sha512-ppc.pl@ 94082

Last change on this file since 94082 was 94082, checked in by vboxsync, 3 years ago
libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
Property svn:executable set to ``*
File size: 21.0 KB

Line
1	#! /usr/bin/env perl
2	# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
3	#
4	# Licensed under the Apache License 2.0 (the "License"). You may not use
5	# this file except in compliance with the License. You can obtain a copy
6	# in the file LICENSE in the source distribution or at
7	# https://www.openssl.org/source/license.html
8
9
10	# ====================================================================
11	# Written by Andy Polyakov <[email protected]> for the OpenSSL
12	# project. The module is, however, dual licensed under OpenSSL and
13	# CRYPTOGAMS licenses depending on where you obtain it. For further
14	# details see http://www.openssl.org/~appro/cryptogams/.
15	# ====================================================================
16
17	# I let hardware handle unaligned input, except on page boundaries
18	# (see below for details). Otherwise straightforward implementation
19	# with X vector in register bank.
20
21	# sha256 \| sha512
22	# -m64 -m32 \| -m64 -m32
23	# --------------------------------------+-----------------------
24	# PPC970,gcc-4.0.0 +50% +38% \| +40% +410%(*)
25	# Power6,xlc-7 +150% +90% \| +100% +430%(*)
26	#
27	# (*) 64-bit code in 32-bit application context, which actually is
28	# on TODO list. It should be noted that for safe deployment in
29	# 32-bit multi-threaded context asynchronous signals should be
30	# blocked upon entry to SHA512 block routine. This is because
31	# 32-bit signaling procedure invalidates upper halves of GPRs.
32	# Context switch procedure preserves them, but not signaling:-(
33
34	# Second version is true multi-thread safe. Trouble with the original
35	# version was that it was using thread local storage pointer register.
36	# Well, it scrupulously preserved it, but the problem would arise the
37	# moment asynchronous signal was delivered and signal handler would
38	# dereference the TLS pointer. While it's never the case in openssl
39	# application or test suite, we have to respect this scenario and not
40	# use TLS pointer register. Alternative would be to require caller to
41	# block signals prior calling this routine. For the record, in 32-bit
42	# context R2 serves as TLS pointer, while in 64-bit context - R13.
43
44	# $output is the last argument if it looks like a file (it has an extension)
45	# $flavour is the first argument if it doesn't look like a file
46	$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m\|\.\w+$\| ? pop : undef;
47	$flavour = $#ARGV >= 0 && $ARGV[0] !~ m\|\.\| ? shift : undef;
48
49	if ($flavour =~ /64/) {
50	$SIZE_T=8;
51	$LRSAVE=2*$SIZE_T;
52	$STU="stdu";
53	$UCMP="cmpld";
54	$SHL="sldi";
55	$POP="ld";
56	$PUSH="std";
57	} elsif ($flavour =~ /32/) {
58	$SIZE_T=4;
59	$LRSAVE=$SIZE_T;
60	$STU="stwu";
61	$UCMP="cmplw";
62	$SHL="slwi";
63	$POP="lwz";
64	$PUSH="stw";
65	} else { die "nonsense $flavour"; }
66
67	$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
68
69	$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
70	( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
71	( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
72	die "can't locate ppc-xlate.pl";
73
74	open STDOUT,"\| $^X $xlate $flavour \"$output\""
75	or die "can't call $xlate: $!";
76
77	if ($output =~ /512/) {
78	$func="sha512_block_ppc";
79	$SZ=8;
80	@Sigma0=(28,34,39);
81	@Sigma1=(14,18,41);
82	@sigma0=(1, 8, 7);
83	@sigma1=(19,61, 6);
84	$rounds=80;
85	$LD="ld";
86	$ST="std";
87	$ROR="rotrdi";
88	$SHR="srdi";
89	} else {
90	$func="sha256_block_ppc";
91	$SZ=4;
92	@Sigma0=( 2,13,22);
93	@Sigma1=( 6,11,25);
94	@sigma0=( 7,18, 3);
95	@sigma1=(17,19,10);
96	$rounds=64;
97	$LD="lwz";
98	$ST="stw";
99	$ROR="rotrwi";
100	$SHR="srwi";
101	}
102
103	$FRAME=32$SIZE_T+16$SZ;
104	$LOCALS=6*$SIZE_T;
105
106	$sp ="r1";
107	$toc="r2";
108	$ctx="r3"; # zapped by $a0
109	$inp="r4"; # zapped by $a1
110	$num="r5"; # zapped by $t0
111
112	$T ="r0";
113	$a0 ="r3";
114	$a1 ="r4";
115	$t0 ="r5";
116	$t1 ="r6";
117	$Tbl="r7";
118
119	$A ="r8";
120	$B ="r9";
121	$C ="r10";
122	$D ="r11";
123	$E ="r12";
124	$F =$t1; $t1 = "r0"; # stay away from "r13";
125	$G ="r14";
126	$H ="r15";
127
128	@V=($A,$B,$C,$D,$E,$F,$G,$H);
129	@X=("r16","r17","r18","r19","r20","r21","r22","r23",
130	"r24","r25","r26","r27","r28","r29","r30","r31");
131
132	$inp="r31" if($SZ==4 \|\| $SIZE_T==8); # reassigned $inp! aliases with @X[15]
133
134	sub ROUND_00_15 {
135	my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
136	$code.=<<___;
137	$ROR $a0,$e,$Sigma1[0]
138	$ROR $a1,$e,$Sigma1[1]
139	and $t0,$f,$e
140	xor $a0,$a0,$a1
141	add $h,$h,$t1
142	andc $t1,$g,$e
143	$ROR $a1,$a1,`$Sigma1[2]-$Sigma1[1]`
144	or $t0,$t0,$t1 ; Ch(e,f,g)
145	add $h,$h,@X[$i%16]
146	xor $a0,$a0,$a1 ; Sigma1(e)
147	add $h,$h,$t0
148	add $h,$h,$a0
149
150	$ROR $a0,$a,$Sigma0[0]
151	$ROR $a1,$a,$Sigma0[1]
152	and $t0,$a,$b
153	and $t1,$a,$c
154	xor $a0,$a0,$a1
155	$ROR $a1,$a1,`$Sigma0[2]-$Sigma0[1]`
156	xor $t0,$t0,$t1
157	and $t1,$b,$c
158	xor $a0,$a0,$a1 ; Sigma0(a)
159	add $d,$d,$h
160	xor $t0,$t0,$t1 ; Maj(a,b,c)
161	___
162	$code.=<<___ if ($i<15);
163	$LD $t1,`($i+1)*$SZ`($Tbl)
164	___
165	$code.=<<___;
166	add $h,$h,$a0
167	add $h,$h,$t0
168
169	___
170	}
171
172	sub ROUND_16_xx {
173	my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
174	$i-=16;
175	$code.=<<___;
176	$ROR $a0,@X[($i+1)%16],$sigma0[0]
177	$ROR $a1,@X[($i+1)%16],$sigma0[1]
178	$ROR $t0,@X[($i+14)%16],$sigma1[0]
179	$ROR $t1,@X[($i+14)%16],$sigma1[1]
180	xor $a0,$a0,$a1
181	$SHR $a1,@X[($i+1)%16],$sigma0[2]
182	xor $t0,$t0,$t1
183	$SHR $t1,@X[($i+14)%16],$sigma1[2]
184	add @X[$i],@X[$i],@X[($i+9)%16]
185	xor $a0,$a0,$a1 ; sigma0(X[(i+1)&0x0f])
186	xor $t0,$t0,$t1 ; sigma1(X[(i+14)&0x0f])
187	$LD $t1,`$i*$SZ`($Tbl)
188	add @X[$i],@X[$i],$a0
189	add @X[$i],@X[$i],$t0
190	___
191	&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h);
192	}
193
194	$code=<<___;
195	.machine "any"
196	.text
197
198	.globl $func
199	.align 6
200	$func:
201	$STU $sp,-$FRAME($sp)
202	mflr r0
203	$SHL $num,$num,`log(16*$SZ)/log(2)`
204
205	$PUSH $ctx,`$FRAME-$SIZE_T*22`($sp)
206
207	$PUSH r14,`$FRAME-$SIZE_T*18`($sp)
208	$PUSH r15,`$FRAME-$SIZE_T*17`($sp)
209	$PUSH r16,`$FRAME-$SIZE_T*16`($sp)
210	$PUSH r17,`$FRAME-$SIZE_T*15`($sp)
211	$PUSH r18,`$FRAME-$SIZE_T*14`($sp)
212	$PUSH r19,`$FRAME-$SIZE_T*13`($sp)
213	$PUSH r20,`$FRAME-$SIZE_T*12`($sp)
214	$PUSH r21,`$FRAME-$SIZE_T*11`($sp)
215	$PUSH r22,`$FRAME-$SIZE_T*10`($sp)
216	$PUSH r23,`$FRAME-$SIZE_T*9`($sp)
217	$PUSH r24,`$FRAME-$SIZE_T*8`($sp)
218	$PUSH r25,`$FRAME-$SIZE_T*7`($sp)
219	$PUSH r26,`$FRAME-$SIZE_T*6`($sp)
220	$PUSH r27,`$FRAME-$SIZE_T*5`($sp)
221	$PUSH r28,`$FRAME-$SIZE_T*4`($sp)
222	$PUSH r29,`$FRAME-$SIZE_T*3`($sp)
223	$PUSH r30,`$FRAME-$SIZE_T*2`($sp)
224	$PUSH r31,`$FRAME-$SIZE_T*1`($sp)
225	$PUSH r0,`$FRAME+$LRSAVE`($sp)
226	___
227
228	if ($SZ==4 \|\| $SIZE_T==8) {
229	$code.=<<___;
230	$LD $A,`0*$SZ`($ctx)
231	mr $inp,r4 ; incarnate $inp
232	$LD $B,`1*$SZ`($ctx)
233	$LD $C,`2*$SZ`($ctx)
234	$LD $D,`3*$SZ`($ctx)
235	$LD $E,`4*$SZ`($ctx)
236	$LD $F,`5*$SZ`($ctx)
237	$LD $G,`6*$SZ`($ctx)
238	$LD $H,`7*$SZ`($ctx)
239	___
240	} else {
241	for ($i=16;$i<32;$i++) {
242	$code.=<<___;
243	lwz r$i,`$LITTLE_ENDIAN^(4*($i-16))`($ctx)
244	___
245	}
246	}
247
248	$code.=<<___;
249	bl LPICmeup
250	LPICedup:
251	andi. r0,$inp,3
252	bne Lunaligned
253	Laligned:
254	add $num,$inp,$num
255	$PUSH $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer
256	$PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
257	bl Lsha2_block_private
258	b Ldone
259
260	; PowerPC specification allows an implementation to be ill-behaved
261	; upon unaligned access which crosses page boundary. "Better safe
262	; than sorry" principle makes me treat it specially. But I don't
263	; look for particular offending word, but rather for the input
264	; block which crosses the boundary. Once found that block is aligned
265	; and hashed separately...
266	.align 4
267	Lunaligned:
268	subfic $t1,$inp,4096
269	andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary
270	beq Lcross_page
271	$UCMP $num,$t1
272	ble Laligned ; didn't cross the page boundary
273	subfc $num,$t1,$num
274	add $t1,$inp,$t1
275	$PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num
276	$PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; intermediate end pointer
277	$PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
278	bl Lsha2_block_private
279	; $inp equals to the intermediate end pointer here
280	$POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real remaining num
281	Lcross_page:
282	li $t1,`16*$SZ/4`
283	mtctr $t1
284	___
285	if ($SZ==4 \|\| $SIZE_T==8) {
286	$code.=<<___;
287	addi r20,$sp,$LOCALS ; aligned spot below the frame
288	Lmemcpy:
289	lbz r16,0($inp)
290	lbz r17,1($inp)
291	lbz r18,2($inp)
292	lbz r19,3($inp)
293	addi $inp,$inp,4
294	stb r16,0(r20)
295	stb r17,1(r20)
296	stb r18,2(r20)
297	stb r19,3(r20)
298	addi r20,r20,4
299	bdnz Lmemcpy
300	___
301	} else {
302	$code.=<<___;
303	addi r12,$sp,$LOCALS ; aligned spot below the frame
304	Lmemcpy:
305	lbz r8,0($inp)
306	lbz r9,1($inp)
307	lbz r10,2($inp)
308	lbz r11,3($inp)
309	addi $inp,$inp,4
310	stb r8,0(r12)
311	stb r9,1(r12)
312	stb r10,2(r12)
313	stb r11,3(r12)
314	addi r12,r12,4
315	bdnz Lmemcpy
316	___
317	}
318
319	$code.=<<___;
320	$PUSH $inp,`$FRAME-$SIZE_T*26`($sp) ; save real inp
321	addi $t1,$sp,`$LOCALS+16*$SZ` ; fictitious end pointer
322	addi $inp,$sp,$LOCALS ; fictitious inp pointer
323	$PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real num
324	$PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; end pointer
325	$PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
326	bl Lsha2_block_private
327	$POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp
328	$POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num
329	addic. $num,$num,`-16*$SZ` ; num--
330	bne Lunaligned
331
332	Ldone:
333	$POP r0,`$FRAME+$LRSAVE`($sp)
334	$POP r14,`$FRAME-$SIZE_T*18`($sp)
335	$POP r15,`$FRAME-$SIZE_T*17`($sp)
336	$POP r16,`$FRAME-$SIZE_T*16`($sp)
337	$POP r17,`$FRAME-$SIZE_T*15`($sp)
338	$POP r18,`$FRAME-$SIZE_T*14`($sp)
339	$POP r19,`$FRAME-$SIZE_T*13`($sp)
340	$POP r20,`$FRAME-$SIZE_T*12`($sp)
341	$POP r21,`$FRAME-$SIZE_T*11`($sp)
342	$POP r22,`$FRAME-$SIZE_T*10`($sp)
343	$POP r23,`$FRAME-$SIZE_T*9`($sp)
344	$POP r24,`$FRAME-$SIZE_T*8`($sp)
345	$POP r25,`$FRAME-$SIZE_T*7`($sp)
346	$POP r26,`$FRAME-$SIZE_T*6`($sp)
347	$POP r27,`$FRAME-$SIZE_T*5`($sp)
348	$POP r28,`$FRAME-$SIZE_T*4`($sp)
349	$POP r29,`$FRAME-$SIZE_T*3`($sp)
350	$POP r30,`$FRAME-$SIZE_T*2`($sp)
351	$POP r31,`$FRAME-$SIZE_T*1`($sp)
352	mtlr r0
353	addi $sp,$sp,$FRAME
354	blr
355	.long 0
356	.byte 0,12,4,1,0x80,18,3,0
357	.long 0
358	___
359
360	if ($SZ==4 \|\| $SIZE_T==8) {
361	$code.=<<___;
362	.align 4
363	Lsha2_block_private:
364	$LD $t1,0($Tbl)
365	___
366	for($i=0;$i<16;$i++) {
367	$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN);
368	lwz @X[$i],`$i*$SZ`($inp)
369	___
370	$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN);
371	lwz $a0,`$i*$SZ`($inp)
372	rotlwi @X[$i],$a0,8
373	rlwimi @X[$i],$a0,24,0,7
374	rlwimi @X[$i],$a0,24,16,23
375	___
376	# 64-bit loads are split to 2x32-bit ones, as CPU can't handle
377	# unaligned 64-bit loads, only 32-bit ones...
378	$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN);
379	lwz $t0,`$i*$SZ`($inp)
380	lwz @X[$i],`$i*$SZ+4`($inp)
381	insrdi @X[$i],$t0,32,0
382	___
383	$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN);
384	lwz $a0,`$i*$SZ`($inp)
385	lwz $a1,`$i*$SZ+4`($inp)
386	rotlwi $t0,$a0,8
387	rotlwi @X[$i],$a1,8
388	rlwimi $t0,$a0,24,0,7
389	rlwimi @X[$i],$a1,24,0,7
390	rlwimi $t0,$a0,24,16,23
391	rlwimi @X[$i],$a1,24,16,23
392	insrdi @X[$i],$t0,32,0
393	___
394	&ROUND_00_15($i,@V);
395	unshift(@V,pop(@V));
396	}
397	$code.=<<___;
398	li $t0,`$rounds/16-1`
399	mtctr $t0
400	.align 4
401	Lrounds:
402	addi $Tbl,$Tbl,`16*$SZ`
403	___
404	for(;$i<32;$i++) {
405	&ROUND_16_xx($i,@V);
406	unshift(@V,pop(@V));
407	}
408	$code.=<<___;
409	bdnz Lrounds
410
411	$POP $ctx,`$FRAME-$SIZE_T*22`($sp)
412	$POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
413	$POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer
414	subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl
415
416	$LD r16,`0*$SZ`($ctx)
417	$LD r17,`1*$SZ`($ctx)
418	$LD r18,`2*$SZ`($ctx)
419	$LD r19,`3*$SZ`($ctx)
420	$LD r20,`4*$SZ`($ctx)
421	$LD r21,`5*$SZ`($ctx)
422	$LD r22,`6*$SZ`($ctx)
423	addi $inp,$inp,`16*$SZ` ; advance inp
424	$LD r23,`7*$SZ`($ctx)
425	add $A,$A,r16
426	add $B,$B,r17
427	$PUSH $inp,`$FRAME-$SIZE_T*23`($sp)
428	add $C,$C,r18
429	$ST $A,`0*$SZ`($ctx)
430	add $D,$D,r19
431	$ST $B,`1*$SZ`($ctx)
432	add $E,$E,r20
433	$ST $C,`2*$SZ`($ctx)
434	add $F,$F,r21
435	$ST $D,`3*$SZ`($ctx)
436	add $G,$G,r22
437	$ST $E,`4*$SZ`($ctx)
438	add $H,$H,r23
439	$ST $F,`5*$SZ`($ctx)
440	$ST $G,`6*$SZ`($ctx)
441	$UCMP $inp,$num
442	$ST $H,`7*$SZ`($ctx)
443	bne Lsha2_block_private
444	blr
445	.long 0
446	.byte 0,12,0x14,0,0,0,0,0
447	.size $func,.-$func
448	___
449	} else {
450	########################################################################
451	# SHA512 for PPC32, X vector is off-loaded to stack...
452	#
453	# \| sha512
454	# \| -m32
455	# ----------------------+-----------------------
456	# PPC74x0,gcc-4.0.1 \| +48%
457	# POWER6,gcc-4.4.6 \| +124%(*)
458	# POWER7,gcc-4.4.6 \| +79%(*)
459	# e300,gcc-4.1.0 \| +167%
460	#
461	# (*) ~1/3 of -m64 result [and ~20% better than -m32 code generated
462	# by xlc-12.1]
463
464	my $XOFF=$LOCALS;
465
466	my @V=map("r$_",(16..31)); # A..H
467
468	my ($s0,$s1,$t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("r$_",(0,5,6,8..12,14,15));
469	my ($x0,$x1)=("r3","r4"); # zaps $ctx and $inp
470
471	sub ROUND_00_15_ppc32 {
472	my ($i, $ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
473	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
474
475	$code.=<<___;
476	lwz $t2,`$SZ*($i%16)+($LITTLE_ENDIAN^4)`($Tbl)
477	xor $a0,$flo,$glo
478	lwz $t3,`$SZ*($i%16)+($LITTLE_ENDIAN^0)`($Tbl)
479	xor $a1,$fhi,$ghi
480	addc $hlo,$hlo,$t0 ; h+=x[i]
481	stw $t0,`$XOFF+0+$SZ*($i%16)`($sp) ; save x[i]
482
483	srwi $s0,$elo,$Sigma1[0]
484	srwi $s1,$ehi,$Sigma1[0]
485	and $a0,$a0,$elo
486	adde $hhi,$hhi,$t1
487	and $a1,$a1,$ehi
488	stw $t1,`$XOFF+4+$SZ*($i%16)`($sp)
489	srwi $t0,$elo,$Sigma1[1]
490	srwi $t1,$ehi,$Sigma1[1]
491	addc $hlo,$hlo,$t2 ; h+=K512[i]
492	insrwi $s0,$ehi,$Sigma1[0],0
493	insrwi $s1,$elo,$Sigma1[0],0
494	xor $a0,$a0,$glo ; Ch(e,f,g)
495	adde $hhi,$hhi,$t3
496	xor $a1,$a1,$ghi
497	insrwi $t0,$ehi,$Sigma1[1],0
498	insrwi $t1,$elo,$Sigma1[1],0
499	addc $hlo,$hlo,$a0 ; h+=Ch(e,f,g)
500	srwi $t2,$ehi,$Sigma1[2]-32
501	srwi $t3,$elo,$Sigma1[2]-32
502	xor $s0,$s0,$t0
503	xor $s1,$s1,$t1
504	insrwi $t2,$elo,$Sigma1[2]-32,0
505	insrwi $t3,$ehi,$Sigma1[2]-32,0
506	xor $a0,$alo,$blo ; a^b, b^c in next round
507	adde $hhi,$hhi,$a1
508	xor $a1,$ahi,$bhi
509	xor $s0,$s0,$t2 ; Sigma1(e)
510	xor $s1,$s1,$t3
511
512	srwi $t0,$alo,$Sigma0[0]
513	and $a2,$a2,$a0
514	addc $hlo,$hlo,$s0 ; h+=Sigma1(e)
515	and $a3,$a3,$a1
516	srwi $t1,$ahi,$Sigma0[0]
517	srwi $s0,$ahi,$Sigma0[1]-32
518	adde $hhi,$hhi,$s1
519	srwi $s1,$alo,$Sigma0[1]-32
520	insrwi $t0,$ahi,$Sigma0[0],0
521	insrwi $t1,$alo,$Sigma0[0],0
522	xor $a2,$a2,$blo ; Maj(a,b,c)
523	addc $dlo,$dlo,$hlo ; d+=h
524	xor $a3,$a3,$bhi
525	insrwi $s0,$alo,$Sigma0[1]-32,0
526	insrwi $s1,$ahi,$Sigma0[1]-32,0
527	adde $dhi,$dhi,$hhi
528	srwi $t2,$ahi,$Sigma0[2]-32
529	srwi $t3,$alo,$Sigma0[2]-32
530	xor $s0,$s0,$t0
531	addc $hlo,$hlo,$a2 ; h+=Maj(a,b,c)
532	xor $s1,$s1,$t1
533	insrwi $t2,$alo,$Sigma0[2]-32,0
534	insrwi $t3,$ahi,$Sigma0[2]-32,0
535	adde $hhi,$hhi,$a3
536	___
537	$code.=<<___ if ($i>=15);
538	lwz $t0,`$XOFF+0+$SZ*(($i+2)%16)`($sp)
539	lwz $t1,`$XOFF+4+$SZ*(($i+2)%16)`($sp)
540	___
541	$code.=<<___ if ($i<15 && !$LITTLE_ENDIAN);
542	lwz $t1,`$SZ*($i+1)+0`($inp)
543	lwz $t0,`$SZ*($i+1)+4`($inp)
544	___
545	$code.=<<___ if ($i<15 && $LITTLE_ENDIAN);
546	lwz $a2,`$SZ*($i+1)+0`($inp)
547	lwz $a3,`$SZ*($i+1)+4`($inp)
548	rotlwi $t1,$a2,8
549	rotlwi $t0,$a3,8
550	rlwimi $t1,$a2,24,0,7
551	rlwimi $t0,$a3,24,0,7
552	rlwimi $t1,$a2,24,16,23
553	rlwimi $t0,$a3,24,16,23
554	___
555	$code.=<<___;
556	xor $s0,$s0,$t2 ; Sigma0(a)
557	xor $s1,$s1,$t3
558	addc $hlo,$hlo,$s0 ; h+=Sigma0(a)
559	adde $hhi,$hhi,$s1
560	___
561	$code.=<<___ if ($i==15);
562	lwz $x0,`$XOFF+0+$SZ*(($i+1)%16)`($sp)
563	lwz $x1,`$XOFF+4+$SZ*(($i+1)%16)`($sp)
564	___
565	}
566	sub ROUND_16_xx_ppc32 {
567	my ($i, $ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo,
568	$ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_;
569
570	$code.=<<___;
571	srwi $s0,$t0,$sigma0[0]
572	srwi $s1,$t1,$sigma0[0]
573	srwi $t2,$t0,$sigma0[1]
574	srwi $t3,$t1,$sigma0[1]
575	insrwi $s0,$t1,$sigma0[0],0
576	insrwi $s1,$t0,$sigma0[0],0
577	srwi $a0,$t0,$sigma0[2]
578	insrwi $t2,$t1,$sigma0[1],0
579	insrwi $t3,$t0,$sigma0[1],0
580	insrwi $a0,$t1,$sigma0[2],0
581	xor $s0,$s0,$t2
582	lwz $t2,`$XOFF+0+$SZ*(($i+14)%16)`($sp)
583	srwi $a1,$t1,$sigma0[2]
584	xor $s1,$s1,$t3
585	lwz $t3,`$XOFF+4+$SZ*(($i+14)%16)`($sp)
586	xor $a0,$a0,$s0
587	srwi $s0,$t2,$sigma1[0]
588	xor $a1,$a1,$s1
589	srwi $s1,$t3,$sigma1[0]
590	addc $x0,$x0,$a0 ; x[i]+=sigma0(x[i+1])
591	srwi $a0,$t3,$sigma1[1]-32
592	insrwi $s0,$t3,$sigma1[0],0
593	insrwi $s1,$t2,$sigma1[0],0
594	adde $x1,$x1,$a1
595	srwi $a1,$t2,$sigma1[1]-32
596
597	insrwi $a0,$t2,$sigma1[1]-32,0
598	srwi $t2,$t2,$sigma1[2]
599	insrwi $a1,$t3,$sigma1[1]-32,0
600	insrwi $t2,$t3,$sigma1[2],0
601	xor $s0,$s0,$a0
602	lwz $a0,`$XOFF+0+$SZ*(($i+9)%16)`($sp)
603	srwi $t3,$t3,$sigma1[2]
604	xor $s1,$s1,$a1
605	lwz $a1,`$XOFF+4+$SZ*(($i+9)%16)`($sp)
606	xor $s0,$s0,$t2
607	addc $x0,$x0,$a0 ; x[i]+=x[i+9]
608	xor $s1,$s1,$t3
609	adde $x1,$x1,$a1
610	addc $x0,$x0,$s0 ; x[i]+=sigma1(x[i+14])
611	adde $x1,$x1,$s1
612	___
613	($t0,$t1,$x0,$x1) = ($x0,$x1,$t0,$t1);
614	&ROUND_00_15_ppc32(@_);
615	}
616
617	$code.=<<___;
618	.align 4
619	Lsha2_block_private:
620	___
621	$code.=<<___ if (!$LITTLE_ENDIAN);
622	lwz $t1,0($inp)
623	xor $a2,@V[3],@V[5] ; B^C, magic seed
624	lwz $t0,4($inp)
625	xor $a3,@V[2],@V[4]
626	___
627	$code.=<<___ if ($LITTLE_ENDIAN);
628	lwz $a1,0($inp)
629	xor $a2,@V[3],@V[5] ; B^C, magic seed
630	lwz $a0,4($inp)
631	xor $a3,@V[2],@V[4]
632	rotlwi $t1,$a1,8
633	rotlwi $t0,$a0,8
634	rlwimi $t1,$a1,24,0,7
635	rlwimi $t0,$a0,24,0,7
636	rlwimi $t1,$a1,24,16,23
637	rlwimi $t0,$a0,24,16,23
638	___
639	for($i=0;$i<16;$i++) {
640	&ROUND_00_15_ppc32($i,@V);
641	unshift(@V,pop(@V)); unshift(@V,pop(@V));
642	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
643	}
644	$code.=<<___;
645	li $a0,`$rounds/16-1`
646	mtctr $a0
647	.align 4
648	Lrounds:
649	addi $Tbl,$Tbl,`16*$SZ`
650	___
651	for(;$i<32;$i++) {
652	&ROUND_16_xx_ppc32($i,@V);
653	unshift(@V,pop(@V)); unshift(@V,pop(@V));
654	($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1);
655	}
656	$code.=<<___;
657	bdnz Lrounds
658
659	$POP $ctx,`$FRAME-$SIZE_T*22`($sp)
660	$POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer
661	$POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer
662	subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl
663
664	lwz $t0,`$LITTLE_ENDIAN^0`($ctx)
665	lwz $t1,`$LITTLE_ENDIAN^4`($ctx)
666	lwz $t2,`$LITTLE_ENDIAN^8`($ctx)
667	lwz $t3,`$LITTLE_ENDIAN^12`($ctx)
668	lwz $a0,`$LITTLE_ENDIAN^16`($ctx)
669	lwz $a1,`$LITTLE_ENDIAN^20`($ctx)
670	lwz $a2,`$LITTLE_ENDIAN^24`($ctx)
671	addc @V[1],@V[1],$t1
672	lwz $a3,`$LITTLE_ENDIAN^28`($ctx)
673	adde @V[0],@V[0],$t0
674	lwz $t0,`$LITTLE_ENDIAN^32`($ctx)
675	addc @V[3],@V[3],$t3
676	lwz $t1,`$LITTLE_ENDIAN^36`($ctx)
677	adde @V[2],@V[2],$t2
678	lwz $t2,`$LITTLE_ENDIAN^40`($ctx)
679	addc @V[5],@V[5],$a1
680	lwz $t3,`$LITTLE_ENDIAN^44`($ctx)
681	adde @V[4],@V[4],$a0
682	lwz $a0,`$LITTLE_ENDIAN^48`($ctx)
683	addc @V[7],@V[7],$a3
684	lwz $a1,`$LITTLE_ENDIAN^52`($ctx)
685	adde @V[6],@V[6],$a2
686	lwz $a2,`$LITTLE_ENDIAN^56`($ctx)
687	addc @V[9],@V[9],$t1
688	lwz $a3,`$LITTLE_ENDIAN^60`($ctx)
689	adde @V[8],@V[8],$t0
690	stw @V[0],`$LITTLE_ENDIAN^0`($ctx)
691	stw @V[1],`$LITTLE_ENDIAN^4`($ctx)
692	addc @V[11],@V[11],$t3
693	stw @V[2],`$LITTLE_ENDIAN^8`($ctx)
694	stw @V[3],`$LITTLE_ENDIAN^12`($ctx)
695	adde @V[10],@V[10],$t2
696	stw @V[4],`$LITTLE_ENDIAN^16`($ctx)
697	stw @V[5],`$LITTLE_ENDIAN^20`($ctx)
698	addc @V[13],@V[13],$a1
699	stw @V[6],`$LITTLE_ENDIAN^24`($ctx)
700	stw @V[7],`$LITTLE_ENDIAN^28`($ctx)
701	adde @V[12],@V[12],$a0
702	stw @V[8],`$LITTLE_ENDIAN^32`($ctx)
703	stw @V[9],`$LITTLE_ENDIAN^36`($ctx)
704	addc @V[15],@V[15],$a3
705	stw @V[10],`$LITTLE_ENDIAN^40`($ctx)
706	stw @V[11],`$LITTLE_ENDIAN^44`($ctx)
707	adde @V[14],@V[14],$a2
708	stw @V[12],`$LITTLE_ENDIAN^48`($ctx)
709	stw @V[13],`$LITTLE_ENDIAN^52`($ctx)
710	stw @V[14],`$LITTLE_ENDIAN^56`($ctx)
711	stw @V[15],`$LITTLE_ENDIAN^60`($ctx)
712
713	addi $inp,$inp,`16*$SZ` ; advance inp
714	$PUSH $inp,`$FRAME-$SIZE_T*23`($sp)
715	$UCMP $inp,$num
716	bne Lsha2_block_private
717	blr
718	.long 0
719	.byte 0,12,0x14,0,0,0,0,0
720	.size $func,.-$func
721	___
722	}
723
724	# Ugly hack here, because PPC assembler syntax seem to vary too
725	# much from platforms to platform...
726	$code.=<<___;
727	.align 6
728	LPICmeup:
729	mflr r0
730	bcl 20,31,\$+4
731	mflr $Tbl ; vvvvvv "distance" between . and 1st data entry
732	addi $Tbl,$Tbl,`64-8`
733	mtlr r0
734	blr
735	.long 0
736	.byte 0,12,0x14,0,0,0,0,0
737	.space `64-9*4`
738	___
739	$code.=<<___ if ($SZ==8);
740	.quad 0x428a2f98d728ae22,0x7137449123ef65cd
741	.quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
742	.quad 0x3956c25bf348b538,0x59f111f1b605d019
743	.quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118
744	.quad 0xd807aa98a3030242,0x12835b0145706fbe
745	.quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
746	.quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1
747	.quad 0x9bdc06a725c71235,0xc19bf174cf692694
748	.quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3
749	.quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
750	.quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483
751	.quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5
752	.quad 0x983e5152ee66dfab,0xa831c66d2db43210
753	.quad 0xb00327c898fb213f,0xbf597fc7beef0ee4
754	.quad 0xc6e00bf33da88fc2,0xd5a79147930aa725
755	.quad 0x06ca6351e003826f,0x142929670a0e6e70
756	.quad 0x27b70a8546d22ffc,0x2e1b21385c26c926
757	.quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df
758	.quad 0x650a73548baf63de,0x766a0abb3c77b2a8
759	.quad 0x81c2c92e47edaee6,0x92722c851482353b
760	.quad 0xa2bfe8a14cf10364,0xa81a664bbc423001
761	.quad 0xc24b8b70d0f89791,0xc76c51a30654be30
762	.quad 0xd192e819d6ef5218,0xd69906245565a910
763	.quad 0xf40e35855771202a,0x106aa07032bbd1b8
764	.quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53
765	.quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
766	.quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
767	.quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
768	.quad 0x748f82ee5defb2fc,0x78a5636f43172f60
769	.quad 0x84c87814a1f0ab72,0x8cc702081a6439ec
770	.quad 0x90befffa23631e28,0xa4506cebde82bde9
771	.quad 0xbef9a3f7b2c67915,0xc67178f2e372532b
772	.quad 0xca273eceea26619c,0xd186b8c721c0c207
773	.quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
774	.quad 0x06f067aa72176fba,0x0a637dc5a2c898a6
775	.quad 0x113f9804bef90dae,0x1b710b35131c471b
776	.quad 0x28db77f523047d84,0x32caab7b40c72493
777	.quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
778	.quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a
779	.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
780	___
781	$code.=<<___ if ($SZ==4);
782	.long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
783	.long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
784	.long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
785	.long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
786	.long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
787	.long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
788	.long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
789	.long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
790	.long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
791	.long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
792	.long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
793	.long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
794	.long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
795	.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
796	.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
797	.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
798	___
799
800	$code =~ s/\`([^\`]*)\`/eval $1/gem;
801	print $code;
802	close STDOUT or die "error closing STDOUT: $!";

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.1/crypto/sha/asm/sha512-ppc.pl@ 94082

Download in other formats: