openssl/crypto/modes/asm/ghash-s390x.pl - Issue 2072073002: Delete bundled copy of OpenSSL and replace with README.

Side by Side Diff: openssl/crypto/modes/asm/ghash-s390x.pl

Issue 2072073002: Delete bundled copy of OpenSSL and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master

Patch Set: Delete bundled copy of OpenSSL and replace with README. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 #!/usr/bin/env perl

2

3 # ====================================================================

4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL

5 # project. The module is, however, dual licensed under OpenSSL and

6 # CRYPTOGAMS licenses depending on where you obtain it. For further

7 # details see http://www.openssl.org/~appro/cryptogams/.

8 # ====================================================================

9

10 # September 2010.

11 #

12 # The module implements "4-bit" GCM GHASH function and underlying

13 # single multiplication operation in GF(2^128). "4-bit" means that it

14 # uses 256 bytes per-key table [+128 bytes shared table]. Performance

15 # was measured to be ~18 cycles per processed byte on z10, which is

16 # almost 40% better than gcc-generated code. It should be noted that

17 # 18 cycles is worse result than expected: loop is scheduled for 12

18 # and the result should be close to 12. In the lack of instruction-

19 # level profiling data it's impossible to tell why...

20

21 # November 2010.

22 #

23 # Adapt for -m31 build. If kernel supports what's called "highgprs"

24 # feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit

25 # instructions and achieve "64-bit" performance even in 31-bit legacy

26 # application context. The feature is not specific to any particular

27 # processor, as long as it's "z-CPU". Latter implies that the code

28 # remains z/Architecture specific. On z990 it was measured to perform

29 # 2.8x better than 32-bit code generated by gcc 4.3.

30

31 # March 2011.

32 #

33 # Support for hardware KIMD-GHASH is verified to produce correct

34 # result and therefore is engaged. On z196 it was measured to process

35 # 8KB buffer ~7 faster than software implementation. It's not as

36 # impressive for smaller buffer sizes and for smallest 16-bytes buffer

37 # it's actually almost 2 times slower. Which is the reason why

38 # KIMD-GHASH is not used in gcm_gmult_4bit.

39

40 $flavour = shift;

41

42 if ($flavour =~ /3[12]/) {

43 $SIZE_T=4;

44 $g="";

45 } else {

46 $SIZE_T=8;

47 $g="g";

48 }

49

50 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}

51 open STDOUT,">$output";

52

53 $softonly=0;

54

55 $Zhi="%r0";

56 $Zlo="%r1";

57

58 $Xi="%r2"; # argument block

59 $Htbl="%r3";

60 $inp="%r4";

61 $len="%r5";

62

63 $rem0="%r6"; # variables

64 $rem1="%r7";

65 $nlo="%r8";

66 $nhi="%r9";

67 $xi="%r10";

68 $cnt="%r11";

69 $tmp="%r12";

70 $x78="%r13";

71 $rem_4bit="%r14";

72

73 $sp="%r15";

74

75 $code.=<<___;

76 .text

77

78 .globl gcm_gmult_4bit

79 .align 32

80 gcm_gmult_4bit:

81 ___

82 $code.=<<___ if(!$softonly && 0); # hardware is slow for single block...

83 larl %r1,OPENSSL_s390xcap_P

84 lg %r0,0(%r1)

85 tmhl %r0,0x4000 # check for message-security-assist

86 jz .Lsoft_gmult

87 lghi %r0,0

88 la %r1,16($sp)

89 .long 0xb93e0004 # kimd %r0,%r4

90 lg %r1,24($sp)

91 tmhh %r1,0x4000 # check for function 65

92 jz .Lsoft_gmult

93 stg %r0,16($sp) # arrange 16 bytes of zero input

94 stg %r0,24($sp)

95 lghi %r0,65 # function 65

96 la %r1,0($Xi) # H lies right after Xi in gcm128_context

97 la $inp,16($sp)

98 lghi $len,16

99 .long 0xb93e0004 # kimd %r0,$inp

100 brc 1,.-4 # pay attention to "partial completion"

101 br %r14

102 .align 32

103 .Lsoft_gmult:

104 ___

105 $code.=<<___;

106 stm${g} %r6,%r14,6*$SIZE_T($sp)

107

108 aghi $Xi,-1

109 lghi $len,1

110 lghi $x78,`0xf<<3`

111 larl $rem_4bit,rem_4bit

112

113 lg $Zlo,8+1($Xi) # Xi

114 j .Lgmult_shortcut

115 .type gcm_gmult_4bit,\@function

116 .size gcm_gmult_4bit,(.-gcm_gmult_4bit)

117

118 .globl gcm_ghash_4bit

119 .align 32

120 gcm_ghash_4bit:

121 ___

122 $code.=<<___ if(!$softonly);

123 larl %r1,OPENSSL_s390xcap_P

124 lg %r0,0(%r1)

125 tmhl %r0,0x4000 # check for message-security-assist

126 jz .Lsoft_ghash

127 lghi %r0,0

128 la %r1,16($sp)

129 .long 0xb93e0004 # kimd %r0,%r4

130 lg %r1,24($sp)

131 tmhh %r1,0x4000 # check for function 65

132 jz .Lsoft_ghash

133 lghi %r0,65 # function 65

134 la %r1,0($Xi) # H lies right after Xi in gcm128_context

135 .long 0xb93e0004 # kimd %r0,$inp

136 brc 1,.-4 # pay attention to "partial completion"

137 br %r14

138 .align 32

139 .Lsoft_ghash:

140 ___

141 $code.=<<___ if ($flavour =~ /3[12]/);

142 llgfr $len,$len

143 ___

144 $code.=<<___;

145 stm${g} %r6,%r14,6*$SIZE_T($sp)

146

147 aghi $Xi,-1

148 srlg $len,$len,4

149 lghi $x78,`0xf<<3`

150 larl $rem_4bit,rem_4bit

151

152 lg $Zlo,8+1($Xi) # Xi

153 lg $Zhi,0+1($Xi)

154 lghi $tmp,0

155 .Louter:

156 xg $Zhi,0($inp) # Xi ^= inp

157 xg $Zlo,8($inp)

158 xgr $Zhi,$tmp

159 stg $Zlo,8+1($Xi)

160 stg $Zhi,0+1($Xi)

161

162 .Lgmult_shortcut:

163 lghi $tmp,0xf0

164 sllg $nlo,$Zlo,4

165 srlg $xi,$Zlo,8 # extract second byte

166 ngr $nlo,$tmp

167 lgr $nhi,$Zlo

168 lghi $cnt,14

169 ngr $nhi,$tmp

170

171 lg $Zlo,8($nlo,$Htbl)

172 lg $Zhi,0($nlo,$Htbl)

173

174 sllg $nlo,$xi,4

175 sllg $rem0,$Zlo,3

176 ngr $nlo,$tmp

177 ngr $rem0,$x78

178 ngr $xi,$tmp

179

180 sllg $tmp,$Zhi,60

181 srlg $Zlo,$Zlo,4

182 srlg $Zhi,$Zhi,4

183 xg $Zlo,8($nhi,$Htbl)

184 xg $Zhi,0($nhi,$Htbl)

185 lgr $nhi,$xi

186 sllg $rem1,$Zlo,3

187 xgr $Zlo,$tmp

188 ngr $rem1,$x78

189 j .Lghash_inner

190 .align 16

191 .Lghash_inner:

192 srlg $Zlo,$Zlo,4

193 sllg $tmp,$Zhi,60

194 xg $Zlo,8($nlo,$Htbl)

195 srlg $Zhi,$Zhi,4

196 llgc $xi,0($cnt,$Xi)

197 xg $Zhi,0($nlo,$Htbl)

198 sllg $nlo,$xi,4

199 xg $Zhi,0($rem0,$rem_4bit)

200 nill $nlo,0xf0

201 sllg $rem0,$Zlo,3

202 xgr $Zlo,$tmp

203 ngr $rem0,$x78

204 nill $xi,0xf0

205

206 sllg $tmp,$Zhi,60

207 srlg $Zlo,$Zlo,4

208 srlg $Zhi,$Zhi,4

209 xg $Zlo,8($nhi,$Htbl)

210 xg $Zhi,0($nhi,$Htbl)

211 lgr $nhi,$xi

212 xg $Zhi,0($rem1,$rem_4bit)

213 sllg $rem1,$Zlo,3

214 xgr $Zlo,$tmp

215 ngr $rem1,$x78

216 brct $cnt,.Lghash_inner

217

218 sllg $tmp,$Zhi,60

219 srlg $Zlo,$Zlo,4

220 srlg $Zhi,$Zhi,4

221 xg $Zlo,8($nlo,$Htbl)

222 xg $Zhi,0($nlo,$Htbl)

223 sllg $xi,$Zlo,3

224 xg $Zhi,0($rem0,$rem_4bit)

225 xgr $Zlo,$tmp

226 ngr $xi,$x78

227

228 sllg $tmp,$Zhi,60

229 srlg $Zlo,$Zlo,4

230 srlg $Zhi,$Zhi,4

231 xg $Zlo,8($nhi,$Htbl)

232 xg $Zhi,0($nhi,$Htbl)

233 xgr $Zlo,$tmp

234 xg $Zhi,0($rem1,$rem_4bit)

235

236 lg $tmp,0($xi,$rem_4bit)

237 la $inp,16($inp)

238 sllg $tmp,$tmp,4 # correct last rem_4bit[rem]

239 brctg $len,.Louter

240

241 xgr $Zhi,$tmp

242 stg $Zlo,8+1($Xi)

243 stg $Zhi,0+1($Xi)

244 lm${g} %r6,%r14,6*$SIZE_T($sp)

245 br %r14

246 .type gcm_ghash_4bit,\@function

247 .size gcm_ghash_4bit,(.-gcm_ghash_4bit)

248

249 .align 64

250 rem_4bit:

251 .long `0x0000<<12`,0,`0x1C20<<12`,0,`0x3840<<12`,0,`0x2460<<12`,0

252 .long `0x7080<<12`,0,`0x6CA0<<12`,0,`0x48C0<<12`,0,`0x54E0<<12`,0

253 .long `0xE100<<12`,0,`0xFD20<<12`,0,`0xD940<<12`,0,`0xC560<<12`,0

254 .long `0x9180<<12`,0,`0x8DA0<<12`,0,`0xA9C0<<12`,0,`0xB5E0<<12`,0

255 .type rem_4bit,\@object

256 .size rem_4bit,(.-rem_4bit)

257 .string "GHASH for s390x, CRYPTOGAMS by <appro\@openssl.org>"

258 ___

259

260 $code =~ s/\`([^\`]*)\`/eval $1/gem;

261 print $code;

262 close STDOUT;

OLD	NEW

« no previous file with comments | « openssl/crypto/modes/asm/ghash-parisc.pl ('k') | openssl/crypto/modes/asm/ghash-sparcv9.pl » ('j') | no next file with comments »