Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / busybox / eb8d5f3b8f3c91f3ed82a52b4ce52a154c146ede / . / libbb / hash_md5_sha_x86-32_shaNI.S
blob: a61b3cbede3285f48b9e2bd73677080f1e6165c0 [file] [log] [blame]
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]1#if ENABLE_SHA1_HWACCEL && defined(__GNUC__) && defined(__i386__)
2/* The code is adapted from Linux kernel's source */
3
4// We use shorter insns, even though they are for "wrong"
5// data type (fp, not int).
6// For Intel, there is no penalty for doing it at all
7// (CPUs which do have such penalty do not support SHA1 insns).
8// For AMD, the penalty is one extra cycle
9// (allegedly: I failed to find measurable difference).
10
11//#define mova128 movdqa
12#define mova128 movaps
13//#define movu128 movdqu
14#define movu128 movups
15//#define xor128 pxor
16#define xor128 xorps
17//#define shuf128_32 pshufd
18#define shuf128_32 shufps
19
20#define extr128_32 pextrd
Denys Vlasenko805ecec2022-01-08 00:41:09 +0100[diff] [blame]21//#define extr128_32 extractps # not shorter
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]22
Denys Vlasenko6472ac92022-02-03 14:15:20 +0100[diff] [blame]23 .section .text.sha1_process_block64_shaNI, "ax", @progbits
Denys Vlasenko805ecec2022-01-08 00:41:09 +0100[diff] [blame]24 .globl sha1_process_block64_shaNI
25 .hidden sha1_process_block64_shaNI
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]26 .type sha1_process_block64_shaNI, @function
27
28#define ABCD %xmm0
29#define E0 %xmm1 /* Need two E's b/c they ping pong */
30#define E1 %xmm2
31#define MSG0 %xmm3
32#define MSG1 %xmm4
33#define MSG2 %xmm5
34#define MSG3 %xmm6
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]35
Denys Vlasenko71a1ccc2022-02-08 08:20:27 +0100[diff] [blame]36 .balign 8 # allow decoders to fetch at least 2 first insns
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]37sha1_process_block64_shaNI:
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]38 /* load initial hash values */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]39 movu128 76(%eax), ABCD
Denys Vlasenkoeb52e7f2022-02-08 15:23:26 +0100[diff] [blame]40 xor128 E0, E0
Denys Vlasenko0bab5da2022-01-07 14:55:31 +0100[diff] [blame]41 pinsrd $3, 76+4*4(%eax), E0 # load to uppermost 32-bit word
42 shuf128_32 $0x1B, ABCD, ABCD # DCBA -> ABCD
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]43
Denys Vlasenko71a1ccc2022-02-08 08:20:27 +0100[diff] [blame]44 mova128 PSHUFFLE_BYTE_FLIP_MASK, %xmm7
45
46 movu128 0*16(%eax), MSG0
47 pshufb %xmm7, MSG0
48 movu128 1*16(%eax), MSG1
49 pshufb %xmm7, MSG1
50 movu128 2*16(%eax), MSG2
51 pshufb %xmm7, MSG2
52 movu128 3*16(%eax), MSG3
53 pshufb %xmm7, MSG3
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]54
55 /* Save hash values for addition after rounds */
Denys Vlasenkoeb8d5f32022-02-08 15:34:02 +0100[diff] [blame^]56 mova128 E0, %xmm7
57 /*mova128 ABCD, %xmm8 - NOPE, 32bit has no xmm8 */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]58
59 /* Rounds 0-3 */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]60 paddd MSG0, E0
61 mova128 ABCD, E1
62 sha1rnds4 $0, E0, ABCD
63
64 /* Rounds 4-7 */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]65 sha1nexte MSG1, E1
66 mova128 ABCD, E0
67 sha1rnds4 $0, E1, ABCD
68 sha1msg1 MSG1, MSG0
69
70 /* Rounds 8-11 */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]71 sha1nexte MSG2, E0
72 mova128 ABCD, E1
73 sha1rnds4 $0, E0, ABCD
74 sha1msg1 MSG2, MSG1
75 xor128 MSG2, MSG0
76
77 /* Rounds 12-15 */
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]78 sha1nexte MSG3, E1
79 mova128 ABCD, E0
80 sha1msg2 MSG3, MSG0
81 sha1rnds4 $0, E1, ABCD
82 sha1msg1 MSG3, MSG2
83 xor128 MSG3, MSG1
84
85 /* Rounds 16-19 */
86 sha1nexte MSG0, E0
87 mova128 ABCD, E1
88 sha1msg2 MSG0, MSG1
89 sha1rnds4 $0, E0, ABCD
90 sha1msg1 MSG0, MSG3
91 xor128 MSG0, MSG2
92
93 /* Rounds 20-23 */
94 sha1nexte MSG1, E1
95 mova128 ABCD, E0
96 sha1msg2 MSG1, MSG2
97 sha1rnds4 $1, E1, ABCD
98 sha1msg1 MSG1, MSG0
99 xor128 MSG1, MSG3
100
101 /* Rounds 24-27 */
102 sha1nexte MSG2, E0
103 mova128 ABCD, E1
104 sha1msg2 MSG2, MSG3
105 sha1rnds4 $1, E0, ABCD
106 sha1msg1 MSG2, MSG1
107 xor128 MSG2, MSG0
108
109 /* Rounds 28-31 */
110 sha1nexte MSG3, E1
111 mova128 ABCD, E0
112 sha1msg2 MSG3, MSG0
113 sha1rnds4 $1, E1, ABCD
114 sha1msg1 MSG3, MSG2
115 xor128 MSG3, MSG1
116
117 /* Rounds 32-35 */
118 sha1nexte MSG0, E0
119 mova128 ABCD, E1
120 sha1msg2 MSG0, MSG1
121 sha1rnds4 $1, E0, ABCD
122 sha1msg1 MSG0, MSG3
123 xor128 MSG0, MSG2
124
125 /* Rounds 36-39 */
126 sha1nexte MSG1, E1
127 mova128 ABCD, E0
128 sha1msg2 MSG1, MSG2
129 sha1rnds4 $1, E1, ABCD
130 sha1msg1 MSG1, MSG0
131 xor128 MSG1, MSG3
132
133 /* Rounds 40-43 */
134 sha1nexte MSG2, E0
135 mova128 ABCD, E1
136 sha1msg2 MSG2, MSG3
137 sha1rnds4 $2, E0, ABCD
138 sha1msg1 MSG2, MSG1
139 xor128 MSG2, MSG0
140
141 /* Rounds 44-47 */
142 sha1nexte MSG3, E1
143 mova128 ABCD, E0
144 sha1msg2 MSG3, MSG0
145 sha1rnds4 $2, E1, ABCD
146 sha1msg1 MSG3, MSG2
147 xor128 MSG3, MSG1
148
149 /* Rounds 48-51 */
150 sha1nexte MSG0, E0
151 mova128 ABCD, E1
152 sha1msg2 MSG0, MSG1
153 sha1rnds4 $2, E0, ABCD
154 sha1msg1 MSG0, MSG3
155 xor128 MSG0, MSG2
156
157 /* Rounds 52-55 */
158 sha1nexte MSG1, E1
159 mova128 ABCD, E0
160 sha1msg2 MSG1, MSG2
161 sha1rnds4 $2, E1, ABCD
162 sha1msg1 MSG1, MSG0
163 xor128 MSG1, MSG3
164
165 /* Rounds 56-59 */
166 sha1nexte MSG2, E0
167 mova128 ABCD, E1
168 sha1msg2 MSG2, MSG3
169 sha1rnds4 $2, E0, ABCD
170 sha1msg1 MSG2, MSG1
171 xor128 MSG2, MSG0
172
173 /* Rounds 60-63 */
174 sha1nexte MSG3, E1
175 mova128 ABCD, E0
176 sha1msg2 MSG3, MSG0
177 sha1rnds4 $3, E1, ABCD
178 sha1msg1 MSG3, MSG2
179 xor128 MSG3, MSG1
180
181 /* Rounds 64-67 */
182 sha1nexte MSG0, E0
183 mova128 ABCD, E1
184 sha1msg2 MSG0, MSG1
185 sha1rnds4 $3, E0, ABCD
186 sha1msg1 MSG0, MSG3
187 xor128 MSG0, MSG2
188
189 /* Rounds 68-71 */
190 sha1nexte MSG1, E1
191 mova128 ABCD, E0
192 sha1msg2 MSG1, MSG2
193 sha1rnds4 $3, E1, ABCD
194 xor128 MSG1, MSG3
195
196 /* Rounds 72-75 */
197 sha1nexte MSG2, E0
198 mova128 ABCD, E1
199 sha1msg2 MSG2, MSG3
200 sha1rnds4 $3, E0, ABCD
201
202 /* Rounds 76-79 */
203 sha1nexte MSG3, E1
204 mova128 ABCD, E0
205 sha1rnds4 $3, E1, ABCD
206
207 /* Add current hash values with previously saved */
Denys Vlasenko71a1ccc2022-02-08 08:20:27 +0100[diff] [blame]208 sha1nexte %xmm7, E0
Denys Vlasenkoeb52e7f2022-02-08 15:23:26 +0100[diff] [blame]209 /*paddd %xmm8, ABCD - 32-bit mode has no xmm8 */
Denys Vlasenkoeb8d5f32022-02-08 15:34:02 +0100[diff] [blame^]210 movu128 76(%eax), %xmm7 # get original ABCD (not shuffled)...
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]211
212 /* Write hash values back in the correct order */
213 shuf128_32 $0x1B, ABCD, ABCD
Denys Vlasenkoeb8d5f32022-02-08 15:34:02 +0100[diff] [blame^]214 paddd %xmm7, ABCD # ...add it to final ABCD
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]215 movu128 ABCD, 76(%eax)
216 extr128_32 $3, E0, 76+4*4(%eax)
217
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]218 ret
Denys Vlasenko805ecec2022-01-08 00:41:09 +0100[diff] [blame]219 .size sha1_process_block64_shaNI, .-sha1_process_block64_shaNI
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]220
Denys Vlasenkoc193cbd2022-02-07 02:06:18 +0100[diff] [blame]221 .section .rodata.cst16.PSHUFFLE_BYTE_FLIP_MASK, "aM", @progbits, 16
222 .balign 16
Denys Vlasenkoa96ccbe2022-01-07 01:32:13 +0100[diff] [blame]223PSHUFFLE_BYTE_FLIP_MASK:
224 .octa 0x000102030405060708090a0b0c0d0e0f
225
226#endif