The branch master has been updated via 81e03785f718f98861a2a84b7b5d798b00df1670 (commit) via 0049eb46e419eda613db8aa74940ec01a8a4b117 (commit) from 46d4d86577430fa3deeed967e394273975900fdb (commit)
- Log ----------------------------------------------------------------- commit 81e03785f718f98861a2a84b7b5d798b00df1670 Author: Andy Polyakov <ap...@openssl.org> Date: Fri Jan 29 12:40:56 2016 +0100 Engage poly1305-sparcv9 module. Reviewed-by: Richard Levitte <levi...@openssl.org> commit 0049eb46e419eda613db8aa74940ec01a8a4b117 Author: Andy Polyakov <ap...@openssl.org> Date: Fri Jan 29 12:40:25 2016 +0100 Add poly1305/asm/poly1305-sparcv9.pl. Reviewed-by: Richard Levitte <levi...@openssl.org> ----------------------------------------------------------------------- Summary of changes: Configurations/00-base-templates.conf | 1 + crypto/poly1305/Makefile.in | 3 + crypto/poly1305/asm/poly1305-sparcv9.pl | 1097 +++++++++++++++++++++++++++++++ 3 files changed, 1101 insertions(+) create mode 100755 crypto/poly1305/asm/poly1305-sparcv9.pl diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 68ad5a8..3ef2141 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -86,6 +86,7 @@ sha1_obj => "sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o", cmll_obj => "camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o", modes_obj => "ghash-sparcv9.o", + poly1305_obj => "poly1305-sparcv9.o", perlasm_scheme => "void" }, sparcv8_asm => { diff --git a/crypto/poly1305/Makefile.in b/crypto/poly1305/Makefile.in index 6498ffc..708773d 100644 --- a/crypto/poly1305/Makefile.in +++ b/crypto/poly1305/Makefile.in @@ -36,6 +36,9 @@ lib: $(LIBOBJ) $(RANLIB) $(LIB) || echo Never mind. @touch lib +poly1305-sparcv9.S: asm/poly1305-sparcv9.pl + $(PERL) asm/poly1305-sparcv9.pl > $@ + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl new file mode 100755 index 0000000..a4f883e --- /dev/null +++ b/crypto/poly1305/asm/poly1305-sparcv9.pl @@ -0,0 +1,1097 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov <ap...@openssl.org> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# This module implements Poly1305 hash for SPARCv9, vanilla, as well +# as VIS3 and FMA extensions. +# +# May, August 2015 +# +# Numbers are cycles per processed byte with poly1305_blocks alone. +# +# IALU(*) FMA +# +# UltraSPARC III 11.9(**) +# SPARC T3 7.85 +# SPARC T4 1.67(***) 6.55 +# SPARC64 X 5.54 3.64 +# +# (*) Comparison to compiler-generated code is really problematic, +# because latter's performance varies too much depending on too +# many variables. For example, one can measure from 5x to 15x +# improvement on T4 for gcc-4.6. Well, in T4 case it's a bit +# unfair comparison, because compiler doesn't use VIS3, but +# given same initial conditions coefficient varies from 3x to 9x. +# (**) Pre-III performance should be even worse; floating-point +# performance for UltraSPARC I-IV on the other hand is reported +# to be 4.25 for hand-coded assembly, but they are just too old +# to care about. +# (***) Multi-process benchmark saturates at ~12.5x single-process +# result on 8-core processor, or ~21GBps per 2.85GHz socket. + +my ($ctx,$inp,$len,$padbit,$shl,$shr) = map("%i$_",(0..5)); +my ($r0,$r1,$r2,$r3,$s1,$s2,$s3,$h4) = map("%l$_",(0..7)); +my ($h0,$h1,$h2,$h3, $t0,$t1,$t2) = map("%o$_",(0..5,7)); +my ($d0,$d1,$d2,$d3) = map("%g$_",(1..4)); + +$code.=<<___; +#include "sparc_arch.h" + +#ifdef __arch64__ +.register %g2,#scratch +.register %g3,#scratch +# define STPTR stx +# define SIZE_T 8 +#else +# define STPTR st +# define SIZE_T 4 +#endif +#define LOCALS (STACK_BIAS+STACK_FRAME) + +.section ".text",#alloc,#execinstr + +#ifdef __PIC__ +SPARC_PIC_THUNK(%g1) +#endif + +.globl poly1305_init +.align 32 +poly1305_init: + save %sp,-STACK_FRAME-16,%sp + nop + + SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1) + ld [%g1],%g1 + + and %g1,SPARCV9_FMADD|SPARCV9_PREFER_FPU|SPARCV9_VIS3,%g1 + cmp %g1,SPARCV9_FMADD|SPARCV9_PREFER_FPU + be .Lpoly1305_init_fma + nop + + stx %g0,[$ctx+0] + stx %g0,[$ctx+8] ! zero hash value + brz,pn $inp,.Lno_key + stx %g0,[$ctx+16] + + and $inp,7,$shr ! alignment factor + andn $inp,7,$inp + sll $shr,3,$shr ! *8 + neg $shr,$shl + + sethi %hi(0x0ffffffc),$t0 + set 8,$h1 + or $t0,%lo(0x0ffffffc),$t0 + set 16,$h2 + sllx $t0,32,$t1 + or $t0,$t1,$t1 ! 0x0ffffffc0ffffffc + or $t1,3,$t0 ! 0x0ffffffc0fffffff + + ldxa [$inp+%g0]0x88,$h0 ! load little-endian key + brz,pt $shr,.Lkey_aligned + ldxa [$inp+$h1]0x88,$h1 + + ldxa [$inp+$h2]0x88,$h2 + srlx $h0,$shr,$h0 + sllx $h1,$shl,$t2 + srlx $h1,$shr,$h1 + or $t2,$h0,$h0 + sllx $h2,$shl,$h2 + or $h2,$h1,$h1 + +.Lkey_aligned: + and $t0,$h0,$h0 + and $t1,$h1,$h1 + stx $h0,[$ctx+32+0] ! store key + stx $h1,[$ctx+32+8] + + andcc %g1,SPARCV9_VIS3,%g0 + be .Lno_key + nop + +1: call .+8 + add %o7,poly1305_blocks_vis3-1b,%o7 + + add %o7,poly1305_emit-poly1305_blocks_vis3,%o5 + STPTR %o7,[%i2] + STPTR %o5,[%i2+SIZE_T] + + ret + restore %g0,1,%o0 ! return 1 + +.Lno_key: + ret + restore %g0,%g0,%o0 ! return 0 +.size poly1305_init,.-poly1305_init + +.globl poly1305_blocks +.align 32 +poly1305_blocks: + save %sp,-STACK_FRAME,%sp + andn $len,15,$len + + brz,pn $len,.Lno_data + nop + + ld [$ctx+32+0],$r1 ! load key + ld [$ctx+32+4],$r0 + ld [$ctx+32+8],$r3 + ld [$ctx+32+12],$r2 + + ld [$ctx+0],$h1 ! load hash value + ld [$ctx+4],$h0 + ld [$ctx+8],$h3 + ld [$ctx+12],$h2 + ld [$ctx+16],$h4 + + and $inp,7,$shr ! alignment factor + andn $inp,7,$inp + set 8,$d1 + sll $shr,3,$shr ! *8 + set 16,$d2 + neg $shr,$shl + + srl $r1,2,$s1 + srl $r2,2,$s2 + add $r1,$s1,$s1 + srl $r3,2,$s3 + add $r2,$s2,$s2 + add $r3,$s3,$s3 + +.Loop: + ldxa [$inp+%g0]0x88,$d0 ! load little-endian input + brz,pt $shr,.Linp_aligned + ldxa [$inp+$d1]0x88,$d1 + + ldxa [$inp+$d2]0x88,$d2 + srlx $d0,$shr,$d0 + sllx $d1,$shl,$t1 + srlx $d1,$shr,$d1 + or $t1,$d0,$d0 + sllx $d2,$shl,$d2 + or $d2,$d1,$d1 + +.Linp_aligned: + srlx $d0,32,$t0 + addcc $d0,$h0,$h0 ! accumulate input + srlx $d1,32,$t1 + addccc $t0,$h1,$h1 + addccc $d1,$h2,$h2 + addccc $t1,$h3,$h3 + addc $padbit,$h4,$h4 + + umul $r0,$h0,$d0 + umul $r1,$h0,$d1 + umul $r2,$h0,$d2 + umul $r3,$h0,$d3 + sub $len,16,$len + add $inp,16,$inp + + umul $s3,$h1,$t0 + umul $r0,$h1,$t1 + umul $r1,$h1,$t2 + add $t0,$d0,$d0 + add $t1,$d1,$d1 + umul $r2,$h1,$t0 + add $t2,$d2,$d2 + add $t0,$d3,$d3 + + umul $s2,$h2,$t1 + umul $s3,$h2,$t2 + umul $r0,$h2,$t0 + add $t1,$d0,$d0 + add $t2,$d1,$d1 + umul $r1,$h2,$t1 + add $t0,$d2,$d2 + add $t1,$d3,$d3 + + umul $s1,$h3,$t2 + umul $s2,$h3,$t0 + umul $s3,$h3,$t1 + add $t2,$d0,$d0 + add $t0,$d1,$d1 + umul $r0,$h3,$t2 + add $t1,$d2,$d2 + add $t2,$d3,$d3 + + umul $s1,$h4,$t0 + umul $s2,$h4,$t1 + umul $s3,$h4,$t2 + umul $r0,$h4,$h4 + add $t0,$d1,$d1 + add $t1,$d2,$d2 + srlx $d0,32,$h1 + add $t2,$d3,$d3 + srlx $d1,32,$h2 + + addcc $d1,$h1,$h1 + srlx $d2,32,$h3 + set 8,$d1 + addccc $d2,$h2,$h2 + srlx $d3,32,$t0 + set 16,$d2 + addccc $d3,$h3,$h3 + addc $t0,$h4,$h4 + + srl $h4,2,$t0 ! final reduction step + andn $h4,3,$t1 + and $h4,3,$h4 + add $t1,$t0,$t0 + + addcc $t0,$d0,$h0 + addccc %g0,$h1,$h1 + addccc %g0,$h2,$h2 + brnz,pt $len,.Loop + addc %g0,$h3,$h3 + + st $h1,[$ctx+0] ! store hash value + st $h0,[$ctx+4] + st $h3,[$ctx+8] + st $h2,[$ctx+12] + st $h4,[$ctx+16] + +.Lno_data: + ret + restore +.size poly1305_blocks,.-poly1305_blocks +___ +######################################################################## +# VIS3 has umulxhi and addxc... +{ +my ($H0,$H1,$H2,$R0,$R1,$S1,$T1) = map("%o$_",(0..5,7)); +my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)); + +$code.=<<___; +.align 32 +poly1305_blocks_vis3: + save %sp,-STACK_FRAME,%sp + andn $len,15,$len + + brz,pn $len,.Lno_data + nop + + ldx [$ctx+32+0],$R0 ! load key + ldx [$ctx+32+8],$R1 + + ldx [$ctx+0],$H0 ! load hash value + ldx [$ctx+8],$H1 + ld [$ctx+16],$H2 + + and $inp,7,$shr ! alignment factor + andn $inp,7,$inp + set 8,$r1 + sll $shr,3,$shr ! *8 + set 16,$r2 + neg $shr,$shl + + srlx $R1,2,$S1 + add $R1,$S1,$S1 + +.Loop_vis3: + ldxa [$inp+%g0]0x88,$D0 ! load little-endian input + brz,pt $shr,.Linp_aligned_vis3 + ldxa [$inp+$r1]0x88,$D1 + + ldxa [$inp+$r2]0x88,$D2 + srlx $D0,$shr,$D0 + sllx $D1,$shl,$T1 + srlx $D1,$shr,$D1 + or $T1,$D0,$D0 + sllx $D2,$shl,$D2 + or $D2,$D1,$D1 + +.Linp_aligned_vis3: + addcc $D0,$H0,$H0 ! accumulate input + sub $len,16,$len + addxccc $D1,$H1,$H1 + add $inp,16,$inp + + mulx $R0,$H0,$D0 ! r0*h0 + addxc $padbit,$H2,$H2 + umulxhi $R0,$H0,$D1 + mulx $S1,$H1,$T0 ! s1*h1 + umulxhi $S1,$H1,$T1 + addcc $T0,$D0,$D0 + mulx $R1,$H0,$T0 ! r1*h0 + addxc $T1,$D1,$D1 + umulxhi $R1,$H0,$D2 + addcc $T0,$D1,$D1 + mulx $R0,$H1,$T0 ! r0*h1 + addxc %g0,$D2,$D2 + umulxhi $R0,$H1,$T1 + addcc $T0,$D1,$D1 + mulx $S1,$H2,$T0 ! s1*h2 + addxc $T1,$D2,$D2 + mulx $R0,$H2,$T1 ! r0*h2 + addcc $T0,$D1,$D1 + addxc $T1,$D2,$D2 + + srlx $D2,2,$T0 ! final reduction step + andn $D2,3,$T1 + and $D2,3,$H2 + add $T1,$T0,$T0 + + addcc $T0,$D0,$H0 + brnz,pt $len,.Loop_vis3 + addxc %g0,$D1,$H1 + + stx $H0,[$ctx+0] ! store hash value + stx $H1,[$ctx+8] + st $H2,[$ctx+16] + + ret + restore +.size poly1305_blocks_vis3,.-poly1305_blocks_vis3 +___ +} +my ($mac,$nonce) = ($inp,$len); + +$code.=<<___; +.globl poly1305_emit +.align 32 +poly1305_emit: + save %sp,-STACK_FRAME,%sp + + ld [$ctx+0],$h1 ! load hash value + ld [$ctx+4],$h0 + ld [$ctx+8],$h3 + ld [$ctx+12],$h2 + ld [$ctx+16],$h4 + + addcc $h0,5,$r0 ! compare to modulus + addccc $h1,0,$r1 + addccc $h2,0,$r2 + addccc $h3,0,$r3 + addc $h4,0,$h4 + andcc $h4,4,%g0 ! did it carry/borrow? + + movnz %icc,$r0,$h0 + ld [$nonce+0],$r0 ! load nonce + movnz %icc,$r1,$h1 + ld [$nonce+4],$r1 + movnz %icc,$r2,$h2 + ld [$nonce+8],$r2 + movnz %icc,$r3,$h3 + ld [$nonce+12],$r3 + + addcc $r0,$h0,$h0 ! accumulate nonce + addccc $r1,$h1,$h1 + addccc $r2,$h2,$h2 + addc $r3,$h3,$h3 + + srl $h0,8,$r0 + stb $h0,[$mac+0] ! store little-endian result + srl $h0,16,$r1 + stb $r0,[$mac+1] + srl $h0,24,$r2 + stb $r1,[$mac+2] + stb $r2,[$mac+3] + + srl $h1,8,$r0 + stb $h1,[$mac+4] + srl $h1,16,$r1 + stb $r0,[$mac+5] + srl $h1,24,$r2 + stb $r1,[$mac+6] + stb $r2,[$mac+7] + + srl $h2,8,$r0 + stb $h2,[$mac+8] + srl $h2,16,$r1 + stb $r0,[$mac+9] + srl $h2,24,$r2 + stb $r1,[$mac+10] + stb $r2,[$mac+11] + + srl $h3,8,$r0 + stb $h3,[$mac+12] + srl $h3,16,$r1 + stb $r0,[$mac+13] + srl $h3,24,$r2 + stb $r1,[$mac+14] + stb $r2,[$mac+15] + + ret + restore +.size poly1305_emit,.-poly1305_emit +___ + +{ +my ($ctx,$inp,$len,$padbit) = map("%i$_",(0..3)); +my ($in0,$in1,$in2,$in3,$in4) = map("%o$_",(0..4)); +my ($i1,$step,$shr,$shl) = map("%l$_",(0..7)); +my $i2=$step; + +my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi, + $two0,$two32,$two64,$two96,$two130,$five_two130, + $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi, + $s2lo,$s2hi,$s3lo,$s3hi, + $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("%f".2*$_,(0..31)); +# borrowings +my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi); +my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi); +my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3hi,$c3lo); + +$code.=<<___; +.align 32 +poly1305_init_fma: + save %sp,-STACK_FRAME-16,%sp + nop + +.Lpoly1305_init_fma: +1: call .+8 + add %o7,.Lconsts_fma-1b,%o7 + + ldd [%o7+8*0],$two0 ! load constants + ldd [%o7+8*1],$two32 + ldd [%o7+8*2],$two64 + ldd [%o7+8*3],$two96 + ldd [%o7+8*5],$five_two130 + + std $two0,[$ctx+8*0] ! initial hash value, biased 0 + std $two32,[$ctx+8*1] + std $two64,[$ctx+8*2] + std $two96,[$ctx+8*3] + + brz,pn $inp,.Lno_key_fma + nop + + stx %fsr,[%sp+LOCALS] ! save original %fsr + ldx [%o7+8*6],%fsr ! load new %fsr + + std $two0,[$ctx+8*4] ! key "template" + std $two32,[$ctx+8*5] + std $two64,[$ctx+8*6] + std $two96,[$ctx+8*7] + + and $inp,7,$shr + andn $inp,7,$inp ! align pointer + mov 8,$i1 + sll $shr,3,$shr + mov 16,$i2 + neg $shr,$shl + + ldxa [$inp+%g0]0x88,$in0 ! load little-endian key + ldxa [$inp+$i1]0x88,$in2 + + brz $shr,.Lkey_aligned_fma + sethi %hi(0xf0000000),$i1 ! 0xf0000000 + + ldxa [$inp+$i2]0x88,$in4 + + srlx $in0,$shr,$in0 ! align data + sllx $in2,$shl,$in1 + srlx $in2,$shr,$in2 + or $in1,$in0,$in0 + sllx $in4,$shl,$in3 + or $in3,$in2,$in2 + +.Lkey_aligned_fma: + or $i1,3,$i2 ! 0xf0000003 + srlx $in0,32,$in1 + andn $in0,$i1,$in0 ! &=0x0fffffff + andn $in1,$i2,$in1 ! &=0x0ffffffc + srlx $in2,32,$in3 + andn $in2,$i2,$in2 + andn $in3,$i2,$in3 + + st $in0,[$ctx+`8*4+4`] ! fill "template" + st $in1,[$ctx+`8*5+4`] + st $in2,[$ctx+`8*6+4`] + st $in3,[$ctx+`8*7+4`] + + ldd [$ctx+8*4],$h0lo ! load [biased] key + ldd [$ctx+8*5],$h1lo + ldd [$ctx+8*6],$h2lo + ldd [$ctx+8*7],$h3lo + + fsubd $h0lo,$two0, $h0lo ! r0 + ldd [%o7+8*7],$two0 ! more constants + fsubd $h1lo,$two32,$h1lo ! r1 + ldd [%o7+8*8],$two32 + fsubd $h2lo,$two64,$h2lo ! r2 + ldd [%o7+8*9],$two64 + fsubd $h3lo,$two96,$h3lo ! r3 + ldd [%o7+8*10],$two96 + + fmuld $five_two130,$h1lo,$s1lo ! s1 + fmuld $five_two130,$h2lo,$s2lo ! s2 + fmuld $five_two130,$h3lo,$s3lo ! s3 + + faddd $h0lo,$two0, $h0hi + faddd $h1lo,$two32,$h1hi + faddd $h2lo,$two64,$h2hi + faddd $h3lo,$two96,$h3hi + + fsubd $h0hi,$two0, $h0hi + ldd [%o7+8*11],$two0 ! more constants + fsubd $h1hi,$two32,$h1hi + ldd [%o7+8*12],$two32 + fsubd $h2hi,$two64,$h2hi + ldd [%o7+8*13],$two64 + fsubd $h3hi,$two96,$h3hi + + fsubd $h0lo,$h0hi,$h0lo + std $h0hi,[$ctx+8*5] ! r0hi + fsubd $h1lo,$h1hi,$h1lo + std $h1hi,[$ctx+8*7] ! r1hi + fsubd $h2lo,$h2hi,$h2lo + std $h2hi,[$ctx+8*9] ! r2hi + fsubd $h3lo,$h3hi,$h3lo + std $h3hi,[$ctx+8*11] ! r3hi + + faddd $s1lo,$two0, $s1hi + faddd $s2lo,$two32,$s2hi + faddd $s3lo,$two64,$s3hi + + fsubd $s1hi,$two0, $s1hi + fsubd $s2hi,$two32,$s2hi + fsubd $s3hi,$two64,$s3hi + + fsubd $s1lo,$s1hi,$s1lo + fsubd $s2lo,$s2hi,$s2lo + fsubd $s3lo,$s3hi,$s3lo + + ldx [%sp+LOCALS],%fsr ! restore %fsr + + std $h0lo,[$ctx+8*4] ! r0lo + std $h1lo,[$ctx+8*6] ! r1lo + std $h2lo,[$ctx+8*8] ! r2lo + std $h3lo,[$ctx+8*10] ! r3lo + + std $s1hi,[$ctx+8*13] + std $s2hi,[$ctx+8*15] + std $s3hi,[$ctx+8*17] + + std $s1lo,[$ctx+8*12] + std $s2lo,[$ctx+8*14] + std $s3lo,[$ctx+8*16] + + add %o7,poly1305_blocks_fma-.Lconsts_fma,%o0 + add %o7,poly1305_emit_fma-.Lconsts_fma,%o1 + STPTR %o0,[%i2] + STPTR %o1,[%i2+SIZE_T] + + ret + restore %g0,1,%o0 ! return 1 + +.Lno_key_fma: + ret + restore %g0,%g0,%o0 ! return 0 +.size poly1305_init_fma,.-poly1305_init_fma + +.align 32 +poly1305_blocks_fma: + save %sp,-STACK_FRAME-48,%sp + srlx $len,4,$len + + brz,pn $len,.Labort + sub $len,1,$len + +1: call .+8 + add %o7,.Lconsts_fma-1b,%o7 + + ldd [%o7+8*0],$two0 ! load constants + ldd [%o7+8*1],$two32 + ldd [%o7+8*2],$two64 + ldd [%o7+8*3],$two96 + ldd [%o7+8*4],$two130 + ldd [%o7+8*5],$five_two130 + + ldd [$ctx+8*0],$h0lo ! load [biased] hash value + ldd [$ctx+8*1],$h1lo + ldd [$ctx+8*2],$h2lo + ldd [$ctx+8*3],$h3lo + + std $two0,[%sp+LOCALS+8*0] ! input "template" + sethi %hi((1023+52+96)<<20),$in3 + std $two32,[%sp+LOCALS+8*1] + or $padbit,$in3,$in3 + std $two64,[%sp+LOCALS+8*2] + st $in3,[%sp+LOCALS+8*3] + + and $inp,7,$shr + andn $inp,7,$inp ! align pointer + mov 8,$i1 + sll $shr,3,$shr + mov 16,$step + neg $shr,$shl + + ldxa [$inp+%g0]0x88,$in0 ! load little-endian input + brz $shr,.Linp_aligned_fma + ldxa [$inp+$i1]0x88,$in2 + + ldxa [$inp+$step]0x88,$in4 + add $inp,8,$inp + + srlx $in0,$shr,$in0 ! align data + sllx $in2,$shl,$in1 + srlx $in2,$shr,$in2 + or $in1,$in0,$in0 + sllx $in4,$shl,$in3 + srlx $in4,$shr,$in4 ! pre-shift + or $in3,$in2,$in2 + +.Linp_aligned_fma: + srlx $in0,32,$in1 + movrz $len,0,$step + srlx $in2,32,$in3 + add $step,$inp,$inp ! conditional advance + + st $in0,[%sp+LOCALS+8*0+4] ! fill "template" + st $in1,[%sp+LOCALS+8*1+4] + st $in2,[%sp+LOCALS+8*2+4] + st $in3,[%sp+LOCALS+8*3+4] + + ldd [$ctx+8*4],$r0lo ! load key + ldd [$ctx+8*5],$r0hi + ldd [$ctx+8*6],$r1lo + ldd [$ctx+8*7],$r1hi + ldd [$ctx+8*8],$r2lo + ldd [$ctx+8*9],$r2hi + ldd [$ctx+8*10],$r3lo + ldd [$ctx+8*11],$r3hi + ldd [$ctx+8*12],$s1lo + ldd [$ctx+8*13],$s1hi + ldd [$ctx+8*14],$s2lo + ldd [$ctx+8*15],$s2hi + ldd [$ctx+8*16],$s3lo + ldd [$ctx+8*17],$s3hi + + stx %fsr,[%sp+LOCALS+8*4] ! save original %fsr + ldx [%o7+8*6],%fsr ! load new %fsr + + subcc $len,1,$len + movrz $len,0,$step + + ldd [%sp+LOCALS+8*0],$x0 ! load biased input + ldd [%sp+LOCALS+8*1],$x1 + ldd [%sp+LOCALS+8*2],$x2 + ldd [%sp+LOCALS+8*3],$x3 + + fsubd $h0lo,$two0, $h0lo ! de-bias hash value + fsubd $h1lo,$two32,$h1lo + ldxa [$inp+%g0]0x88,$in0 ! modulo-scheduled input load + fsubd $h2lo,$two64,$h2lo + fsubd $h3lo,$two96,$h3lo + ldxa [$inp+$i1]0x88,$in2 + + fsubd $x0,$two0, $x0 ! de-bias input + fsubd $x1,$two32,$x1 + fsubd $x2,$two64,$x2 + fsubd $x3,$two96,$x3 + + brz $shr,.Linp_aligned_fma2 + add $step,$inp,$inp ! conditional advance + + sllx $in0,$shl,$in1 ! align data + srlx $in0,$shr,$in3 + or $in1,$in4,$in0 + sllx $in2,$shl,$in1 + srlx $in2,$shr,$in4 ! pre-shift + or $in3,$in1,$in2 +.Linp_aligned_fma2: + srlx $in0,32,$in1 + srlx $in2,32,$in3 + + faddd $h0lo,$x0,$x0 ! accumulate input + stw $in0,[%sp+LOCALS+8*0+4] + faddd $h1lo,$x1,$x1 + stw $in1,[%sp+LOCALS+8*1+4] + faddd $h2lo,$x2,$x2 + stw $in2,[%sp+LOCALS+8*2+4] + faddd $h3lo,$x3,$x3 + stw $in3,[%sp+LOCALS+8*3+4] + + b .Lentry_fma + nop + +.align 16 +.Loop_fma: + ldxa [$inp+%g0]0x88,$in0 ! modulo-scheduled input load + ldxa [$inp+$i1]0x88,$in2 + movrz $len,0,$step + + faddd $y0,$h0lo,$h0lo ! accumulate input + faddd $y1,$h0hi,$h0hi + faddd $y2,$h2lo,$h2lo + faddd $y3,$h2hi,$h2hi + + brz,pn $shr,.Linp_aligned_fma3 + add $step,$inp,$inp ! conditional advance + + sllx $in0,$shl,$in1 ! align data + srlx $in0,$shr,$in3 + or $in1,$in4,$in0 + sllx $in2,$shl,$in1 + srlx $in2,$shr,$in4 ! pre-shift + or $in3,$in1,$in2 + +.Linp_aligned_fma3: + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32 + faddd $two64,$h1lo,$c1lo + srlx $in0,32,$in1 + faddd $two64,$h1hi,$c1hi + srlx $in2,32,$in3 + faddd $two130,$h3lo,$c3lo + st $in0,[%sp+LOCALS+8*0+4] ! fill "template" + faddd $two130,$h3hi,$c3hi + st $in1,[%sp+LOCALS+8*1+4] + faddd $two32,$h0lo,$c0lo + st $in2,[%sp+LOCALS+8*2+4] + faddd $two32,$h0hi,$c0hi + st $in3,[%sp+LOCALS+8*3+4] + faddd $two96,$h2lo,$c2lo + faddd $two96,$h2hi,$c2hi + + fsubd $c1lo,$two64,$c1lo + fsubd $c1hi,$two64,$c1hi + fsubd $c3lo,$two130,$c3lo + fsubd $c3hi,$two130,$c3hi + fsubd $c0lo,$two32,$c0lo + fsubd $c0hi,$two32,$c0hi + fsubd $c2lo,$two96,$c2lo + fsubd $c2hi,$two96,$c2hi + + fsubd $h1lo,$c1lo,$h1lo + fsubd $h1hi,$c1hi,$h1hi + fsubd $h3lo,$c3lo,$h3lo + fsubd $h3hi,$c3hi,$h3hi + fsubd $h2lo,$c2lo,$h2lo + fsubd $h2hi,$c2hi,$h2hi + fsubd $h0lo,$c0lo,$h0lo + fsubd $h0hi,$c0hi,$h0hi + + faddd $h1lo,$c0lo,$h1lo + faddd $h1hi,$c0hi,$h1hi + faddd $h3lo,$c2lo,$h3lo + faddd $h3hi,$c2hi,$h3hi + faddd $h2lo,$c1lo,$h2lo + faddd $h2hi,$c1hi,$h2hi + fmaddd $five_two130,$c3lo,$h0lo,$h0lo + fmaddd $five_two130,$c3hi,$h0hi,$h0hi + + faddd $h1lo,$h1hi,$x1 + ldd [$ctx+8*12],$s1lo ! reload constants + faddd $h3lo,$h3hi,$x3 + ldd [$ctx+8*13],$s1hi + faddd $h2lo,$h2hi,$x2 + ldd [$ctx+8*10],$r3lo + faddd $h0lo,$h0hi,$x0 + ldd [$ctx+8*11],$r3hi + +.Lentry_fma: + fmuld $x1,$s3lo,$h0lo + fmuld $x1,$s3hi,$h0hi + fmuld $x1,$r1lo,$h2lo + fmuld $x1,$r1hi,$h2hi + fmuld $x1,$r0lo,$h1lo + fmuld $x1,$r0hi,$h1hi + fmuld $x1,$r2lo,$h3lo + fmuld $x1,$r2hi,$h3hi + + fmaddd $x3,$s1lo,$h0lo,$h0lo + fmaddd $x3,$s1hi,$h0hi,$h0hi + fmaddd $x3,$s3lo,$h2lo,$h2lo + fmaddd $x3,$s3hi,$h2hi,$h2hi + fmaddd $x3,$s2lo,$h1lo,$h1lo + fmaddd $x3,$s2hi,$h1hi,$h1hi + fmaddd $x3,$r0lo,$h3lo,$h3lo + fmaddd $x3,$r0hi,$h3hi,$h3hi + + fmaddd $x2,$s2lo,$h0lo,$h0lo + fmaddd $x2,$s2hi,$h0hi,$h0hi + fmaddd $x2,$r0lo,$h2lo,$h2lo + fmaddd $x2,$r0hi,$h2hi,$h2hi + fmaddd $x2,$s3lo,$h1lo,$h1lo + ldd [%sp+LOCALS+8*0],$y0 ! load [biased] input + fmaddd $x2,$s3hi,$h1hi,$h1hi + ldd [%sp+LOCALS+8*1],$y1 + fmaddd $x2,$r1lo,$h3lo,$h3lo + ldd [%sp+LOCALS+8*2],$y2 + fmaddd $x2,$r1hi,$h3hi,$h3hi + ldd [%sp+LOCALS+8*3],$y3 + + fmaddd $x0,$r0lo,$h0lo,$h0lo + fsubd $y0,$two0, $y0 ! de-bias input + fmaddd $x0,$r0hi,$h0hi,$h0hi + fsubd $y1,$two32,$y1 + fmaddd $x0,$r2lo,$h2lo,$h2lo + fsubd $y2,$two64,$y2 + fmaddd $x0,$r2hi,$h2hi,$h2hi + fsubd $y3,$two96,$y3 + fmaddd $x0,$r1lo,$h1lo,$h1lo + fmaddd $x0,$r1hi,$h1hi,$h1hi + fmaddd $x0,$r3lo,$h3lo,$h3lo + fmaddd $x0,$r3hi,$h3hi,$h3hi + + bcc SIZE_T_CC,.Loop_fma + subcc $len,1,$len + + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32 + faddd $h0lo,$two32,$c0lo + faddd $h0hi,$two32,$c0hi + faddd $h2lo,$two96,$c2lo + faddd $h2hi,$two96,$c2hi + faddd $h1lo,$two64,$c1lo + faddd $h1hi,$two64,$c1hi + faddd $h3lo,$two130,$c3lo + faddd $h3hi,$two130,$c3hi + + fsubd $c0lo,$two32,$c0lo + fsubd $c0hi,$two32,$c0hi + fsubd $c2lo,$two96,$c2lo + fsubd $c2hi,$two96,$c2hi + fsubd $c1lo,$two64,$c1lo + fsubd $c1hi,$two64,$c1hi + fsubd $c3lo,$two130,$c3lo + fsubd $c3hi,$two130,$c3hi + + fsubd $h1lo,$c1lo,$h1lo + fsubd $h1hi,$c1hi,$h1hi + fsubd $h3lo,$c3lo,$h3lo + fsubd $h3hi,$c3hi,$h3hi + fsubd $h2lo,$c2lo,$h2lo + fsubd $h2hi,$c2hi,$h2hi + fsubd $h0lo,$c0lo,$h0lo + fsubd $h0hi,$c0hi,$h0hi + + faddd $h1lo,$c0lo,$h1lo + faddd $h1hi,$c0hi,$h1hi + faddd $h3lo,$c2lo,$h3lo + faddd $h3hi,$c2hi,$h3hi + faddd $h2lo,$c1lo,$h2lo + faddd $h2hi,$c1hi,$h2hi + fmaddd $five_two130,$c3lo,$h0lo,$h0lo + fmaddd $five_two130,$c3hi,$h0hi,$h0hi + + faddd $h1lo,$h1hi,$x1 + faddd $h3lo,$h3hi,$x3 + faddd $h2lo,$h2hi,$x2 + faddd $h0lo,$h0hi,$x0 + + faddd $x1,$two32,$x1 ! bias + faddd $x3,$two96,$x3 + faddd $x2,$two64,$x2 + faddd $x0,$two0, $x0 + + ldx [%sp+LOCALS+8*4],%fsr ! restore saved %fsr + + std $x1,[$ctx+8*1] ! store [biased] hash value + std $x3,[$ctx+8*3] + std $x2,[$ctx+8*2] + std $x0,[$ctx+8*0] + +.Labort: + ret + restore +.size poly1305_blocks_fma,.-poly1305_blocks_fma +___ +{ +my ($mac,$nonce)=($inp,$len); + +my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3, $mask + ) = (map("%l$_",(0..5)),map("%o$_",(0..4))); + +$code.=<<___; +.align 32 +poly1305_emit_fma: + save %sp,-STACK_FRAME,%sp + + ld [$ctx+8*0+0],$d0 ! load hash + ld [$ctx+8*0+4],$h0 + ld [$ctx+8*1+0],$d1 + ld [$ctx+8*1+4],$h1 + ld [$ctx+8*2+0],$d2 + ld [$ctx+8*2+4],$h2 + ld [$ctx+8*3+0],$d3 + ld [$ctx+8*3+4],$h3 + + sethi %hi(0xfff00000),$mask + andn $d0,$mask,$d0 ! mask exponent + andn $d1,$mask,$d1 + andn $d2,$mask,$d2 + andn $d3,$mask,$d3 ! can be partially reduced... + mov 3,$mask + + srl $d3,2,$padbit ! ... so reduce + and $d3,$mask,$h4 + andn $d3,$mask,$d3 + add $padbit,$d3,$d3 + + addcc $d3,$h0,$h0 + addccc $d0,$h1,$h1 + addccc $d1,$h2,$h2 + addccc $d2,$h3,$h3 + addc %g0,$h4,$h4 + + addcc $h0,5,$d0 ! compare to modulus + addccc $h1,0,$d1 + addccc $h2,0,$d2 + addccc $h3,0,$d3 + addc $h4,0,$mask + + srl $mask,2,$mask ! did it carry/borrow? + neg $mask,$mask + sra $mask,31,$mask ! mask + + andn $h0,$mask,$h0 + and $d0,$mask,$d0 + andn $h1,$mask,$h1 + and $d1,$mask,$d1 + or $d0,$h0,$h0 + ld [$nonce+0],$d0 ! load nonce + andn $h2,$mask,$h2 + and $d2,$mask,$d2 + or $d1,$h1,$h1 + ld [$nonce+4],$d1 + andn $h3,$mask,$h3 + and $d3,$mask,$d3 + or $d2,$h2,$h2 + ld [$nonce+8],$d2 + or $d3,$h3,$h3 + ld [$nonce+12],$d3 + + addcc $d0,$h0,$h0 ! accumulate nonce + addccc $d1,$h1,$h1 + addccc $d2,$h2,$h2 + addc $d3,$h3,$h3 + + stb $h0,[$mac+0] ! write little-endian result + srl $h0,8,$h0 + stb $h1,[$mac+4] + srl $h1,8,$h1 + stb $h2,[$mac+8] + srl $h2,8,$h2 + stb $h3,[$mac+12] + srl $h3,8,$h3 + + stb $h0,[$mac+1] + srl $h0,8,$h0 + stb $h1,[$mac+5] + srl $h1,8,$h1 + stb $h2,[$mac+9] + srl $h2,8,$h2 + stb $h3,[$mac+13] + srl $h3,8,$h3 + + stb $h0,[$mac+2] + srl $h0,8,$h0 + stb $h1,[$mac+6] + srl $h1,8,$h1 + stb $h2,[$mac+10] + srl $h2,8,$h2 + stb $h3,[$mac+14] + srl $h3,8,$h3 + + stb $h0,[$mac+3] + stb $h1,[$mac+7] + stb $h2,[$mac+11] + stb $h3,[$mac+15] + + ret + restore +.size poly1305_emit_fma,.-poly1305_emit_fma +___ +} + +$code.=<<___; +.align 64 +.Lconsts_fma: +.word 0x43300000,0x00000000 ! 2^(52+0) +.word 0x45300000,0x00000000 ! 2^(52+32) +.word 0x47300000,0x00000000 ! 2^(52+64) +.word 0x49300000,0x00000000 ! 2^(52+96) +.word 0x4b500000,0x00000000 ! 2^(52+130) + +.word 0x37f40000,0x00000000 ! 5/2^130 +.word 0,1<<30 ! fsr: truncate, no exceptions + +.word 0x44300000,0x00000000 ! 2^(52+16+0) +.word 0x46300000,0x00000000 ! 2^(52+16+32) +.word 0x48300000,0x00000000 ! 2^(52+16+64) +.word 0x4a300000,0x00000000 ! 2^(52+16+96) +.word 0x3e300000,0x00000000 ! 2^(52+16+0-96) +.word 0x40300000,0x00000000 ! 2^(52+16+32-96) +.word 0x42300000,0x00000000 ! 2^(52+16+64-96) +.asciz "Poly1305 for SPARCv9/VIS3/FMA, CRYPTOGAMS by <appro\@openssl.org>" +.align 4 +___ +} + +# Purpose of these subroutines is to explicitly encode VIS instructions, +# so that one can compile the module without having to specify VIS +# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# Idea is to reserve for option to produce "universal" binary and let +# programmer detect if current CPU is VIS capable at run-time. +sub unvis3 { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); +my ($ref,$opf); +my %visopf = ( "addxc" => 0x011, + "addxccc" => 0x013, + "umulxhi" => 0x016 ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { + foreach ($rs1,$rs2,$rd) { + return $ref if (!/%([goli])([0-9])/); + $_=$bias{$1}+$2; + } + + return sprintf ".word\t0x%08x !%s", + 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} + +sub unfma { +my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; +my ($ref,$opf); +my %fmaopf = ( "fmadds" => 0x1, + "fmaddd" => 0x2, + "fmsubs" => 0x5, + "fmsubd" => 0x6 ); + + $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; + + if ($opf=$fmaopf{$mnemonic}) { + foreach ($rs1,$rs2,$rs3,$rd) { + return $ref if (!/%f([0-9]{1,2})/); + $_=$1; + if ($1>=32) { + return $ref if ($1&1); + # re-encode for upper double register addressing + $_=($1|$1>>5)&31; + } + } + + return sprintf ".word\t0x%08x !%s", + 0x81b80000|$rd<<25|$rs1<<14|$rs3<<9|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ + &unvis3($1,$2,$3,$4) + /ge or + s/\b(fmadd[sd])\s+(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+)/ + &unfma($1,$2,$3,$4,$5) + /ge; + + print $_,"\n"; +} + +close STDOUT; _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits