sha/asm/sha1-s390x.pl

238384Sjkim#!/usr/bin/env perl
238384Sjkim
238384Sjkim# ====================================================================
238384Sjkim# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
238384Sjkim# project. The module is, however, dual licensed under OpenSSL and
238384Sjkim# CRYPTOGAMS licenses depending on where you obtain it. For further
238384Sjkim# details see http://www.openssl.org/~appro/cryptogams/.
238384Sjkim# ====================================================================
238384Sjkim
238384Sjkim# SHA1 block procedure for s390x.
238384Sjkim
238384Sjkim# April 2007.
238384Sjkim#
238384Sjkim# Performance is >30% better than gcc 3.3 generated code. But the real
238384Sjkim# twist is that SHA1 hardware support is detected and utilized. In
238384Sjkim# which case performance can reach further >4.5x for larger chunks.
238384Sjkim
238384Sjkim# January 2009.
238384Sjkim#
238384Sjkim# Optimize Xupdate for amount of memory references and reschedule
238384Sjkim# instructions to favour dual-issue z10 pipeline. On z10 hardware is
238384Sjkim# "only" ~2.3x faster than software.
238384Sjkim
238384Sjkim# November 2010.
238384Sjkim#
238384Sjkim# Adapt for -m31 build. If kernel supports what's called "highgprs"
238384Sjkim# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
238384Sjkim# instructions and achieve "64-bit" performance even in 31-bit legacy
238384Sjkim# application context. The feature is not specific to any particular
238384Sjkim# processor, as long as it's "z-CPU". Latter implies that the code
238384Sjkim# remains z/Architecture specific.
238384Sjkim
238384Sjkim$kimdfunc=1;	# magic function code for kimd instruction
238384Sjkim
238384Sjkim$flavour = shift;
238384Sjkim
238384Sjkimif ($flavour =~ /3[12]/) {
238384Sjkim	$SIZE_T=4;
238384Sjkim	$g="";
238384Sjkim} else {
238384Sjkim	$SIZE_T=8;
238384Sjkim	$g="g";
238384Sjkim}
238384Sjkim
238384Sjkimwhile (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
238384Sjkimopen STDOUT,">$output";
238384Sjkim
238384Sjkim$K_00_39="%r0"; $K=$K_00_39;
238384Sjkim$K_40_79="%r1";
238384Sjkim$ctx="%r2";	$prefetch="%r2";
238384Sjkim$inp="%r3";
238384Sjkim$len="%r4";
238384Sjkim
238384Sjkim$A="%r5";
238384Sjkim$B="%r6";
238384Sjkim$C="%r7";
238384Sjkim$D="%r8";
238384Sjkim$E="%r9";	@V=($A,$B,$C,$D,$E);
238384Sjkim$t0="%r10";
238384Sjkim$t1="%r11";
238384Sjkim@X=("%r12","%r13","%r14");
238384Sjkim$sp="%r15";
238384Sjkim
238384Sjkim$stdframe=16*$SIZE_T+4*8;
238384Sjkim$frame=$stdframe+16*4;
238384Sjkim
238384Sjkimsub Xupdate {
238384Sjkimmy $i=shift;
238384Sjkim
238384Sjkim$code.=<<___ if ($i==15);
238384Sjkim	lg	$prefetch,$stdframe($sp)	### Xupdate(16) warm-up
238384Sjkim	lr	$X[0],$X[2]
238384Sjkim___
238384Sjkimreturn if ($i&1);	# Xupdate is vectorized and executed every 2nd cycle
238384Sjkim$code.=<<___ if ($i<16);
238384Sjkim	lg	$X[0],`$i*4`($inp)	### Xload($i)
238384Sjkim	rllg	$X[1],$X[0],32
238384Sjkim___
238384Sjkim$code.=<<___ if ($i>=16);
238384Sjkim	xgr	$X[0],$prefetch		### Xupdate($i)
238384Sjkim	lg	$prefetch,`$stdframe+4*(($i+2)%16)`($sp)
238384Sjkim	xg	$X[0],`$stdframe+4*(($i+8)%16)`($sp)
238384Sjkim	xgr	$X[0],$prefetch
238384Sjkim	rll	$X[0],$X[0],1
238384Sjkim	rllg	$X[1],$X[0],32
238384Sjkim	rll	$X[1],$X[1],1
238384Sjkim	rllg	$X[0],$X[1],32
238384Sjkim	lr	$X[2],$X[1]		# feedback
238384Sjkim___
238384Sjkim$code.=<<___ if ($i<=70);
238384Sjkim	stg	$X[0],`$stdframe+4*($i%16)`($sp)
238384Sjkim___
238384Sjkimunshift(@X,pop(@X));
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_00_19 {
238384Sjkimmy ($i,$a,$b,$c,$d,$e)=@_;
238384Sjkimmy $xi=$X[1];
238384Sjkim
238384Sjkim	&Xupdate($i);
238384Sjkim$code.=<<___;
238384Sjkim	alr	$e,$K		### $i
238384Sjkim	rll	$t1,$a,5
238384Sjkim	lr	$t0,$d
238384Sjkim	xr	$t0,$c
238384Sjkim	alr	$e,$t1
238384Sjkim	nr	$t0,$b
238384Sjkim	alr	$e,$xi
238384Sjkim	xr	$t0,$d
238384Sjkim	rll	$b,$b,30
238384Sjkim	alr	$e,$t0
238384Sjkim___
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_20_39 {
238384Sjkimmy ($i,$a,$b,$c,$d,$e)=@_;
238384Sjkimmy $xi=$X[1];
238384Sjkim
238384Sjkim	&Xupdate($i);
238384Sjkim$code.=<<___;
238384Sjkim	alr	$e,$K		### $i
238384Sjkim	rll	$t1,$a,5
238384Sjkim	lr	$t0,$b
238384Sjkim	alr	$e,$t1
238384Sjkim	xr	$t0,$c
238384Sjkim	alr	$e,$xi
238384Sjkim	xr	$t0,$d
238384Sjkim	rll	$b,$b,30
238384Sjkim	alr	$e,$t0
238384Sjkim___
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_40_59 {
238384Sjkimmy ($i,$a,$b,$c,$d,$e)=@_;
238384Sjkimmy $xi=$X[1];
238384Sjkim
238384Sjkim	&Xupdate($i);
238384Sjkim$code.=<<___;
238384Sjkim	alr	$e,$K		### $i
238384Sjkim	rll	$t1,$a,5
238384Sjkim	lr	$t0,$b
238384Sjkim	alr	$e,$t1
238384Sjkim	or	$t0,$c
238384Sjkim	lr	$t1,$b
238384Sjkim	nr	$t0,$d
238384Sjkim	nr	$t1,$c
238384Sjkim	alr	$e,$xi
238384Sjkim	or	$t0,$t1
238384Sjkim	rll	$b,$b,30
238384Sjkim	alr	$e,$t0
238384Sjkim___
238384Sjkim}
238384Sjkim
238384Sjkim$code.=<<___;
238384Sjkim.text
238384Sjkim.align	64
238384Sjkim.type	Ktable,\@object
238384SjkimKtable: .long	0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6
238384Sjkim	.skip	48	#.long	0,0,0,0,0,0,0,0,0,0,0,0
238384Sjkim.size	Ktable,.-Ktable
238384Sjkim.globl	sha1_block_data_order
238384Sjkim.type	sha1_block_data_order,\@function
238384Sjkimsha1_block_data_order:
238384Sjkim___
238384Sjkim$code.=<<___ if ($kimdfunc);
238384Sjkim	larl	%r1,OPENSSL_s390xcap_P
238384Sjkim	lg	%r0,0(%r1)
238384Sjkim	tmhl	%r0,0x4000	# check for message-security assist
238384Sjkim	jz	.Lsoftware
238384Sjkim	lghi	%r0,0
238384Sjkim	la	%r1,`2*$SIZE_T`($sp)
238384Sjkim	.long	0xb93e0002	# kimd %r0,%r2
238384Sjkim	lg	%r0,`2*$SIZE_T`($sp)
238384Sjkim	tmhh	%r0,`0x8000>>$kimdfunc`
238384Sjkim	jz	.Lsoftware
238384Sjkim	lghi	%r0,$kimdfunc
238384Sjkim	lgr	%r1,$ctx
238384Sjkim	lgr	%r2,$inp
238384Sjkim	sllg	%r3,$len,6
238384Sjkim	.long	0xb93e0002	# kimd %r0,%r2
238384Sjkim	brc	1,.-4		# pay attention to "partial completion"
238384Sjkim	br	%r14
238384Sjkim.align	16
238384Sjkim.Lsoftware:
238384Sjkim___
238384Sjkim$code.=<<___;
238384Sjkim	lghi	%r1,-$frame
238384Sjkim	st${g}	$ctx,`2*$SIZE_T`($sp)
238384Sjkim	stm${g}	%r6,%r15,`6*$SIZE_T`($sp)
238384Sjkim	lgr	%r0,$sp
238384Sjkim	la	$sp,0(%r1,$sp)
238384Sjkim	st${g}	%r0,0($sp)
238384Sjkim
238384Sjkim	larl	$t0,Ktable
238384Sjkim	llgf	$A,0($ctx)
238384Sjkim	llgf	$B,4($ctx)
238384Sjkim	llgf	$C,8($ctx)
238384Sjkim	llgf	$D,12($ctx)
238384Sjkim	llgf	$E,16($ctx)
238384Sjkim
238384Sjkim	lg	$K_00_39,0($t0)
238384Sjkim	lg	$K_40_79,8($t0)
238384Sjkim
238384Sjkim.Lloop:
238384Sjkim	rllg	$K_00_39,$K_00_39,32
238384Sjkim___
238384Sjkimfor ($i=0;$i<20;$i++)	{ &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
238384Sjkim$code.=<<___;
238384Sjkim	rllg	$K_00_39,$K_00_39,32
238384Sjkim___
238384Sjkimfor (;$i<40;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
238384Sjkim$code.=<<___;	$K=$K_40_79;
238384Sjkim	rllg	$K_40_79,$K_40_79,32
238384Sjkim___
238384Sjkimfor (;$i<60;$i++)	{ &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
238384Sjkim$code.=<<___;
238384Sjkim	rllg	$K_40_79,$K_40_79,32
238384Sjkim___
238384Sjkimfor (;$i<80;$i++)	{ &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
238384Sjkim$code.=<<___;
238384Sjkim
238384Sjkim	l${g}	$ctx,`$frame+2*$SIZE_T`($sp)
238384Sjkim	la	$inp,64($inp)
238384Sjkim	al	$A,0($ctx)
238384Sjkim	al	$B,4($ctx)
238384Sjkim	al	$C,8($ctx)
238384Sjkim	al	$D,12($ctx)
238384Sjkim	al	$E,16($ctx)
238384Sjkim	st	$A,0($ctx)
238384Sjkim	st	$B,4($ctx)
238384Sjkim	st	$C,8($ctx)
238384Sjkim	st	$D,12($ctx)
238384Sjkim	st	$E,16($ctx)
238384Sjkim	brct${g} $len,.Lloop
238384Sjkim
238384Sjkim	lm${g}	%r6,%r15,`$frame+6*$SIZE_T`($sp)
238384Sjkim	br	%r14
238384Sjkim.size	sha1_block_data_order,.-sha1_block_data_order
238384Sjkim.string	"SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
238384Sjkim.comm	OPENSSL_s390xcap_P,16,8
238384Sjkim___
238384Sjkim
238384Sjkim$code =~ s/\`([^\`]*)\`/eval $1/gem;
238384Sjkim
238384Sjkimprint $code;
238384Sjkimclose STDOUT;