Text file src/crypto/internal/fips140/sha256/sha256block_386.s

     1  // Copyright 2013 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  //go:build !purego
     6  
     7  // SHA256 block routine. See sha256block.go for Go equivalent.
     8  //
     9  // The algorithm is detailed in FIPS 180-4:
    10  //
    11  //  https://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
    12  //
    13  // Wt = Mt; for 0 <= t <= 15
    14  // Wt = SIGMA1(Wt-2) + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
    15  //
    16  // a = H0
    17  // b = H1
    18  // c = H2
    19  // d = H3
    20  // e = H4
    21  // f = H5
    22  // g = H6
    23  // h = H7
    24  //
    25  // for t = 0 to 63 {
    26  //    T1 = h + BIGSIGMA1(e) + Ch(e,f,g) + Kt + Wt
    27  //    T2 = BIGSIGMA0(a) + Maj(a,b,c)
    28  //    h = g
    29  //    g = f
    30  //    f = e
    31  //    e = d + T1
    32  //    d = c
    33  //    c = b
    34  //    b = a
    35  //    a = T1 + T2
    36  // }
    37  //
    38  // H0 = a + H0
    39  // H1 = b + H1
    40  // H2 = c + H2
    41  // H3 = d + H3
    42  // H4 = e + H4
    43  // H5 = f + H5
    44  // H6 = g + H6
    45  // H7 = h + H7
    46  
    47  // Wt = Mt; for 0 <= t <= 15
    48  #define MSGSCHEDULE0(index) \
    49  	MOVL	(index*4)(SI), AX; \
    50  	BSWAPL	AX; \
    51  	MOVL	AX, (index*4)(BP)
    52  
    53  // Wt = SIGMA1(Wt-2) + Wt-7 + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
    54  //   SIGMA0(x) = ROTR(7,x) XOR ROTR(18,x) XOR SHR(3,x)
    55  //   SIGMA1(x) = ROTR(17,x) XOR ROTR(19,x) XOR SHR(10,x)
    56  #define MSGSCHEDULE1(index) \
    57  	MOVL	((index-2)*4)(BP), AX; \
    58  	MOVL	AX, CX; \
    59  	RORL	$17, AX; \
    60  	MOVL	CX, DX; \
    61  	RORL	$19, CX; \
    62  	SHRL	$10, DX; \
    63  	MOVL	((index-15)*4)(BP), BX; \
    64  	XORL	CX, AX; \
    65  	MOVL	BX, CX; \
    66  	XORL	DX, AX; \
    67  	RORL	$7, BX; \
    68  	MOVL	CX, DX; \
    69  	SHRL	$3, DX; \
    70  	RORL	$18, CX; \
    71  	ADDL	((index-7)*4)(BP), AX; \
    72  	XORL	CX, BX; \
    73  	XORL	DX, BX; \
    74  	ADDL	((index-16)*4)(BP), BX; \
    75  	ADDL	BX, AX; \
    76  	MOVL	AX, ((index)*4)(BP)
    77  
    78  // Calculate T1 in AX - uses AX, BX, CX and DX registers.
    79  // Wt is passed in AX.
    80  //   T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + Kt + Wt
    81  //     BIGSIGMA1(x) = ROTR(6,x) XOR ROTR(11,x) XOR ROTR(25,x)
    82  //     Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
    83  #define SHA256T1(const, e, f, g, h) \
    84  	MOVL	(h*4)(DI), BX; \
    85  	ADDL	AX, BX; \
    86  	MOVL	(e*4)(DI), AX; \
    87  	ADDL	$const, BX; \
    88  	MOVL	(e*4)(DI), CX; \
    89  	RORL	$6, AX; \
    90  	MOVL	(e*4)(DI), DX; \
    91  	RORL	$11, CX; \
    92  	XORL	CX, AX; \
    93  	MOVL	(e*4)(DI), CX; \
    94  	RORL	$25, DX; \
    95  	ANDL	(f*4)(DI), CX; \
    96  	XORL	AX, DX; \
    97  	MOVL	(e*4)(DI), AX; \
    98  	NOTL	AX; \
    99  	ADDL	DX, BX; \
   100  	ANDL	(g*4)(DI), AX; \
   101  	XORL	CX, AX; \
   102  	ADDL	BX, AX
   103  
   104  // Calculate T2 in BX - uses AX, BX, CX and DX registers.
   105  //   T2 = BIGSIGMA0(a) + Maj(a, b, c)
   106  //     BIGSIGMA0(x) = ROTR(2,x) XOR ROTR(13,x) XOR ROTR(22,x)
   107  //     Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
   108  #define SHA256T2(a, b, c) \
   109  	MOVL	(a*4)(DI), AX; \
   110  	MOVL	(c*4)(DI), BX; \
   111  	RORL	$2, AX; \
   112  	MOVL	(a*4)(DI), DX; \
   113  	ANDL	(b*4)(DI), BX; \
   114  	RORL	$13, DX; \
   115  	MOVL	(a*4)(DI), CX; \
   116  	ANDL	(c*4)(DI), CX; \
   117  	XORL	DX, AX; \
   118  	XORL	CX, BX; \
   119  	MOVL	(a*4)(DI), DX; \
   120  	MOVL	(b*4)(DI), CX; \
   121  	RORL	$22, DX; \
   122  	ANDL	(a*4)(DI), CX; \
   123  	XORL	CX, BX; \
   124  	XORL	DX, AX; \
   125  	ADDL	AX, BX
   126  
   127  // Calculate T1 and T2, then e = d + T1 and a = T1 + T2.
   128  // The values for e and a are stored in d and h, ready for rotation.
   129  #define SHA256ROUND(index, const, a, b, c, d, e, f, g, h) \
   130  	SHA256T1(const, e, f, g, h); \
   131  	MOVL	AX, 292(SP); \
   132  	SHA256T2(a, b, c); \
   133  	MOVL	292(SP), AX; \
   134  	ADDL	AX, BX; \
   135  	ADDL	AX, (d*4)(DI); \
   136  	MOVL	BX, (h*4)(DI)
   137  
   138  #define SHA256ROUND0(index, const, a, b, c, d, e, f, g, h) \
   139  	MSGSCHEDULE0(index); \
   140  	SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
   141  
   142  #define SHA256ROUND1(index, const, a, b, c, d, e, f, g, h) \
   143  	MSGSCHEDULE1(index); \
   144  	SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
   145  
   146  TEXT ·block(SB),0,$296-16
   147  	MOVL	p_base+4(FP), SI
   148  	MOVL	p_len+8(FP), DX
   149  	SHRL	$6, DX
   150  	SHLL	$6, DX
   151  
   152  	LEAL	(SI)(DX*1), DI
   153  	MOVL	DI, 288(SP)
   154  	CMPL	SI, DI
   155  	JEQ	end
   156  
   157  	LEAL	256(SP), DI		// variables
   158  
   159  	MOVL	dig+0(FP), BP
   160  	MOVL	(0*4)(BP), AX		// a = H0
   161  	MOVL	AX, (0*4)(DI)
   162  	MOVL	(1*4)(BP), BX		// b = H1
   163  	MOVL	BX, (1*4)(DI)
   164  	MOVL	(2*4)(BP), CX		// c = H2
   165  	MOVL	CX, (2*4)(DI)
   166  	MOVL	(3*4)(BP), DX		// d = H3
   167  	MOVL	DX, (3*4)(DI)
   168  	MOVL	(4*4)(BP), AX		// e = H4
   169  	MOVL	AX, (4*4)(DI)
   170  	MOVL	(5*4)(BP), BX		// f = H5
   171  	MOVL	BX, (5*4)(DI)
   172  	MOVL	(6*4)(BP), CX		// g = H6
   173  	MOVL	CX, (6*4)(DI)
   174  	MOVL	(7*4)(BP), DX		// h = H7
   175  	MOVL	DX, (7*4)(DI)
   176  
   177  loop:
   178  	MOVL	SP, BP			// message schedule
   179  
   180  	SHA256ROUND0(0, 0x428a2f98, 0, 1, 2, 3, 4, 5, 6, 7)
   181  	SHA256ROUND0(1, 0x71374491, 7, 0, 1, 2, 3, 4, 5, 6)
   182  	SHA256ROUND0(2, 0xb5c0fbcf, 6, 7, 0, 1, 2, 3, 4, 5)
   183  	SHA256ROUND0(3, 0xe9b5dba5, 5, 6, 7, 0, 1, 2, 3, 4)
   184  	SHA256ROUND0(4, 0x3956c25b, 4, 5, 6, 7, 0, 1, 2, 3)
   185  	SHA256ROUND0(5, 0x59f111f1, 3, 4, 5, 6, 7, 0, 1, 2)
   186  	SHA256ROUND0(6, 0x923f82a4, 2, 3, 4, 5, 6, 7, 0, 1)
   187  	SHA256ROUND0(7, 0xab1c5ed5, 1, 2, 3, 4, 5, 6, 7, 0)
   188  	SHA256ROUND0(8, 0xd807aa98, 0, 1, 2, 3, 4, 5, 6, 7)
   189  	SHA256ROUND0(9, 0x12835b01, 7, 0, 1, 2, 3, 4, 5, 6)
   190  	SHA256ROUND0(10, 0x243185be, 6, 7, 0, 1, 2, 3, 4, 5)
   191  	SHA256ROUND0(11, 0x550c7dc3, 5, 6, 7, 0, 1, 2, 3, 4)
   192  	SHA256ROUND0(12, 0x72be5d74, 4, 5, 6, 7, 0, 1, 2, 3)
   193  	SHA256ROUND0(13, 0x80deb1fe, 3, 4, 5, 6, 7, 0, 1, 2)
   194  	SHA256ROUND0(14, 0x9bdc06a7, 2, 3, 4, 5, 6, 7, 0, 1)
   195  	SHA256ROUND0(15, 0xc19bf174, 1, 2, 3, 4, 5, 6, 7, 0)
   196  
   197  	SHA256ROUND1(16, 0xe49b69c1, 0, 1, 2, 3, 4, 5, 6, 7)
   198  	SHA256ROUND1(17, 0xefbe4786, 7, 0, 1, 2, 3, 4, 5, 6)
   199  	SHA256ROUND1(18, 0x0fc19dc6, 6, 7, 0, 1, 2, 3, 4, 5)
   200  	SHA256ROUND1(19, 0x240ca1cc, 5, 6, 7, 0, 1, 2, 3, 4)
   201  	SHA256ROUND1(20, 0x2de92c6f, 4, 5, 6, 7, 0, 1, 2, 3)
   202  	SHA256ROUND1(21, 0x4a7484aa, 3, 4, 5, 6, 7, 0, 1, 2)
   203  	SHA256ROUND1(22, 0x5cb0a9dc, 2, 3, 4, 5, 6, 7, 0, 1)
   204  	SHA256ROUND1(23, 0x76f988da, 1, 2, 3, 4, 5, 6, 7, 0)
   205  	SHA256ROUND1(24, 0x983e5152, 0, 1, 2, 3, 4, 5, 6, 7)
   206  	SHA256ROUND1(25, 0xa831c66d, 7, 0, 1, 2, 3, 4, 5, 6)
   207  	SHA256ROUND1(26, 0xb00327c8, 6, 7, 0, 1, 2, 3, 4, 5)
   208  	SHA256ROUND1(27, 0xbf597fc7, 5, 6, 7, 0, 1, 2, 3, 4)
   209  	SHA256ROUND1(28, 0xc6e00bf3, 4, 5, 6, 7, 0, 1, 2, 3)
   210  	SHA256ROUND1(29, 0xd5a79147, 3, 4, 5, 6, 7, 0, 1, 2)
   211  	SHA256ROUND1(30, 0x06ca6351, 2, 3, 4, 5, 6, 7, 0, 1)
   212  	SHA256ROUND1(31, 0x14292967, 1, 2, 3, 4, 5, 6, 7, 0)
   213  	SHA256ROUND1(32, 0x27b70a85, 0, 1, 2, 3, 4, 5, 6, 7)
   214  	SHA256ROUND1(33, 0x2e1b2138, 7, 0, 1, 2, 3, 4, 5, 6)
   215  	SHA256ROUND1(34, 0x4d2c6dfc, 6, 7, 0, 1, 2, 3, 4, 5)
   216  	SHA256ROUND1(35, 0x53380d13, 5, 6, 7, 0, 1, 2, 3, 4)
   217  	SHA256ROUND1(36, 0x650a7354, 4, 5, 6, 7, 0, 1, 2, 3)
   218  	SHA256ROUND1(37, 0x766a0abb, 3, 4, 5, 6, 7, 0, 1, 2)
   219  	SHA256ROUND1(38, 0x81c2c92e, 2, 3, 4, 5, 6, 7, 0, 1)
   220  	SHA256ROUND1(39, 0x92722c85, 1, 2, 3, 4, 5, 6, 7, 0)
   221  	SHA256ROUND1(40, 0xa2bfe8a1, 0, 1, 2, 3, 4, 5, 6, 7)
   222  	SHA256ROUND1(41, 0xa81a664b, 7, 0, 1, 2, 3, 4, 5, 6)
   223  	SHA256ROUND1(42, 0xc24b8b70, 6, 7, 0, 1, 2, 3, 4, 5)
   224  	SHA256ROUND1(43, 0xc76c51a3, 5, 6, 7, 0, 1, 2, 3, 4)
   225  	SHA256ROUND1(44, 0xd192e819, 4, 5, 6, 7, 0, 1, 2, 3)
   226  	SHA256ROUND1(45, 0xd6990624, 3, 4, 5, 6, 7, 0, 1, 2)
   227  	SHA256ROUND1(46, 0xf40e3585, 2, 3, 4, 5, 6, 7, 0, 1)
   228  	SHA256ROUND1(47, 0x106aa070, 1, 2, 3, 4, 5, 6, 7, 0)
   229  	SHA256ROUND1(48, 0x19a4c116, 0, 1, 2, 3, 4, 5, 6, 7)
   230  	SHA256ROUND1(49, 0x1e376c08, 7, 0, 1, 2, 3, 4, 5, 6)
   231  	SHA256ROUND1(50, 0x2748774c, 6, 7, 0, 1, 2, 3, 4, 5)
   232  	SHA256ROUND1(51, 0x34b0bcb5, 5, 6, 7, 0, 1, 2, 3, 4)
   233  	SHA256ROUND1(52, 0x391c0cb3, 4, 5, 6, 7, 0, 1, 2, 3)
   234  	SHA256ROUND1(53, 0x4ed8aa4a, 3, 4, 5, 6, 7, 0, 1, 2)
   235  	SHA256ROUND1(54, 0x5b9cca4f, 2, 3, 4, 5, 6, 7, 0, 1)
   236  	SHA256ROUND1(55, 0x682e6ff3, 1, 2, 3, 4, 5, 6, 7, 0)
   237  	SHA256ROUND1(56, 0x748f82ee, 0, 1, 2, 3, 4, 5, 6, 7)
   238  	SHA256ROUND1(57, 0x78a5636f, 7, 0, 1, 2, 3, 4, 5, 6)
   239  	SHA256ROUND1(58, 0x84c87814, 6, 7, 0, 1, 2, 3, 4, 5)
   240  	SHA256ROUND1(59, 0x8cc70208, 5, 6, 7, 0, 1, 2, 3, 4)
   241  	SHA256ROUND1(60, 0x90befffa, 4, 5, 6, 7, 0, 1, 2, 3)
   242  	SHA256ROUND1(61, 0xa4506ceb, 3, 4, 5, 6, 7, 0, 1, 2)
   243  	SHA256ROUND1(62, 0xbef9a3f7, 2, 3, 4, 5, 6, 7, 0, 1)
   244  	SHA256ROUND1(63, 0xc67178f2, 1, 2, 3, 4, 5, 6, 7, 0)
   245  
   246  	MOVL	dig+0(FP), BP
   247  	MOVL	(0*4)(BP), AX		// H0 = a + H0
   248  	ADDL	(0*4)(DI), AX
   249  	MOVL	AX, (0*4)(DI)
   250  	MOVL	AX, (0*4)(BP)
   251  	MOVL	(1*4)(BP), BX		// H1 = b + H1
   252  	ADDL	(1*4)(DI), BX
   253  	MOVL	BX, (1*4)(DI)
   254  	MOVL	BX, (1*4)(BP)
   255  	MOVL	(2*4)(BP), CX		// H2 = c + H2
   256  	ADDL	(2*4)(DI), CX
   257  	MOVL	CX, (2*4)(DI)
   258  	MOVL	CX, (2*4)(BP)
   259  	MOVL	(3*4)(BP), DX		// H3 = d + H3
   260  	ADDL	(3*4)(DI), DX
   261  	MOVL	DX, (3*4)(DI)
   262  	MOVL	DX, (3*4)(BP)
   263  	MOVL	(4*4)(BP), AX		// H4 = e + H4
   264  	ADDL	(4*4)(DI), AX
   265  	MOVL	AX, (4*4)(DI)
   266  	MOVL	AX, (4*4)(BP)
   267  	MOVL	(5*4)(BP), BX		// H5 = f + H5
   268  	ADDL	(5*4)(DI), BX
   269  	MOVL	BX, (5*4)(DI)
   270  	MOVL	BX, (5*4)(BP)
   271  	MOVL	(6*4)(BP), CX		// H6 = g + H6
   272  	ADDL	(6*4)(DI), CX
   273  	MOVL	CX, (6*4)(DI)
   274  	MOVL	CX, (6*4)(BP)
   275  	MOVL	(7*4)(BP), DX		// H7 = h + H7
   276  	ADDL	(7*4)(DI), DX
   277  	MOVL	DX, (7*4)(DI)
   278  	MOVL	DX, (7*4)(BP)
   279  
   280  	ADDL	$64, SI
   281  	CMPL	SI, 288(SP)
   282  	JB	loop
   283  
   284  end:
   285  	RET
   286  

View as plain text