1 #!/usr/bin/env perl 2 # 3 # ==================================================================== 4 # Written by Andy Polyakov <appro (at] openssl.org> for the OpenSSL 5 # project. The module is, however, dual licensed under OpenSSL and 6 # CRYPTOGAMS licenses depending on where you obtain it. For further 7 # details see http://www.openssl.org/~appro/cryptogams/. 8 # ==================================================================== 9 # 10 # June 2011 11 # 12 # This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled 13 # in http://download.intel.com/design/intarch/papers/323686.pdf, is 14 # that since AESNI-CBC encrypt exhibit *very* low instruction-level 15 # parallelism, interleaving it with another algorithm would allow to 16 # utilize processor resources better and achieve better performance. 17 # SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and 18 # AESNI code is weaved into it. Below are performance numbers in 19 # cycles per processed byte, less is better, for standalone AESNI-CBC 20 # encrypt, sum of the latter and standalone SHA1, and "stitched" 21 # subroutine: 22 # 23 # AES-128-CBC +SHA1 stitch gain 24 # Westmere 3.77[+5.6] 9.37 6.65 +41% 25 # Sandy Bridge 5.05[+5.2(6.3)] 10.25(11.35) 6.16(7.08) +67%(+60%) 26 # 27 # AES-192-CBC 28 # Westmere 4.51 10.11 6.97 +45% 29 # Sandy Bridge 6.05 11.25(12.35) 6.34(7.27) +77%(+70%) 30 # 31 # AES-256-CBC 32 # Westmere 5.25 10.85 7.25 +50% 33 # Sandy Bridge 7.05 12.25(13.35) 7.06(7.70) +74%(+73%) 34 # 35 # (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for 36 # background information. Above numbers in parentheses are SSSE3 37 # results collected on AVX-capable CPU, i.e. apply on OSes that 38 # don't support AVX. 39 # 40 # Needless to mention that it makes no sense to implement "stitched" 41 # *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 42 # fully utilize parallelism, so stitching would not give any gain 43 # anyway. Well, there might be some, e.g. because of better cache 44 # locality... For reference, here are performance results for 45 # standalone AESNI-CBC decrypt: 46 # 47 # AES-128-CBC AES-192-CBC AES-256-CBC 48 # Westmere 1.31 1.55 1.80 49 # Sandy Bridge 0.93 1.06 1.22 50 51 $flavour = shift; 52 $output = shift; 53 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 54 55 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); 56 57 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 58 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or 59 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 60 die "can't locate x86_64-xlate.pl"; 61 62 $avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` 63 =~ /GNU assembler version ([2-9]\.[0-9]+)/ && 64 $1>=2.19); 65 $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && 66 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && 67 $1>=2.09); 68 $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && 69 `ml64 2>&1` =~ /Version ([0-9]+)\./ && 70 $1>=10); 71 72 open OUT,"| \"$^X\" $xlate $flavour $output"; 73 *STDOUT=*OUT; 74 75 # void aesni_cbc_sha1_enc(const void *inp, 76 # void *out, 77 # size_t length, 78 # const AES_KEY *key, 79 # unsigned char *iv, 80 # SHA_CTX *ctx, 81 # const void *in0); 82 83 $code.=<<___; 84 .text 85 .extern OPENSSL_ia32cap_P 86 87 .globl aesni_cbc_sha1_enc 88 .type aesni_cbc_sha1_enc,\@abi-omnipotent 89 .align 16 90 aesni_cbc_sha1_enc: 91 # caller should check for SSSE3 and AES-NI bits 92 mov OPENSSL_ia32cap_P+0(%rip),%r10d 93 mov OPENSSL_ia32cap_P+4(%rip),%r11d 94 ___ 95 $code.=<<___ if ($avx); 96 and \$`1<<28`,%r11d # mask AVX bit 97 and \$`1<<30`,%r10d # mask "Intel CPU" bit 98 or %r11d,%r10d 99 cmp \$`1<<28|1<<30`,%r10d 100 je aesni_cbc_sha1_enc_avx 101 ___ 102 $code.=<<___; 103 jmp aesni_cbc_sha1_enc_ssse3 104 ret 105 .size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc 106 ___ 107 108 my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); 109 110 my $Xi=4; 111 my @X=map("%xmm$_",(4..7,0..3)); 112 my @Tx=map("%xmm$_",(8..10)); 113 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization 114 my @T=("%esi","%edi"); 115 my $j=0; my $jj=0; my $r=0; my $sn=0; 116 my $K_XX_XX="%r11"; 117 my ($iv,$in,$rndkey0)=map("%xmm$_",(11..13)); 118 my @rndkey=("%xmm14","%xmm15"); 119 120 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm 121 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; 122 my $arg = pop; 123 $arg = "\$$arg" if ($arg*1 eq $arg); 124 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; 125 } 126 127 my $_rol=sub { &rol(@_) }; 128 my $_ror=sub { &ror(@_) }; 129 130 $code.=<<___; 131 .type aesni_cbc_sha1_enc_ssse3,\@function,6 132 .align 16 133 aesni_cbc_sha1_enc_ssse3: 134 mov `($win64?56:8)`(%rsp),$inp # load 7th argument 135 #shr \$6,$len # debugging artefact 136 #jz .Lepilogue_ssse3 # debugging artefact 137 push %rbx 138 push %rbp 139 push %r12 140 push %r13 141 push %r14 142 push %r15 143 lea `-104-($win64?10*16:0)`(%rsp),%rsp 144 #mov $in0,$inp # debugging artefact 145 #lea 64(%rsp),$ctx # debugging artefact 146 ___ 147 $code.=<<___ if ($win64); 148 movaps %xmm6,96+0(%rsp) 149 movaps %xmm7,96+16(%rsp) 150 movaps %xmm8,96+32(%rsp) 151 movaps %xmm9,96+48(%rsp) 152 movaps %xmm10,96+64(%rsp) 153 movaps %xmm11,96+80(%rsp) 154 movaps %xmm12,96+96(%rsp) 155 movaps %xmm13,96+112(%rsp) 156 movaps %xmm14,96+128(%rsp) 157 movaps %xmm15,96+144(%rsp) 158 .Lprologue_ssse3: 159 ___ 160 $code.=<<___; 161 mov $in0,%r12 # reassign arguments 162 mov $out,%r13 163 mov $len,%r14 164 mov $key,%r15 165 movdqu ($ivp),$iv # load IV 166 mov $ivp,88(%rsp) # save $ivp 167 ___ 168 my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments 169 my $rounds="${ivp}d"; 170 $code.=<<___; 171 shl \$6,$len 172 sub $in0,$out 173 mov 240($key),$rounds 174 add $inp,$len # end of input 175 176 lea K_XX_XX(%rip),$K_XX_XX 177 mov 0($ctx),$A # load context 178 mov 4($ctx),$B 179 mov 8($ctx),$C 180 mov 12($ctx),$D 181 mov $B,@T[0] # magic seed 182 mov 16($ctx),$E 183 184 movdqa 64($K_XX_XX),@X[2] # pbswap mask 185 movdqa 0($K_XX_XX),@Tx[1] # K_00_19 186 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] 187 movdqu 16($inp),@X[-3&7] 188 movdqu 32($inp),@X[-2&7] 189 movdqu 48($inp),@X[-1&7] 190 pshufb @X[2],@X[-4&7] # byte swap 191 add \$64,$inp 192 pshufb @X[2],@X[-3&7] 193 pshufb @X[2],@X[-2&7] 194 pshufb @X[2],@X[-1&7] 195 paddd @Tx[1],@X[-4&7] # add K_00_19 196 paddd @Tx[1],@X[-3&7] 197 paddd @Tx[1],@X[-2&7] 198 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU 199 psubd @Tx[1],@X[-4&7] # restore X[] 200 movdqa @X[-3&7],16(%rsp) 201 psubd @Tx[1],@X[-3&7] 202 movdqa @X[-2&7],32(%rsp) 203 psubd @Tx[1],@X[-2&7] 204 movups ($key),$rndkey0 # $key[0] 205 movups 16($key),$rndkey[0] # forward reference 206 jmp .Loop_ssse3 207 ___ 208 209 my $aesenc=sub { 210 use integer; 211 my ($n,$k)=($r/10,$r%10); 212 if ($k==0) { 213 $code.=<<___; 214 movups `16*$n`($in0),$in # load input 215 xorps $rndkey0,$in 216 ___ 217 $code.=<<___ if ($n); 218 movups $iv,`16*($n-1)`($out,$in0) # write output 219 ___ 220 $code.=<<___; 221 xorps $in,$iv 222 aesenc $rndkey[0],$iv 223 movups `32+16*$k`($key),$rndkey[1] 224 ___ 225 } elsif ($k==9) { 226 $sn++; 227 $code.=<<___; 228 cmp \$11,$rounds 229 jb .Laesenclast$sn 230 movups `32+16*($k+0)`($key),$rndkey[1] 231 aesenc $rndkey[0],$iv 232 movups `32+16*($k+1)`($key),$rndkey[0] 233 aesenc $rndkey[1],$iv 234 je .Laesenclast$sn 235 movups `32+16*($k+2)`($key),$rndkey[1] 236 aesenc $rndkey[0],$iv 237 movups `32+16*($k+3)`($key),$rndkey[0] 238 aesenc $rndkey[1],$iv 239 .Laesenclast$sn: 240 aesenclast $rndkey[0],$iv 241 movups 16($key),$rndkey[1] # forward reference 242 ___ 243 } else { 244 $code.=<<___; 245 aesenc $rndkey[0],$iv 246 movups `32+16*$k`($key),$rndkey[1] 247 ___ 248 } 249 $r++; unshift(@rndkey,pop(@rndkey)); 250 }; 251 252 sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4 253 { use integer; 254 my $body = shift; 255 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions 256 my ($a,$b,$c,$d,$e); 257 258 &movdqa (@X[0],@X[-3&7]); 259 eval(shift(@insns)); 260 eval(shift(@insns)); 261 &movdqa (@Tx[0],@X[-1&7]); 262 &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]" 263 eval(shift(@insns)); 264 eval(shift(@insns)); 265 266 &paddd (@Tx[1],@X[-1&7]); 267 eval(shift(@insns)); 268 eval(shift(@insns)); 269 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords 270 eval(shift(@insns)); 271 eval(shift(@insns)); 272 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" 273 eval(shift(@insns)); 274 eval(shift(@insns)); 275 276 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" 277 eval(shift(@insns)); 278 eval(shift(@insns)); 279 eval(shift(@insns)); 280 eval(shift(@insns)); 281 282 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" 283 eval(shift(@insns)); 284 eval(shift(@insns)); 285 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU 286 eval(shift(@insns)); 287 eval(shift(@insns)); 288 289 &movdqa (@Tx[2],@X[0]); 290 &movdqa (@Tx[0],@X[0]); 291 eval(shift(@insns)); 292 eval(shift(@insns)); 293 eval(shift(@insns)); 294 eval(shift(@insns)); 295 296 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword 297 &paddd (@X[0],@X[0]); 298 eval(shift(@insns)); 299 eval(shift(@insns)); 300 eval(shift(@insns)); 301 eval(shift(@insns)); 302 303 &psrld (@Tx[0],31); 304 eval(shift(@insns)); 305 eval(shift(@insns)); 306 &movdqa (@Tx[1],@Tx[2]); 307 eval(shift(@insns)); 308 eval(shift(@insns)); 309 310 &psrld (@Tx[2],30); 311 &por (@X[0],@Tx[0]); # "X[0]"<<<=1 312 eval(shift(@insns)); 313 eval(shift(@insns)); 314 eval(shift(@insns)); 315 eval(shift(@insns)); 316 317 &pslld (@Tx[1],2); 318 &pxor (@X[0],@Tx[2]); 319 eval(shift(@insns)); 320 eval(shift(@insns)); 321 &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX 322 eval(shift(@insns)); 323 eval(shift(@insns)); 324 325 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 326 327 foreach (@insns) { eval; } # remaining instructions [if any] 328 329 $Xi++; push(@X,shift(@X)); # "rotate" X[] 330 push(@Tx,shift(@Tx)); 331 } 332 333 sub Xupdate_ssse3_32_79() 334 { use integer; 335 my $body = shift; 336 my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions 337 my ($a,$b,$c,$d,$e); 338 339 &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8); 340 eval(shift(@insns)); # body_20_39 341 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" 342 &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]" 343 eval(shift(@insns)); 344 eval(shift(@insns)); 345 eval(shift(@insns)); # rol 346 347 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" 348 eval(shift(@insns)); 349 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); 350 if ($Xi%5) { 351 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... 352 } else { # ... or load next one 353 &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); 354 } 355 &paddd (@Tx[1],@X[-1&7]); 356 eval(shift(@insns)); # ror 357 eval(shift(@insns)); 358 359 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" 360 eval(shift(@insns)); # body_20_39 361 eval(shift(@insns)); 362 eval(shift(@insns)); 363 eval(shift(@insns)); # rol 364 365 &movdqa (@Tx[0],@X[0]); 366 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU 367 eval(shift(@insns)); 368 eval(shift(@insns)); 369 eval(shift(@insns)); # ror 370 eval(shift(@insns)); 371 372 &pslld (@X[0],2); 373 eval(shift(@insns)); # body_20_39 374 eval(shift(@insns)); 375 &psrld (@Tx[0],30); 376 eval(shift(@insns)); 377 eval(shift(@insns)); # rol 378 eval(shift(@insns)); 379 eval(shift(@insns)); 380 eval(shift(@insns)); # ror 381 eval(shift(@insns)); 382 383 &por (@X[0],@Tx[0]); # "X[0]"<<<=2 384 eval(shift(@insns)); # body_20_39 385 eval(shift(@insns)); 386 &movdqa (@Tx[1],@X[0]) if ($Xi<19); 387 eval(shift(@insns)); 388 eval(shift(@insns)); # rol 389 eval(shift(@insns)); 390 eval(shift(@insns)); 391 eval(shift(@insns)); # rol 392 eval(shift(@insns)); 393 394 foreach (@insns) { eval; } # remaining instructions 395 396 $Xi++; push(@X,shift(@X)); # "rotate" X[] 397 push(@Tx,shift(@Tx)); 398 } 399 400 sub Xuplast_ssse3_80() 401 { use integer; 402 my $body = shift; 403 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 404 my ($a,$b,$c,$d,$e); 405 406 eval(shift(@insns)); 407 &paddd (@Tx[1],@X[-1&7]); 408 eval(shift(@insns)); 409 eval(shift(@insns)); 410 eval(shift(@insns)); 411 eval(shift(@insns)); 412 413 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU 414 415 foreach (@insns) { eval; } # remaining instructions 416 417 &cmp ($inp,$len); 418 &je (".Ldone_ssse3"); 419 420 unshift(@Tx,pop(@Tx)); 421 422 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask 423 &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19 424 &movdqu (@X[-4&7],"0($inp)"); # load input 425 &movdqu (@X[-3&7],"16($inp)"); 426 &movdqu (@X[-2&7],"32($inp)"); 427 &movdqu (@X[-1&7],"48($inp)"); 428 &pshufb (@X[-4&7],@X[2]); # byte swap 429 &add ($inp,64); 430 431 $Xi=0; 432 } 433 434 sub Xloop_ssse3() 435 { use integer; 436 my $body = shift; 437 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 438 my ($a,$b,$c,$d,$e); 439 440 eval(shift(@insns)); 441 eval(shift(@insns)); 442 &pshufb (@X[($Xi-3)&7],@X[2]); 443 eval(shift(@insns)); 444 eval(shift(@insns)); 445 &paddd (@X[($Xi-4)&7],@Tx[1]); 446 eval(shift(@insns)); 447 eval(shift(@insns)); 448 eval(shift(@insns)); 449 eval(shift(@insns)); 450 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU 451 eval(shift(@insns)); 452 eval(shift(@insns)); 453 &psubd (@X[($Xi-4)&7],@Tx[1]); 454 455 foreach (@insns) { eval; } 456 $Xi++; 457 } 458 459 sub Xtail_ssse3() 460 { use integer; 461 my $body = shift; 462 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 463 my ($a,$b,$c,$d,$e); 464 465 foreach (@insns) { eval; } 466 } 467 468 sub body_00_19 () { 469 use integer; 470 my ($k,$n); 471 my @r=( 472 '($a,$b,$c,$d,$e)=@V;'. 473 '&add ($e,eval(4*($j&15))."(%rsp)");', # X[]+K xfer 474 '&xor ($c,$d);', 475 '&mov (@T[1],$a);', # $b in next round 476 '&$_rol ($a,5);', 477 '&and (@T[0],$c);', # ($b&($c^$d)) 478 '&xor ($c,$d);', # restore $c 479 '&xor (@T[0],$d);', 480 '&add ($e,$a);', 481 '&$_ror ($b,$j?7:2);', # $b>>>2 482 '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' 483 ); 484 $n = scalar(@r); 485 $k = (($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds 486 @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); 487 $jj++; 488 return @r; 489 } 490 491 sub body_20_39 () { 492 use integer; 493 my ($k,$n); 494 my @r=( 495 '($a,$b,$c,$d,$e)=@V;'. 496 '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer 497 '&xor (@T[0],$d);', # ($b^$d) 498 '&mov (@T[1],$a);', # $b in next round 499 '&$_rol ($a,5);', 500 '&xor (@T[0],$c);', # ($b^$d^$c) 501 '&add ($e,$a);', 502 '&$_ror ($b,7);', # $b>>>2 503 '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' 504 ); 505 $n = scalar(@r); 506 $k = (($jj+1)*8/20)*20*$n/8; # 8 aesencs per these 20 rounds 507 @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); 508 $jj++; 509 return @r; 510 } 511 512 sub body_40_59 () { 513 use integer; 514 my ($k,$n); 515 my @r=( 516 '($a,$b,$c,$d,$e)=@V;'. 517 '&mov (@T[1],$c);', 518 '&xor ($c,$d);', 519 '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer 520 '&and (@T[1],$d);', 521 '&and (@T[0],$c);', # ($b&($c^$d)) 522 '&$_ror ($b,7);', # $b>>>2 523 '&add ($e,@T[1]);', 524 '&mov (@T[1],$a);', # $b in next round 525 '&$_rol ($a,5);', 526 '&add ($e,@T[0]);', 527 '&xor ($c,$d);', # restore $c 528 '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' 529 ); 530 $n = scalar(@r); 531 $k=(($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds 532 @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); 533 $jj++; 534 return @r; 535 } 536 $code.=<<___; 537 .align 16 538 .Loop_ssse3: 539 ___ 540 &Xupdate_ssse3_16_31(\&body_00_19); 541 &Xupdate_ssse3_16_31(\&body_00_19); 542 &Xupdate_ssse3_16_31(\&body_00_19); 543 &Xupdate_ssse3_16_31(\&body_00_19); 544 &Xupdate_ssse3_32_79(\&body_00_19); 545 &Xupdate_ssse3_32_79(\&body_20_39); 546 &Xupdate_ssse3_32_79(\&body_20_39); 547 &Xupdate_ssse3_32_79(\&body_20_39); 548 &Xupdate_ssse3_32_79(\&body_20_39); 549 &Xupdate_ssse3_32_79(\&body_20_39); 550 &Xupdate_ssse3_32_79(\&body_40_59); 551 &Xupdate_ssse3_32_79(\&body_40_59); 552 &Xupdate_ssse3_32_79(\&body_40_59); 553 &Xupdate_ssse3_32_79(\&body_40_59); 554 &Xupdate_ssse3_32_79(\&body_40_59); 555 &Xupdate_ssse3_32_79(\&body_20_39); 556 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" 557 558 $saved_j=$j; @saved_V=@V; 559 $saved_r=$r; @saved_rndkey=@rndkey; 560 561 &Xloop_ssse3(\&body_20_39); 562 &Xloop_ssse3(\&body_20_39); 563 &Xloop_ssse3(\&body_20_39); 564 565 $code.=<<___; 566 movups $iv,48($out,$in0) # write output 567 lea 64($in0),$in0 568 569 add 0($ctx),$A # update context 570 add 4($ctx),@T[0] 571 add 8($ctx),$C 572 add 12($ctx),$D 573 mov $A,0($ctx) 574 add 16($ctx),$E 575 mov @T[0],4($ctx) 576 mov @T[0],$B # magic seed 577 mov $C,8($ctx) 578 mov $D,12($ctx) 579 mov $E,16($ctx) 580 jmp .Loop_ssse3 581 582 .align 16 583 .Ldone_ssse3: 584 ___ 585 $jj=$j=$saved_j; @V=@saved_V; 586 $r=$saved_r; @rndkey=@saved_rndkey; 587 588 &Xtail_ssse3(\&body_20_39); 589 &Xtail_ssse3(\&body_20_39); 590 &Xtail_ssse3(\&body_20_39); 591 592 $code.=<<___; 593 movups $iv,48($out,$in0) # write output 594 mov 88(%rsp),$ivp # restore $ivp 595 596 add 0($ctx),$A # update context 597 add 4($ctx),@T[0] 598 add 8($ctx),$C 599 mov $A,0($ctx) 600 add 12($ctx),$D 601 mov @T[0],4($ctx) 602 add 16($ctx),$E 603 mov $C,8($ctx) 604 mov $D,12($ctx) 605 mov $E,16($ctx) 606 movups $iv,($ivp) # write IV 607 ___ 608 $code.=<<___ if ($win64); 609 movaps 96+0(%rsp),%xmm6 610 movaps 96+16(%rsp),%xmm7 611 movaps 96+32(%rsp),%xmm8 612 movaps 96+48(%rsp),%xmm9 613 movaps 96+64(%rsp),%xmm10 614 movaps 96+80(%rsp),%xmm11 615 movaps 96+96(%rsp),%xmm12 616 movaps 96+112(%rsp),%xmm13 617 movaps 96+128(%rsp),%xmm14 618 movaps 96+144(%rsp),%xmm15 619 ___ 620 $code.=<<___; 621 lea `104+($win64?10*16:0)`(%rsp),%rsi 622 mov 0(%rsi),%r15 623 mov 8(%rsi),%r14 624 mov 16(%rsi),%r13 625 mov 24(%rsi),%r12 626 mov 32(%rsi),%rbp 627 mov 40(%rsi),%rbx 628 lea 48(%rsi),%rsp 629 .Lepilogue_ssse3: 630 ret 631 .size aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3 632 ___ 633 634 $j=$jj=$r=$sn=0; 635 636 if ($avx) { 637 my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); 638 639 my $Xi=4; 640 my @X=map("%xmm$_",(4..7,0..3)); 641 my @Tx=map("%xmm$_",(8..10)); 642 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization 643 my @T=("%esi","%edi"); 644 645 my $_rol=sub { &shld(@_[0],@_) }; 646 my $_ror=sub { &shrd(@_[0],@_) }; 647 648 $code.=<<___; 649 .type aesni_cbc_sha1_enc_avx,\@function,6 650 .align 16 651 aesni_cbc_sha1_enc_avx: 652 mov `($win64?56:8)`(%rsp),$inp # load 7th argument 653 #shr \$6,$len # debugging artefact 654 #jz .Lepilogue_avx # debugging artefact 655 push %rbx 656 push %rbp 657 push %r12 658 push %r13 659 push %r14 660 push %r15 661 lea `-104-($win64?10*16:0)`(%rsp),%rsp 662 #mov $in0,$inp # debugging artefact 663 #lea 64(%rsp),$ctx # debugging artefact 664 ___ 665 $code.=<<___ if ($win64); 666 movaps %xmm6,96+0(%rsp) 667 movaps %xmm7,96+16(%rsp) 668 movaps %xmm8,96+32(%rsp) 669 movaps %xmm9,96+48(%rsp) 670 movaps %xmm10,96+64(%rsp) 671 movaps %xmm11,96+80(%rsp) 672 movaps %xmm12,96+96(%rsp) 673 movaps %xmm13,96+112(%rsp) 674 movaps %xmm14,96+128(%rsp) 675 movaps %xmm15,96+144(%rsp) 676 .Lprologue_avx: 677 ___ 678 $code.=<<___; 679 vzeroall 680 mov $in0,%r12 # reassign arguments 681 mov $out,%r13 682 mov $len,%r14 683 mov $key,%r15 684 vmovdqu ($ivp),$iv # load IV 685 mov $ivp,88(%rsp) # save $ivp 686 ___ 687 my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments 688 my $rounds="${ivp}d"; 689 $code.=<<___; 690 shl \$6,$len 691 sub $in0,$out 692 mov 240($key),$rounds 693 add \$112,$key # size optimization 694 add $inp,$len # end of input 695 696 lea K_XX_XX(%rip),$K_XX_XX 697 mov 0($ctx),$A # load context 698 mov 4($ctx),$B 699 mov 8($ctx),$C 700 mov 12($ctx),$D 701 mov $B,@T[0] # magic seed 702 mov 16($ctx),$E 703 704 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask 705 vmovdqa 0($K_XX_XX),@Tx[1] # K_00_19 706 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] 707 vmovdqu 16($inp),@X[-3&7] 708 vmovdqu 32($inp),@X[-2&7] 709 vmovdqu 48($inp),@X[-1&7] 710 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap 711 add \$64,$inp 712 vpshufb @X[2],@X[-3&7],@X[-3&7] 713 vpshufb @X[2],@X[-2&7],@X[-2&7] 714 vpshufb @X[2],@X[-1&7],@X[-1&7] 715 vpaddd @Tx[1],@X[-4&7],@X[0] # add K_00_19 716 vpaddd @Tx[1],@X[-3&7],@X[1] 717 vpaddd @Tx[1],@X[-2&7],@X[2] 718 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU 719 vmovdqa @X[1],16(%rsp) 720 vmovdqa @X[2],32(%rsp) 721 vmovups -112($key),$rndkey0 # $key[0] 722 vmovups 16-112($key),$rndkey[0] # forward reference 723 jmp .Loop_avx 724 ___ 725 726 my $aesenc=sub { 727 use integer; 728 my ($n,$k)=($r/10,$r%10); 729 if ($k==0) { 730 $code.=<<___; 731 vmovups `16*$n`($in0),$in # load input 732 vxorps $rndkey0,$in,$in 733 ___ 734 $code.=<<___ if ($n); 735 vmovups $iv,`16*($n-1)`($out,$in0) # write output 736 ___ 737 $code.=<<___; 738 vxorps $in,$iv,$iv 739 vaesenc $rndkey[0],$iv,$iv 740 vmovups `32+16*$k-112`($key),$rndkey[1] 741 ___ 742 } elsif ($k==9) { 743 $sn++; 744 $code.=<<___; 745 cmp \$11,$rounds 746 jb .Lvaesenclast$sn 747 vaesenc $rndkey[0],$iv,$iv 748 vmovups `32+16*($k+0)-112`($key),$rndkey[1] 749 vaesenc $rndkey[1],$iv,$iv 750 vmovups `32+16*($k+1)-112`($key),$rndkey[0] 751 je .Lvaesenclast$sn 752 vaesenc $rndkey[0],$iv,$iv 753 vmovups `32+16*($k+2)-112`($key),$rndkey[1] 754 vaesenc $rndkey[1],$iv,$iv 755 vmovups `32+16*($k+3)-112`($key),$rndkey[0] 756 .Lvaesenclast$sn: 757 vaesenclast $rndkey[0],$iv,$iv 758 vmovups 16-112($key),$rndkey[1] # forward reference 759 ___ 760 } else { 761 $code.=<<___; 762 vaesenc $rndkey[0],$iv,$iv 763 vmovups `32+16*$k-112`($key),$rndkey[1] 764 ___ 765 } 766 $r++; unshift(@rndkey,pop(@rndkey)); 767 }; 768 769 sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4 770 { use integer; 771 my $body = shift; 772 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions 773 my ($a,$b,$c,$d,$e); 774 775 eval(shift(@insns)); 776 eval(shift(@insns)); 777 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" 778 eval(shift(@insns)); 779 eval(shift(@insns)); 780 781 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); 782 eval(shift(@insns)); 783 eval(shift(@insns)); 784 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords 785 eval(shift(@insns)); 786 eval(shift(@insns)); 787 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" 788 eval(shift(@insns)); 789 eval(shift(@insns)); 790 791 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" 792 eval(shift(@insns)); 793 eval(shift(@insns)); 794 eval(shift(@insns)); 795 eval(shift(@insns)); 796 797 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" 798 eval(shift(@insns)); 799 eval(shift(@insns)); 800 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU 801 eval(shift(@insns)); 802 eval(shift(@insns)); 803 804 &vpsrld (@Tx[0],@X[0],31); 805 eval(shift(@insns)); 806 eval(shift(@insns)); 807 eval(shift(@insns)); 808 eval(shift(@insns)); 809 810 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword 811 &vpaddd (@X[0],@X[0],@X[0]); 812 eval(shift(@insns)); 813 eval(shift(@insns)); 814 eval(shift(@insns)); 815 eval(shift(@insns)); 816 817 &vpsrld (@Tx[1],@Tx[2],30); 818 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 819 eval(shift(@insns)); 820 eval(shift(@insns)); 821 eval(shift(@insns)); 822 eval(shift(@insns)); 823 824 &vpslld (@Tx[2],@Tx[2],2); 825 &vpxor (@X[0],@X[0],@Tx[1]); 826 eval(shift(@insns)); 827 eval(shift(@insns)); 828 eval(shift(@insns)); 829 eval(shift(@insns)); 830 831 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 832 eval(shift(@insns)); 833 eval(shift(@insns)); 834 &vmovdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX 835 eval(shift(@insns)); 836 eval(shift(@insns)); 837 838 839 foreach (@insns) { eval; } # remaining instructions [if any] 840 841 $Xi++; push(@X,shift(@X)); # "rotate" X[] 842 push(@Tx,shift(@Tx)); 843 } 844 845 sub Xupdate_avx_32_79() 846 { use integer; 847 my $body = shift; 848 my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions 849 my ($a,$b,$c,$d,$e); 850 851 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" 852 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" 853 eval(shift(@insns)); # body_20_39 854 eval(shift(@insns)); 855 eval(shift(@insns)); 856 eval(shift(@insns)); # rol 857 858 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" 859 eval(shift(@insns)); 860 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); 861 if ($Xi%5) { 862 &vmovdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... 863 } else { # ... or load next one 864 &vmovdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); 865 } 866 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); 867 eval(shift(@insns)); # ror 868 eval(shift(@insns)); 869 870 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" 871 eval(shift(@insns)); # body_20_39 872 eval(shift(@insns)); 873 eval(shift(@insns)); 874 eval(shift(@insns)); # rol 875 876 &vpsrld (@Tx[0],@X[0],30); 877 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU 878 eval(shift(@insns)); 879 eval(shift(@insns)); 880 eval(shift(@insns)); # ror 881 eval(shift(@insns)); 882 883 &vpslld (@X[0],@X[0],2); 884 eval(shift(@insns)); # body_20_39 885 eval(shift(@insns)); 886 eval(shift(@insns)); 887 eval(shift(@insns)); # rol 888 eval(shift(@insns)); 889 eval(shift(@insns)); 890 eval(shift(@insns)); # ror 891 eval(shift(@insns)); 892 893 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 894 eval(shift(@insns)); # body_20_39 895 eval(shift(@insns)); 896 &vmovdqa (@Tx[1],@X[0]) if ($Xi<19); 897 eval(shift(@insns)); 898 eval(shift(@insns)); # rol 899 eval(shift(@insns)); 900 eval(shift(@insns)); 901 eval(shift(@insns)); # rol 902 eval(shift(@insns)); 903 904 foreach (@insns) { eval; } # remaining instructions 905 906 $Xi++; push(@X,shift(@X)); # "rotate" X[] 907 push(@Tx,shift(@Tx)); 908 } 909 910 sub Xuplast_avx_80() 911 { use integer; 912 my $body = shift; 913 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 914 my ($a,$b,$c,$d,$e); 915 916 eval(shift(@insns)); 917 &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); 918 eval(shift(@insns)); 919 eval(shift(@insns)); 920 eval(shift(@insns)); 921 eval(shift(@insns)); 922 923 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU 924 925 foreach (@insns) { eval; } # remaining instructions 926 927 &cmp ($inp,$len); 928 &je (".Ldone_avx"); 929 930 unshift(@Tx,pop(@Tx)); 931 932 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask 933 &vmovdqa(@Tx[1],"0($K_XX_XX)"); # K_00_19 934 &vmovdqu(@X[-4&7],"0($inp)"); # load input 935 &vmovdqu(@X[-3&7],"16($inp)"); 936 &vmovdqu(@X[-2&7],"32($inp)"); 937 &vmovdqu(@X[-1&7],"48($inp)"); 938 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap 939 &add ($inp,64); 940 941 $Xi=0; 942 } 943 944 sub Xloop_avx() 945 { use integer; 946 my $body = shift; 947 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 948 my ($a,$b,$c,$d,$e); 949 950 eval(shift(@insns)); 951 eval(shift(@insns)); 952 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); 953 eval(shift(@insns)); 954 eval(shift(@insns)); 955 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]); 956 eval(shift(@insns)); 957 eval(shift(@insns)); 958 eval(shift(@insns)); 959 eval(shift(@insns)); 960 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU 961 eval(shift(@insns)); 962 eval(shift(@insns)); 963 964 foreach (@insns) { eval; } 965 $Xi++; 966 } 967 968 sub Xtail_avx() 969 { use integer; 970 my $body = shift; 971 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions 972 my ($a,$b,$c,$d,$e); 973 974 foreach (@insns) { eval; } 975 } 976 977 $code.=<<___; 978 .align 16 979 .Loop_avx: 980 ___ 981 &Xupdate_avx_16_31(\&body_00_19); 982 &Xupdate_avx_16_31(\&body_00_19); 983 &Xupdate_avx_16_31(\&body_00_19); 984 &Xupdate_avx_16_31(\&body_00_19); 985 &Xupdate_avx_32_79(\&body_00_19); 986 &Xupdate_avx_32_79(\&body_20_39); 987 &Xupdate_avx_32_79(\&body_20_39); 988 &Xupdate_avx_32_79(\&body_20_39); 989 &Xupdate_avx_32_79(\&body_20_39); 990 &Xupdate_avx_32_79(\&body_20_39); 991 &Xupdate_avx_32_79(\&body_40_59); 992 &Xupdate_avx_32_79(\&body_40_59); 993 &Xupdate_avx_32_79(\&body_40_59); 994 &Xupdate_avx_32_79(\&body_40_59); 995 &Xupdate_avx_32_79(\&body_40_59); 996 &Xupdate_avx_32_79(\&body_20_39); 997 &Xuplast_avx_80(\&body_20_39); # can jump to "done" 998 999 $saved_j=$j; @saved_V=@V; 1000 $saved_r=$r; @saved_rndkey=@rndkey; 1001 1002 &Xloop_avx(\&body_20_39); 1003 &Xloop_avx(\&body_20_39); 1004 &Xloop_avx(\&body_20_39); 1005 1006 $code.=<<___; 1007 vmovups $iv,48($out,$in0) # write output 1008 lea 64($in0),$in0 1009 1010 add 0($ctx),$A # update context 1011 add 4($ctx),@T[0] 1012 add 8($ctx),$C 1013 add 12($ctx),$D 1014 mov $A,0($ctx) 1015 add 16($ctx),$E 1016 mov @T[0],4($ctx) 1017 mov @T[0],$B # magic seed 1018 mov $C,8($ctx) 1019 mov $D,12($ctx) 1020 mov $E,16($ctx) 1021 jmp .Loop_avx 1022 1023 .align 16 1024 .Ldone_avx: 1025 ___ 1026 $jj=$j=$saved_j; @V=@saved_V; 1027 $r=$saved_r; @rndkey=@saved_rndkey; 1028 1029 &Xtail_avx(\&body_20_39); 1030 &Xtail_avx(\&body_20_39); 1031 &Xtail_avx(\&body_20_39); 1032 1033 $code.=<<___; 1034 vmovups $iv,48($out,$in0) # write output 1035 mov 88(%rsp),$ivp # restore $ivp 1036 1037 add 0($ctx),$A # update context 1038 add 4($ctx),@T[0] 1039 add 8($ctx),$C 1040 mov $A,0($ctx) 1041 add 12($ctx),$D 1042 mov @T[0],4($ctx) 1043 add 16($ctx),$E 1044 mov $C,8($ctx) 1045 mov $D,12($ctx) 1046 mov $E,16($ctx) 1047 vmovups $iv,($ivp) # write IV 1048 vzeroall 1049 ___ 1050 $code.=<<___ if ($win64); 1051 movaps 96+0(%rsp),%xmm6 1052 movaps 96+16(%rsp),%xmm7 1053 movaps 96+32(%rsp),%xmm8 1054 movaps 96+48(%rsp),%xmm9 1055 movaps 96+64(%rsp),%xmm10 1056 movaps 96+80(%rsp),%xmm11 1057 movaps 96+96(%rsp),%xmm12 1058 movaps 96+112(%rsp),%xmm13 1059 movaps 96+128(%rsp),%xmm14 1060 movaps 96+144(%rsp),%xmm15 1061 ___ 1062 $code.=<<___; 1063 lea `104+($win64?10*16:0)`(%rsp),%rsi 1064 mov 0(%rsi),%r15 1065 mov 8(%rsi),%r14 1066 mov 16(%rsi),%r13 1067 mov 24(%rsi),%r12 1068 mov 32(%rsi),%rbp 1069 mov 40(%rsi),%rbx 1070 lea 48(%rsi),%rsp 1071 .Lepilogue_avx: 1072 ret 1073 .size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx 1074 ___ 1075 } 1076 $code.=<<___; 1077 .align 64 1078 K_XX_XX: 1079 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 1080 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 1081 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 1082 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 1083 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask 1084 1085 .asciz "AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>" 1086 .align 64 1087 ___ 1088 1089 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, 1090 # CONTEXT *context,DISPATCHER_CONTEXT *disp) 1091 if ($win64) { 1092 $rec="%rcx"; 1093 $frame="%rdx"; 1094 $context="%r8"; 1095 $disp="%r9"; 1096 1097 $code.=<<___; 1098 .extern __imp_RtlVirtualUnwind 1099 .type ssse3_handler,\@abi-omnipotent 1100 .align 16 1101 ssse3_handler: 1102 push %rsi 1103 push %rdi 1104 push %rbx 1105 push %rbp 1106 push %r12 1107 push %r13 1108 push %r14 1109 push %r15 1110 pushfq 1111 sub \$64,%rsp 1112 1113 mov 120($context),%rax # pull context->Rax 1114 mov 248($context),%rbx # pull context->Rip 1115 1116 mov 8($disp),%rsi # disp->ImageBase 1117 mov 56($disp),%r11 # disp->HandlerData 1118 1119 mov 0(%r11),%r10d # HandlerData[0] 1120 lea (%rsi,%r10),%r10 # prologue label 1121 cmp %r10,%rbx # context->Rip<prologue label 1122 jb .Lcommon_seh_tail 1123 1124 mov 152($context),%rax # pull context->Rsp 1125 1126 mov 4(%r11),%r10d # HandlerData[1] 1127 lea (%rsi,%r10),%r10 # epilogue label 1128 cmp %r10,%rbx # context->Rip>=epilogue label 1129 jae .Lcommon_seh_tail 1130 1131 lea 96(%rax),%rsi 1132 lea 512($context),%rdi # &context.Xmm6 1133 mov \$20,%ecx 1134 .long 0xa548f3fc # cld; rep movsq 1135 lea `104+10*16`(%rax),%rax # adjust stack pointer 1136 1137 mov 0(%rax),%r15 1138 mov 8(%rax),%r14 1139 mov 16(%rax),%r13 1140 mov 24(%rax),%r12 1141 mov 32(%rax),%rbp 1142 mov 40(%rax),%rbx 1143 lea 48(%rax),%rax 1144 mov %rbx,144($context) # restore context->Rbx 1145 mov %rbp,160($context) # restore context->Rbp 1146 mov %r12,216($context) # restore context->R12 1147 mov %r13,224($context) # restore context->R13 1148 mov %r14,232($context) # restore context->R14 1149 mov %r15,240($context) # restore context->R15 1150 1151 .Lcommon_seh_tail: 1152 mov 8(%rax),%rdi 1153 mov 16(%rax),%rsi 1154 mov %rax,152($context) # restore context->Rsp 1155 mov %rsi,168($context) # restore context->Rsi 1156 mov %rdi,176($context) # restore context->Rdi 1157 1158 mov 40($disp),%rdi # disp->ContextRecord 1159 mov $context,%rsi # context 1160 mov \$154,%ecx # sizeof(CONTEXT) 1161 .long 0xa548f3fc # cld; rep movsq 1162 1163 mov $disp,%rsi 1164 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER 1165 mov 8(%rsi),%rdx # arg2, disp->ImageBase 1166 mov 0(%rsi),%r8 # arg3, disp->ControlPc 1167 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry 1168 mov 40(%rsi),%r10 # disp->ContextRecord 1169 lea 56(%rsi),%r11 # &disp->HandlerData 1170 lea 24(%rsi),%r12 # &disp->EstablisherFrame 1171 mov %r10,32(%rsp) # arg5 1172 mov %r11,40(%rsp) # arg6 1173 mov %r12,48(%rsp) # arg7 1174 mov %rcx,56(%rsp) # arg8, (NULL) 1175 call *__imp_RtlVirtualUnwind(%rip) 1176 1177 mov \$1,%eax # ExceptionContinueSearch 1178 add \$64,%rsp 1179 popfq 1180 pop %r15 1181 pop %r14 1182 pop %r13 1183 pop %r12 1184 pop %rbp 1185 pop %rbx 1186 pop %rdi 1187 pop %rsi 1188 ret 1189 .size ssse3_handler,.-ssse3_handler 1190 1191 .section .pdata 1192 .align 4 1193 .rva .LSEH_begin_aesni_cbc_sha1_enc_ssse3 1194 .rva .LSEH_end_aesni_cbc_sha1_enc_ssse3 1195 .rva .LSEH_info_aesni_cbc_sha1_enc_ssse3 1196 ___ 1197 $code.=<<___ if ($avx); 1198 .rva .LSEH_begin_aesni_cbc_sha1_enc_avx 1199 .rva .LSEH_end_aesni_cbc_sha1_enc_avx 1200 .rva .LSEH_info_aesni_cbc_sha1_enc_avx 1201 ___ 1202 $code.=<<___; 1203 .section .xdata 1204 .align 8 1205 .LSEH_info_aesni_cbc_sha1_enc_ssse3: 1206 .byte 9,0,0,0 1207 .rva ssse3_handler 1208 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] 1209 ___ 1210 $code.=<<___ if ($avx); 1211 .LSEH_info_aesni_cbc_sha1_enc_avx: 1212 .byte 9,0,0,0 1213 .rva ssse3_handler 1214 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] 1215 ___ 1216 } 1217 1218 #################################################################### 1219 sub rex { 1220 local *opcode=shift; 1221 my ($dst,$src)=@_; 1222 my $rex=0; 1223 1224 $rex|=0x04 if($dst>=8); 1225 $rex|=0x01 if($src>=8); 1226 push @opcode,$rex|0x40 if($rex); 1227 } 1228 1229 sub aesni { 1230 my $line=shift; 1231 my @opcode=(0x66); 1232 1233 if ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { 1234 my %opcodelet = ( 1235 "aesenc" => 0xdc, "aesenclast" => 0xdd 1236 ); 1237 return undef if (!defined($opcodelet{$1})); 1238 rex(\@opcode,$3,$2); 1239 push @opcode,0x0f,0x38,$opcodelet{$1}; 1240 push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M 1241 return ".byte\t".join(',',@opcode); 1242 } 1243 return $line; 1244 } 1245 1246 $code =~ s/\`([^\`]*)\`/eval($1)/gem; 1247 $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; 1248 1249 print $code; 1250 close STDOUT; 1251
