Google Git
Sign in
go/go/master/./src/crypto/sha1/_asm/sha1block_amd64_shani.go
blob: 0a0160a823a2c5af4b418c4bdbb6447d20e86a19 [file]
// Copyright 2024 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"fmt"
. "github.com/mmcloughlin/avo/build"
. "github.com/mmcloughlin/avo/operand"
. "github.com/mmcloughlin/avo/reg"
)
// Implement the SHA-1 block function using the Intel(R) SHA extensions
// (SHA1RNDS4, SHA1NEXTE, SHA1MSG1, and SHA1MSG2). This implementation requires
// the AVX, SHA, SSE2, SSE4.1, and SSSE3 extensions.
//
// Reference:
// S. Gulley, et al, "New Instructions Supporting the Secure Hash
// Algorithm on IntelĀ® Architecture Processors", July 2013
// https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sha-extensions.html
func blockSHANI() {
Implement("blockSHANI")
digest := Load(Param("dig"), RDI)
data := Load(Param("p").Base(), RSI)
len := Load(Param("p").Len(), RDX)
abcd := XMM()
msg0, msg1, msg2, msg3 := XMM(), XMM(), XMM(), XMM()
e0, e1 := XMM(), XMM()
shufMask := XMM()
CMPQ(len, Imm(0))
JEQ(LabelRef("done"))
ADDQ(data, len)
stackPtr := GP64()
{
Comment("Allocate space on the stack for saving ABCD and E0, and align it to 16 bytes")
local := AllocLocal(32 + 16)
LEAQ(local.Offset(15), stackPtr)
tmp := GP64()
MOVQ(U64(15), tmp)
NOTQ(tmp)
ANDQ(tmp, stackPtr)
}
e0_save := Mem{Base: stackPtr}
abcd_save := Mem{Base: stackPtr}.Offset(16)
Comment("Load initial hash state")
PINSRD(Imm(3), Mem{Base: digest}.Offset(16), e0)
VMOVDQU(Mem{Base: digest}, abcd)
PAND(upperMask(), e0)
PSHUFD(Imm(0x1b), abcd, abcd)
VMOVDQA(flipMask(), shufMask)
Label("loop")
Comment("Save ABCD and E working values")
VMOVDQA(e0, e0_save)
VMOVDQA(abcd, abcd_save)
Comment("Rounds 0-3")
VMOVDQU(Mem{Base: data}, msg0)
PSHUFB(shufMask, msg0)
PADDD(msg0, e0)
VMOVDQA(abcd, e1)
SHA1RNDS4(Imm(0), e0, abcd)
Comment("Rounds 4-7")
VMOVDQU(Mem{Base: data}.Offset(16), msg1)
PSHUFB(shufMask, msg1)
SHA1NEXTE(msg1, e1)
VMOVDQA(abcd, e0)
SHA1RNDS4(Imm(0), e1, abcd)
SHA1MSG1(msg1, msg0)
Comment("Rounds 8-11")
VMOVDQU(Mem{Base: data}.Offset(16*2), msg2)
PSHUFB(shufMask, msg2)
SHA1NEXTE(msg2, e0)
VMOVDQA(abcd, e1)
SHA1RNDS4(Imm(0), e0, abcd)
SHA1MSG1(msg2, msg1)
PXOR(msg2, msg0)
// Rounds 12 through 67 use the same repeated pattern, with e0 and e1 ping-ponging
// back and forth, and each of the msg temporaries moving up one every four rounds.
msgs := []VecVirtual{msg3, msg0, msg1, msg2}
for i := range 14 {
Comment(fmt.Sprintf("Rounds %d-%d", 12+(i*4), 12+(i*4)+3))
a, b := e1, e0
if i == 0 {
VMOVDQU(Mem{Base: data}.Offset(16*3), msg3)
PSHUFB(shufMask, msg3)
}
if i%2 == 1 {
a, b = e0, e1
}
imm := uint64((12 + i*4) / 20)
SHA1NEXTE(msgs[i%4], a)
VMOVDQA(abcd, b)
SHA1MSG2(msgs[i%4], msgs[(1+i)%4])
SHA1RNDS4(Imm(imm), a, abcd)
SHA1MSG1(msgs[i%4], msgs[(3+i)%4])
PXOR(msgs[i%4], msgs[(2+i)%4])
}
Comment("Rounds 68-71")
SHA1NEXTE(msg1, e1)
VMOVDQA(abcd, e0)
SHA1MSG2(msg1, msg2)
SHA1RNDS4(Imm(3), e1, abcd)
PXOR(msg1, msg3)
Comment("Rounds 72-75")
SHA1NEXTE(msg2, e0)
VMOVDQA(abcd, e1)
SHA1MSG2(msg2, msg3)
SHA1RNDS4(Imm(3), e0, abcd)
Comment("Rounds 76-79")
SHA1NEXTE(msg3, e1)
VMOVDQA(abcd, e0)
SHA1RNDS4(Imm(3), e1, abcd)
Comment("Add saved E and ABCD")
SHA1NEXTE(e0_save, e0)
PADDD(abcd_save, abcd)
Comment("Check if we are done, if not return to the loop")
ADDQ(Imm(64), data)
CMPQ(data, len)
JNE(LabelRef("loop"))
Comment("Write the hash state back to digest")
PSHUFD(Imm(0x1b), abcd, abcd)
VMOVDQU(abcd, Mem{Base: digest})
PEXTRD(Imm(3), e0, Mem{Base: digest}.Offset(16))
Label("done")
RET()
}
func flipMask() Mem {
mask := GLOBL("shuffle_mask", RODATA)
// 0x000102030405060708090a0b0c0d0e0f
DATA(0x00, U64(0x08090a0b0c0d0e0f))
DATA(0x08, U64(0x0001020304050607))
return mask
}
func upperMask() Mem {
mask := GLOBL("upper_mask", RODATA)
// 0xFFFFFFFF000000000000000000000000
DATA(0x00, U64(0x0000000000000000))
DATA(0x08, U64(0xFFFFFFFF00000000))
return mask
}