1*4882a593Smuzhiyun/* 2*4882a593Smuzhiyun * Intel SHA Extensions optimized implementation of a SHA-1 update function 3*4882a593Smuzhiyun * 4*4882a593Smuzhiyun * This file is provided under a dual BSD/GPLv2 license. When using or 5*4882a593Smuzhiyun * redistributing this file, you may do so under either license. 6*4882a593Smuzhiyun * 7*4882a593Smuzhiyun * GPL LICENSE SUMMARY 8*4882a593Smuzhiyun * 9*4882a593Smuzhiyun * Copyright(c) 2015 Intel Corporation. 10*4882a593Smuzhiyun * 11*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or modify 12*4882a593Smuzhiyun * it under the terms of version 2 of the GNU General Public License as 13*4882a593Smuzhiyun * published by the Free Software Foundation. 14*4882a593Smuzhiyun * 15*4882a593Smuzhiyun * This program is distributed in the hope that it will be useful, but 16*4882a593Smuzhiyun * WITHOUT ANY WARRANTY; without even the implied warranty of 17*4882a593Smuzhiyun * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18*4882a593Smuzhiyun * General Public License for more details. 19*4882a593Smuzhiyun * 20*4882a593Smuzhiyun * Contact Information: 21*4882a593Smuzhiyun * Sean Gulley <sean.m.gulley@intel.com> 22*4882a593Smuzhiyun * Tim Chen <tim.c.chen@linux.intel.com> 23*4882a593Smuzhiyun * 24*4882a593Smuzhiyun * BSD LICENSE 25*4882a593Smuzhiyun * 26*4882a593Smuzhiyun * Copyright(c) 2015 Intel Corporation. 27*4882a593Smuzhiyun * 28*4882a593Smuzhiyun * Redistribution and use in source and binary forms, with or without 29*4882a593Smuzhiyun * modification, are permitted provided that the following conditions 30*4882a593Smuzhiyun * are met: 31*4882a593Smuzhiyun * 32*4882a593Smuzhiyun * * Redistributions of source code must retain the above copyright 33*4882a593Smuzhiyun * notice, this list of conditions and the following disclaimer. 34*4882a593Smuzhiyun * * Redistributions in binary form must reproduce the above copyright 35*4882a593Smuzhiyun * notice, this list of conditions and the following disclaimer in 36*4882a593Smuzhiyun * the documentation and/or other materials provided with the 37*4882a593Smuzhiyun * distribution. 38*4882a593Smuzhiyun * * Neither the name of Intel Corporation nor the names of its 39*4882a593Smuzhiyun * contributors may be used to endorse or promote products derived 40*4882a593Smuzhiyun * from this software without specific prior written permission. 41*4882a593Smuzhiyun * 42*4882a593Smuzhiyun * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 43*4882a593Smuzhiyun * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 44*4882a593Smuzhiyun * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 45*4882a593Smuzhiyun * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 46*4882a593Smuzhiyun * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 47*4882a593Smuzhiyun * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 48*4882a593Smuzhiyun * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 49*4882a593Smuzhiyun * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 50*4882a593Smuzhiyun * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 51*4882a593Smuzhiyun * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 52*4882a593Smuzhiyun * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 53*4882a593Smuzhiyun * 54*4882a593Smuzhiyun */ 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun#include <linux/linkage.h> 57*4882a593Smuzhiyun 58*4882a593Smuzhiyun#define DIGEST_PTR %rdi /* 1st arg */ 59*4882a593Smuzhiyun#define DATA_PTR %rsi /* 2nd arg */ 60*4882a593Smuzhiyun#define NUM_BLKS %rdx /* 3rd arg */ 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun#define RSPSAVE %rax 63*4882a593Smuzhiyun 64*4882a593Smuzhiyun/* gcc conversion */ 65*4882a593Smuzhiyun#define FRAME_SIZE 32 /* space for 2x16 bytes */ 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun#define ABCD %xmm0 68*4882a593Smuzhiyun#define E0 %xmm1 /* Need two E's b/c they ping pong */ 69*4882a593Smuzhiyun#define E1 %xmm2 70*4882a593Smuzhiyun#define MSG0 %xmm3 71*4882a593Smuzhiyun#define MSG1 %xmm4 72*4882a593Smuzhiyun#define MSG2 %xmm5 73*4882a593Smuzhiyun#define MSG3 %xmm6 74*4882a593Smuzhiyun#define SHUF_MASK %xmm7 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun 77*4882a593Smuzhiyun/* 78*4882a593Smuzhiyun * Intel SHA Extensions optimized implementation of a SHA-1 update function 79*4882a593Smuzhiyun * 80*4882a593Smuzhiyun * The function takes a pointer to the current hash values, a pointer to the 81*4882a593Smuzhiyun * input data, and a number of 64 byte blocks to process. Once all blocks have 82*4882a593Smuzhiyun * been processed, the digest pointer is updated with the resulting hash value. 83*4882a593Smuzhiyun * The function only processes complete blocks, there is no functionality to 84*4882a593Smuzhiyun * store partial blocks. All message padding and hash value initialization must 85*4882a593Smuzhiyun * be done outside the update function. 86*4882a593Smuzhiyun * 87*4882a593Smuzhiyun * The indented lines in the loop are instructions related to rounds processing. 88*4882a593Smuzhiyun * The non-indented lines are instructions related to the message schedule. 89*4882a593Smuzhiyun * 90*4882a593Smuzhiyun * void sha1_ni_transform(uint32_t *digest, const void *data, 91*4882a593Smuzhiyun uint32_t numBlocks) 92*4882a593Smuzhiyun * digest : pointer to digest 93*4882a593Smuzhiyun * data: pointer to input data 94*4882a593Smuzhiyun * numBlocks: Number of blocks to process 95*4882a593Smuzhiyun */ 96*4882a593Smuzhiyun.text 97*4882a593Smuzhiyun.align 32 98*4882a593SmuzhiyunSYM_FUNC_START(sha1_ni_transform) 99*4882a593Smuzhiyun mov %rsp, RSPSAVE 100*4882a593Smuzhiyun sub $FRAME_SIZE, %rsp 101*4882a593Smuzhiyun and $~0xF, %rsp 102*4882a593Smuzhiyun 103*4882a593Smuzhiyun shl $6, NUM_BLKS /* convert to bytes */ 104*4882a593Smuzhiyun jz .Ldone_hash 105*4882a593Smuzhiyun add DATA_PTR, NUM_BLKS /* pointer to end of data */ 106*4882a593Smuzhiyun 107*4882a593Smuzhiyun /* load initial hash values */ 108*4882a593Smuzhiyun pinsrd $3, 1*16(DIGEST_PTR), E0 109*4882a593Smuzhiyun movdqu 0*16(DIGEST_PTR), ABCD 110*4882a593Smuzhiyun pand UPPER_WORD_MASK(%rip), E0 111*4882a593Smuzhiyun pshufd $0x1B, ABCD, ABCD 112*4882a593Smuzhiyun 113*4882a593Smuzhiyun movdqa PSHUFFLE_BYTE_FLIP_MASK(%rip), SHUF_MASK 114*4882a593Smuzhiyun 115*4882a593Smuzhiyun.Lloop0: 116*4882a593Smuzhiyun /* Save hash values for addition after rounds */ 117*4882a593Smuzhiyun movdqa E0, (0*16)(%rsp) 118*4882a593Smuzhiyun movdqa ABCD, (1*16)(%rsp) 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun /* Rounds 0-3 */ 121*4882a593Smuzhiyun movdqu 0*16(DATA_PTR), MSG0 122*4882a593Smuzhiyun pshufb SHUF_MASK, MSG0 123*4882a593Smuzhiyun paddd MSG0, E0 124*4882a593Smuzhiyun movdqa ABCD, E1 125*4882a593Smuzhiyun sha1rnds4 $0, E0, ABCD 126*4882a593Smuzhiyun 127*4882a593Smuzhiyun /* Rounds 4-7 */ 128*4882a593Smuzhiyun movdqu 1*16(DATA_PTR), MSG1 129*4882a593Smuzhiyun pshufb SHUF_MASK, MSG1 130*4882a593Smuzhiyun sha1nexte MSG1, E1 131*4882a593Smuzhiyun movdqa ABCD, E0 132*4882a593Smuzhiyun sha1rnds4 $0, E1, ABCD 133*4882a593Smuzhiyun sha1msg1 MSG1, MSG0 134*4882a593Smuzhiyun 135*4882a593Smuzhiyun /* Rounds 8-11 */ 136*4882a593Smuzhiyun movdqu 2*16(DATA_PTR), MSG2 137*4882a593Smuzhiyun pshufb SHUF_MASK, MSG2 138*4882a593Smuzhiyun sha1nexte MSG2, E0 139*4882a593Smuzhiyun movdqa ABCD, E1 140*4882a593Smuzhiyun sha1rnds4 $0, E0, ABCD 141*4882a593Smuzhiyun sha1msg1 MSG2, MSG1 142*4882a593Smuzhiyun pxor MSG2, MSG0 143*4882a593Smuzhiyun 144*4882a593Smuzhiyun /* Rounds 12-15 */ 145*4882a593Smuzhiyun movdqu 3*16(DATA_PTR), MSG3 146*4882a593Smuzhiyun pshufb SHUF_MASK, MSG3 147*4882a593Smuzhiyun sha1nexte MSG3, E1 148*4882a593Smuzhiyun movdqa ABCD, E0 149*4882a593Smuzhiyun sha1msg2 MSG3, MSG0 150*4882a593Smuzhiyun sha1rnds4 $0, E1, ABCD 151*4882a593Smuzhiyun sha1msg1 MSG3, MSG2 152*4882a593Smuzhiyun pxor MSG3, MSG1 153*4882a593Smuzhiyun 154*4882a593Smuzhiyun /* Rounds 16-19 */ 155*4882a593Smuzhiyun sha1nexte MSG0, E0 156*4882a593Smuzhiyun movdqa ABCD, E1 157*4882a593Smuzhiyun sha1msg2 MSG0, MSG1 158*4882a593Smuzhiyun sha1rnds4 $0, E0, ABCD 159*4882a593Smuzhiyun sha1msg1 MSG0, MSG3 160*4882a593Smuzhiyun pxor MSG0, MSG2 161*4882a593Smuzhiyun 162*4882a593Smuzhiyun /* Rounds 20-23 */ 163*4882a593Smuzhiyun sha1nexte MSG1, E1 164*4882a593Smuzhiyun movdqa ABCD, E0 165*4882a593Smuzhiyun sha1msg2 MSG1, MSG2 166*4882a593Smuzhiyun sha1rnds4 $1, E1, ABCD 167*4882a593Smuzhiyun sha1msg1 MSG1, MSG0 168*4882a593Smuzhiyun pxor MSG1, MSG3 169*4882a593Smuzhiyun 170*4882a593Smuzhiyun /* Rounds 24-27 */ 171*4882a593Smuzhiyun sha1nexte MSG2, E0 172*4882a593Smuzhiyun movdqa ABCD, E1 173*4882a593Smuzhiyun sha1msg2 MSG2, MSG3 174*4882a593Smuzhiyun sha1rnds4 $1, E0, ABCD 175*4882a593Smuzhiyun sha1msg1 MSG2, MSG1 176*4882a593Smuzhiyun pxor MSG2, MSG0 177*4882a593Smuzhiyun 178*4882a593Smuzhiyun /* Rounds 28-31 */ 179*4882a593Smuzhiyun sha1nexte MSG3, E1 180*4882a593Smuzhiyun movdqa ABCD, E0 181*4882a593Smuzhiyun sha1msg2 MSG3, MSG0 182*4882a593Smuzhiyun sha1rnds4 $1, E1, ABCD 183*4882a593Smuzhiyun sha1msg1 MSG3, MSG2 184*4882a593Smuzhiyun pxor MSG3, MSG1 185*4882a593Smuzhiyun 186*4882a593Smuzhiyun /* Rounds 32-35 */ 187*4882a593Smuzhiyun sha1nexte MSG0, E0 188*4882a593Smuzhiyun movdqa ABCD, E1 189*4882a593Smuzhiyun sha1msg2 MSG0, MSG1 190*4882a593Smuzhiyun sha1rnds4 $1, E0, ABCD 191*4882a593Smuzhiyun sha1msg1 MSG0, MSG3 192*4882a593Smuzhiyun pxor MSG0, MSG2 193*4882a593Smuzhiyun 194*4882a593Smuzhiyun /* Rounds 36-39 */ 195*4882a593Smuzhiyun sha1nexte MSG1, E1 196*4882a593Smuzhiyun movdqa ABCD, E0 197*4882a593Smuzhiyun sha1msg2 MSG1, MSG2 198*4882a593Smuzhiyun sha1rnds4 $1, E1, ABCD 199*4882a593Smuzhiyun sha1msg1 MSG1, MSG0 200*4882a593Smuzhiyun pxor MSG1, MSG3 201*4882a593Smuzhiyun 202*4882a593Smuzhiyun /* Rounds 40-43 */ 203*4882a593Smuzhiyun sha1nexte MSG2, E0 204*4882a593Smuzhiyun movdqa ABCD, E1 205*4882a593Smuzhiyun sha1msg2 MSG2, MSG3 206*4882a593Smuzhiyun sha1rnds4 $2, E0, ABCD 207*4882a593Smuzhiyun sha1msg1 MSG2, MSG1 208*4882a593Smuzhiyun pxor MSG2, MSG0 209*4882a593Smuzhiyun 210*4882a593Smuzhiyun /* Rounds 44-47 */ 211*4882a593Smuzhiyun sha1nexte MSG3, E1 212*4882a593Smuzhiyun movdqa ABCD, E0 213*4882a593Smuzhiyun sha1msg2 MSG3, MSG0 214*4882a593Smuzhiyun sha1rnds4 $2, E1, ABCD 215*4882a593Smuzhiyun sha1msg1 MSG3, MSG2 216*4882a593Smuzhiyun pxor MSG3, MSG1 217*4882a593Smuzhiyun 218*4882a593Smuzhiyun /* Rounds 48-51 */ 219*4882a593Smuzhiyun sha1nexte MSG0, E0 220*4882a593Smuzhiyun movdqa ABCD, E1 221*4882a593Smuzhiyun sha1msg2 MSG0, MSG1 222*4882a593Smuzhiyun sha1rnds4 $2, E0, ABCD 223*4882a593Smuzhiyun sha1msg1 MSG0, MSG3 224*4882a593Smuzhiyun pxor MSG0, MSG2 225*4882a593Smuzhiyun 226*4882a593Smuzhiyun /* Rounds 52-55 */ 227*4882a593Smuzhiyun sha1nexte MSG1, E1 228*4882a593Smuzhiyun movdqa ABCD, E0 229*4882a593Smuzhiyun sha1msg2 MSG1, MSG2 230*4882a593Smuzhiyun sha1rnds4 $2, E1, ABCD 231*4882a593Smuzhiyun sha1msg1 MSG1, MSG0 232*4882a593Smuzhiyun pxor MSG1, MSG3 233*4882a593Smuzhiyun 234*4882a593Smuzhiyun /* Rounds 56-59 */ 235*4882a593Smuzhiyun sha1nexte MSG2, E0 236*4882a593Smuzhiyun movdqa ABCD, E1 237*4882a593Smuzhiyun sha1msg2 MSG2, MSG3 238*4882a593Smuzhiyun sha1rnds4 $2, E0, ABCD 239*4882a593Smuzhiyun sha1msg1 MSG2, MSG1 240*4882a593Smuzhiyun pxor MSG2, MSG0 241*4882a593Smuzhiyun 242*4882a593Smuzhiyun /* Rounds 60-63 */ 243*4882a593Smuzhiyun sha1nexte MSG3, E1 244*4882a593Smuzhiyun movdqa ABCD, E0 245*4882a593Smuzhiyun sha1msg2 MSG3, MSG0 246*4882a593Smuzhiyun sha1rnds4 $3, E1, ABCD 247*4882a593Smuzhiyun sha1msg1 MSG3, MSG2 248*4882a593Smuzhiyun pxor MSG3, MSG1 249*4882a593Smuzhiyun 250*4882a593Smuzhiyun /* Rounds 64-67 */ 251*4882a593Smuzhiyun sha1nexte MSG0, E0 252*4882a593Smuzhiyun movdqa ABCD, E1 253*4882a593Smuzhiyun sha1msg2 MSG0, MSG1 254*4882a593Smuzhiyun sha1rnds4 $3, E0, ABCD 255*4882a593Smuzhiyun sha1msg1 MSG0, MSG3 256*4882a593Smuzhiyun pxor MSG0, MSG2 257*4882a593Smuzhiyun 258*4882a593Smuzhiyun /* Rounds 68-71 */ 259*4882a593Smuzhiyun sha1nexte MSG1, E1 260*4882a593Smuzhiyun movdqa ABCD, E0 261*4882a593Smuzhiyun sha1msg2 MSG1, MSG2 262*4882a593Smuzhiyun sha1rnds4 $3, E1, ABCD 263*4882a593Smuzhiyun pxor MSG1, MSG3 264*4882a593Smuzhiyun 265*4882a593Smuzhiyun /* Rounds 72-75 */ 266*4882a593Smuzhiyun sha1nexte MSG2, E0 267*4882a593Smuzhiyun movdqa ABCD, E1 268*4882a593Smuzhiyun sha1msg2 MSG2, MSG3 269*4882a593Smuzhiyun sha1rnds4 $3, E0, ABCD 270*4882a593Smuzhiyun 271*4882a593Smuzhiyun /* Rounds 76-79 */ 272*4882a593Smuzhiyun sha1nexte MSG3, E1 273*4882a593Smuzhiyun movdqa ABCD, E0 274*4882a593Smuzhiyun sha1rnds4 $3, E1, ABCD 275*4882a593Smuzhiyun 276*4882a593Smuzhiyun /* Add current hash values with previously saved */ 277*4882a593Smuzhiyun sha1nexte (0*16)(%rsp), E0 278*4882a593Smuzhiyun paddd (1*16)(%rsp), ABCD 279*4882a593Smuzhiyun 280*4882a593Smuzhiyun /* Increment data pointer and loop if more to process */ 281*4882a593Smuzhiyun add $64, DATA_PTR 282*4882a593Smuzhiyun cmp NUM_BLKS, DATA_PTR 283*4882a593Smuzhiyun jne .Lloop0 284*4882a593Smuzhiyun 285*4882a593Smuzhiyun /* Write hash values back in the correct order */ 286*4882a593Smuzhiyun pshufd $0x1B, ABCD, ABCD 287*4882a593Smuzhiyun movdqu ABCD, 0*16(DIGEST_PTR) 288*4882a593Smuzhiyun pextrd $3, E0, 1*16(DIGEST_PTR) 289*4882a593Smuzhiyun 290*4882a593Smuzhiyun.Ldone_hash: 291*4882a593Smuzhiyun mov RSPSAVE, %rsp 292*4882a593Smuzhiyun 293*4882a593Smuzhiyun RET 294*4882a593SmuzhiyunSYM_FUNC_END(sha1_ni_transform) 295*4882a593Smuzhiyun 296*4882a593Smuzhiyun.section .rodata.cst16.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 16 297*4882a593Smuzhiyun.align 16 298*4882a593SmuzhiyunPSHUFFLE_BYTE_FLIP_MASK: 299*4882a593Smuzhiyun .octa 0x000102030405060708090a0b0c0d0e0f 300*4882a593Smuzhiyun 301*4882a593Smuzhiyun.section .rodata.cst16.UPPER_WORD_MASK, "aM", @progbits, 16 302*4882a593Smuzhiyun.align 16 303*4882a593SmuzhiyunUPPER_WORD_MASK: 304*4882a593Smuzhiyun .octa 0xFFFFFFFF000000000000000000000000 305