github.com/insolar/x-crypto@v0.0.0-20191031140942-75fab8a325f6/sha256/sha256block_386.s (about)

     1  // Copyright 2013 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // SHA256 block routine. See sha256block.go for Go equivalent.
     6  //
     7  // The algorithm is detailed in FIPS 180-4:
     8  //
     9  //  https://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
    10  //
    11  // Wt = Mt; for 0 <= t <= 15
    12  // Wt = SIGMA1(Wt-2) + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
    13  //
    14  // a = H0
    15  // b = H1
    16  // c = H2
    17  // d = H3
    18  // e = H4
    19  // f = H5
    20  // g = H6
    21  // h = H7
    22  //
    23  // for t = 0 to 63 {
    24  //    T1 = h + BIGSIGMA1(e) + Ch(e,f,g) + Kt + Wt
    25  //    T2 = BIGSIGMA0(a) + Maj(a,b,c)
    26  //    h = g
    27  //    g = f
    28  //    f = e
    29  //    e = d + T1
    30  //    d = c
    31  //    c = b
    32  //    b = a
    33  //    a = T1 + T2
    34  // }
    35  //
    36  // H0 = a + H0
    37  // H1 = b + H1
    38  // H2 = c + H2
    39  // H3 = d + H3
    40  // H4 = e + H4
    41  // H5 = f + H5
    42  // H6 = g + H6
    43  // H7 = h + H7
    44  
    45  // Wt = Mt; for 0 <= t <= 15
    46  #define MSGSCHEDULE0(index) \
    47  	MOVL	(index*4)(SI), AX; \
    48  	BSWAPL	AX; \
    49  	MOVL	AX, (index*4)(BP)
    50  
    51  // Wt = SIGMA1(Wt-2) + Wt-7 + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 63
    52  //   SIGMA0(x) = ROTR(7,x) XOR ROTR(18,x) XOR SHR(3,x)
    53  //   SIGMA1(x) = ROTR(17,x) XOR ROTR(19,x) XOR SHR(10,x)
    54  #define MSGSCHEDULE1(index) \
    55  	MOVL	((index-2)*4)(BP), AX; \
    56  	MOVL	AX, CX; \
    57  	RORL	$17, AX; \
    58  	MOVL	CX, DX; \
    59  	RORL	$19, CX; \
    60  	SHRL	$10, DX; \
    61  	MOVL	((index-15)*4)(BP), BX; \
    62  	XORL	CX, AX; \
    63  	MOVL	BX, CX; \
    64  	XORL	DX, AX; \
    65  	RORL	$7, BX; \
    66  	MOVL	CX, DX; \
    67  	SHRL	$3, DX; \
    68  	RORL	$18, CX; \
    69  	ADDL	((index-7)*4)(BP), AX; \
    70  	XORL	CX, BX; \
    71  	XORL	DX, BX; \
    72  	ADDL	((index-16)*4)(BP), BX; \
    73  	ADDL	BX, AX; \
    74  	MOVL	AX, ((index)*4)(BP)
    75  
    76  // Calculate T1 in AX - uses AX, BX, CX and DX registers.
    77  // Wt is passed in AX.
    78  //   T1 = h + BIGSIGMA1(e) + Ch(e, f, g) + Kt + Wt
    79  //     BIGSIGMA1(x) = ROTR(6,x) XOR ROTR(11,x) XOR ROTR(25,x)
    80  //     Ch(x, y, z) = (x AND y) XOR (NOT x AND z)
    81  #define SHA256T1(const, e, f, g, h) \
    82  	MOVL	(h*4)(DI), BX; \
    83  	ADDL	AX, BX; \
    84  	MOVL	(e*4)(DI), AX; \
    85  	ADDL	$const, BX; \
    86  	MOVL	(e*4)(DI), CX; \
    87  	RORL	$6, AX; \
    88  	MOVL	(e*4)(DI), DX; \
    89  	RORL	$11, CX; \
    90  	XORL	CX, AX; \
    91  	MOVL	(e*4)(DI), CX; \
    92  	RORL	$25, DX; \
    93  	ANDL	(f*4)(DI), CX; \
    94  	XORL	AX, DX; \
    95  	MOVL	(e*4)(DI), AX; \
    96  	NOTL	AX; \
    97  	ADDL	DX, BX; \
    98  	ANDL	(g*4)(DI), AX; \
    99  	XORL	CX, AX; \
   100  	ADDL	BX, AX
   101  
   102  // Calculate T2 in BX - uses AX, BX, CX and DX registers.
   103  //   T2 = BIGSIGMA0(a) + Maj(a, b, c)
   104  //     BIGSIGMA0(x) = ROTR(2,x) XOR ROTR(13,x) XOR ROTR(22,x)
   105  //     Maj(x, y, z) = (x AND y) XOR (x AND z) XOR (y AND z)
   106  #define SHA256T2(a, b, c) \
   107  	MOVL	(a*4)(DI), AX; \
   108  	MOVL	(c*4)(DI), BX; \
   109  	RORL	$2, AX; \
   110  	MOVL	(a*4)(DI), DX; \
   111  	ANDL	(b*4)(DI), BX; \
   112  	RORL	$13, DX; \
   113  	MOVL	(a*4)(DI), CX; \
   114  	ANDL	(c*4)(DI), CX; \
   115  	XORL	DX, AX; \
   116  	XORL	CX, BX; \
   117  	MOVL	(a*4)(DI), DX; \
   118  	MOVL	(b*4)(DI), CX; \
   119  	RORL	$22, DX; \
   120  	ANDL	(a*4)(DI), CX; \
   121  	XORL	CX, BX; \
   122  	XORL	DX, AX; \
   123  	ADDL	AX, BX
   124  
   125  // Calculate T1 and T2, then e = d + T1 and a = T1 + T2.
   126  // The values for e and a are stored in d and h, ready for rotation.
   127  #define SHA256ROUND(index, const, a, b, c, d, e, f, g, h) \
   128  	SHA256T1(const, e, f, g, h); \
   129  	MOVL	AX, 292(SP); \
   130  	SHA256T2(a, b, c); \
   131  	MOVL	292(SP), AX; \
   132  	ADDL	AX, BX; \
   133  	ADDL	AX, (d*4)(DI); \
   134  	MOVL	BX, (h*4)(DI)
   135  
   136  #define SHA256ROUND0(index, const, a, b, c, d, e, f, g, h) \
   137  	MSGSCHEDULE0(index); \
   138  	SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
   139  
   140  #define SHA256ROUND1(index, const, a, b, c, d, e, f, g, h) \
   141  	MSGSCHEDULE1(index); \
   142  	SHA256ROUND(index, const, a, b, c, d, e, f, g, h)
   143  
   144  TEXT ·block(SB),0,$296-16
   145  	MOVL	p_base+4(FP), SI
   146  	MOVL	p_len+8(FP), DX
   147  	SHRL	$6, DX
   148  	SHLL	$6, DX
   149  
   150  	LEAL	(SI)(DX*1), DI
   151  	MOVL	DI, 288(SP)
   152  	CMPL	SI, DI
   153  	JEQ	end
   154  
   155  	LEAL	256(SP), DI		// variables
   156  
   157  	MOVL	dig+0(FP), BP
   158  	MOVL	(0*4)(BP), AX		// a = H0
   159  	MOVL	AX, (0*4)(DI)
   160  	MOVL	(1*4)(BP), BX		// b = H1
   161  	MOVL	BX, (1*4)(DI)
   162  	MOVL	(2*4)(BP), CX		// c = H2
   163  	MOVL	CX, (2*4)(DI)
   164  	MOVL	(3*4)(BP), DX		// d = H3
   165  	MOVL	DX, (3*4)(DI)
   166  	MOVL	(4*4)(BP), AX		// e = H4
   167  	MOVL	AX, (4*4)(DI)
   168  	MOVL	(5*4)(BP), BX		// f = H5
   169  	MOVL	BX, (5*4)(DI)
   170  	MOVL	(6*4)(BP), CX		// g = H6
   171  	MOVL	CX, (6*4)(DI)
   172  	MOVL	(7*4)(BP), DX		// h = H7
   173  	MOVL	DX, (7*4)(DI)
   174  
   175  loop:
   176  	MOVL	SP, BP			// message schedule
   177  
   178  	SHA256ROUND0(0, 0x428a2f98, 0, 1, 2, 3, 4, 5, 6, 7)
   179  	SHA256ROUND0(1, 0x71374491, 7, 0, 1, 2, 3, 4, 5, 6)
   180  	SHA256ROUND0(2, 0xb5c0fbcf, 6, 7, 0, 1, 2, 3, 4, 5)
   181  	SHA256ROUND0(3, 0xe9b5dba5, 5, 6, 7, 0, 1, 2, 3, 4)
   182  	SHA256ROUND0(4, 0x3956c25b, 4, 5, 6, 7, 0, 1, 2, 3)
   183  	SHA256ROUND0(5, 0x59f111f1, 3, 4, 5, 6, 7, 0, 1, 2)
   184  	SHA256ROUND0(6, 0x923f82a4, 2, 3, 4, 5, 6, 7, 0, 1)
   185  	SHA256ROUND0(7, 0xab1c5ed5, 1, 2, 3, 4, 5, 6, 7, 0)
   186  	SHA256ROUND0(8, 0xd807aa98, 0, 1, 2, 3, 4, 5, 6, 7)
   187  	SHA256ROUND0(9, 0x12835b01, 7, 0, 1, 2, 3, 4, 5, 6)
   188  	SHA256ROUND0(10, 0x243185be, 6, 7, 0, 1, 2, 3, 4, 5)
   189  	SHA256ROUND0(11, 0x550c7dc3, 5, 6, 7, 0, 1, 2, 3, 4)
   190  	SHA256ROUND0(12, 0x72be5d74, 4, 5, 6, 7, 0, 1, 2, 3)
   191  	SHA256ROUND0(13, 0x80deb1fe, 3, 4, 5, 6, 7, 0, 1, 2)
   192  	SHA256ROUND0(14, 0x9bdc06a7, 2, 3, 4, 5, 6, 7, 0, 1)
   193  	SHA256ROUND0(15, 0xc19bf174, 1, 2, 3, 4, 5, 6, 7, 0)
   194  
   195  	SHA256ROUND1(16, 0xe49b69c1, 0, 1, 2, 3, 4, 5, 6, 7)
   196  	SHA256ROUND1(17, 0xefbe4786, 7, 0, 1, 2, 3, 4, 5, 6)
   197  	SHA256ROUND1(18, 0x0fc19dc6, 6, 7, 0, 1, 2, 3, 4, 5)
   198  	SHA256ROUND1(19, 0x240ca1cc, 5, 6, 7, 0, 1, 2, 3, 4)
   199  	SHA256ROUND1(20, 0x2de92c6f, 4, 5, 6, 7, 0, 1, 2, 3)
   200  	SHA256ROUND1(21, 0x4a7484aa, 3, 4, 5, 6, 7, 0, 1, 2)
   201  	SHA256ROUND1(22, 0x5cb0a9dc, 2, 3, 4, 5, 6, 7, 0, 1)
   202  	SHA256ROUND1(23, 0x76f988da, 1, 2, 3, 4, 5, 6, 7, 0)
   203  	SHA256ROUND1(24, 0x983e5152, 0, 1, 2, 3, 4, 5, 6, 7)
   204  	SHA256ROUND1(25, 0xa831c66d, 7, 0, 1, 2, 3, 4, 5, 6)
   205  	SHA256ROUND1(26, 0xb00327c8, 6, 7, 0, 1, 2, 3, 4, 5)
   206  	SHA256ROUND1(27, 0xbf597fc7, 5, 6, 7, 0, 1, 2, 3, 4)
   207  	SHA256ROUND1(28, 0xc6e00bf3, 4, 5, 6, 7, 0, 1, 2, 3)
   208  	SHA256ROUND1(29, 0xd5a79147, 3, 4, 5, 6, 7, 0, 1, 2)
   209  	SHA256ROUND1(30, 0x06ca6351, 2, 3, 4, 5, 6, 7, 0, 1)
   210  	SHA256ROUND1(31, 0x14292967, 1, 2, 3, 4, 5, 6, 7, 0)
   211  	SHA256ROUND1(32, 0x27b70a85, 0, 1, 2, 3, 4, 5, 6, 7)
   212  	SHA256ROUND1(33, 0x2e1b2138, 7, 0, 1, 2, 3, 4, 5, 6)
   213  	SHA256ROUND1(34, 0x4d2c6dfc, 6, 7, 0, 1, 2, 3, 4, 5)
   214  	SHA256ROUND1(35, 0x53380d13, 5, 6, 7, 0, 1, 2, 3, 4)
   215  	SHA256ROUND1(36, 0x650a7354, 4, 5, 6, 7, 0, 1, 2, 3)
   216  	SHA256ROUND1(37, 0x766a0abb, 3, 4, 5, 6, 7, 0, 1, 2)
   217  	SHA256ROUND1(38, 0x81c2c92e, 2, 3, 4, 5, 6, 7, 0, 1)
   218  	SHA256ROUND1(39, 0x92722c85, 1, 2, 3, 4, 5, 6, 7, 0)
   219  	SHA256ROUND1(40, 0xa2bfe8a1, 0, 1, 2, 3, 4, 5, 6, 7)
   220  	SHA256ROUND1(41, 0xa81a664b, 7, 0, 1, 2, 3, 4, 5, 6)
   221  	SHA256ROUND1(42, 0xc24b8b70, 6, 7, 0, 1, 2, 3, 4, 5)
   222  	SHA256ROUND1(43, 0xc76c51a3, 5, 6, 7, 0, 1, 2, 3, 4)
   223  	SHA256ROUND1(44, 0xd192e819, 4, 5, 6, 7, 0, 1, 2, 3)
   224  	SHA256ROUND1(45, 0xd6990624, 3, 4, 5, 6, 7, 0, 1, 2)
   225  	SHA256ROUND1(46, 0xf40e3585, 2, 3, 4, 5, 6, 7, 0, 1)
   226  	SHA256ROUND1(47, 0x106aa070, 1, 2, 3, 4, 5, 6, 7, 0)
   227  	SHA256ROUND1(48, 0x19a4c116, 0, 1, 2, 3, 4, 5, 6, 7)
   228  	SHA256ROUND1(49, 0x1e376c08, 7, 0, 1, 2, 3, 4, 5, 6)
   229  	SHA256ROUND1(50, 0x2748774c, 6, 7, 0, 1, 2, 3, 4, 5)
   230  	SHA256ROUND1(51, 0x34b0bcb5, 5, 6, 7, 0, 1, 2, 3, 4)
   231  	SHA256ROUND1(52, 0x391c0cb3, 4, 5, 6, 7, 0, 1, 2, 3)
   232  	SHA256ROUND1(53, 0x4ed8aa4a, 3, 4, 5, 6, 7, 0, 1, 2)
   233  	SHA256ROUND1(54, 0x5b9cca4f, 2, 3, 4, 5, 6, 7, 0, 1)
   234  	SHA256ROUND1(55, 0x682e6ff3, 1, 2, 3, 4, 5, 6, 7, 0)
   235  	SHA256ROUND1(56, 0x748f82ee, 0, 1, 2, 3, 4, 5, 6, 7)
   236  	SHA256ROUND1(57, 0x78a5636f, 7, 0, 1, 2, 3, 4, 5, 6)
   237  	SHA256ROUND1(58, 0x84c87814, 6, 7, 0, 1, 2, 3, 4, 5)
   238  	SHA256ROUND1(59, 0x8cc70208, 5, 6, 7, 0, 1, 2, 3, 4)
   239  	SHA256ROUND1(60, 0x90befffa, 4, 5, 6, 7, 0, 1, 2, 3)
   240  	SHA256ROUND1(61, 0xa4506ceb, 3, 4, 5, 6, 7, 0, 1, 2)
   241  	SHA256ROUND1(62, 0xbef9a3f7, 2, 3, 4, 5, 6, 7, 0, 1)
   242  	SHA256ROUND1(63, 0xc67178f2, 1, 2, 3, 4, 5, 6, 7, 0)
   243  
   244  	MOVL	dig+0(FP), BP
   245  	MOVL	(0*4)(BP), AX		// H0 = a + H0
   246  	ADDL	(0*4)(DI), AX
   247  	MOVL	AX, (0*4)(DI)
   248  	MOVL	AX, (0*4)(BP)
   249  	MOVL	(1*4)(BP), BX		// H1 = b + H1
   250  	ADDL	(1*4)(DI), BX
   251  	MOVL	BX, (1*4)(DI)
   252  	MOVL	BX, (1*4)(BP)
   253  	MOVL	(2*4)(BP), CX		// H2 = c + H2
   254  	ADDL	(2*4)(DI), CX
   255  	MOVL	CX, (2*4)(DI)
   256  	MOVL	CX, (2*4)(BP)
   257  	MOVL	(3*4)(BP), DX		// H3 = d + H3
   258  	ADDL	(3*4)(DI), DX
   259  	MOVL	DX, (3*4)(DI)
   260  	MOVL	DX, (3*4)(BP)
   261  	MOVL	(4*4)(BP), AX		// H4 = e + H4
   262  	ADDL	(4*4)(DI), AX
   263  	MOVL	AX, (4*4)(DI)
   264  	MOVL	AX, (4*4)(BP)
   265  	MOVL	(5*4)(BP), BX		// H5 = f + H5
   266  	ADDL	(5*4)(DI), BX
   267  	MOVL	BX, (5*4)(DI)
   268  	MOVL	BX, (5*4)(BP)
   269  	MOVL	(6*4)(BP), CX		// H6 = g + H6
   270  	ADDL	(6*4)(DI), CX
   271  	MOVL	CX, (6*4)(DI)
   272  	MOVL	CX, (6*4)(BP)
   273  	MOVL	(7*4)(BP), DX		// H7 = h + H7
   274  	ADDL	(7*4)(DI), DX
   275  	MOVL	DX, (7*4)(DI)
   276  	MOVL	DX, (7*4)(BP)
   277  
   278  	ADDL	$64, SI
   279  	CMPL	SI, 288(SP)
   280  	JB	loop
   281  
   282  end:
   283  	RET