967 eval(shift(@insns)); # body_20_39
970 eval(shift(@insns)); # rol
973 eval(shift(@insns)); # ror
976 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
977 eval(shift(@insns)); # body_20_39
980 eval(shift(@insns)); # rol
983 eval(shift(@insns)); # rol
986 foreach (@insns) { eval; } # remaining instructions
988 $Xi++; push(@X,shift(@X)); # "rotate" X[]
994 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
998 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
1000 eval(shift(@insns));
1001 eval(shift(@insns));
1002 eval(shift(@insns));
1004 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
1006 foreach (@insns) { eval; } # remaining instructions
1009 &je ($done_avx_label);
1011 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask
1012 &vmovdqa($Kx,"-64($K_XX_XX)"); # K_00_19
1013 &vmovdqu(@X[-4&7],"0($inp)"); # load input
1014 &vmovdqu(@X[-3&7],"16($inp)");
1015 &vmovdqu(@X[-2&7],"32($inp)");
1016 &vmovdqu(@X[-1&7],"48($inp)");
1017 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap
1026 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1027 my ($a,$b,$c,$d,$e);
1029 eval(shift(@insns));
1030 eval(shift(@insns));
1031 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
1032 eval(shift(@insns));
1033 eval(shift(@insns));
1034 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],$Kx);
1035 eval(shift(@insns));
1036 eval(shift(@insns));
1037 eval(shift(@insns));
1038 eval(shift(@insns));
1039 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU
1040 eval(shift(@insns));
1041 eval(shift(@insns));
1043 foreach (@insns) { eval; }
1050 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1051 my ($a,$b,$c,$d,$e);
1053 foreach (@insns) { eval; }
1060 &Xupdate_avx_16_31(\&body_00_19);
1061 &Xupdate_avx_16_31(\&body_00_19);
1062 &Xupdate_avx_16_31(\&body_00_19);
1063 &Xupdate_avx_16_31(\&body_00_19);
1064 &Xupdate_avx_32_79(\&body_00_19);
1065 &Xupdate_avx_32_79(\&body_20_39);
1066 &Xupdate_avx_32_79(\&body_20_39);
1067 &Xupdate_avx_32_79(\&body_20_39);
1068 &Xupdate_avx_32_79(\&body_20_39);
1069 &Xupdate_avx_32_79(\&body_20_39);
1070 &Xupdate_avx_32_79(\&body_40_59);
1071 &Xupdate_avx_32_79(\&body_40_59);
1072 &Xupdate_avx_32_79(\&body_40_59);
1073 &Xupdate_avx_32_79(\&body_40_59);
1074 &Xupdate_avx_32_79(\&body_40_59);
1075 &Xupdate_avx_32_79(\&body_20_39);
1076 &Xuplast_avx_80(\&body_20_39); # can jump to "done"
1078 $saved_j=$j; @saved_V=@V;
1080 &Xloop_avx(\&body_20_39);
1081 &Xloop_avx(\&body_20_39);
1082 &Xloop_avx(\&body_20_39);
1085 add 0($ctx),$A # update context
1092 mov @T[0],$B # magic seed
1104 $j=$saved_j; @V=@saved_V;
1106 &Xtail_avx(\&body_20_39);
1107 &Xtail_avx(\&body_20_39);
1108 &Xtail_avx(\&body_20_39);
1113 add 0($ctx),$A # update context
1124 $code.=<<___ if ($win64);
1125 movaps -40-6*16(%r14),%xmm6
1126 movaps -40-5*16(%r14),%xmm7
1127 movaps -40-4*16(%r14),%xmm8
1128 movaps -40-3*16(%r14),%xmm9
1129 movaps -40-2*16(%r14),%xmm10
1130 movaps -40-1*16(%r14),%xmm11
1142 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
1147 $Xi=4; # reset variables
1148 @X=map("%ymm$_",(4..7,0..3));
1149 @Tx=map("%ymm$_",(8..10));
1153 my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi");
1154 my ($a5,$t0)=("%r12d","%edi");
1156 my ($A,$F,$B,$C,$D,$E)=@ROTX;
1161 .type sha1_block_data_order_avx2,\@function,3
1163 sha1_block_data_order_avx2:
1173 $code.=<<___ if ($win64);
1174 lea -6*16(%rsp),%rsp
1175 vmovaps %xmm6,-40-6*16(%rax)
1176 vmovaps %xmm7,-40-5*16(%rax)
1177 vmovaps %xmm8,-40-4*16(%rax)
1178 vmovaps %xmm9,-40-3*16(%rax)
1179 vmovaps %xmm10,-40-2*16(%rax)
1180 vmovaps %xmm11,-40-1*16(%rax)
1184 mov %rax,%r14 # original %rsp
1185 mov %rdi,$ctx # reassigned argument
1186 mov %rsi,$inp # reassigned argument
1187 mov %rdx,$num # reassigned argument
1194 lea K_XX_XX+64(%rip),$K_XX_XX
1196 mov 0($ctx),$A # load context
1198 cmovae $inp,$frame # next or same block
1203 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1205 vmovdqu ($inp),%xmm0
1206 vmovdqu 16($inp),%xmm1
1207 vmovdqu 32($inp),%xmm2
1208 vmovdqu 48($inp),%xmm3
1210 vinserti128 \$1,($frame),@X[-4&7],@X[-4&7]
1211 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1212 vpshufb @X[2],@X[-4&7],@X[-4&7]
1213 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1214 vpshufb @X[2],@X[-3&7],@X[-3&7]
1215 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1216 vpshufb @X[2],@X[-2&7],@X[-2&7]
1217 vmovdqu -64($K_XX_XX),$Kx # K_00_19
1218 vpshufb @X[2],@X[-1&7],@X[-1&7]
1220 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
1221 vpaddd $Kx,@X[-3&7],@X[1]
1222 vmovdqu @X[0],0(%rsp) # X[]+K xfer to IALU
1223 vpaddd $Kx,@X[-2&7],@X[2]
1224 vmovdqu @X[1],32(%rsp)
1225 vpaddd $Kx,@X[-1&7],@X[3]
1226 vmovdqu @X[2],64(%rsp)
1227 vmovdqu @X[3],96(%rsp)
1229 for (;$Xi<8;$Xi++) { # Xupdate_avx2_16_31
1232 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1233 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1234 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1235 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1236 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1237 &vpsrld (@Tx[0],@X[0],31);
1238 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1239 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1240 &vpaddd (@X[0],@X[0],@X[0]);
1241 &vpsrld (@Tx[1],@Tx[2],30);
1242 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1243 &vpslld (@Tx[2],@Tx[2],2);
1244 &vpxor (@X[0],@X[0],@Tx[1]);
1245 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1246 &vpaddd (@Tx[1],@X[0],$Kx);
1247 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1249 push(@X,shift(@X)); # "rotate" X[]
1252 lea 128(%rsp),$frame
1261 sub bodyx_00_19 () { # 8 instructions, 3 cycles critical path
1262 # at start $f=(b&c)^(~b&d), $b>>>=2
1263 return &bodyx_20_39() if ($rx==19); $rx++;
1265 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1267 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1268 '&lea ($frame,"256($frame)") if ($j%32==31);',
1269 '&andn ($t0,$a,$c)', # ~b&d for next round
1271 '&add ($e,$f)', # e+=(b&c)^(~b&d)
1272 '&rorx ($a5,$a,27)', # a<<<5
1273 '&rorx ($f,$a,2)', # b>>>2 for next round
1274 '&and ($a,$b)', # b&c for next round
1276 '&add ($e,$a5)', # e+=a<<<5
1277 '&xor ($a,$t0);'. # f=(b&c)^(~b&d) for next round
1279 'unshift(@ROTX,pop(@ROTX)); $j++;'
1283 sub bodyx_20_39 () { # 7 instructions, 2 cycles critical path
1284 # on entry $f=b^c^d, $b>>>=2
1285 return &bodyx_40_59() if ($rx==39); $rx++;
1287 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1289 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1290 '&lea ($frame,"256($frame)") if ($j%32==31);',
1292 '&lea ($e,"($e,$f)")', # e+=b^c^d
1293 '&rorx ($a5,$a,27)', # a<<<5
1294 '&rorx ($f,$a,2) if ($j<79)', # b>>>2 in next round
1295 '&xor ($a,$b) if ($j<79)', # b^c for next round
1297 '&add ($e,$a5)', # e+=a<<<5
1298 '&xor ($a,$c) if ($j<79);'. # f=b^c^d for next round
1300 'unshift(@ROTX,pop(@ROTX)); $j++;'
1304 sub bodyx_40_59 () { # 10 instructions, 3 cycles critical path
1305 # on entry $f=((b^c)&(c^d)), $b>>>=2
1308 '($a,$f,$b,$c,$d,$e)=@ROTX;'.
1310 '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K
1311 '&lea ($frame,"256($frame)") if ($j%32==31);',
1312 '&xor ($f,$c) if ($j>39)', # (b^c)&(c^d)^c
1313 '&mov ($t0,$b) if ($j<59)', # count on zero latency
1314 '&xor ($t0,$c) if ($j<59)', # c^d for next round
1316 '&lea ($e,"($e,$f)")', # e+=(b^c)&(c^d)^c
1317 '&rorx ($a5,$a,27)', # a<<<5
1318 '&rorx ($f,$a,2)', # b>>>2 in next round
1319 '&xor ($a,$b)', # b^c for next round
1321 '&add ($e,$a5)', # e+=a<<<5
1322 '&and ($a,$t0) if ($j< 59);'. # f=(b^c)&(c^d) for next round
1323 '&xor ($a,$c) if ($j==59);'. # f=b^c^d for next round
1325 'unshift(@ROTX,pop(@ROTX)); $j++;'
1329 sub Xupdate_avx2_16_31() # recall that $Xi starts wtih 4
1332 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 instructions
1333 my ($a,$b,$c,$d,$e);
1335 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
1336 eval(shift(@insns));
1337 eval(shift(@insns));
1338 eval(shift(@insns));
1339 eval(shift(@insns));
1341 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
1342 eval(shift(@insns));
1343 eval(shift(@insns));
1344 eval(shift(@insns));
1346 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
1347 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
1348 eval(shift(@insns));
1349 eval(shift(@insns));
1351 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
1352 eval(shift(@insns));
1353 eval(shift(@insns));
1354 eval(shift(@insns));
1355 eval(shift(@insns));
1357 &vpsrld (@Tx[0],@X[0],31);
1358 &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
1359 eval(shift(@insns));
1360 eval(shift(@insns));
1361 eval(shift(@insns));
1363 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
1364 &vpaddd (@X[0],@X[0],@X[0]);
1365 eval(shift(@insns));
1366 eval(shift(@insns));
1368 &vpsrld (@Tx[1],@Tx[2],30);
1369 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
1370 eval(shift(@insns));
1371 eval(shift(@insns));
1373 &vpslld (@Tx[2],@Tx[2],2);
1374 &vpxor (@X[0],@X[0],@Tx[1]);
1375 eval(shift(@insns));
1376 eval(shift(@insns));
1378 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
1379 eval(shift(@insns));
1380 eval(shift(@insns));
1381 eval(shift(@insns));
1383 &vpaddd (@Tx[1],@X[0],$Kx);
1384 eval(shift(@insns));
1385 eval(shift(@insns));
1386 eval(shift(@insns));
1387 &vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1389 foreach (@insns) { eval; } # remaining instructions [if any]
1392 push(@X,shift(@X)); # "rotate" X[]
1395 sub Xupdate_avx2_32_79()
1398 my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 to 50 instructions
1399 my ($a,$b,$c,$d,$e);
1401 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
1402 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
1403 eval(shift(@insns));
1404 eval(shift(@insns));
1406 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
1407 &vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0);
1408 eval(shift(@insns));
1409 eval(shift(@insns));
1410 eval(shift(@insns));
1412 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
1413 eval(shift(@insns));
1414 eval(shift(@insns));
1415 eval(shift(@insns));
1417 &vpsrld (@Tx[0],@X[0],30);
1418 &vpslld (@X[0],@X[0],2);
1419 eval(shift(@insns));
1420 eval(shift(@insns));
1421 eval(shift(@insns));
1423 #&vpslld (@X[0],@X[0],2);
1424 eval(shift(@insns));
1425 eval(shift(@insns));
1426 eval(shift(@insns));
1428 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
1429 eval(shift(@insns));
1430 eval(shift(@insns));
1431 eval(shift(@insns));
1432 eval(shift(@insns));
1434 &vpaddd (@Tx[1],@X[0],$Kx);
1435 eval(shift(@insns));
1436 eval(shift(@insns));
1437 eval(shift(@insns));
1438 eval(shift(@insns));
1440 &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU
1442 foreach (@insns) { eval; } # remaining instructions
1445 push(@X,shift(@X)); # "rotate" X[]
1451 my @insns = (&$body,&$body,&$body,&$body,&$body); # 32 instructions
1452 my ($a,$b,$c,$d,$e);
1454 foreach (@insns) { eval; }
1458 &Xupdate_avx2_32_79(\&bodyx_00_19);
1459 &Xupdate_avx2_32_79(\&bodyx_00_19);
1460 &Xupdate_avx2_32_79(\&bodyx_00_19);
1461 &Xupdate_avx2_32_79(\&bodyx_00_19);
1463 &Xupdate_avx2_32_79(\&bodyx_20_39);
1464 &Xupdate_avx2_32_79(\&bodyx_20_39);
1465 &Xupdate_avx2_32_79(\&bodyx_20_39);
1466 &Xupdate_avx2_32_79(\&bodyx_20_39);
1469 &Xupdate_avx2_32_79(\&bodyx_40_59);
1470 &Xupdate_avx2_32_79(\&bodyx_40_59);
1471 &Xupdate_avx2_32_79(\&bodyx_40_59);
1472 &Xupdate_avx2_32_79(\&bodyx_40_59);
1474 &Xloop_avx2(\&bodyx_20_39);
1475 &Xloop_avx2(\&bodyx_20_39);
1476 &Xloop_avx2(\&bodyx_20_39);
1477 &Xloop_avx2(\&bodyx_20_39);
1480 lea 128($inp),$frame
1481 lea 128($inp),%rdi # borrow $t0
1483 cmovae $inp,$frame # next or previous block
1485 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1486 add 0($ctx),@ROTX[0] # update context
1487 add 4($ctx),@ROTX[1]
1488 add 8($ctx),@ROTX[3]
1489 mov @ROTX[0],0($ctx)
1490 add 12($ctx),@ROTX[4]
1491 mov @ROTX[1],4($ctx)
1492 mov @ROTX[0],$A # A=d
1493 add 16($ctx),@ROTX[5]
1495 mov @ROTX[3],8($ctx)
1496 mov @ROTX[4],$D # D=b
1497 #xchg @ROTX[5],$F # F=c, C=f
1498 mov @ROTX[4],12($ctx)
1499 mov @ROTX[1],$F # F=e
1500 mov @ROTX[5],16($ctx)
1502 mov @ROTX[5],$E # E=c
1504 #xchg $F,$E # E=c, F=e
1510 $Xi=4; # reset variables
1511 @X=map("%ymm$_",(4..7,0..3));
1514 vmovdqu 64($K_XX_XX),@X[2] # pbswap mask
1515 cmp $num,%rdi # borrowed $t0
1518 vmovdqu -64(%rdi),%xmm0 # low part of @X[-4&7]
1519 vmovdqu -48(%rdi),%xmm1
1520 vmovdqu -32(%rdi),%xmm2
1521 vmovdqu -16(%rdi),%xmm3
1522 vinserti128 \$1,0($frame),@X[-4&7],@X[-4&7]
1523 vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7]
1524 vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7]
1525 vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7]
1530 lea 128+16(%rsp),$frame
1537 $rx=$j=0; @ROTX=($A,$F,$B,$C,$D,$E);
1539 &Xloop_avx2 (\&bodyx_00_19);
1540 &Xloop_avx2 (\&bodyx_00_19);
1541 &Xloop_avx2 (\&bodyx_00_19);
1542 &Xloop_avx2 (\&bodyx_00_19);
1544 &Xloop_avx2 (\&bodyx_20_39);
1545 &vmovdqu ($Kx,"-64($K_XX_XX)"); # K_00_19
1546 &vpshufb (@X[-4&7],@X[-4&7],@X[2]); # byte swap
1547 &Xloop_avx2 (\&bodyx_20_39);
1548 &vpshufb (@X[-3&7],@X[-3&7],@X[2]);
1549 &vpaddd (@Tx[0],@X[-4&7],$Kx); # add K_00_19
1550 &Xloop_avx2 (\&bodyx_20_39);
1551 &vmovdqu ("0(%rsp)",@Tx[0]);
1552 &vpshufb (@X[-2&7],@X[-2&7],@X[2]);
1553 &vpaddd (@Tx[1],@X[-3&7],$Kx);
1554 &Xloop_avx2 (\&bodyx_20_39);
1555 &vmovdqu ("32(%rsp)",@Tx[1]);
1556 &vpshufb (@X[-1&7],@X[-1&7],@X[2]);
1557 &vpaddd (@X[2],@X[-2&7],$Kx);
1559 &Xloop_avx2 (\&bodyx_40_59);
1561 &vmovdqu ("64(%rsp)",@X[2]);
1562 &vpaddd (@X[3],@X[-1&7],$Kx);
1563 &Xloop_avx2 (\&bodyx_40_59);
1564 &vmovdqu ("96(%rsp)",@X[3]);
1565 &Xloop_avx2 (\&bodyx_40_59);
1566 &Xupdate_avx2_16_31(\&bodyx_40_59);
1568 &Xupdate_avx2_16_31(\&bodyx_20_39);
1569 &Xupdate_avx2_16_31(\&bodyx_20_39);
1570 &Xupdate_avx2_16_31(\&bodyx_20_39);
1571 &Xloop_avx2 (\&bodyx_20_39);
1574 lea 128(%rsp),$frame
1576 # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c
1577 add 0($ctx),@ROTX[0] # update context
1578 add 4($ctx),@ROTX[1]
1579 add 8($ctx),@ROTX[3]
1580 mov @ROTX[0],0($ctx)
1581 add 12($ctx),@ROTX[4]
1582 mov @ROTX[1],4($ctx)
1583 mov @ROTX[0],$A # A=d
1584 add 16($ctx),@ROTX[5]
1586 mov @ROTX[3],8($ctx)
1587 mov @ROTX[4],$D # D=b
1588 #xchg @ROTX[5],$F # F=c, C=f
1589 mov @ROTX[4],12($ctx)
1590 mov @ROTX[1],$F # F=e
1591 mov @ROTX[5],16($ctx)
1593 mov @ROTX[5],$E # E=c
1595 #xchg $F,$E # E=c, F=e
1603 $code.=<<___ if ($win64);
1604 movaps -40-6*16(%r14),%xmm6
1605 movaps -40-5*16(%r14),%xmm7
1606 movaps -40-4*16(%r14),%xmm8
1607 movaps -40-3*16(%r14),%xmm9
1608 movaps -40-2*16(%r14),%xmm10
1609 movaps -40-1*16(%r14),%xmm11
1621 .size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
1628 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1629 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1630 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1631 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1632 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1633 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1634 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1635 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1636 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1637 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1641 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1645 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1646 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1654 .extern __imp_RtlVirtualUnwind
1655 .type se_handler,\@abi-omnipotent
1669 mov 120($context),%rax # pull context->Rax
1670 mov 248($context),%rbx # pull context->Rip
1672 lea .Lprologue(%rip),%r10
1673 cmp %r10,%rbx # context->Rip<.Lprologue
1674 jb .Lcommon_seh_tail
1676 mov 152($context),%rax # pull context->Rsp
1678 lea .Lepilogue(%rip),%r10
1679 cmp %r10,%rbx # context->Rip>=.Lepilogue
1680 jae .Lcommon_seh_tail
1682 mov `16*4`(%rax),%rax # pull saved stack pointer
1689 mov %rbx,144($context) # restore context->Rbx
1690 mov %rbp,160($context) # restore context->Rbp
1691 mov %r12,216($context) # restore context->R12
1692 mov %r13,224($context) # restore context->R13
1694 jmp .Lcommon_seh_tail
1695 .size se_handler,.-se_handler
1697 .type ssse3_handler,\@abi-omnipotent
1711 mov 120($context),%rax # pull context->Rax
1712 mov 248($context),%rbx # pull context->Rip
1714 mov 8($disp),%rsi # disp->ImageBase
1715 mov 56($disp),%r11 # disp->HandlerData
1717 mov 0(%r11),%r10d # HandlerData[0]
1718 lea (%rsi,%r10),%r10 # prologue label
1719 cmp %r10,%rbx # context->Rip<prologue label
1720 jb .Lcommon_seh_tail
1722 mov 152($context),%rax # pull context->Rsp
1724 mov 4(%r11),%r10d # HandlerData[1]
1725 lea (%rsi,%r10),%r10 # epilogue label
1726 cmp %r10,%rbx # context->Rip>=epilogue label
1727 jae .Lcommon_seh_tail
1729 mov 232($context),%rax # pull context->R14
1731 lea -40-6*16(%rax),%rsi
1732 lea 512($context),%rdi # &context.Xmm6
1734 .long 0xa548f3fc # cld; rep movsq
1741 mov %rbx,144($context) # restore context->Rbx
1742 mov %rbp,160($context) # restore context->Rbp
1743 mov %r12,216($context) # restore cotnext->R12
1744 mov %r13,224($context) # restore cotnext->R13
1745 mov %r14,232($context) # restore cotnext->R14
1750 mov %rax,152($context) # restore context->Rsp
1751 mov %rsi,168($context) # restore context->Rsi
1752 mov %rdi,176($context) # restore context->Rdi
1754 mov 40($disp),%rdi # disp->ContextRecord
1755 mov $context,%rsi # context
1756 mov \$154,%ecx # sizeof(CONTEXT)
1757 .long 0xa548f3fc # cld; rep movsq
1760 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1761 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1762 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1763 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1764 mov 40(%rsi),%r10 # disp->ContextRecord
1765 lea 56(%rsi),%r11 # &disp->HandlerData
1766 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1767 mov %r10,32(%rsp) # arg5
1768 mov %r11,40(%rsp) # arg6
1769 mov %r12,48(%rsp) # arg7
1770 mov %rcx,56(%rsp) # arg8, (NULL)
1771 call *__imp_RtlVirtualUnwind(%rip)
1773 mov \$1,%eax # ExceptionContinueSearch
1785 .size ssse3_handler,.-ssse3_handler
1789 .rva .LSEH_begin_sha1_block_data_order
1790 .rva .LSEH_end_sha1_block_data_order
1791 .rva .LSEH_info_sha1_block_data_order
1792 .rva .LSEH_begin_sha1_block_data_order_ssse3
1793 .rva .LSEH_end_sha1_block_data_order_ssse3
1794 .rva .LSEH_info_sha1_block_data_order_ssse3
1796 $code.=<<___ if ($avx);
1797 .rva .LSEH_begin_sha1_block_data_order_avx
1798 .rva .LSEH_end_sha1_block_data_order_avx
1799 .rva .LSEH_info_sha1_block_data_order_avx
1801 $code.=<<___ if ($avx>1);
1802 .rva .LSEH_begin_sha1_block_data_order_avx2
1803 .rva .LSEH_end_sha1_block_data_order_avx2
1804 .rva .LSEH_info_sha1_block_data_order_avx2
1809 .LSEH_info_sha1_block_data_order:
1812 .LSEH_info_sha1_block_data_order_ssse3:
1815 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[]
1817 $code.=<<___ if ($avx);
1818 .LSEH_info_sha1_block_data_order_avx:
1821 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[]
1823 $code.=<<___ if ($avx>1);
1824 .LSEH_info_sha1_block_data_order_avx2:
1827 .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[]
1831 ####################################################################
1833 $code =~ s/\`([^\`]*)\`/eval $1/gem;