162306a36Sopenharmony_ci######################################################################## 262306a36Sopenharmony_ci# Implement fast SHA-512 with AVX instructions. (x86_64) 362306a36Sopenharmony_ci# 462306a36Sopenharmony_ci# Copyright (C) 2013 Intel Corporation. 562306a36Sopenharmony_ci# 662306a36Sopenharmony_ci# Authors: 762306a36Sopenharmony_ci# James Guilford <james.guilford@intel.com> 862306a36Sopenharmony_ci# Kirk Yap <kirk.s.yap@intel.com> 962306a36Sopenharmony_ci# David Cote <david.m.cote@intel.com> 1062306a36Sopenharmony_ci# Tim Chen <tim.c.chen@linux.intel.com> 1162306a36Sopenharmony_ci# 1262306a36Sopenharmony_ci# This software is available to you under a choice of one of two 1362306a36Sopenharmony_ci# licenses. You may choose to be licensed under the terms of the GNU 1462306a36Sopenharmony_ci# General Public License (GPL) Version 2, available from the file 1562306a36Sopenharmony_ci# COPYING in the main directory of this source tree, or the 1662306a36Sopenharmony_ci# OpenIB.org BSD license below: 1762306a36Sopenharmony_ci# 1862306a36Sopenharmony_ci# Redistribution and use in source and binary forms, with or 1962306a36Sopenharmony_ci# without modification, are permitted provided that the following 2062306a36Sopenharmony_ci# conditions are met: 2162306a36Sopenharmony_ci# 2262306a36Sopenharmony_ci# - Redistributions of source code must retain the above 2362306a36Sopenharmony_ci# copyright notice, this list of conditions and the following 2462306a36Sopenharmony_ci# disclaimer. 2562306a36Sopenharmony_ci# 2662306a36Sopenharmony_ci# - Redistributions in binary form must reproduce the above 2762306a36Sopenharmony_ci# copyright notice, this list of conditions and the following 2862306a36Sopenharmony_ci# disclaimer in the documentation and/or other materials 2962306a36Sopenharmony_ci# provided with the distribution. 3062306a36Sopenharmony_ci# 3162306a36Sopenharmony_ci# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 3262306a36Sopenharmony_ci# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 3362306a36Sopenharmony_ci# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 3462306a36Sopenharmony_ci# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 3562306a36Sopenharmony_ci# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 3662306a36Sopenharmony_ci# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 3762306a36Sopenharmony_ci# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 3862306a36Sopenharmony_ci# SOFTWARE. 3962306a36Sopenharmony_ci# 4062306a36Sopenharmony_ci######################################################################## 4162306a36Sopenharmony_ci# 4262306a36Sopenharmony_ci# This code is described in an Intel White-Paper: 4362306a36Sopenharmony_ci# "Fast SHA-512 Implementations on Intel Architecture Processors" 4462306a36Sopenharmony_ci# 4562306a36Sopenharmony_ci# To find it, surf to http://www.intel.com/p/en_US/embedded 4662306a36Sopenharmony_ci# and search for that title. 4762306a36Sopenharmony_ci# 4862306a36Sopenharmony_ci######################################################################## 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci#include <linux/linkage.h> 5162306a36Sopenharmony_ci#include <linux/cfi_types.h> 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci.text 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci# Virtual Registers 5662306a36Sopenharmony_ci# ARG1 5762306a36Sopenharmony_cidigest = %rdi 5862306a36Sopenharmony_ci# ARG2 5962306a36Sopenharmony_cimsg = %rsi 6062306a36Sopenharmony_ci# ARG3 6162306a36Sopenharmony_cimsglen = %rdx 6262306a36Sopenharmony_ciT1 = %rcx 6362306a36Sopenharmony_ciT2 = %r8 6462306a36Sopenharmony_cia_64 = %r9 6562306a36Sopenharmony_cib_64 = %r10 6662306a36Sopenharmony_cic_64 = %r11 6762306a36Sopenharmony_cid_64 = %r12 6862306a36Sopenharmony_cie_64 = %r13 6962306a36Sopenharmony_cif_64 = %r14 7062306a36Sopenharmony_cig_64 = %r15 7162306a36Sopenharmony_cih_64 = %rbx 7262306a36Sopenharmony_citmp0 = %rax 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci# Local variables (stack frame) 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci# Message Schedule 7762306a36Sopenharmony_ciW_SIZE = 80*8 7862306a36Sopenharmony_ci# W[t] + K[t] | W[t+1] + K[t+1] 7962306a36Sopenharmony_ciWK_SIZE = 2*8 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_ciframe_W = 0 8262306a36Sopenharmony_ciframe_WK = frame_W + W_SIZE 8362306a36Sopenharmony_ciframe_size = frame_WK + WK_SIZE 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ci# Useful QWORD "arrays" for simpler memory references 8662306a36Sopenharmony_ci# MSG, DIGEST, K_t, W_t are arrays 8762306a36Sopenharmony_ci# WK_2(t) points to 1 of 2 qwords at frame.WK depdending on t being odd/even 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci# Input message (arg1) 9062306a36Sopenharmony_ci#define MSG(i) 8*i(msg) 9162306a36Sopenharmony_ci 9262306a36Sopenharmony_ci# Output Digest (arg2) 9362306a36Sopenharmony_ci#define DIGEST(i) 8*i(digest) 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci# SHA Constants (static mem) 9662306a36Sopenharmony_ci#define K_t(i) 8*i+K512(%rip) 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_ci# Message Schedule (stack frame) 9962306a36Sopenharmony_ci#define W_t(i) 8*i+frame_W(%rsp) 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci# W[t]+K[t] (stack frame) 10262306a36Sopenharmony_ci#define WK_2(i) 8*((i%2))+frame_WK(%rsp) 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci.macro RotateState 10562306a36Sopenharmony_ci # Rotate symbols a..h right 10662306a36Sopenharmony_ci TMP = h_64 10762306a36Sopenharmony_ci h_64 = g_64 10862306a36Sopenharmony_ci g_64 = f_64 10962306a36Sopenharmony_ci f_64 = e_64 11062306a36Sopenharmony_ci e_64 = d_64 11162306a36Sopenharmony_ci d_64 = c_64 11262306a36Sopenharmony_ci c_64 = b_64 11362306a36Sopenharmony_ci b_64 = a_64 11462306a36Sopenharmony_ci a_64 = TMP 11562306a36Sopenharmony_ci.endm 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ci.macro RORQ p1 p2 11862306a36Sopenharmony_ci # shld is faster than ror on Sandybridge 11962306a36Sopenharmony_ci shld $(64-\p2), \p1, \p1 12062306a36Sopenharmony_ci.endm 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ci.macro SHA512_Round rnd 12362306a36Sopenharmony_ci # Compute Round %%t 12462306a36Sopenharmony_ci mov f_64, T1 # T1 = f 12562306a36Sopenharmony_ci mov e_64, tmp0 # tmp = e 12662306a36Sopenharmony_ci xor g_64, T1 # T1 = f ^ g 12762306a36Sopenharmony_ci RORQ tmp0, 23 # 41 # tmp = e ror 23 12862306a36Sopenharmony_ci and e_64, T1 # T1 = (f ^ g) & e 12962306a36Sopenharmony_ci xor e_64, tmp0 # tmp = (e ror 23) ^ e 13062306a36Sopenharmony_ci xor g_64, T1 # T1 = ((f ^ g) & e) ^ g = CH(e,f,g) 13162306a36Sopenharmony_ci idx = \rnd 13262306a36Sopenharmony_ci add WK_2(idx), T1 # W[t] + K[t] from message scheduler 13362306a36Sopenharmony_ci RORQ tmp0, 4 # 18 # tmp = ((e ror 23) ^ e) ror 4 13462306a36Sopenharmony_ci xor e_64, tmp0 # tmp = (((e ror 23) ^ e) ror 4) ^ e 13562306a36Sopenharmony_ci mov a_64, T2 # T2 = a 13662306a36Sopenharmony_ci add h_64, T1 # T1 = CH(e,f,g) + W[t] + K[t] + h 13762306a36Sopenharmony_ci RORQ tmp0, 14 # 14 # tmp = ((((e ror23)^e)ror4)^e)ror14 = S1(e) 13862306a36Sopenharmony_ci add tmp0, T1 # T1 = CH(e,f,g) + W[t] + K[t] + S1(e) 13962306a36Sopenharmony_ci mov a_64, tmp0 # tmp = a 14062306a36Sopenharmony_ci xor c_64, T2 # T2 = a ^ c 14162306a36Sopenharmony_ci and c_64, tmp0 # tmp = a & c 14262306a36Sopenharmony_ci and b_64, T2 # T2 = (a ^ c) & b 14362306a36Sopenharmony_ci xor tmp0, T2 # T2 = ((a ^ c) & b) ^ (a & c) = Maj(a,b,c) 14462306a36Sopenharmony_ci mov a_64, tmp0 # tmp = a 14562306a36Sopenharmony_ci RORQ tmp0, 5 # 39 # tmp = a ror 5 14662306a36Sopenharmony_ci xor a_64, tmp0 # tmp = (a ror 5) ^ a 14762306a36Sopenharmony_ci add T1, d_64 # e(next_state) = d + T1 14862306a36Sopenharmony_ci RORQ tmp0, 6 # 34 # tmp = ((a ror 5) ^ a) ror 6 14962306a36Sopenharmony_ci xor a_64, tmp0 # tmp = (((a ror 5) ^ a) ror 6) ^ a 15062306a36Sopenharmony_ci lea (T1, T2), h_64 # a(next_state) = T1 + Maj(a,b,c) 15162306a36Sopenharmony_ci RORQ tmp0, 28 # 28 # tmp = ((((a ror5)^a)ror6)^a)ror28 = S0(a) 15262306a36Sopenharmony_ci add tmp0, h_64 # a(next_state) = T1 + Maj(a,b,c) S0(a) 15362306a36Sopenharmony_ci RotateState 15462306a36Sopenharmony_ci.endm 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci.macro SHA512_2Sched_2Round_avx rnd 15762306a36Sopenharmony_ci # Compute rounds t-2 and t-1 15862306a36Sopenharmony_ci # Compute message schedule QWORDS t and t+1 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci # Two rounds are computed based on the values for K[t-2]+W[t-2] and 16162306a36Sopenharmony_ci # K[t-1]+W[t-1] which were previously stored at WK_2 by the message 16262306a36Sopenharmony_ci # scheduler. 16362306a36Sopenharmony_ci # The two new schedule QWORDS are stored at [W_t(t)] and [W_t(t+1)]. 16462306a36Sopenharmony_ci # They are then added to their respective SHA512 constants at 16562306a36Sopenharmony_ci # [K_t(t)] and [K_t(t+1)] and stored at dqword [WK_2(t)] 16662306a36Sopenharmony_ci # For brievity, the comments following vectored instructions only refer to 16762306a36Sopenharmony_ci # the first of a pair of QWORDS. 16862306a36Sopenharmony_ci # Eg. XMM4=W[t-2] really means XMM4={W[t-2]|W[t-1]} 16962306a36Sopenharmony_ci # The computation of the message schedule and the rounds are tightly 17062306a36Sopenharmony_ci # stitched to take advantage of instruction-level parallelism. 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_ci idx = \rnd - 2 17362306a36Sopenharmony_ci vmovdqa W_t(idx), %xmm4 # XMM4 = W[t-2] 17462306a36Sopenharmony_ci idx = \rnd - 15 17562306a36Sopenharmony_ci vmovdqu W_t(idx), %xmm5 # XMM5 = W[t-15] 17662306a36Sopenharmony_ci mov f_64, T1 17762306a36Sopenharmony_ci vpsrlq $61, %xmm4, %xmm0 # XMM0 = W[t-2]>>61 17862306a36Sopenharmony_ci mov e_64, tmp0 17962306a36Sopenharmony_ci vpsrlq $1, %xmm5, %xmm6 # XMM6 = W[t-15]>>1 18062306a36Sopenharmony_ci xor g_64, T1 18162306a36Sopenharmony_ci RORQ tmp0, 23 # 41 18262306a36Sopenharmony_ci vpsrlq $19, %xmm4, %xmm1 # XMM1 = W[t-2]>>19 18362306a36Sopenharmony_ci and e_64, T1 18462306a36Sopenharmony_ci xor e_64, tmp0 18562306a36Sopenharmony_ci vpxor %xmm1, %xmm0, %xmm0 # XMM0 = W[t-2]>>61 ^ W[t-2]>>19 18662306a36Sopenharmony_ci xor g_64, T1 18762306a36Sopenharmony_ci idx = \rnd 18862306a36Sopenharmony_ci add WK_2(idx), T1# 18962306a36Sopenharmony_ci vpsrlq $8, %xmm5, %xmm7 # XMM7 = W[t-15]>>8 19062306a36Sopenharmony_ci RORQ tmp0, 4 # 18 19162306a36Sopenharmony_ci vpsrlq $6, %xmm4, %xmm2 # XMM2 = W[t-2]>>6 19262306a36Sopenharmony_ci xor e_64, tmp0 19362306a36Sopenharmony_ci mov a_64, T2 19462306a36Sopenharmony_ci add h_64, T1 19562306a36Sopenharmony_ci vpxor %xmm7, %xmm6, %xmm6 # XMM6 = W[t-15]>>1 ^ W[t-15]>>8 19662306a36Sopenharmony_ci RORQ tmp0, 14 # 14 19762306a36Sopenharmony_ci add tmp0, T1 19862306a36Sopenharmony_ci vpsrlq $7, %xmm5, %xmm8 # XMM8 = W[t-15]>>7 19962306a36Sopenharmony_ci mov a_64, tmp0 20062306a36Sopenharmony_ci xor c_64, T2 20162306a36Sopenharmony_ci vpsllq $(64-61), %xmm4, %xmm3 # XMM3 = W[t-2]<<3 20262306a36Sopenharmony_ci and c_64, tmp0 20362306a36Sopenharmony_ci and b_64, T2 20462306a36Sopenharmony_ci vpxor %xmm3, %xmm2, %xmm2 # XMM2 = W[t-2]>>6 ^ W[t-2]<<3 20562306a36Sopenharmony_ci xor tmp0, T2 20662306a36Sopenharmony_ci mov a_64, tmp0 20762306a36Sopenharmony_ci vpsllq $(64-1), %xmm5, %xmm9 # XMM9 = W[t-15]<<63 20862306a36Sopenharmony_ci RORQ tmp0, 5 # 39 20962306a36Sopenharmony_ci vpxor %xmm9, %xmm8, %xmm8 # XMM8 = W[t-15]>>7 ^ W[t-15]<<63 21062306a36Sopenharmony_ci xor a_64, tmp0 21162306a36Sopenharmony_ci add T1, d_64 21262306a36Sopenharmony_ci RORQ tmp0, 6 # 34 21362306a36Sopenharmony_ci xor a_64, tmp0 21462306a36Sopenharmony_ci vpxor %xmm8, %xmm6, %xmm6 # XMM6 = W[t-15]>>1 ^ W[t-15]>>8 ^ 21562306a36Sopenharmony_ci # W[t-15]>>7 ^ W[t-15]<<63 21662306a36Sopenharmony_ci lea (T1, T2), h_64 21762306a36Sopenharmony_ci RORQ tmp0, 28 # 28 21862306a36Sopenharmony_ci vpsllq $(64-19), %xmm4, %xmm4 # XMM4 = W[t-2]<<25 21962306a36Sopenharmony_ci add tmp0, h_64 22062306a36Sopenharmony_ci RotateState 22162306a36Sopenharmony_ci vpxor %xmm4, %xmm0, %xmm0 # XMM0 = W[t-2]>>61 ^ W[t-2]>>19 ^ 22262306a36Sopenharmony_ci # W[t-2]<<25 22362306a36Sopenharmony_ci mov f_64, T1 22462306a36Sopenharmony_ci vpxor %xmm2, %xmm0, %xmm0 # XMM0 = s1(W[t-2]) 22562306a36Sopenharmony_ci mov e_64, tmp0 22662306a36Sopenharmony_ci xor g_64, T1 22762306a36Sopenharmony_ci idx = \rnd - 16 22862306a36Sopenharmony_ci vpaddq W_t(idx), %xmm0, %xmm0 # XMM0 = s1(W[t-2]) + W[t-16] 22962306a36Sopenharmony_ci idx = \rnd - 7 23062306a36Sopenharmony_ci vmovdqu W_t(idx), %xmm1 # XMM1 = W[t-7] 23162306a36Sopenharmony_ci RORQ tmp0, 23 # 41 23262306a36Sopenharmony_ci and e_64, T1 23362306a36Sopenharmony_ci xor e_64, tmp0 23462306a36Sopenharmony_ci xor g_64, T1 23562306a36Sopenharmony_ci vpsllq $(64-8), %xmm5, %xmm5 # XMM5 = W[t-15]<<56 23662306a36Sopenharmony_ci idx = \rnd + 1 23762306a36Sopenharmony_ci add WK_2(idx), T1 23862306a36Sopenharmony_ci vpxor %xmm5, %xmm6, %xmm6 # XMM6 = s0(W[t-15]) 23962306a36Sopenharmony_ci RORQ tmp0, 4 # 18 24062306a36Sopenharmony_ci vpaddq %xmm6, %xmm0, %xmm0 # XMM0 = s1(W[t-2]) + W[t-16] + s0(W[t-15]) 24162306a36Sopenharmony_ci xor e_64, tmp0 24262306a36Sopenharmony_ci vpaddq %xmm1, %xmm0, %xmm0 # XMM0 = W[t] = s1(W[t-2]) + W[t-7] + 24362306a36Sopenharmony_ci # s0(W[t-15]) + W[t-16] 24462306a36Sopenharmony_ci mov a_64, T2 24562306a36Sopenharmony_ci add h_64, T1 24662306a36Sopenharmony_ci RORQ tmp0, 14 # 14 24762306a36Sopenharmony_ci add tmp0, T1 24862306a36Sopenharmony_ci idx = \rnd 24962306a36Sopenharmony_ci vmovdqa %xmm0, W_t(idx) # Store W[t] 25062306a36Sopenharmony_ci vpaddq K_t(idx), %xmm0, %xmm0 # Compute W[t]+K[t] 25162306a36Sopenharmony_ci vmovdqa %xmm0, WK_2(idx) # Store W[t]+K[t] for next rounds 25262306a36Sopenharmony_ci mov a_64, tmp0 25362306a36Sopenharmony_ci xor c_64, T2 25462306a36Sopenharmony_ci and c_64, tmp0 25562306a36Sopenharmony_ci and b_64, T2 25662306a36Sopenharmony_ci xor tmp0, T2 25762306a36Sopenharmony_ci mov a_64, tmp0 25862306a36Sopenharmony_ci RORQ tmp0, 5 # 39 25962306a36Sopenharmony_ci xor a_64, tmp0 26062306a36Sopenharmony_ci add T1, d_64 26162306a36Sopenharmony_ci RORQ tmp0, 6 # 34 26262306a36Sopenharmony_ci xor a_64, tmp0 26362306a36Sopenharmony_ci lea (T1, T2), h_64 26462306a36Sopenharmony_ci RORQ tmp0, 28 # 28 26562306a36Sopenharmony_ci add tmp0, h_64 26662306a36Sopenharmony_ci RotateState 26762306a36Sopenharmony_ci.endm 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci######################################################################## 27062306a36Sopenharmony_ci# void sha512_transform_avx(sha512_state *state, const u8 *data, int blocks) 27162306a36Sopenharmony_ci# Purpose: Updates the SHA512 digest stored at "state" with the message 27262306a36Sopenharmony_ci# stored in "data". 27362306a36Sopenharmony_ci# The size of the message pointed to by "data" must be an integer multiple 27462306a36Sopenharmony_ci# of SHA512 message blocks. 27562306a36Sopenharmony_ci# "blocks" is the message length in SHA512 blocks 27662306a36Sopenharmony_ci######################################################################## 27762306a36Sopenharmony_ciSYM_TYPED_FUNC_START(sha512_transform_avx) 27862306a36Sopenharmony_ci test msglen, msglen 27962306a36Sopenharmony_ci je .Lnowork 28062306a36Sopenharmony_ci 28162306a36Sopenharmony_ci # Save GPRs 28262306a36Sopenharmony_ci push %rbx 28362306a36Sopenharmony_ci push %r12 28462306a36Sopenharmony_ci push %r13 28562306a36Sopenharmony_ci push %r14 28662306a36Sopenharmony_ci push %r15 28762306a36Sopenharmony_ci 28862306a36Sopenharmony_ci # Allocate Stack Space 28962306a36Sopenharmony_ci push %rbp 29062306a36Sopenharmony_ci mov %rsp, %rbp 29162306a36Sopenharmony_ci sub $frame_size, %rsp 29262306a36Sopenharmony_ci and $~(0x20 - 1), %rsp 29362306a36Sopenharmony_ci 29462306a36Sopenharmony_ci.Lupdateblock: 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci # Load state variables 29762306a36Sopenharmony_ci mov DIGEST(0), a_64 29862306a36Sopenharmony_ci mov DIGEST(1), b_64 29962306a36Sopenharmony_ci mov DIGEST(2), c_64 30062306a36Sopenharmony_ci mov DIGEST(3), d_64 30162306a36Sopenharmony_ci mov DIGEST(4), e_64 30262306a36Sopenharmony_ci mov DIGEST(5), f_64 30362306a36Sopenharmony_ci mov DIGEST(6), g_64 30462306a36Sopenharmony_ci mov DIGEST(7), h_64 30562306a36Sopenharmony_ci 30662306a36Sopenharmony_ci t = 0 30762306a36Sopenharmony_ci .rept 80/2 + 1 30862306a36Sopenharmony_ci # (80 rounds) / (2 rounds/iteration) + (1 iteration) 30962306a36Sopenharmony_ci # +1 iteration because the scheduler leads hashing by 1 iteration 31062306a36Sopenharmony_ci .if t < 2 31162306a36Sopenharmony_ci # BSWAP 2 QWORDS 31262306a36Sopenharmony_ci vmovdqa XMM_QWORD_BSWAP(%rip), %xmm1 31362306a36Sopenharmony_ci vmovdqu MSG(t), %xmm0 31462306a36Sopenharmony_ci vpshufb %xmm1, %xmm0, %xmm0 # BSWAP 31562306a36Sopenharmony_ci vmovdqa %xmm0, W_t(t) # Store Scheduled Pair 31662306a36Sopenharmony_ci vpaddq K_t(t), %xmm0, %xmm0 # Compute W[t]+K[t] 31762306a36Sopenharmony_ci vmovdqa %xmm0, WK_2(t) # Store into WK for rounds 31862306a36Sopenharmony_ci .elseif t < 16 31962306a36Sopenharmony_ci # BSWAP 2 QWORDS# Compute 2 Rounds 32062306a36Sopenharmony_ci vmovdqu MSG(t), %xmm0 32162306a36Sopenharmony_ci vpshufb %xmm1, %xmm0, %xmm0 # BSWAP 32262306a36Sopenharmony_ci SHA512_Round t-2 # Round t-2 32362306a36Sopenharmony_ci vmovdqa %xmm0, W_t(t) # Store Scheduled Pair 32462306a36Sopenharmony_ci vpaddq K_t(t), %xmm0, %xmm0 # Compute W[t]+K[t] 32562306a36Sopenharmony_ci SHA512_Round t-1 # Round t-1 32662306a36Sopenharmony_ci vmovdqa %xmm0, WK_2(t)# Store W[t]+K[t] into WK 32762306a36Sopenharmony_ci .elseif t < 79 32862306a36Sopenharmony_ci # Schedule 2 QWORDS# Compute 2 Rounds 32962306a36Sopenharmony_ci SHA512_2Sched_2Round_avx t 33062306a36Sopenharmony_ci .else 33162306a36Sopenharmony_ci # Compute 2 Rounds 33262306a36Sopenharmony_ci SHA512_Round t-2 33362306a36Sopenharmony_ci SHA512_Round t-1 33462306a36Sopenharmony_ci .endif 33562306a36Sopenharmony_ci t = t+2 33662306a36Sopenharmony_ci .endr 33762306a36Sopenharmony_ci 33862306a36Sopenharmony_ci # Update digest 33962306a36Sopenharmony_ci add a_64, DIGEST(0) 34062306a36Sopenharmony_ci add b_64, DIGEST(1) 34162306a36Sopenharmony_ci add c_64, DIGEST(2) 34262306a36Sopenharmony_ci add d_64, DIGEST(3) 34362306a36Sopenharmony_ci add e_64, DIGEST(4) 34462306a36Sopenharmony_ci add f_64, DIGEST(5) 34562306a36Sopenharmony_ci add g_64, DIGEST(6) 34662306a36Sopenharmony_ci add h_64, DIGEST(7) 34762306a36Sopenharmony_ci 34862306a36Sopenharmony_ci # Advance to next message block 34962306a36Sopenharmony_ci add $16*8, msg 35062306a36Sopenharmony_ci dec msglen 35162306a36Sopenharmony_ci jnz .Lupdateblock 35262306a36Sopenharmony_ci 35362306a36Sopenharmony_ci # Restore Stack Pointer 35462306a36Sopenharmony_ci mov %rbp, %rsp 35562306a36Sopenharmony_ci pop %rbp 35662306a36Sopenharmony_ci 35762306a36Sopenharmony_ci # Restore GPRs 35862306a36Sopenharmony_ci pop %r15 35962306a36Sopenharmony_ci pop %r14 36062306a36Sopenharmony_ci pop %r13 36162306a36Sopenharmony_ci pop %r12 36262306a36Sopenharmony_ci pop %rbx 36362306a36Sopenharmony_ci 36462306a36Sopenharmony_ci.Lnowork: 36562306a36Sopenharmony_ci RET 36662306a36Sopenharmony_ciSYM_FUNC_END(sha512_transform_avx) 36762306a36Sopenharmony_ci 36862306a36Sopenharmony_ci######################################################################## 36962306a36Sopenharmony_ci### Binary Data 37062306a36Sopenharmony_ci 37162306a36Sopenharmony_ci.section .rodata.cst16.XMM_QWORD_BSWAP, "aM", @progbits, 16 37262306a36Sopenharmony_ci.align 16 37362306a36Sopenharmony_ci# Mask for byte-swapping a couple of qwords in an XMM register using (v)pshufb. 37462306a36Sopenharmony_ciXMM_QWORD_BSWAP: 37562306a36Sopenharmony_ci .octa 0x08090a0b0c0d0e0f0001020304050607 37662306a36Sopenharmony_ci 37762306a36Sopenharmony_ci# Mergeable 640-byte rodata section. This allows linker to merge the table 37862306a36Sopenharmony_ci# with other, exactly the same 640-byte fragment of another rodata section 37962306a36Sopenharmony_ci# (if such section exists). 38062306a36Sopenharmony_ci.section .rodata.cst640.K512, "aM", @progbits, 640 38162306a36Sopenharmony_ci.align 64 38262306a36Sopenharmony_ci# K[t] used in SHA512 hashing 38362306a36Sopenharmony_ciK512: 38462306a36Sopenharmony_ci .quad 0x428a2f98d728ae22,0x7137449123ef65cd 38562306a36Sopenharmony_ci .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc 38662306a36Sopenharmony_ci .quad 0x3956c25bf348b538,0x59f111f1b605d019 38762306a36Sopenharmony_ci .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 38862306a36Sopenharmony_ci .quad 0xd807aa98a3030242,0x12835b0145706fbe 38962306a36Sopenharmony_ci .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 39062306a36Sopenharmony_ci .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 39162306a36Sopenharmony_ci .quad 0x9bdc06a725c71235,0xc19bf174cf692694 39262306a36Sopenharmony_ci .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 39362306a36Sopenharmony_ci .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 39462306a36Sopenharmony_ci .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 39562306a36Sopenharmony_ci .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 39662306a36Sopenharmony_ci .quad 0x983e5152ee66dfab,0xa831c66d2db43210 39762306a36Sopenharmony_ci .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 39862306a36Sopenharmony_ci .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 39962306a36Sopenharmony_ci .quad 0x06ca6351e003826f,0x142929670a0e6e70 40062306a36Sopenharmony_ci .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 40162306a36Sopenharmony_ci .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df 40262306a36Sopenharmony_ci .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 40362306a36Sopenharmony_ci .quad 0x81c2c92e47edaee6,0x92722c851482353b 40462306a36Sopenharmony_ci .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 40562306a36Sopenharmony_ci .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 40662306a36Sopenharmony_ci .quad 0xd192e819d6ef5218,0xd69906245565a910 40762306a36Sopenharmony_ci .quad 0xf40e35855771202a,0x106aa07032bbd1b8 40862306a36Sopenharmony_ci .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 40962306a36Sopenharmony_ci .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 41062306a36Sopenharmony_ci .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb 41162306a36Sopenharmony_ci .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 41262306a36Sopenharmony_ci .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 41362306a36Sopenharmony_ci .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec 41462306a36Sopenharmony_ci .quad 0x90befffa23631e28,0xa4506cebde82bde9 41562306a36Sopenharmony_ci .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b 41662306a36Sopenharmony_ci .quad 0xca273eceea26619c,0xd186b8c721c0c207 41762306a36Sopenharmony_ci .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 41862306a36Sopenharmony_ci .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 41962306a36Sopenharmony_ci .quad 0x113f9804bef90dae,0x1b710b35131c471b 42062306a36Sopenharmony_ci .quad 0x28db77f523047d84,0x32caab7b40c72493 42162306a36Sopenharmony_ci .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c 42262306a36Sopenharmony_ci .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a 42362306a36Sopenharmony_ci .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 424