Print this page
6665607 Need a SHA256/SHA384/SHA512 implementation optimized for 64-bit x86
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/common/crypto/sha1/amd64/sha1-x86_64.pl
+++ new/usr/src/common/crypto/sha1/amd64/sha1-x86_64.pl
1 1 #!/usr/bin/env perl
2 2 #
3 3 # ====================================================================
4 4 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 5 # project. The module is, however, dual licensed under OpenSSL and
6 6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 7 # details see http://www.openssl.org/~appro/cryptogams/.
8 8 # ====================================================================
9 9 #
10 10 # sha1_block procedure for x86_64.
11 11 #
12 12 # It was brought to my attention that on EM64T compiler-generated code
13 13 # was far behind 32-bit assembler implementation. This is unlike on
14 14 # Opteron where compiler-generated code was only 15% behind 32-bit
15 15 # assembler, which originally made it hard to motivate the effort.
16 16 # There was suggestion to mechanically translate 32-bit code, but I
17 17 # dismissed it, reasoning that x86_64 offers enough register bank
18 18 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19 19 # implementation:-) However! While 64-bit code does performs better
20 20 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21 21 # x86_64 does offer larger *addressable* bank, but out-of-order core
22 22 # reaches for even more registers through dynamic aliasing, and EM64T
23 23 # core must have managed to run-time optimize even 32-bit code just as
24 24 # good as 64-bit one. Performance improvement is summarized in the
25 25 # following table:
26 26 #
27 27 # gcc 3.4 32-bit asm cycles/byte
28 28 # Opteron +45% +20% 6.8
29 29 # Xeon P4 +65% +0% 9.9
30 30 # Core2 +60% +10% 7.0
31 31
32 32 #
33 33 # OpenSolaris OS modifications
34 34 #
35 35 # Sun elects to use this software under the BSD license.
36 36 #
37 37 # This source originates from OpenSSL file sha1-x86_64.pl at
38 38 # ftp://ftp.openssl.org/snapshot/openssl-0.9.8-stable-SNAP-20080131.tar.gz
39 39 # (presumably for future OpenSSL release 0.9.8h), with these changes:
40 40 #
41 41 # 1. Added perl "use strict" and declared variables.
42 42 #
43 43 # 2. Added OpenSolaris ENTRY_NP/SET_SIZE macros from
44 44 # /usr/include/sys/asm_linkage.h, .ident keywords, and lint(1B) guards.
45 45 #
46 46 # 3. Added perl function &lea_offset_eax_register_register() to handle
47 47 # Solaris as(1) bug.
48 48 #
49 49 # 4. Removed x86_64-xlate.pl script (not needed for as(1) or gas(1) assemblers).
50 50 #
51 51
52 52 use strict;
53 53 my ($code, $ctx, $inp, $num, $xi, $t0, $t1, $i, @V, $A, $B, $C, $D, $E, $T);
54 54 my $output = shift;
55 55 open STDOUT,">$output";
56 56
57 57
58 58 sub lea_offset_eax_register_register
59 59 # Workaround for a Solaris "gas" assembler bug where compiling the source
60 60 # errors out and does not generate a valid "lea" instruction. Specifically,
61 61 # &lea OFFSET(%eax, SOURCE_REGISTER),DESTINATION_REGISTER
62 62 #
63 63 # For Solaris as, "as -a32" must be used to compile this.
64 64 # For Solaris gas 2.15, this errors out with this message:
65 65 # Error: `0x5a827999(%eax,%r11d)' is not a valid 64 bit base/index expression
66 66 #
67 67 # This should be fixed in Solaris gas 2.16.
68 68 # It assembles with the Linux "as --64" gas 2.17 assembler and runs OK.
69 69 #
70 70 # For the ONBLD NV tools, the aw wrapper script fails when -a32 is used:
71 71 # /ws/onnv-tools/onbld/bin/i386/aw -xarch=amd64 -P -a32 -o lea.o lea.s
72 72 # aw: as->gas mapping failed at or near arg '-a32'
73 73 #
74 74 # For more information, see CRs 6644870 and 6628627.
75 75 {
76 76 use Switch;
77 77 my ($offset, $reg_src, $reg_dest) = @_;
78 78
79 79 # Failed "lea" instruction.
80 80 # This instruction errors out from the Solaris as assembler.
81 81 # It assembles with the Linux "as --64" assembler and runs OK.
82 82 $code .= " /lea $offset(%eax,$reg_src),$reg_dest\n";
83 83
84 84 # Workaround
85 85 # This workaround hand-generates hex machine code for lea.
86 86 $code .= " / Solaris as assembly bug CR 6628627 errors out for\n";
87 87 $code .= " / the above, so we specify the machine code in hex:\n";
88 88 $code .= " .byte 0x67 / lea\n";
89 89
90 90 switch ($reg_src) {
91 91 case "%ebp" {
92 92 switch ($reg_dest) {
93 93 case "%r11d" { $code .=
94 94 " .byte 0x44,0x8d,0x9c,0x28 "
95 95 . "/ (%eax,$reg_src),$reg_dest\n"; }
96 96 else { $code .= "Unknown register $reg_dest\n"; }
97 97 }
98 98 }
99 99 case "%edi" {
100 100 switch ($reg_dest) {
101 101 case "%ebp" { $code .=
102 102 " .byte 0x8d,0xac,0x38 "
103 103 . "/ (%eax,$reg_src),$reg_dest\n"; }
104 104 else { $code .= "Unknown register $reg_dest\n"; }
105 105 }
106 106 }
107 107 case "%edx" {
108 108 switch ($reg_dest) {
109 109 case "%esi" { $code .=
110 110 " .byte 0x8d,0xb4,0x10 "
111 111 . "/ (%eax,$reg_src),$reg_dest\n"; }
112 112 else { $code .= "Unknown register $reg_dest\n"; }
113 113 }
114 114 }
115 115 case "%esi" {
116 116 switch ($reg_dest) {
117 117 case "%edi" { $code .=
118 118 " .byte 0x8d,0xbc,0x30 "
119 119 . "/ (%eax,$reg_src),$reg_dest\n"; }
120 120 else { $code .= "Unknown register $reg_dest\n"; }
121 121 }
122 122 }
123 123 case "%r11d" {
124 124 switch ($reg_dest) {
125 125 case "%r12d" { $code .=
126 126 " .byte 0x46,0x8d,0xa4,0x18 "
127 127 . "/ (%eax,$reg_src),$reg_dest\n"; }
128 128 else { $code .= "Unknown register $reg_dest\n"; }
129 129 }
130 130 }
131 131 case "%r12d" {
132 132 switch ($reg_dest) {
133 133 case "%edx" { $code .=
134 134 " .byte 0x42,0x8d,0x94,0x20 "
135 135 . "/ (%eax,$reg_src),$reg_dest\n"; }
136 136 else { $code .= "Unknown register $reg_dest\n"; }
137 137 }
138 138 }
139 139 else { $code .= "Unknown register $reg_src\n"; }
140 140 }
141 141
142 142 $code .= " .long $offset / offset\n";
143 143 }
144 144
145 145
146 146 #
147 147 # void sha1_block_data_order(SHA1_CTX *ctx, const void *inpp, size_t blocks);
148 148 #
149 149
150 150 # Arguments:
151 151 $ctx="%rdi"; # 1st arg
152 152 $inp="%rsi"; # 2nd arg
153 153 $num="%rdx"; # 3rd arg
154 154
155 155 # reassign arguments in order to produce more compact code
156 156 $ctx="%r8";
157 157 $inp="%r9";
158 158 $num="%r10";
159 159
160 160 # Temporaries:
161 161 $xi="%eax";
162 162 $t0="%ebx";
163 163 $t1="%ecx";
164 164 # State information from SHA-1 context:
165 165 $A="%edx";
166 166 $B="%esi";
167 167 $C="%edi";
168 168 $D="%ebp";
|
↓ open down ↓ |
168 lines elided |
↑ open up ↑ |
169 169 $E="%r11d";
170 170 # Temporary:
171 171 $T="%r12d";
172 172
173 173 @V=($A,$B,$C,$D,$E,$T);
174 174
175 175 sub PROLOGUE {
176 176 my $func=shift;
177 177 $code.=<<___;
178 178 ENTRY_NP($func)
179 - /* EXPORT DELETE START */
180 179 push %rbx
181 180 push %rbp
182 181 push %r12
183 182 mov %rsp,%rax
184 183 mov %rdi,$ctx # reassigned argument
185 184 sub \$`8+16*4`,%rsp
186 185 mov %rsi,$inp # reassigned argument
187 186 and \$-64,%rsp
188 187 mov %rdx,$num # reassigned argument
189 188 mov %rax,`16*4`(%rsp)
190 189
191 190 mov 0($ctx),$A
192 191 mov 4($ctx),$B
193 192 mov 8($ctx),$C
194 193 mov 12($ctx),$D
195 194 mov 16($ctx),$E
|
↓ open down ↓ |
6 lines elided |
↑ open up ↑ |
196 195 ___
197 196 }
198 197
199 198 sub EPILOGUE {
200 199 my $func=shift;
201 200 $code.=<<___;
202 201 mov `16*4`(%rsp),%rsp
203 202 pop %r12
204 203 pop %rbp
205 204 pop %rbx
206 - /* EXPORT DELETE END */
207 205 ret
208 206 SET_SIZE($func)
209 207 ___
210 208 }
211 209
212 210 sub BODY_00_19 {
213 211 my ($i,$a,$b,$c,$d,$e,$f,$host)=@_;
214 212 my $j=$i+1;
215 213 $code.=<<___ if ($i==0);
216 214 mov `4*$i`($inp),$xi
217 215 `"bswap $xi" if(!defined($host))`
218 216 mov $xi,`4*$i`(%rsp)
219 217 ___
220 218 &lea_offset_eax_register_register("0x5a827999", $e, $f) if ($i < 15);
221 219 $code.=<<___ if ($i<15);
222 220 /lea 0x5a827999($xi,$e),$f
223 221 mov $c,$t0
224 222 mov `4*$j`($inp),$xi
225 223 mov $a,$e
226 224 xor $d,$t0
227 225 `"bswap $xi" if(!defined($host))`
228 226 rol \$5,$e
229 227 and $b,$t0
230 228 mov $xi,`4*$j`(%rsp)
231 229 add $e,$f
232 230 xor $d,$t0
233 231 rol \$30,$b
234 232 add $t0,$f
235 233 ___
236 234 &lea_offset_eax_register_register("0x5a827999", $e, $f) if ($i >= 15);
237 235 $code.=<<___ if ($i>=15);
238 236 /lea 0x5a827999($xi,$e),$f
239 237 mov `4*($j%16)`(%rsp),$xi
240 238 mov $c,$t0
241 239 mov $a,$e
242 240 xor `4*(($j+2)%16)`(%rsp),$xi
243 241 xor $d,$t0
244 242 rol \$5,$e
245 243 xor `4*(($j+8)%16)`(%rsp),$xi
246 244 and $b,$t0
247 245 add $e,$f
248 246 xor `4*(($j+13)%16)`(%rsp),$xi
249 247 xor $d,$t0
250 248 rol \$30,$b
251 249 add $t0,$f
252 250 rol \$1,$xi
253 251 mov $xi,`4*($j%16)`(%rsp)
254 252 ___
255 253 }
256 254
257 255 sub BODY_20_39 {
258 256 my ($i,$a,$b,$c,$d,$e,$f)=@_;
259 257 my $j=$i+1;
260 258 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
261 259 &lea_offset_eax_register_register($K, $e, $f) if ($i < 79);
262 260 $code.=<<___ if ($i<79);
263 261 /lea $K($xi,$e),$f
264 262 mov `4*($j%16)`(%rsp),$xi
265 263 mov $c,$t0
266 264 mov $a,$e
267 265 xor `4*(($j+2)%16)`(%rsp),$xi
268 266 xor $b,$t0
269 267 rol \$5,$e
270 268 xor `4*(($j+8)%16)`(%rsp),$xi
271 269 xor $d,$t0
272 270 add $e,$f
273 271 xor `4*(($j+13)%16)`(%rsp),$xi
274 272 rol \$30,$b
275 273 add $t0,$f
276 274 rol \$1,$xi
277 275 ___
278 276 $code.=<<___ if ($i<76);
279 277 mov $xi,`4*($j%16)`(%rsp)
280 278 ___
281 279 &lea_offset_eax_register_register($K, $e, $f) if ($i == 79);
282 280 $code.=<<___ if ($i==79);
283 281 /lea $K($xi,$e),$f
284 282 mov $c,$t0
285 283 mov $a,$e
286 284 xor $b,$t0
287 285 rol \$5,$e
288 286 xor $d,$t0
289 287 add $e,$f
290 288 rol \$30,$b
291 289 add $t0,$f
292 290 ___
293 291 }
294 292
295 293 sub BODY_40_59 {
296 294 my ($i,$a,$b,$c,$d,$e,$f)=@_;
297 295 my $j=$i+1;
298 296 &lea_offset_eax_register_register("0x8f1bbcdc", $e, $f);
299 297 $code.=<<___;
300 298 /lea 0x8f1bbcdc($xi,$e),$f
301 299 mov `4*($j%16)`(%rsp),$xi
302 300 mov $b,$t0
303 301 mov $b,$t1
304 302 xor `4*(($j+2)%16)`(%rsp),$xi
305 303 mov $a,$e
306 304 and $c,$t0
307 305 xor `4*(($j+8)%16)`(%rsp),$xi
308 306 or $c,$t1
309 307 rol \$5,$e
310 308 xor `4*(($j+13)%16)`(%rsp),$xi
311 309 and $d,$t1
312 310 add $e,$f
|
↓ open down ↓ |
96 lines elided |
↑ open up ↑ |
313 311 rol \$1,$xi
314 312 or $t1,$t0
315 313 rol \$30,$b
316 314 mov $xi,`4*($j%16)`(%rsp)
317 315 add $t0,$f
318 316 ___
319 317 }
320 318
321 319 $code=<<___;
322 320 #if !defined(lint) && !defined(__lint)
323 - .ident "@(#)sha1-x86_64.pl 1.1 08/03/02 SMI"
321 + .ident "@(#)sha1-x86_64.pl 1.2 08/03/20 SMI"
324 322 #include <sys/asm_linkage.h>
325 323 ___
326 324
327 325
328 326 &PROLOGUE("sha1_block_data_order");
329 327 $code.=".align 4\n.Lloop:\n";
330 328 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
331 329 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
332 330 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
333 331 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
334 332 $code.=<<___;
335 333 / Update and save state information in SHA-1 context
336 334 add 0($ctx),$E
337 335 add 4($ctx),$T
338 336 add 8($ctx),$A
339 337 add 12($ctx),$B
340 338 add 16($ctx),$C
341 339 mov $E,0($ctx)
342 340 mov $T,4($ctx)
343 341 mov $A,8($ctx)
344 342 mov $B,12($ctx)
345 343 mov $C,16($ctx)
346 344
347 345 xchg $E,$A # mov $E,$A
348 346 xchg $T,$B # mov $T,$B
349 347 xchg $E,$C # mov $A,$C
350 348 xchg $T,$D # mov $B,$D
351 349 # mov $C,$E
352 350 lea `16*4`($inp),$inp
353 351 sub \$1,$num
354 352 jnz .Lloop
355 353 ___
356 354 &EPILOGUE("sha1_block_data_order");
357 355 $code.=<<___;
358 356 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
359 357
360 358 #else
361 359 /* LINTED */
362 360 /* Nothing to be linted in this file--it's pure assembly source. */
363 361 #endif /* !lint && !__lint */
364 362 ___
365 363
366 364 ####################################################################
367 365
368 366 $code =~ s/\`([^\`]*)\`/eval $1/gem;
369 367 print $code;
370 368 close STDOUT;
|
↓ open down ↓ |
37 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX