1e01d69cbSTim Chen######################################################################## 2e01d69cbSTim Chen# Implement fast SHA-512 with AVX instructions. (x86_64) 3e01d69cbSTim Chen# 4e01d69cbSTim Chen# Copyright (C) 2013 Intel Corporation. 5e01d69cbSTim Chen# 6e01d69cbSTim Chen# Authors: 7e01d69cbSTim Chen# James Guilford <james.guilford@intel.com> 8e01d69cbSTim Chen# Kirk Yap <kirk.s.yap@intel.com> 9e01d69cbSTim Chen# David Cote <david.m.cote@intel.com> 10e01d69cbSTim Chen# Tim Chen <tim.c.chen@linux.intel.com> 11e01d69cbSTim Chen# 12e01d69cbSTim Chen# This software is available to you under a choice of one of two 13e01d69cbSTim Chen# licenses. You may choose to be licensed under the terms of the GNU 14e01d69cbSTim Chen# General Public License (GPL) Version 2, available from the file 15e01d69cbSTim Chen# COPYING in the main directory of this source tree, or the 16e01d69cbSTim Chen# OpenIB.org BSD license below: 17e01d69cbSTim Chen# 18e01d69cbSTim Chen# Redistribution and use in source and binary forms, with or 19e01d69cbSTim Chen# without modification, are permitted provided that the following 20e01d69cbSTim Chen# conditions are met: 21e01d69cbSTim Chen# 22e01d69cbSTim Chen# - Redistributions of source code must retain the above 23e01d69cbSTim Chen# copyright notice, this list of conditions and the following 24e01d69cbSTim Chen# disclaimer. 25e01d69cbSTim Chen# 26e01d69cbSTim Chen# - Redistributions in binary form must reproduce the above 27e01d69cbSTim Chen# copyright notice, this list of conditions and the following 28e01d69cbSTim Chen# disclaimer in the documentation and/or other materials 29e01d69cbSTim Chen# provided with the distribution. 30e01d69cbSTim Chen# 31e01d69cbSTim Chen# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 32e01d69cbSTim Chen# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 33e01d69cbSTim Chen# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 34e01d69cbSTim Chen# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 35e01d69cbSTim Chen# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 36e01d69cbSTim Chen# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 37e01d69cbSTim Chen# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 38e01d69cbSTim Chen# SOFTWARE. 39e01d69cbSTim Chen# 40e01d69cbSTim Chen######################################################################## 41e01d69cbSTim Chen# 42e01d69cbSTim Chen# This code is described in an Intel White-Paper: 43e01d69cbSTim Chen# "Fast SHA-512 Implementations on Intel Architecture Processors" 44e01d69cbSTim Chen# 45e01d69cbSTim Chen# To find it, surf to http://www.intel.com/p/en_US/embedded 46e01d69cbSTim Chen# and search for that title. 47e01d69cbSTim Chen# 48e01d69cbSTim Chen######################################################################## 49e01d69cbSTim Chen 50e01d69cbSTim Chen#include <linux/linkage.h> 51e01d69cbSTim Chen 52e01d69cbSTim Chen.text 53e01d69cbSTim Chen 54e01d69cbSTim Chen# Virtual Registers 55e01d69cbSTim Chen# ARG1 56e68410ebSArd Biesheuveldigest = %rdi 57e01d69cbSTim Chen# ARG2 58e68410ebSArd Biesheuvelmsg = %rsi 59e01d69cbSTim Chen# ARG3 60e01d69cbSTim Chenmsglen = %rdx 61e01d69cbSTim ChenT1 = %rcx 62e01d69cbSTim ChenT2 = %r8 63e01d69cbSTim Chena_64 = %r9 64e01d69cbSTim Chenb_64 = %r10 65e01d69cbSTim Chenc_64 = %r11 66e01d69cbSTim Chend_64 = %r12 67e01d69cbSTim Chene_64 = %r13 68e01d69cbSTim Chenf_64 = %r14 69e01d69cbSTim Cheng_64 = %r15 70e01d69cbSTim Chenh_64 = %rbx 71e01d69cbSTim Chentmp0 = %rax 72e01d69cbSTim Chen 73e01d69cbSTim Chen# Local variables (stack frame) 74e01d69cbSTim Chen 75e01d69cbSTim Chen# Message Schedule 76e01d69cbSTim ChenW_SIZE = 80*8 77e01d69cbSTim Chen# W[t] + K[t] | W[t+1] + K[t+1] 78e01d69cbSTim ChenWK_SIZE = 2*8 79e01d69cbSTim Chen 80e01d69cbSTim Chenframe_W = 0 81e01d69cbSTim Chenframe_WK = frame_W + W_SIZE 82d61684b5SJosh Poimboeufframe_size = frame_WK + WK_SIZE 83e01d69cbSTim Chen 84e01d69cbSTim Chen# Useful QWORD "arrays" for simpler memory references 85e01d69cbSTim Chen# MSG, DIGEST, K_t, W_t are arrays 86e01d69cbSTim Chen# WK_2(t) points to 1 of 2 qwords at frame.WK depdending on t being odd/even 87e01d69cbSTim Chen 88e01d69cbSTim Chen# Input message (arg1) 89e01d69cbSTim Chen#define MSG(i) 8*i(msg) 90e01d69cbSTim Chen 91e01d69cbSTim Chen# Output Digest (arg2) 92e01d69cbSTim Chen#define DIGEST(i) 8*i(digest) 93e01d69cbSTim Chen 94e01d69cbSTim Chen# SHA Constants (static mem) 95e01d69cbSTim Chen#define K_t(i) 8*i+K512(%rip) 96e01d69cbSTim Chen 97e01d69cbSTim Chen# Message Schedule (stack frame) 98e01d69cbSTim Chen#define W_t(i) 8*i+frame_W(%rsp) 99e01d69cbSTim Chen 100e01d69cbSTim Chen# W[t]+K[t] (stack frame) 101e01d69cbSTim Chen#define WK_2(i) 8*((i%2))+frame_WK(%rsp) 102e01d69cbSTim Chen 103e01d69cbSTim Chen.macro RotateState 104e01d69cbSTim Chen # Rotate symbols a..h right 105e01d69cbSTim Chen TMP = h_64 106e01d69cbSTim Chen h_64 = g_64 107e01d69cbSTim Chen g_64 = f_64 108e01d69cbSTim Chen f_64 = e_64 109e01d69cbSTim Chen e_64 = d_64 110e01d69cbSTim Chen d_64 = c_64 111e01d69cbSTim Chen c_64 = b_64 112e01d69cbSTim Chen b_64 = a_64 113e01d69cbSTim Chen a_64 = TMP 114e01d69cbSTim Chen.endm 115e01d69cbSTim Chen 116e01d69cbSTim Chen.macro RORQ p1 p2 117e01d69cbSTim Chen # shld is faster than ror on Sandybridge 118e01d69cbSTim Chen shld $(64-\p2), \p1, \p1 119e01d69cbSTim Chen.endm 120e01d69cbSTim Chen 121e01d69cbSTim Chen.macro SHA512_Round rnd 122e01d69cbSTim Chen # Compute Round %%t 123e01d69cbSTim Chen mov f_64, T1 # T1 = f 124e01d69cbSTim Chen mov e_64, tmp0 # tmp = e 125e01d69cbSTim Chen xor g_64, T1 # T1 = f ^ g 126e01d69cbSTim Chen RORQ tmp0, 23 # 41 # tmp = e ror 23 127e01d69cbSTim Chen and e_64, T1 # T1 = (f ^ g) & e 128e01d69cbSTim Chen xor e_64, tmp0 # tmp = (e ror 23) ^ e 129e01d69cbSTim Chen xor g_64, T1 # T1 = ((f ^ g) & e) ^ g = CH(e,f,g) 130e01d69cbSTim Chen idx = \rnd 131e01d69cbSTim Chen add WK_2(idx), T1 # W[t] + K[t] from message scheduler 132e01d69cbSTim Chen RORQ tmp0, 4 # 18 # tmp = ((e ror 23) ^ e) ror 4 133e01d69cbSTim Chen xor e_64, tmp0 # tmp = (((e ror 23) ^ e) ror 4) ^ e 134e01d69cbSTim Chen mov a_64, T2 # T2 = a 135e01d69cbSTim Chen add h_64, T1 # T1 = CH(e,f,g) + W[t] + K[t] + h 136e01d69cbSTim Chen RORQ tmp0, 14 # 14 # tmp = ((((e ror23)^e)ror4)^e)ror14 = S1(e) 137e01d69cbSTim Chen add tmp0, T1 # T1 = CH(e,f,g) + W[t] + K[t] + S1(e) 138e01d69cbSTim Chen mov a_64, tmp0 # tmp = a 139e01d69cbSTim Chen xor c_64, T2 # T2 = a ^ c 140e01d69cbSTim Chen and c_64, tmp0 # tmp = a & c 141e01d69cbSTim Chen and b_64, T2 # T2 = (a ^ c) & b 142e01d69cbSTim Chen xor tmp0, T2 # T2 = ((a ^ c) & b) ^ (a & c) = Maj(a,b,c) 143e01d69cbSTim Chen mov a_64, tmp0 # tmp = a 144e01d69cbSTim Chen RORQ tmp0, 5 # 39 # tmp = a ror 5 145e01d69cbSTim Chen xor a_64, tmp0 # tmp = (a ror 5) ^ a 146e01d69cbSTim Chen add T1, d_64 # e(next_state) = d + T1 147e01d69cbSTim Chen RORQ tmp0, 6 # 34 # tmp = ((a ror 5) ^ a) ror 6 148e01d69cbSTim Chen xor a_64, tmp0 # tmp = (((a ror 5) ^ a) ror 6) ^ a 149e01d69cbSTim Chen lea (T1, T2), h_64 # a(next_state) = T1 + Maj(a,b,c) 150e01d69cbSTim Chen RORQ tmp0, 28 # 28 # tmp = ((((a ror5)^a)ror6)^a)ror28 = S0(a) 151e01d69cbSTim Chen add tmp0, h_64 # a(next_state) = T1 + Maj(a,b,c) S0(a) 152e01d69cbSTim Chen RotateState 153e01d69cbSTim Chen.endm 154e01d69cbSTim Chen 155e01d69cbSTim Chen.macro SHA512_2Sched_2Round_avx rnd 156e01d69cbSTim Chen # Compute rounds t-2 and t-1 157e01d69cbSTim Chen # Compute message schedule QWORDS t and t+1 158e01d69cbSTim Chen 159e01d69cbSTim Chen # Two rounds are computed based on the values for K[t-2]+W[t-2] and 160e01d69cbSTim Chen # K[t-1]+W[t-1] which were previously stored at WK_2 by the message 161e01d69cbSTim Chen # scheduler. 162e01d69cbSTim Chen # The two new schedule QWORDS are stored at [W_t(t)] and [W_t(t+1)]. 163e01d69cbSTim Chen # They are then added to their respective SHA512 constants at 164e01d69cbSTim Chen # [K_t(t)] and [K_t(t+1)] and stored at dqword [WK_2(t)] 165e01d69cbSTim Chen # For brievity, the comments following vectored instructions only refer to 166e01d69cbSTim Chen # the first of a pair of QWORDS. 167e01d69cbSTim Chen # Eg. XMM4=W[t-2] really means XMM4={W[t-2]|W[t-1]} 168e01d69cbSTim Chen # The computation of the message schedule and the rounds are tightly 169e01d69cbSTim Chen # stitched to take advantage of instruction-level parallelism. 170e01d69cbSTim Chen 171e01d69cbSTim Chen idx = \rnd - 2 172e01d69cbSTim Chen vmovdqa W_t(idx), %xmm4 # XMM4 = W[t-2] 173e01d69cbSTim Chen idx = \rnd - 15 174e01d69cbSTim Chen vmovdqu W_t(idx), %xmm5 # XMM5 = W[t-15] 175e01d69cbSTim Chen mov f_64, T1 176e01d69cbSTim Chen vpsrlq $61, %xmm4, %xmm0 # XMM0 = W[t-2]>>61 177e01d69cbSTim Chen mov e_64, tmp0 178e01d69cbSTim Chen vpsrlq $1, %xmm5, %xmm6 # XMM6 = W[t-15]>>1 179e01d69cbSTim Chen xor g_64, T1 180e01d69cbSTim Chen RORQ tmp0, 23 # 41 181e01d69cbSTim Chen vpsrlq $19, %xmm4, %xmm1 # XMM1 = W[t-2]>>19 182e01d69cbSTim Chen and e_64, T1 183e01d69cbSTim Chen xor e_64, tmp0 184e01d69cbSTim Chen vpxor %xmm1, %xmm0, %xmm0 # XMM0 = W[t-2]>>61 ^ W[t-2]>>19 185e01d69cbSTim Chen xor g_64, T1 186e01d69cbSTim Chen idx = \rnd 187e01d69cbSTim Chen add WK_2(idx), T1# 188e01d69cbSTim Chen vpsrlq $8, %xmm5, %xmm7 # XMM7 = W[t-15]>>8 189e01d69cbSTim Chen RORQ tmp0, 4 # 18 190e01d69cbSTim Chen vpsrlq $6, %xmm4, %xmm2 # XMM2 = W[t-2]>>6 191e01d69cbSTim Chen xor e_64, tmp0 192e01d69cbSTim Chen mov a_64, T2 193e01d69cbSTim Chen add h_64, T1 194e01d69cbSTim Chen vpxor %xmm7, %xmm6, %xmm6 # XMM6 = W[t-15]>>1 ^ W[t-15]>>8 195e01d69cbSTim Chen RORQ tmp0, 14 # 14 196e01d69cbSTim Chen add tmp0, T1 197e01d69cbSTim Chen vpsrlq $7, %xmm5, %xmm8 # XMM8 = W[t-15]>>7 198e01d69cbSTim Chen mov a_64, tmp0 199e01d69cbSTim Chen xor c_64, T2 200e01d69cbSTim Chen vpsllq $(64-61), %xmm4, %xmm3 # XMM3 = W[t-2]<<3 201e01d69cbSTim Chen and c_64, tmp0 202e01d69cbSTim Chen and b_64, T2 203e01d69cbSTim Chen vpxor %xmm3, %xmm2, %xmm2 # XMM2 = W[t-2]>>6 ^ W[t-2]<<3 204e01d69cbSTim Chen xor tmp0, T2 205e01d69cbSTim Chen mov a_64, tmp0 206e01d69cbSTim Chen vpsllq $(64-1), %xmm5, %xmm9 # XMM9 = W[t-15]<<63 207e01d69cbSTim Chen RORQ tmp0, 5 # 39 208e01d69cbSTim Chen vpxor %xmm9, %xmm8, %xmm8 # XMM8 = W[t-15]>>7 ^ W[t-15]<<63 209e01d69cbSTim Chen xor a_64, tmp0 210e01d69cbSTim Chen add T1, d_64 211e01d69cbSTim Chen RORQ tmp0, 6 # 34 212e01d69cbSTim Chen xor a_64, tmp0 213e01d69cbSTim Chen vpxor %xmm8, %xmm6, %xmm6 # XMM6 = W[t-15]>>1 ^ W[t-15]>>8 ^ 214e01d69cbSTim Chen # W[t-15]>>7 ^ W[t-15]<<63 215e01d69cbSTim Chen lea (T1, T2), h_64 216e01d69cbSTim Chen RORQ tmp0, 28 # 28 217e01d69cbSTim Chen vpsllq $(64-19), %xmm4, %xmm4 # XMM4 = W[t-2]<<25 218e01d69cbSTim Chen add tmp0, h_64 219e01d69cbSTim Chen RotateState 220e01d69cbSTim Chen vpxor %xmm4, %xmm0, %xmm0 # XMM0 = W[t-2]>>61 ^ W[t-2]>>19 ^ 221e01d69cbSTim Chen # W[t-2]<<25 222e01d69cbSTim Chen mov f_64, T1 223e01d69cbSTim Chen vpxor %xmm2, %xmm0, %xmm0 # XMM0 = s1(W[t-2]) 224e01d69cbSTim Chen mov e_64, tmp0 225e01d69cbSTim Chen xor g_64, T1 226e01d69cbSTim Chen idx = \rnd - 16 227e01d69cbSTim Chen vpaddq W_t(idx), %xmm0, %xmm0 # XMM0 = s1(W[t-2]) + W[t-16] 228e01d69cbSTim Chen idx = \rnd - 7 229e01d69cbSTim Chen vmovdqu W_t(idx), %xmm1 # XMM1 = W[t-7] 230e01d69cbSTim Chen RORQ tmp0, 23 # 41 231e01d69cbSTim Chen and e_64, T1 232e01d69cbSTim Chen xor e_64, tmp0 233e01d69cbSTim Chen xor g_64, T1 234e01d69cbSTim Chen vpsllq $(64-8), %xmm5, %xmm5 # XMM5 = W[t-15]<<56 235e01d69cbSTim Chen idx = \rnd + 1 236e01d69cbSTim Chen add WK_2(idx), T1 237e01d69cbSTim Chen vpxor %xmm5, %xmm6, %xmm6 # XMM6 = s0(W[t-15]) 238e01d69cbSTim Chen RORQ tmp0, 4 # 18 239e01d69cbSTim Chen vpaddq %xmm6, %xmm0, %xmm0 # XMM0 = s1(W[t-2]) + W[t-16] + s0(W[t-15]) 240e01d69cbSTim Chen xor e_64, tmp0 241e01d69cbSTim Chen vpaddq %xmm1, %xmm0, %xmm0 # XMM0 = W[t] = s1(W[t-2]) + W[t-7] + 242e01d69cbSTim Chen # s0(W[t-15]) + W[t-16] 243e01d69cbSTim Chen mov a_64, T2 244e01d69cbSTim Chen add h_64, T1 245e01d69cbSTim Chen RORQ tmp0, 14 # 14 246e01d69cbSTim Chen add tmp0, T1 247e01d69cbSTim Chen idx = \rnd 248e01d69cbSTim Chen vmovdqa %xmm0, W_t(idx) # Store W[t] 249e01d69cbSTim Chen vpaddq K_t(idx), %xmm0, %xmm0 # Compute W[t]+K[t] 250e01d69cbSTim Chen vmovdqa %xmm0, WK_2(idx) # Store W[t]+K[t] for next rounds 251e01d69cbSTim Chen mov a_64, tmp0 252e01d69cbSTim Chen xor c_64, T2 253e01d69cbSTim Chen and c_64, tmp0 254e01d69cbSTim Chen and b_64, T2 255e01d69cbSTim Chen xor tmp0, T2 256e01d69cbSTim Chen mov a_64, tmp0 257e01d69cbSTim Chen RORQ tmp0, 5 # 39 258e01d69cbSTim Chen xor a_64, tmp0 259e01d69cbSTim Chen add T1, d_64 260e01d69cbSTim Chen RORQ tmp0, 6 # 34 261e01d69cbSTim Chen xor a_64, tmp0 262e01d69cbSTim Chen lea (T1, T2), h_64 263e01d69cbSTim Chen RORQ tmp0, 28 # 28 264e01d69cbSTim Chen add tmp0, h_64 265e01d69cbSTim Chen RotateState 266e01d69cbSTim Chen.endm 267e01d69cbSTim Chen 268e01d69cbSTim Chen######################################################################## 26941419a28SKees Cook# void sha512_transform_avx(sha512_state *state, const u8 *data, int blocks) 27041419a28SKees Cook# Purpose: Updates the SHA512 digest stored at "state" with the message 27141419a28SKees Cook# stored in "data". 27241419a28SKees Cook# The size of the message pointed to by "data" must be an integer multiple 27341419a28SKees Cook# of SHA512 message blocks. 27441419a28SKees Cook# "blocks" is the message length in SHA512 blocks 275e01d69cbSTim Chen######################################################################## 2766dcc5627SJiri SlabySYM_FUNC_START(sha512_transform_avx) 2770b837f1eSUros Bizjak test msglen, msglen 278e01d69cbSTim Chen je nowork 279e01d69cbSTim Chen 280d61684b5SJosh Poimboeuf # Save GPRs 281d61684b5SJosh Poimboeuf push %rbx 282d61684b5SJosh Poimboeuf push %r12 283d61684b5SJosh Poimboeuf push %r13 284d61684b5SJosh Poimboeuf push %r14 285d61684b5SJosh Poimboeuf push %r15 286d61684b5SJosh Poimboeuf 287e01d69cbSTim Chen # Allocate Stack Space 288d61684b5SJosh Poimboeuf push %rbp 289d61684b5SJosh Poimboeuf mov %rsp, %rbp 290e01d69cbSTim Chen sub $frame_size, %rsp 291e01d69cbSTim Chen and $~(0x20 - 1), %rsp 292e01d69cbSTim Chen 293e01d69cbSTim Chenupdateblock: 294e01d69cbSTim Chen 295e01d69cbSTim Chen # Load state variables 296e01d69cbSTim Chen mov DIGEST(0), a_64 297e01d69cbSTim Chen mov DIGEST(1), b_64 298e01d69cbSTim Chen mov DIGEST(2), c_64 299e01d69cbSTim Chen mov DIGEST(3), d_64 300e01d69cbSTim Chen mov DIGEST(4), e_64 301e01d69cbSTim Chen mov DIGEST(5), f_64 302e01d69cbSTim Chen mov DIGEST(6), g_64 303e01d69cbSTim Chen mov DIGEST(7), h_64 304e01d69cbSTim Chen 305e01d69cbSTim Chen t = 0 306e01d69cbSTim Chen .rept 80/2 + 1 307e01d69cbSTim Chen # (80 rounds) / (2 rounds/iteration) + (1 iteration) 308e01d69cbSTim Chen # +1 iteration because the scheduler leads hashing by 1 iteration 309e01d69cbSTim Chen .if t < 2 310e01d69cbSTim Chen # BSWAP 2 QWORDS 311e01d69cbSTim Chen vmovdqa XMM_QWORD_BSWAP(%rip), %xmm1 312e01d69cbSTim Chen vmovdqu MSG(t), %xmm0 313e01d69cbSTim Chen vpshufb %xmm1, %xmm0, %xmm0 # BSWAP 314e01d69cbSTim Chen vmovdqa %xmm0, W_t(t) # Store Scheduled Pair 315e01d69cbSTim Chen vpaddq K_t(t), %xmm0, %xmm0 # Compute W[t]+K[t] 316e01d69cbSTim Chen vmovdqa %xmm0, WK_2(t) # Store into WK for rounds 317e01d69cbSTim Chen .elseif t < 16 318e01d69cbSTim Chen # BSWAP 2 QWORDS# Compute 2 Rounds 319e01d69cbSTim Chen vmovdqu MSG(t), %xmm0 320e01d69cbSTim Chen vpshufb %xmm1, %xmm0, %xmm0 # BSWAP 321e01d69cbSTim Chen SHA512_Round t-2 # Round t-2 322e01d69cbSTim Chen vmovdqa %xmm0, W_t(t) # Store Scheduled Pair 323e01d69cbSTim Chen vpaddq K_t(t), %xmm0, %xmm0 # Compute W[t]+K[t] 324e01d69cbSTim Chen SHA512_Round t-1 # Round t-1 325e01d69cbSTim Chen vmovdqa %xmm0, WK_2(t)# Store W[t]+K[t] into WK 326e01d69cbSTim Chen .elseif t < 79 327e01d69cbSTim Chen # Schedule 2 QWORDS# Compute 2 Rounds 328e01d69cbSTim Chen SHA512_2Sched_2Round_avx t 329e01d69cbSTim Chen .else 330e01d69cbSTim Chen # Compute 2 Rounds 331e01d69cbSTim Chen SHA512_Round t-2 332e01d69cbSTim Chen SHA512_Round t-1 333e01d69cbSTim Chen .endif 334e01d69cbSTim Chen t = t+2 335e01d69cbSTim Chen .endr 336e01d69cbSTim Chen 337e01d69cbSTim Chen # Update digest 338e01d69cbSTim Chen add a_64, DIGEST(0) 339e01d69cbSTim Chen add b_64, DIGEST(1) 340e01d69cbSTim Chen add c_64, DIGEST(2) 341e01d69cbSTim Chen add d_64, DIGEST(3) 342e01d69cbSTim Chen add e_64, DIGEST(4) 343e01d69cbSTim Chen add f_64, DIGEST(5) 344e01d69cbSTim Chen add g_64, DIGEST(6) 345e01d69cbSTim Chen add h_64, DIGEST(7) 346e01d69cbSTim Chen 347e01d69cbSTim Chen # Advance to next message block 348e01d69cbSTim Chen add $16*8, msg 349e01d69cbSTim Chen dec msglen 350e01d69cbSTim Chen jnz updateblock 351e01d69cbSTim Chen 352e01d69cbSTim Chen # Restore Stack Pointer 353d61684b5SJosh Poimboeuf mov %rbp, %rsp 354d61684b5SJosh Poimboeuf pop %rbp 355d61684b5SJosh Poimboeuf 356d61684b5SJosh Poimboeuf # Restore GPRs 357d61684b5SJosh Poimboeuf pop %r15 358d61684b5SJosh Poimboeuf pop %r14 359d61684b5SJosh Poimboeuf pop %r13 360d61684b5SJosh Poimboeuf pop %r12 361d61684b5SJosh Poimboeuf pop %rbx 362e01d69cbSTim Chen 363e01d69cbSTim Chennowork: 364*f94909ceSPeter Zijlstra RET 3656dcc5627SJiri SlabySYM_FUNC_END(sha512_transform_avx) 366e01d69cbSTim Chen 367e01d69cbSTim Chen######################################################################## 368e01d69cbSTim Chen### Binary Data 369e01d69cbSTim Chen 370e183914aSDenys Vlasenko.section .rodata.cst16.XMM_QWORD_BSWAP, "aM", @progbits, 16 371e01d69cbSTim Chen.align 16 372e01d69cbSTim Chen# Mask for byte-swapping a couple of qwords in an XMM register using (v)pshufb. 373e01d69cbSTim ChenXMM_QWORD_BSWAP: 374e01d69cbSTim Chen .octa 0x08090a0b0c0d0e0f0001020304050607 375e01d69cbSTim Chen 376e183914aSDenys Vlasenko# Mergeable 640-byte rodata section. This allows linker to merge the table 377e183914aSDenys Vlasenko# with other, exactly the same 640-byte fragment of another rodata section 378e183914aSDenys Vlasenko# (if such section exists). 379e183914aSDenys Vlasenko.section .rodata.cst640.K512, "aM", @progbits, 640 380e183914aSDenys Vlasenko.align 64 381e01d69cbSTim Chen# K[t] used in SHA512 hashing 382e01d69cbSTim ChenK512: 383e01d69cbSTim Chen .quad 0x428a2f98d728ae22,0x7137449123ef65cd 384e01d69cbSTim Chen .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc 385e01d69cbSTim Chen .quad 0x3956c25bf348b538,0x59f111f1b605d019 386e01d69cbSTim Chen .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 387e01d69cbSTim Chen .quad 0xd807aa98a3030242,0x12835b0145706fbe 388e01d69cbSTim Chen .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 389e01d69cbSTim Chen .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 390e01d69cbSTim Chen .quad 0x9bdc06a725c71235,0xc19bf174cf692694 391e01d69cbSTim Chen .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 392e01d69cbSTim Chen .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 393e01d69cbSTim Chen .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 394e01d69cbSTim Chen .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 395e01d69cbSTim Chen .quad 0x983e5152ee66dfab,0xa831c66d2db43210 396e01d69cbSTim Chen .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 397e01d69cbSTim Chen .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 398e01d69cbSTim Chen .quad 0x06ca6351e003826f,0x142929670a0e6e70 399e01d69cbSTim Chen .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 400e01d69cbSTim Chen .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df 401e01d69cbSTim Chen .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 402e01d69cbSTim Chen .quad 0x81c2c92e47edaee6,0x92722c851482353b 403e01d69cbSTim Chen .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 404e01d69cbSTim Chen .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 405e01d69cbSTim Chen .quad 0xd192e819d6ef5218,0xd69906245565a910 406e01d69cbSTim Chen .quad 0xf40e35855771202a,0x106aa07032bbd1b8 407e01d69cbSTim Chen .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 408e01d69cbSTim Chen .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 409e01d69cbSTim Chen .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb 410e01d69cbSTim Chen .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 411e01d69cbSTim Chen .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 412e01d69cbSTim Chen .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec 413e01d69cbSTim Chen .quad 0x90befffa23631e28,0xa4506cebde82bde9 414e01d69cbSTim Chen .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b 415e01d69cbSTim Chen .quad 0xca273eceea26619c,0xd186b8c721c0c207 416e01d69cbSTim Chen .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 417e01d69cbSTim Chen .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 418e01d69cbSTim Chen .quad 0x113f9804bef90dae,0x1b710b35131c471b 419e01d69cbSTim Chen .quad 0x28db77f523047d84,0x32caab7b40c72493 420e01d69cbSTim Chen .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c 421e01d69cbSTim Chen .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a 422e01d69cbSTim Chen .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 423