ogatak@9713: // Copyright (c) 2017 Instituto de Pesquisas Eldorado. All rights reserved. ogatak@9713: // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ogatak@9713: // ogatak@9713: // This code is free software; you can redistribute it and/or modify it ogatak@9713: // under the terms of the GNU General Public License version 2 only, as ogatak@9713: // published by the Free Software Foundation. ogatak@9713: // ogatak@9713: // This code is distributed in the hope that it will be useful, but WITHOUT ogatak@9713: // ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ogatak@9713: // FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ogatak@9713: // version 2 for more details (a copy is included in the LICENSE file that ogatak@9713: // accompanied this code). ogatak@9713: // ogatak@9713: // You should have received a copy of the GNU General Public License version ogatak@9713: // 2 along with this work; if not, write to the Free Software Foundation, ogatak@9713: // Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ogatak@9713: // ogatak@9713: // Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ogatak@9713: // or visit www.oracle.com if you need additional information or have any ogatak@9713: // questions. ogatak@9713: ogatak@9713: // Implemented according to "Descriptions of SHA-256, SHA-384, and SHA-512" ogatak@9713: // (http://www.iwar.org.uk/comsec/resources/cipher/sha256-384-512.pdf). ogatak@9713: ogatak@9713: #include "asm/macroAssembler.inline.hpp" ogatak@9713: #include "runtime/stubRoutines.hpp" ogatak@9713: ogatak@9713: /********************************************************************** ogatak@9713: * SHA 256 ogatak@9713: *********************************************************************/ ogatak@9713: ogatak@9713: void MacroAssembler::sha256_deque(const VectorRegister src, ogatak@9713: const VectorRegister dst1, ogatak@9713: const VectorRegister dst2, ogatak@9713: const VectorRegister dst3) { ogatak@9713: vsldoi (dst1, src, src, 12); ogatak@9713: vsldoi (dst2, src, src, 8); ogatak@9713: vsldoi (dst3, src, src, 4); ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha256_round(const VectorRegister* hs, ogatak@9713: const int total_hs, ogatak@9713: int& h_cnt, ogatak@9713: const VectorRegister kpw) { ogatak@9713: // convenience registers: cycle from 0-7 downwards ogatak@9713: const VectorRegister a = hs[(total_hs + 0 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister b = hs[(total_hs + 1 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister c = hs[(total_hs + 2 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister d = hs[(total_hs + 3 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister e = hs[(total_hs + 4 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister f = hs[(total_hs + 5 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister g = hs[(total_hs + 6 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister h = hs[(total_hs + 7 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: // temporaries ogatak@9713: VectorRegister ch = VR0; ogatak@9713: VectorRegister maj = VR1; ogatak@9713: VectorRegister bsa = VR2; ogatak@9713: VectorRegister bse = VR3; ogatak@9713: VectorRegister vt0 = VR4; ogatak@9713: VectorRegister vt1 = VR5; ogatak@9713: VectorRegister vt2 = VR6; ogatak@9713: VectorRegister vt3 = VR7; ogatak@9713: ogatak@9713: vsel (ch, g, f, e); ogatak@9713: vxor (maj, a, b); ogatak@9713: vshasigmaw (bse, e, 1, 0xf); ogatak@9713: vadduwm (vt2, ch, kpw); ogatak@9713: vadduwm (vt1, h, bse); ogatak@9713: vsel (maj, b, c, maj); ogatak@9713: vadduwm (vt3, vt1, vt2); ogatak@9713: vshasigmaw (bsa, a, 1, 0); ogatak@9713: vadduwm (vt0, bsa, maj); ogatak@9713: ogatak@9713: vadduwm (d, d, vt3); ogatak@9713: vadduwm (h, vt3, vt0); ogatak@9713: ogatak@9713: // advance vector pointer to the next iteration ogatak@9713: h_cnt++; ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha256_load_h_vec(const VectorRegister a, ogatak@9713: const VectorRegister e, ogatak@9713: const Register hptr) { ogatak@9713: // temporaries ogatak@9713: Register tmp = R8; ogatak@9713: VectorRegister vt0 = VR0; ogatak@9713: VectorRegister vRb = VR6; ogatak@9713: // labels ogatak@9713: Label sha256_aligned; ogatak@9713: ogatak@9713: andi_ (tmp, hptr, 0xf); ogatak@9713: lvx (a, hptr); ogatak@9713: addi (tmp, hptr, 16); ogatak@9713: lvx (e, tmp); ogatak@9713: beq (CCR0, sha256_aligned); ogatak@9713: ogatak@9713: // handle unaligned accesses ogatak@9713: load_perm(vRb, hptr); ogatak@9713: addi (tmp, hptr, 32); ogatak@9713: vec_perm(a, e, vRb); ogatak@9713: ogatak@9713: lvx (vt0, tmp); ogatak@9713: vec_perm(e, vt0, vRb); ogatak@9713: ogatak@9713: // aligned accesses ogatak@9713: bind(sha256_aligned); ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha256_load_w_plus_k_vec(const Register buf_in, ogatak@9713: const VectorRegister* ws, ogatak@9713: const int total_ws, ogatak@9713: const Register k, ogatak@9713: const VectorRegister* kpws, ogatak@9713: const int total_kpws) { ogatak@9713: Label w_aligned, after_w_load; ogatak@9713: ogatak@9713: Register tmp = R8; ogatak@9713: VectorRegister vt0 = VR0; ogatak@9713: VectorRegister vt1 = VR1; ogatak@9713: VectorRegister vRb = VR6; ogatak@9713: ogatak@9713: andi_ (tmp, buf_in, 0xF); ogatak@9713: beq (CCR0, w_aligned); // address ends with 0x0, not 0x8 ogatak@9713: ogatak@9713: // deal with unaligned addresses ogatak@9713: lvx (ws[0], buf_in); ogatak@9713: load_perm(vRb, buf_in); ogatak@9713: ogatak@9713: for (int n = 1; n < total_ws; n++) { ogatak@9713: VectorRegister w_cur = ws[n]; ogatak@9713: VectorRegister w_prev = ws[n-1]; ogatak@9713: ogatak@9713: addi (tmp, buf_in, n * 16); ogatak@9713: lvx (w_cur, tmp); ogatak@9713: vec_perm(w_prev, w_cur, vRb); ogatak@9713: } ogatak@9713: addi (tmp, buf_in, total_ws * 16); ogatak@9713: lvx (vt0, tmp); ogatak@9713: vec_perm(ws[total_ws-1], vt0, vRb); ogatak@9713: b (after_w_load); ogatak@9713: ogatak@9713: bind(w_aligned); ogatak@9713: ogatak@9713: // deal with aligned addresses ogatak@9713: lvx(ws[0], buf_in); ogatak@9713: for (int n = 1; n < total_ws; n++) { ogatak@9713: VectorRegister w = ws[n]; ogatak@9713: addi (tmp, buf_in, n * 16); ogatak@9713: lvx (w, tmp); ogatak@9713: } ogatak@9713: ogatak@9713: bind(after_w_load); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: // Byte swapping within int values ogatak@9713: li (tmp, 8); ogatak@9713: lvsl (vt0, tmp); ogatak@9713: vspltisb (vt1, 0xb); ogatak@9713: vxor (vt1, vt0, vt1); ogatak@9713: for (int n = 0; n < total_ws; n++) { ogatak@9713: VectorRegister w = ws[n]; ogatak@9713: vec_perm(w, w, vt1); ogatak@9713: } ogatak@9713: #endif ogatak@9713: ogatak@9713: // Loading k, which is always aligned to 16-bytes ogatak@9713: lvx (kpws[0], k); ogatak@9713: for (int n = 1; n < total_kpws; n++) { ogatak@9713: VectorRegister kpw = kpws[n]; ogatak@9713: addi (tmp, k, 16 * n); ogatak@9713: lvx (kpw, tmp); ogatak@9713: } ogatak@9713: ogatak@9713: // Add w to K ogatak@9713: assert(total_ws == total_kpws, "Redesign the loop below"); ogatak@9713: for (int n = 0; n < total_kpws; n++) { ogatak@9713: VectorRegister kpw = kpws[n]; ogatak@9713: VectorRegister w = ws[n]; ogatak@9713: ogatak@9713: vadduwm (kpw, kpw, w); ogatak@9713: } ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha256_calc_4w(const VectorRegister w0, ogatak@9713: const VectorRegister w1, ogatak@9713: const VectorRegister w2, ogatak@9713: const VectorRegister w3, ogatak@9713: const VectorRegister kpw0, ogatak@9713: const VectorRegister kpw1, ogatak@9713: const VectorRegister kpw2, ogatak@9713: const VectorRegister kpw3, ogatak@9713: const Register j, ogatak@9713: const Register k) { ogatak@9713: // Temporaries ogatak@9713: const VectorRegister vt0 = VR0; ogatak@9713: const VectorRegister vt1 = VR1; ogatak@9713: const VectorSRegister vsrt1 = vt1->to_vsr(); ogatak@9713: const VectorRegister vt2 = VR2; ogatak@9713: const VectorRegister vt3 = VR3; ogatak@9713: const VectorSRegister vst3 = vt3->to_vsr(); ogatak@9713: const VectorRegister vt4 = VR4; ogatak@9713: ogatak@9713: // load to k[j] ogatak@9713: lvx (vt0, j, k); ogatak@9713: ogatak@9713: // advance j ogatak@9713: addi (j, j, 16); // 16 bytes were read ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: // b = w[j-15], w[j-14], w[j-13], w[j-12] ogatak@9713: vsldoi (vt1, w1, w0, 12); ogatak@9713: ogatak@9713: // c = w[j-7], w[j-6], w[j-5], w[j-4] ogatak@9713: vsldoi (vt2, w3, w2, 12); ogatak@9713: ogatak@9713: #else ogatak@9713: // b = w[j-15], w[j-14], w[j-13], w[j-12] ogatak@9713: vsldoi (vt1, w0, w1, 4); ogatak@9713: ogatak@9713: // c = w[j-7], w[j-6], w[j-5], w[j-4] ogatak@9713: vsldoi (vt2, w2, w3, 4); ogatak@9713: #endif ogatak@9713: ogatak@9713: // d = w[j-2], w[j-1], w[j-4], w[j-3] ogatak@9713: vsldoi (vt3, w3, w3, 8); ogatak@9713: ogatak@9713: // b = s0(w[j-15]) , s0(w[j-14]) , s0(w[j-13]) , s0(w[j-12]) ogatak@9713: vshasigmaw (vt1, vt1, 0, 0); ogatak@9713: ogatak@9713: // d = s1(w[j-2]) , s1(w[j-1]) , s1(w[j-4]) , s1(w[j-3]) ogatak@9713: vshasigmaw (vt3, vt3, 0, 0xf); ogatak@9713: ogatak@9713: // c = s0(w[j-15]) + w[j-7], ogatak@9713: // s0(w[j-14]) + w[j-6], ogatak@9713: // s0(w[j-13]) + w[j-5], ogatak@9713: // s0(w[j-12]) + w[j-4] ogatak@9713: vadduwm (vt2, vt1, vt2); ogatak@9713: ogatak@9713: // c = s0(w[j-15]) + w[j-7] + w[j-16], ogatak@9713: // s0(w[j-14]) + w[j-6] + w[j-15], ogatak@9713: // s0(w[j-13]) + w[j-5] + w[j-14], ogatak@9713: // s0(w[j-12]) + w[j-4] + w[j-13] ogatak@9713: vadduwm (vt2, vt2, w0); ogatak@9713: ogatak@9713: // e = s0(w[j-15]) + w[j-7] + w[j-16] + s1(w[j-2]), // w[j] ogatak@9713: // s0(w[j-14]) + w[j-6] + w[j-15] + s1(w[j-1]), // w[j+1] ogatak@9713: // s0(w[j-13]) + w[j-5] + w[j-14] + s1(w[j-4]), // UNDEFINED ogatak@9713: // s0(w[j-12]) + w[j-4] + w[j-13] + s1(w[j-3]) // UNDEFINED ogatak@9713: vadduwm (vt4, vt2, vt3); ogatak@9713: ogatak@9713: // At this point, e[0] and e[1] are the correct values to be stored at w[j] ogatak@9713: // and w[j+1]. ogatak@9713: // e[2] and e[3] are not considered. ogatak@9713: // b = s1(w[j]) , s1(s(w[j+1]) , UNDEFINED , UNDEFINED ogatak@9713: vshasigmaw (vt1, vt4, 0, 0xf); ogatak@9713: ogatak@9713: // v5 = s1(w[j-2]) , s1(w[j-1]) , s1(w[j]) , s1(w[j+1]) ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: xxmrgld (vst3, vsrt1, vst3); ogatak@9713: #else ogatak@9713: xxmrghd (vst3, vst3, vsrt1); ogatak@9713: #endif ogatak@9713: ogatak@9713: // c = s0(w[j-15]) + w[j-7] + w[j-16] + s1(w[j-2]), // w[j] ogatak@9713: // s0(w[j-14]) + w[j-6] + w[j-15] + s1(w[j-1]), // w[j+1] ogatak@9713: // s0(w[j-13]) + w[j-5] + w[j-14] + s1(w[j]), // w[j+2] ogatak@9713: // s0(w[j-12]) + w[j-4] + w[j-13] + s1(w[j+1]) // w[j+4] ogatak@9713: vadduwm (vt2, vt2, vt3); ogatak@9713: ogatak@9713: // Updating w0 to w3 to hold the new previous 16 values from w. ogatak@9713: vmr (w0, w1); ogatak@9713: vmr (w1, w2); ogatak@9713: vmr (w2, w3); ogatak@9713: vmr (w3, vt2); ogatak@9713: ogatak@9713: // store k + w to v9 (4 values at once) ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: vadduwm (kpw0, vt2, vt0); ogatak@9713: ogatak@9713: vsldoi (kpw1, kpw0, kpw0, 12); ogatak@9713: vsldoi (kpw2, kpw0, kpw0, 8); ogatak@9713: vsldoi (kpw3, kpw0, kpw0, 4); ogatak@9713: #else ogatak@9713: vadduwm (kpw3, vt2, vt0); ogatak@9713: ogatak@9713: vsldoi (kpw2, kpw3, kpw3, 12); ogatak@9713: vsldoi (kpw1, kpw3, kpw3, 8); ogatak@9713: vsldoi (kpw0, kpw3, kpw3, 4); ogatak@9713: #endif ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha256_update_sha_state(const VectorRegister a, ogatak@9713: const VectorRegister b_, ogatak@9713: const VectorRegister c, ogatak@9713: const VectorRegister d, ogatak@9713: const VectorRegister e, ogatak@9713: const VectorRegister f, ogatak@9713: const VectorRegister g, ogatak@9713: const VectorRegister h, ogatak@9713: const Register hptr) { ogatak@9713: // temporaries ogatak@9713: VectorRegister vt0 = VR0; ogatak@9713: VectorRegister vt1 = VR1; ogatak@9713: VectorRegister vt2 = VR2; ogatak@9713: VectorRegister vt3 = VR3; ogatak@9713: VectorRegister vt4 = VR4; ogatak@9713: VectorRegister vt5 = VR5; ogatak@9713: VectorRegister vaux = VR6; ogatak@9713: VectorRegister vRb = VR6; ogatak@9713: Register tmp = R8; ogatak@9713: Register of16 = R8; ogatak@9713: Register of32 = R9; ogatak@9713: Label state_load_aligned; ogatak@9713: ogatak@9713: // Load hptr ogatak@9713: andi_ (tmp, hptr, 0xf); ogatak@9713: li (of16, 16); ogatak@9713: lvx (vt0, hptr); ogatak@9713: lvx (vt5, of16, hptr); ogatak@9713: beq (CCR0, state_load_aligned); ogatak@9713: ogatak@9713: // handle unaligned accesses ogatak@9713: li (of32, 32); ogatak@9713: load_perm(vRb, hptr); ogatak@9713: ogatak@9713: vec_perm(vt0, vt5, vRb); // vt0 = hptr[0]..hptr[3] ogatak@9713: ogatak@9713: lvx (vt1, hptr, of32); ogatak@9713: vec_perm(vt5, vt1, vRb); // vt5 = hptr[4]..hptr[7] ogatak@9713: ogatak@9713: // aligned accesses ogatak@9713: bind(state_load_aligned); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: vmrglw (vt1, b_, a); // vt1 = {a, b, ?, ?} ogatak@9713: vmrglw (vt2, d, c); // vt2 = {c, d, ?, ?} ogatak@9713: vmrglw (vt3, f, e); // vt3 = {e, f, ?, ?} ogatak@9713: vmrglw (vt4, h, g); // vt4 = {g, h, ?, ?} ogatak@9713: xxmrgld (vt1->to_vsr(), vt2->to_vsr(), vt1->to_vsr()); // vt1 = {a, b, c, d} ogatak@9713: xxmrgld (vt3->to_vsr(), vt4->to_vsr(), vt3->to_vsr()); // vt3 = {e, f, g, h} ogatak@9713: vadduwm (a, vt0, vt1); // a = {a+hptr[0], b+hptr[1], c+hptr[2], d+hptr[3]} ogatak@9713: vadduwm (e, vt5, vt3); // e = {e+hptr[4], f+hptr[5], g+hptr[6], h+hptr[7]} ogatak@9713: ogatak@9713: // Save hptr back, works for any alignment ogatak@9713: xxswapd (vt0->to_vsr(), a->to_vsr()); ogatak@9713: stxvd2x (vt0->to_vsr(), hptr); ogatak@9713: xxswapd (vt5->to_vsr(), e->to_vsr()); ogatak@9713: stxvd2x (vt5->to_vsr(), of16, hptr); ogatak@9713: #else ogatak@9713: vmrglw (vt1, a, b_); // vt1 = {a, b, ?, ?} ogatak@9713: vmrglw (vt2, c, d); // vt2 = {c, d, ?, ?} ogatak@9713: vmrglw (vt3, e, f); // vt3 = {e, f, ?, ?} ogatak@9713: vmrglw (vt4, g, h); // vt4 = {g, h, ?, ?} ogatak@9713: xxmrgld (vt1->to_vsr(), vt1->to_vsr(), vt2->to_vsr()); // vt1 = {a, b, c, d} ogatak@9713: xxmrgld (vt3->to_vsr(), vt3->to_vsr(), vt4->to_vsr()); // vt3 = {e, f, g, h} ogatak@9713: vadduwm (d, vt0, vt1); // d = {a+hptr[0], b+hptr[1], c+hptr[2], d+hptr[3]} ogatak@9713: vadduwm (h, vt5, vt3); // h = {e+hptr[4], f+hptr[5], g+hptr[6], h+hptr[7]} ogatak@9713: ogatak@9713: // Save hptr back, works for any alignment ogatak@9713: stxvd2x (d->to_vsr(), hptr); ogatak@9713: stxvd2x (h->to_vsr(), of16, hptr); ogatak@9713: #endif ogatak@9713: } ogatak@9713: ogatak@9713: static const uint32_t sha256_round_table[64] __attribute((aligned(16))) = { ogatak@9713: 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, ogatak@9713: 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, ogatak@9713: 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, ogatak@9713: 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, ogatak@9713: 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, ogatak@9713: 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, ogatak@9713: 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, ogatak@9713: 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, ogatak@9713: 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, ogatak@9713: 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, ogatak@9713: 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, ogatak@9713: 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, ogatak@9713: 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, ogatak@9713: 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, ogatak@9713: 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, ogatak@9713: 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, ogatak@9713: }; ogatak@9713: static const uint32_t *sha256_round_consts = sha256_round_table; ogatak@9713: ogatak@9713: // R3_ARG1 - byte[] Input string with padding but in Big Endian ogatak@9713: // R4_ARG2 - int[] SHA.state (at first, the root of primes) ogatak@9713: // R5_ARG3 - int offset ogatak@9713: // R6_ARG4 - int limit ogatak@9713: // ogatak@9713: // Internal Register usage: ogatak@9713: // R7 - k ogatak@9713: // R8 - tmp | j | of16 ogatak@9713: // R9 - of32 ogatak@9713: // VR0-VR8 - ch, maj, bsa, bse, vt0-vt3 | vt0-vt5, vaux/vRb ogatak@9713: // VR9-VR16 - a-h ogatak@9713: // VR17-VR20 - w0-w3 ogatak@9713: // VR21-VR23 - vRb | vaux0-vaux2 ogatak@9713: // VR24-VR27 - kpw0-kpw3 ogatak@9713: void MacroAssembler::sha256(bool multi_block) { ogatak@9713: static const ssize_t buf_size = 64; ogatak@9713: static const uint8_t w_size = sizeof(sha256_round_table)/sizeof(uint32_t); ogatak@9713: #ifdef AIX ogatak@9713: // malloc provides 16 byte alignment ogatak@9713: if (((uintptr_t)sha256_round_consts & 0xF) != 0) { ogatak@9713: uint32_t *new_round_consts = (uint32_t*)malloc(sizeof(sha256_round_table)); ogatak@9713: guarantee(new_round_consts, "oom"); ogatak@9713: memcpy(new_round_consts, sha256_round_consts, sizeof(sha256_round_table)); ogatak@9713: sha256_round_consts = (const uint32_t*)new_round_consts; ogatak@9713: } ogatak@9713: #endif ogatak@9713: ogatak@9713: Register buf_in = R3_ARG1; ogatak@9713: Register state = R4_ARG2; ogatak@9713: Register ofs = R5_ARG3; ogatak@9713: Register limit = R6_ARG4; ogatak@9713: ogatak@9713: Label sha_loop, core_loop; ogatak@9713: ogatak@9713: // Save non-volatile vector registers in the red zone ogatak@9713: static const VectorRegister nv[] = { ogatak@9713: VR20, VR21, VR22, VR23, VR24, VR25, VR26, VR27/*, VR28, VR29, VR30, VR31*/ ogatak@9713: }; ogatak@9713: static const uint8_t nv_size = sizeof(nv) / sizeof (VectorRegister); ogatak@9713: ogatak@9713: for (int c = 0; c < nv_size; c++) { ogatak@9713: Register tmp = R8; ogatak@9713: li (tmp, (c - (nv_size)) * 16); ogatak@9713: stvx(nv[c], tmp, R1); ogatak@9713: } ogatak@9713: ogatak@9713: // Load hash state to registers ogatak@9713: VectorRegister a = VR9; ogatak@9713: VectorRegister b = VR10; ogatak@9713: VectorRegister c = VR11; ogatak@9713: VectorRegister d = VR12; ogatak@9713: VectorRegister e = VR13; ogatak@9713: VectorRegister f = VR14; ogatak@9713: VectorRegister g = VR15; ogatak@9713: VectorRegister h = VR16; ogatak@9713: static const VectorRegister hs[] = {a, b, c, d, e, f, g, h}; ogatak@9713: static const int total_hs = sizeof(hs)/sizeof(VectorRegister); ogatak@9713: // counter for cycling through hs vector to avoid register moves between iterations ogatak@9713: int h_cnt = 0; ogatak@9713: ogatak@9713: // Load a-h registers from the memory pointed by state ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: sha256_load_h_vec(a, e, state); ogatak@9713: #else ogatak@9713: sha256_load_h_vec(d, h, state); ogatak@9713: #endif ogatak@9713: ogatak@9713: // keep k loaded also during MultiBlock loops ogatak@9713: Register k = R7; ogatak@9713: assert(((uintptr_t)sha256_round_consts & 0xF) == 0, "k alignment"); ogatak@9713: load_const_optimized(k, (address)sha256_round_consts, R0); ogatak@9713: ogatak@9713: // Avoiding redundant loads ogatak@9713: if (multi_block) { ogatak@9713: align(OptoLoopAlignment); ogatak@9713: } ogatak@9713: bind(sha_loop); ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: sha256_deque(a, b, c, d); ogatak@9713: sha256_deque(e, f, g, h); ogatak@9713: #else ogatak@9713: sha256_deque(d, c, b, a); ogatak@9713: sha256_deque(h, g, f, e); ogatak@9713: #endif ogatak@9713: ogatak@9713: // Load 16 elements from w out of the loop. ogatak@9713: // Order of the int values is Endianess specific. ogatak@9713: VectorRegister w0 = VR17; ogatak@9713: VectorRegister w1 = VR18; ogatak@9713: VectorRegister w2 = VR19; ogatak@9713: VectorRegister w3 = VR20; ogatak@9713: static const VectorRegister ws[] = {w0, w1, w2, w3}; ogatak@9713: static const int total_ws = sizeof(ws)/sizeof(VectorRegister); ogatak@9713: ogatak@9713: VectorRegister kpw0 = VR24; ogatak@9713: VectorRegister kpw1 = VR25; ogatak@9713: VectorRegister kpw2 = VR26; ogatak@9713: VectorRegister kpw3 = VR27; ogatak@9713: static const VectorRegister kpws[] = {kpw0, kpw1, kpw2, kpw3}; ogatak@9713: static const int total_kpws = sizeof(kpws)/sizeof(VectorRegister); ogatak@9713: ogatak@9713: sha256_load_w_plus_k_vec(buf_in, ws, total_ws, k, kpws, total_kpws); ogatak@9713: ogatak@9713: // Cycle through the first 16 elements ogatak@9713: assert(total_ws == total_kpws, "Redesign the loop below"); ogatak@9713: for (int n = 0; n < total_ws; n++) { ogatak@9713: VectorRegister vaux0 = VR21; ogatak@9713: VectorRegister vaux1 = VR22; ogatak@9713: VectorRegister vaux2 = VR23; ogatak@9713: ogatak@9713: sha256_deque(kpws[n], vaux0, vaux1, vaux2); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpws[n]); ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux0); ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux1); ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux2); ogatak@9713: #else ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux2); ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux1); ogatak@9713: sha256_round(hs, total_hs, h_cnt, vaux0); ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpws[n]); ogatak@9713: #endif ogatak@9713: } ogatak@9713: ogatak@9713: Register tmp = R8; ogatak@9713: // loop the 16th to the 64th iteration by 8 steps ogatak@9713: li (tmp, (w_size - 16) / total_hs); ogatak@9713: mtctr(tmp); ogatak@9713: ogatak@9713: // j will be aligned to 4 for loading words. ogatak@9713: // Whenever read, advance the pointer (e.g: when j is used in a function) ogatak@9713: Register j = R8; ogatak@9713: li (j, 16*4); ogatak@9713: ogatak@9713: align(OptoLoopAlignment); ogatak@9713: bind(core_loop); ogatak@9713: ogatak@9713: // due to VectorRegister rotate, always iterate in multiples of total_hs ogatak@9713: for (int n = 0; n < total_hs/4; n++) { ogatak@9713: sha256_calc_4w(w0, w1, w2, w3, kpw0, kpw1, kpw2, kpw3, j, k); ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpw0); ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpw1); ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpw2); ogatak@9713: sha256_round(hs, total_hs, h_cnt, kpw3); ogatak@9713: } ogatak@9713: ogatak@9713: bdnz (core_loop); ogatak@9713: ogatak@9713: // Update hash state ogatak@9713: sha256_update_sha_state(a, b, c, d, e, f, g, h, state); ogatak@9713: ogatak@9713: if (multi_block) { ogatak@9713: addi(buf_in, buf_in, buf_size); ogatak@9713: addi(ofs, ofs, buf_size); ogatak@9713: cmplw(CCR0, ofs, limit); ogatak@9713: ble(CCR0, sha_loop); ogatak@9713: ogatak@9713: // return ofs ogatak@9713: mr(R3_RET, ofs); ogatak@9713: } ogatak@9713: ogatak@9713: // Restore non-volatile registers ogatak@9713: for (int c = 0; c < nv_size; c++) { ogatak@9713: Register tmp = R8; ogatak@9713: li (tmp, (c - (nv_size)) * 16); ogatak@9713: lvx(nv[c], tmp, R1); ogatak@9713: } ogatak@9713: } ogatak@9713: ogatak@9713: ogatak@9713: /********************************************************************** ogatak@9713: * SHA 512 ogatak@9713: *********************************************************************/ ogatak@9713: ogatak@9713: void MacroAssembler::sha512_load_w_vec(const Register buf_in, ogatak@9713: const VectorRegister* ws, ogatak@9713: const int total_ws) { ogatak@9713: Register tmp = R8; ogatak@9713: VectorRegister vRb = VR8; ogatak@9713: VectorRegister aux = VR9; ogatak@9713: Label is_aligned, after_alignment; ogatak@9713: ogatak@9713: andi_ (tmp, buf_in, 0xF); ogatak@9713: beq (CCR0, is_aligned); // address ends with 0x0, not 0x8 ogatak@9713: ogatak@9713: // deal with unaligned addresses ogatak@9713: lvx (ws[0], buf_in); ogatak@9713: load_perm(vRb, buf_in); ogatak@9713: ogatak@9713: for (int n = 1; n < total_ws; n++) { ogatak@9713: VectorRegister w_cur = ws[n]; ogatak@9713: VectorRegister w_prev = ws[n-1]; ogatak@9713: addi (tmp, buf_in, n * 16); ogatak@9713: lvx (w_cur, tmp); ogatak@9713: vec_perm(w_prev, w_cur, vRb); ogatak@9713: } ogatak@9713: addi (tmp, buf_in, total_ws * 16); ogatak@9713: lvx (aux, tmp); ogatak@9713: vec_perm(ws[total_ws-1], aux, vRb); ogatak@9713: b (after_alignment); ogatak@9713: ogatak@9713: bind(is_aligned); ogatak@9713: lvx (ws[0], buf_in); ogatak@9713: for (int n = 1; n < total_ws; n++) { ogatak@9713: VectorRegister w = ws[n]; ogatak@9713: addi (tmp, buf_in, n * 16); ogatak@9713: lvx (w, tmp); ogatak@9713: } ogatak@9713: ogatak@9713: bind(after_alignment); ogatak@9713: } ogatak@9713: ogatak@9713: // Update hash state ogatak@9713: void MacroAssembler::sha512_update_sha_state(const Register state, ogatak@9713: const VectorRegister* hs, ogatak@9713: const int total_hs) { ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: int start_idx = 0; ogatak@9713: #else ogatak@9713: int start_idx = 1; ogatak@9713: #endif ogatak@9713: ogatak@9713: // load initial hash from the memory pointed by state ogatak@9713: VectorRegister ini_a = VR10; ogatak@9713: VectorRegister ini_c = VR12; ogatak@9713: VectorRegister ini_e = VR14; ogatak@9713: VectorRegister ini_g = VR16; ogatak@9713: static const VectorRegister inis[] = {ini_a, ini_c, ini_e, ini_g}; ogatak@9713: static const int total_inis = sizeof(inis)/sizeof(VectorRegister); ogatak@9713: ogatak@9713: Label state_save_aligned, after_state_save_aligned; ogatak@9713: ogatak@9713: Register addr = R7; ogatak@9713: Register tmp = R8; ogatak@9713: VectorRegister vRb = VR8; ogatak@9713: VectorRegister aux = VR9; ogatak@9713: ogatak@9713: andi_(tmp, state, 0xf); ogatak@9713: beq(CCR0, state_save_aligned); ogatak@9713: // deal with unaligned addresses ogatak@9713: ogatak@9713: { ogatak@9713: VectorRegister a = hs[0]; ogatak@9713: VectorRegister b_ = hs[1]; ogatak@9713: VectorRegister c = hs[2]; ogatak@9713: VectorRegister d = hs[3]; ogatak@9713: VectorRegister e = hs[4]; ogatak@9713: VectorRegister f = hs[5]; ogatak@9713: VectorRegister g = hs[6]; ogatak@9713: VectorRegister h = hs[7]; ogatak@9713: load_perm(vRb, state); ogatak@9713: lvx (ini_a, state); ogatak@9713: addi (addr, state, 16); ogatak@9713: ogatak@9713: lvx (ini_c, addr); ogatak@9713: addi (addr, state, 32); ogatak@9713: vec_perm(ini_a, ini_c, vRb); ogatak@9713: ogatak@9713: lvx (ini_e, addr); ogatak@9713: addi (addr, state, 48); ogatak@9713: vec_perm(ini_c, ini_e, vRb); ogatak@9713: ogatak@9713: lvx (ini_g, addr); ogatak@9713: addi (addr, state, 64); ogatak@9713: vec_perm(ini_e, ini_g, vRb); ogatak@9713: ogatak@9713: lvx (aux, addr); ogatak@9713: vec_perm(ini_g, aux, vRb); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: xxmrgld(a->to_vsr(), b_->to_vsr(), a->to_vsr()); ogatak@9713: xxmrgld(c->to_vsr(), d->to_vsr(), c->to_vsr()); ogatak@9713: xxmrgld(e->to_vsr(), f->to_vsr(), e->to_vsr()); ogatak@9713: xxmrgld(g->to_vsr(), h->to_vsr(), g->to_vsr()); ogatak@9713: #else ogatak@9713: xxmrgld(b_->to_vsr(), a->to_vsr(), b_->to_vsr()); ogatak@9713: xxmrgld(d->to_vsr(), c->to_vsr(), d->to_vsr()); ogatak@9713: xxmrgld(f->to_vsr(), e->to_vsr(), f->to_vsr()); ogatak@9713: xxmrgld(h->to_vsr(), g->to_vsr(), h->to_vsr()); ogatak@9713: #endif ogatak@9713: ogatak@9713: for (int n = start_idx; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: VectorRegister ini_cur = inis[n/2]; ogatak@9713: ogatak@9713: vaddudm(h_cur, ini_cur, h_cur); ogatak@9713: } ogatak@9713: ogatak@9713: for (int n = start_idx; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: ogatak@9713: mfvrd (tmp, h_cur); ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: std (tmp, 8*n + 8, state); ogatak@9713: #else ogatak@9713: std (tmp, 8*n - 8, state); ogatak@9713: #endif ogatak@9713: vsldoi (aux, h_cur, h_cur, 8); ogatak@9713: mfvrd (tmp, aux); ogatak@9713: std (tmp, 8*n + 0, state); ogatak@9713: } ogatak@9713: ogatak@9713: b (after_state_save_aligned); ogatak@9713: } ogatak@9713: ogatak@9713: bind(state_save_aligned); ogatak@9713: { ogatak@9713: for (int n = 0; n < total_hs; n += 2) { ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: VectorRegister h_next = hs[n+1]; ogatak@9713: #else ogatak@9713: VectorRegister h_cur = hs[n+1]; ogatak@9713: VectorRegister h_next = hs[n]; ogatak@9713: #endif ogatak@9713: VectorRegister ini_cur = inis[n/2]; ogatak@9713: ogatak@9713: if (n/2 == 0) { ogatak@9713: lvx(ini_cur, state); ogatak@9713: } else { ogatak@9713: addi(addr, state, (n/2) * 16); ogatak@9713: lvx(ini_cur, addr); ogatak@9713: } ogatak@9713: xxmrgld(h_cur->to_vsr(), h_next->to_vsr(), h_cur->to_vsr()); ogatak@9713: } ogatak@9713: ogatak@9713: for (int n = start_idx; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: VectorRegister ini_cur = inis[n/2]; ogatak@9713: ogatak@9713: vaddudm(h_cur, ini_cur, h_cur); ogatak@9713: } ogatak@9713: ogatak@9713: for (int n = start_idx; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: ogatak@9713: if (n/2 == 0) { ogatak@9713: stvx(h_cur, state); ogatak@9713: } else { ogatak@9713: addi(addr, state, (n/2) * 16); ogatak@9713: stvx(h_cur, addr); ogatak@9713: } ogatak@9713: } ogatak@9713: } ogatak@9713: ogatak@9713: bind(after_state_save_aligned); ogatak@9713: } ogatak@9713: ogatak@9713: // Use h_cnt to cycle through hs elements but also increment it at the end ogatak@9713: void MacroAssembler::sha512_round(const VectorRegister* hs, ogatak@9713: const int total_hs, int& h_cnt, ogatak@9713: const VectorRegister kpw) { ogatak@9713: ogatak@9713: // convenience registers: cycle from 0-7 downwards ogatak@9713: const VectorRegister a = hs[(total_hs + 0 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister b = hs[(total_hs + 1 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister c = hs[(total_hs + 2 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister d = hs[(total_hs + 3 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister e = hs[(total_hs + 4 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister f = hs[(total_hs + 5 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister g = hs[(total_hs + 6 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: const VectorRegister h = hs[(total_hs + 7 - (h_cnt % total_hs)) % total_hs]; ogatak@9713: // temporaries ogatak@9713: const VectorRegister Ch = VR20; ogatak@9713: const VectorRegister Maj = VR21; ogatak@9713: const VectorRegister bsa = VR22; ogatak@9713: const VectorRegister bse = VR23; ogatak@9713: const VectorRegister tmp1 = VR24; ogatak@9713: const VectorRegister tmp2 = VR25; ogatak@9713: ogatak@9713: vsel (Ch, g, f, e); ogatak@9713: vxor (Maj, a, b); ogatak@9713: vshasigmad(bse, e, 1, 0xf); ogatak@9713: vaddudm (tmp2, Ch, kpw); ogatak@9713: vaddudm (tmp1, h, bse); ogatak@9713: vsel (Maj, b, c, Maj); ogatak@9713: vaddudm (tmp1, tmp1, tmp2); ogatak@9713: vshasigmad(bsa, a, 1, 0); ogatak@9713: vaddudm (tmp2, bsa, Maj); ogatak@9713: vaddudm (d, d, tmp1); ogatak@9713: vaddudm (h, tmp1, tmp2); ogatak@9713: ogatak@9713: // advance vector pointer to the next iteration ogatak@9713: h_cnt++; ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha512_calc_2w(const VectorRegister w0, ogatak@9713: const VectorRegister w1, ogatak@9713: const VectorRegister w2, ogatak@9713: const VectorRegister w3, ogatak@9713: const VectorRegister w4, ogatak@9713: const VectorRegister w5, ogatak@9713: const VectorRegister w6, ogatak@9713: const VectorRegister w7, ogatak@9713: const VectorRegister kpw0, ogatak@9713: const VectorRegister kpw1, ogatak@9713: const Register j, ogatak@9713: const VectorRegister vRb, ogatak@9713: const Register k) { ogatak@9713: // Temporaries ogatak@9713: const VectorRegister VR_a = VR20; ogatak@9713: const VectorRegister VR_b = VR21; ogatak@9713: const VectorRegister VR_c = VR22; ogatak@9713: const VectorRegister VR_d = VR23; ogatak@9713: ogatak@9713: // load to k[j] ogatak@9713: lvx (VR_a, j, k); ogatak@9713: // advance j ogatak@9713: addi (j, j, 16); // 16 bytes were read ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: // v6 = w[j-15], w[j-14] ogatak@9713: vperm (VR_b, w1, w0, vRb); ogatak@9713: // v12 = w[j-7], w[j-6] ogatak@9713: vperm (VR_c, w5, w4, vRb); ogatak@9713: #else ogatak@9713: // v6 = w[j-15], w[j-14] ogatak@9713: vperm (VR_b, w0, w1, vRb); ogatak@9713: // v12 = w[j-7], w[j-6] ogatak@9713: vperm (VR_c, w4, w5, vRb); ogatak@9713: #endif ogatak@9713: ogatak@9713: // v6 = s0(w[j-15]) , s0(w[j-14]) ogatak@9713: vshasigmad (VR_b, VR_b, 0, 0); ogatak@9713: // v5 = s1(w[j-2]) , s1(w[j-1]) ogatak@9713: vshasigmad (VR_d, w7, 0, 0xf); ogatak@9713: // v6 = s0(w[j-15]) + w[j-7] , s0(w[j-14]) + w[j-6] ogatak@9713: vaddudm (VR_b, VR_b, VR_c); ogatak@9713: // v8 = s1(w[j-2]) + w[j-16] , s1(w[j-1]) + w[j-15] ogatak@9713: vaddudm (VR_d, VR_d, w0); ogatak@9713: // v9 = s0(w[j-15]) + w[j-7] + w[j-16] + s1(w[j-2]), // w[j] ogatak@9713: // s0(w[j-14]) + w[j-6] + w[j-15] + s1(w[j-1]), // w[j+1] ogatak@9713: vaddudm (VR_c, VR_d, VR_b); ogatak@9713: // Updating w0 to w7 to hold the new previous 16 values from w. ogatak@9713: vmr (w0, w1); ogatak@9713: vmr (w1, w2); ogatak@9713: vmr (w2, w3); ogatak@9713: vmr (w3, w4); ogatak@9713: vmr (w4, w5); ogatak@9713: vmr (w5, w6); ogatak@9713: vmr (w6, w7); ogatak@9713: vmr (w7, VR_c); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: // store k + w to kpw0 (2 values at once) ogatak@9713: vaddudm (kpw0, VR_c, VR_a); ogatak@9713: // kpw1 holds (k + w)[1] ogatak@9713: vsldoi (kpw1, kpw0, kpw0, 8); ogatak@9713: #else ogatak@9713: // store k + w to kpw0 (2 values at once) ogatak@9713: vaddudm (kpw1, VR_c, VR_a); ogatak@9713: // kpw1 holds (k + w)[1] ogatak@9713: vsldoi (kpw0, kpw1, kpw1, 8); ogatak@9713: #endif ogatak@9713: } ogatak@9713: ogatak@9713: void MacroAssembler::sha512_load_h_vec(const Register state, ogatak@9713: const VectorRegister* hs, ogatak@9713: const int total_hs) { ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: VectorRegister a = hs[0]; ogatak@9713: VectorRegister g = hs[6]; ogatak@9713: int start_idx = 0; ogatak@9713: #else ogatak@9713: VectorRegister a = hs[1]; ogatak@9713: VectorRegister g = hs[7]; ogatak@9713: int start_idx = 1; ogatak@9713: #endif ogatak@9713: ogatak@9713: Register addr = R7; ogatak@9713: VectorRegister vRb = VR8; ogatak@9713: Register tmp = R8; ogatak@9713: Label state_aligned, after_state_aligned; ogatak@9713: ogatak@9713: andi_(tmp, state, 0xf); ogatak@9713: beq(CCR0, state_aligned); ogatak@9713: ogatak@9713: // deal with unaligned addresses ogatak@9713: VectorRegister aux = VR9; ogatak@9713: ogatak@9713: lvx(hs[start_idx], state); ogatak@9713: load_perm(vRb, state); ogatak@9713: ogatak@9713: for (int n = start_idx + 2; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: VectorRegister h_prev2 = hs[n - 2]; ogatak@9713: addi(addr, state, (n/2) * 16); ogatak@9713: lvx(h_cur, addr); ogatak@9713: vec_perm(h_prev2, h_cur, vRb); ogatak@9713: } ogatak@9713: addi(addr, state, (total_hs/2) * 16); ogatak@9713: lvx (aux, addr); ogatak@9713: vec_perm(hs[total_hs - 2 + start_idx], aux, vRb); ogatak@9713: b (after_state_aligned); ogatak@9713: ogatak@9713: bind(state_aligned); ogatak@9713: ogatak@9713: // deal with aligned addresses ogatak@9713: lvx(hs[start_idx], state); ogatak@9713: ogatak@9713: for (int n = start_idx + 2; n < total_hs; n += 2) { ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: addi(addr, state, (n/2) * 16); ogatak@9713: lvx(h_cur, addr); ogatak@9713: } ogatak@9713: ogatak@9713: bind(after_state_aligned); ogatak@9713: } ogatak@9713: ogatak@9713: static const uint64_t sha512_round_table[80] __attribute((aligned(16))) = { ogatak@9713: 0x428a2f98d728ae22, 0x7137449123ef65cd, ogatak@9713: 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, ogatak@9713: 0x3956c25bf348b538, 0x59f111f1b605d019, ogatak@9713: 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, ogatak@9713: 0xd807aa98a3030242, 0x12835b0145706fbe, ogatak@9713: 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, ogatak@9713: 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, ogatak@9713: 0x9bdc06a725c71235, 0xc19bf174cf692694, ogatak@9713: 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, ogatak@9713: 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, ogatak@9713: 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, ogatak@9713: 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, ogatak@9713: 0x983e5152ee66dfab, 0xa831c66d2db43210, ogatak@9713: 0xb00327c898fb213f, 0xbf597fc7beef0ee4, ogatak@9713: 0xc6e00bf33da88fc2, 0xd5a79147930aa725, ogatak@9713: 0x06ca6351e003826f, 0x142929670a0e6e70, ogatak@9713: 0x27b70a8546d22ffc, 0x2e1b21385c26c926, ogatak@9713: 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, ogatak@9713: 0x650a73548baf63de, 0x766a0abb3c77b2a8, ogatak@9713: 0x81c2c92e47edaee6, 0x92722c851482353b, ogatak@9713: 0xa2bfe8a14cf10364, 0xa81a664bbc423001, ogatak@9713: 0xc24b8b70d0f89791, 0xc76c51a30654be30, ogatak@9713: 0xd192e819d6ef5218, 0xd69906245565a910, ogatak@9713: 0xf40e35855771202a, 0x106aa07032bbd1b8, ogatak@9713: 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, ogatak@9713: 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, ogatak@9713: 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, ogatak@9713: 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, ogatak@9713: 0x748f82ee5defb2fc, 0x78a5636f43172f60, ogatak@9713: 0x84c87814a1f0ab72, 0x8cc702081a6439ec, ogatak@9713: 0x90befffa23631e28, 0xa4506cebde82bde9, ogatak@9713: 0xbef9a3f7b2c67915, 0xc67178f2e372532b, ogatak@9713: 0xca273eceea26619c, 0xd186b8c721c0c207, ogatak@9713: 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, ogatak@9713: 0x06f067aa72176fba, 0x0a637dc5a2c898a6, ogatak@9713: 0x113f9804bef90dae, 0x1b710b35131c471b, ogatak@9713: 0x28db77f523047d84, 0x32caab7b40c72493, ogatak@9713: 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c, ogatak@9713: 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, ogatak@9713: 0x5fcb6fab3ad6faec, 0x6c44198c4a475817, ogatak@9713: }; ogatak@9713: static const uint64_t *sha512_round_consts = sha512_round_table; ogatak@9713: ogatak@9713: // R3_ARG1 - byte[] Input string with padding but in Big Endian ogatak@9713: // R4_ARG2 - int[] SHA.state (at first, the root of primes) ogatak@9713: // R5_ARG3 - int offset ogatak@9713: // R6_ARG4 - int limit ogatak@9713: // ogatak@9713: // Internal Register usage: ogatak@9713: // R7 R8 R9 - volatile temporaries ogatak@9713: // VR0-VR7 - a-h ogatak@9713: // VR8 - vRb ogatak@9713: // VR9 - aux (highly volatile, use with care) ogatak@9713: // VR10-VR17 - w0-w7 | ini_a-ini_h ogatak@9713: // VR18 - vsp16 | kplusw0 ogatak@9713: // VR19 - vsp32 | kplusw1 ogatak@9713: // VR20-VR25 - sha512_calc_2w and sha512_round temporaries ogatak@9713: void MacroAssembler::sha512(bool multi_block) { ogatak@9713: static const ssize_t buf_size = 128; ogatak@9713: static const uint8_t w_size = sizeof(sha512_round_table)/sizeof(uint64_t); ogatak@9713: #ifdef AIX ogatak@9713: // malloc provides 16 byte alignment ogatak@9713: if (((uintptr_t)sha512_round_consts & 0xF) != 0) { ogatak@9713: uint64_t *new_round_consts = (uint64_t*)malloc(sizeof(sha512_round_table)); ogatak@9713: guarantee(new_round_consts, "oom"); ogatak@9713: memcpy(new_round_consts, sha512_round_consts, sizeof(sha512_round_table)); ogatak@9713: sha512_round_consts = (const uint64_t*)new_round_consts; ogatak@9713: } ogatak@9713: #endif ogatak@9713: ogatak@9713: Register buf_in = R3_ARG1; ogatak@9713: Register state = R4_ARG2; ogatak@9713: Register ofs = R5_ARG3; ogatak@9713: Register limit = R6_ARG4; ogatak@9713: ogatak@9713: Label sha_loop, core_loop; ogatak@9713: ogatak@9713: // Save non-volatile vector registers in the red zone ogatak@9713: static const VectorRegister nv[] = { ogatak@9713: VR20, VR21, VR22, VR23, VR24, VR25/*, VR26, VR27, VR28, VR29, VR30, VR31*/ ogatak@9713: }; ogatak@9713: static const uint8_t nv_size = sizeof(nv) / sizeof (VectorRegister); ogatak@9713: ogatak@9713: for (int c = 0; c < nv_size; c++) { ogatak@9713: Register idx = R7; ogatak@9713: li (idx, (c - (nv_size)) * 16); ogatak@9713: stvx(nv[c], idx, R1); ogatak@9713: } ogatak@9713: ogatak@9713: // Load hash state to registers ogatak@9713: VectorRegister a = VR0; ogatak@9713: VectorRegister b = VR1; ogatak@9713: VectorRegister c = VR2; ogatak@9713: VectorRegister d = VR3; ogatak@9713: VectorRegister e = VR4; ogatak@9713: VectorRegister f = VR5; ogatak@9713: VectorRegister g = VR6; ogatak@9713: VectorRegister h = VR7; ogatak@9713: static const VectorRegister hs[] = {a, b, c, d, e, f, g, h}; ogatak@9713: static const int total_hs = sizeof(hs)/sizeof(VectorRegister); ogatak@9713: // counter for cycling through hs vector to avoid register moves between iterations ogatak@9713: int h_cnt = 0; ogatak@9713: ogatak@9713: // Load a-h registers from the memory pointed by state ogatak@9713: sha512_load_h_vec(state, hs, total_hs); ogatak@9713: ogatak@9713: Register k = R9; ogatak@9713: assert(((uintptr_t)sha512_round_consts & 0xF) == 0, "k alignment"); ogatak@9713: load_const_optimized(k, (address)sha512_round_consts, R0); ogatak@9713: ogatak@9713: if (multi_block) { ogatak@9713: align(OptoLoopAlignment); ogatak@9713: } ogatak@9713: bind(sha_loop); ogatak@9713: ogatak@9713: for (int n = 0; n < total_hs; n += 2) { ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: VectorRegister h_cur = hs[n]; ogatak@9713: VectorRegister h_next = hs[n + 1]; ogatak@9713: #else ogatak@9713: VectorRegister h_cur = hs[n + 1]; ogatak@9713: VectorRegister h_next = hs[n]; ogatak@9713: #endif ogatak@9713: vsldoi (h_next, h_cur, h_cur, 8); ogatak@9713: } ogatak@9713: ogatak@9713: // Load 16 elements from w out of the loop. ogatak@9713: // Order of the long values is Endianess specific. ogatak@9713: VectorRegister w0 = VR10; ogatak@9713: VectorRegister w1 = VR11; ogatak@9713: VectorRegister w2 = VR12; ogatak@9713: VectorRegister w3 = VR13; ogatak@9713: VectorRegister w4 = VR14; ogatak@9713: VectorRegister w5 = VR15; ogatak@9713: VectorRegister w6 = VR16; ogatak@9713: VectorRegister w7 = VR17; ogatak@9713: static const VectorRegister ws[] = {w0, w1, w2, w3, w4, w5, w6, w7}; ogatak@9713: static const int total_ws = sizeof(ws)/sizeof(VectorRegister); ogatak@9713: ogatak@9713: // Load 16 w into vectors and setup vsl for vperm ogatak@9713: sha512_load_w_vec(buf_in, ws, total_ws); ogatak@9713: ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: VectorRegister vsp16 = VR18; ogatak@9713: VectorRegister vsp32 = VR19; ogatak@9713: VectorRegister shiftarg = VR9; ogatak@9713: ogatak@9713: vspltisw(vsp16, 8); ogatak@9713: vspltisw(shiftarg, 1); ogatak@9713: vsl (vsp16, vsp16, shiftarg); ogatak@9713: vsl (vsp32, vsp16, shiftarg); ogatak@9713: ogatak@9713: VectorRegister vsp8 = VR9; ogatak@9713: vspltish(vsp8, 8); ogatak@9713: ogatak@9713: // Convert input from Big Endian to Little Endian ogatak@9713: for (int c = 0; c < total_ws; c++) { ogatak@9713: VectorRegister w = ws[c]; ogatak@9713: vrlh (w, w, vsp8); ogatak@9713: } ogatak@9713: for (int c = 0; c < total_ws; c++) { ogatak@9713: VectorRegister w = ws[c]; ogatak@9713: vrlw (w, w, vsp16); ogatak@9713: } ogatak@9713: for (int c = 0; c < total_ws; c++) { ogatak@9713: VectorRegister w = ws[c]; ogatak@9713: vrld (w, w, vsp32); ogatak@9713: } ogatak@9713: #endif ogatak@9713: ogatak@9713: Register Rb = R10; ogatak@9713: VectorRegister vRb = VR8; ogatak@9713: li (Rb, 8); ogatak@9713: load_perm(vRb, Rb); ogatak@9713: ogatak@9713: VectorRegister kplusw0 = VR18; ogatak@9713: VectorRegister kplusw1 = VR19; ogatak@9713: ogatak@9713: Register addr = R7; ogatak@9713: ogatak@9713: for (int n = 0; n < total_ws; n++) { ogatak@9713: VectorRegister w = ws[n]; ogatak@9713: ogatak@9713: if (n == 0) { ogatak@9713: lvx (kplusw0, k); ogatak@9713: } else { ogatak@9713: addi (addr, k, n * 16); ogatak@9713: lvx (kplusw0, addr); ogatak@9713: } ogatak@9713: #if defined(VM_LITTLE_ENDIAN) ogatak@9713: vaddudm(kplusw0, kplusw0, w); ogatak@9713: vsldoi (kplusw1, kplusw0, kplusw0, 8); ogatak@9713: #else ogatak@9713: vaddudm(kplusw1, kplusw0, w); ogatak@9713: vsldoi (kplusw0, kplusw1, kplusw1, 8); ogatak@9713: #endif ogatak@9713: ogatak@9713: sha512_round(hs, total_hs, h_cnt, kplusw0); ogatak@9713: sha512_round(hs, total_hs, h_cnt, kplusw1); ogatak@9713: } ogatak@9713: ogatak@9713: Register tmp = R8; ogatak@9713: li (tmp, (w_size-16)/total_hs); ogatak@9713: mtctr (tmp); ogatak@9713: // j will be aligned to 4 for loading words. ogatak@9713: // Whenever read, advance the pointer (e.g: when j is used in a function) ogatak@9713: Register j = tmp; ogatak@9713: li (j, 8*16); ogatak@9713: ogatak@9713: align(OptoLoopAlignment); ogatak@9713: bind(core_loop); ogatak@9713: ogatak@9713: // due to VectorRegister rotate, always iterate in multiples of total_hs ogatak@9713: for (int n = 0; n < total_hs/2; n++) { ogatak@9713: sha512_calc_2w(w0, w1, w2, w3, w4, w5, w6, w7, kplusw0, kplusw1, j, vRb, k); ogatak@9713: sha512_round(hs, total_hs, h_cnt, kplusw0); ogatak@9713: sha512_round(hs, total_hs, h_cnt, kplusw1); ogatak@9713: } ogatak@9713: ogatak@9713: bdnz (core_loop); ogatak@9713: ogatak@9713: sha512_update_sha_state(state, hs, total_hs); ogatak@9713: ogatak@9713: if (multi_block) { ogatak@9713: addi(buf_in, buf_in, buf_size); ogatak@9713: addi(ofs, ofs, buf_size); ogatak@9713: cmplw(CCR0, ofs, limit); ogatak@9713: ble(CCR0, sha_loop); ogatak@9713: ogatak@9713: // return ofs ogatak@9713: mr(R3_RET, ofs); ogatak@9713: } ogatak@9713: ogatak@9713: // Restore non-volatile registers ogatak@9713: for (int c = 0; c < nv_size; c++) { ogatak@9713: Register idx = R7; ogatak@9713: li (idx, (c - (nv_size)) * 16); ogatak@9713: lvx(nv[c], idx, R1); ogatak@9713: } ogatak@9713: }