3
# ====================================================================
4
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5
# project. The module is, however, dual licensed under OpenSSL and
6
# CRYPTOGAMS licenses depending on where you obtain it. For further
7
# details see http://www.openssl.org/~appro/cryptogams/.
8
# ====================================================================
10
# sha1_block procedure for x86_64.
12
# It was brought to my attention that on EM64T compiler-generated code
13
# was far behind 32-bit assembler implementation. This is unlike on
14
# Opteron where compiler-generated code was only 15% behind 32-bit
15
# assembler, which originally made it hard to motivate the effort.
16
# There was suggestion to mechanically translate 32-bit code, but I
17
# dismissed it, reasoning that x86_64 offers enough register bank
18
# capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19
# implementation:-) However! While 64-bit code does performs better
20
# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21
# x86_64 does offer larger *addressable* bank, but out-of-order core
22
# reaches for even more registers through dynamic aliasing, and EM64T
23
# core must have managed to run-time optimize even 32-bit code just as
24
# good as 64-bit one. Performance improvement is summarized in the
27
# gcc 3.4 32-bit asm cycles/byte
28
# Opteron +45% +20% 6.8
29
# Xeon P4 +65% +0% 9.9
34
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
35
( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
36
( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
37
die "can't locate x86_64-xlate.pl";
39
open STDOUT,"| $^X $xlate $output";
41
$ctx="%rdi"; # 1st arg
42
$inp="%rsi"; # 2nd arg
43
$num="%rdx"; # 3rd arg
45
# reassign arguments in order to produce more compact code
60
@V=($A,$B,$C,$D,$E,$T);
66
.type $func,\@function,3
73
mov %rdi,$ctx # reassigned argument
75
mov %rsi,$inp # reassigned argument
77
mov %rdx,$num # reassigned argument
101
my ($i,$a,$b,$c,$d,$e,$f,$host)=@_;
103
$code.=<<___ if ($i==0);
105
`"bswap $xi" if(!defined($host))`
108
$code.=<<___ if ($i<15);
109
lea 0x5a827999($xi,$e),$f
114
`"bswap $xi" if(!defined($host))`
123
$code.=<<___ if ($i>=15);
124
lea 0x5a827999($xi,$e),$f
125
mov `4*($j%16)`(%rsp),$xi
128
xor `4*(($j+2)%16)`(%rsp),$xi
131
xor `4*(($j+8)%16)`(%rsp),$xi
134
xor `4*(($j+13)%16)`(%rsp),$xi
139
mov $xi,`4*($j%16)`(%rsp)
144
my ($i,$a,$b,$c,$d,$e,$f)=@_;
146
my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
147
$code.=<<___ if ($i<79);
149
mov `4*($j%16)`(%rsp),$xi
152
xor `4*(($j+2)%16)`(%rsp),$xi
155
xor `4*(($j+8)%16)`(%rsp),$xi
158
xor `4*(($j+13)%16)`(%rsp),$xi
163
$code.=<<___ if ($i<76);
164
mov $xi,`4*($j%16)`(%rsp)
166
$code.=<<___ if ($i==79);
180
my ($i,$a,$b,$c,$d,$e,$f)=@_;
183
lea 0x8f1bbcdc($xi,$e),$f
184
mov `4*($j%16)`(%rsp),$xi
187
xor `4*(($j+2)%16)`(%rsp),$xi
190
xor `4*(($j+8)%16)`(%rsp),$xi
193
xor `4*(($j+13)%16)`(%rsp),$xi
199
mov $xi,`4*($j%16)`(%rsp)
206
&PROLOGUE("sha1_block_data_order");
207
$code.=".align 4\n.Lloop:\n";
208
for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
209
for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
210
for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
211
for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
224
xchg $E,$A # mov $E,$A
225
xchg $T,$B # mov $T,$B
226
xchg $E,$C # mov $A,$C
227
xchg $T,$D # mov $B,$D
229
lea `16*4`($inp),$inp
233
&EPILOGUE("sha1_block_data_order");
235
.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
238
####################################################################
240
$code =~ s/\`([^\`]*)\`/eval $1/gem;