sha/asm/sha1-thumb.pl

238384Sjkim#!/usr/bin/env perl
238384Sjkim
238384Sjkim# ====================================================================
238384Sjkim# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
238384Sjkim# project. The module is, however, dual licensed under OpenSSL and
238384Sjkim# CRYPTOGAMS licenses depending on where you obtain it. For further
238384Sjkim# details see http://www.openssl.org/~appro/cryptogams/.
238384Sjkim# ====================================================================
238384Sjkim
238384Sjkim# sha1_block for Thumb.
238384Sjkim#
238384Sjkim# January 2007.
238384Sjkim#
238384Sjkim# The code does not present direct interest to OpenSSL, because of low
238384Sjkim# performance. Its purpose is to establish _size_ benchmark. Pretty
238384Sjkim# useless one I must say, because 30% or 88 bytes larger ARMv4 code
238384Sjkim# [avialable on demand] is almost _twice_ as fast. It should also be
238384Sjkim# noted that in-lining of .Lcommon and .Lrotate improves performance
238384Sjkim# by over 40%, while code increases by only 10% or 32 bytes. But once
238384Sjkim# again, the goal was to establish _size_ benchmark, not performance.
238384Sjkim
238384Sjkim$output=shift;
238384Sjkimopen STDOUT,">$output";
238384Sjkim
238384Sjkim$inline=0;
238384Sjkim#$cheat_on_binutils=1;
238384Sjkim
238384Sjkim$t0="r0";
238384Sjkim$t1="r1";
238384Sjkim$t2="r2";
238384Sjkim$a="r3";
238384Sjkim$b="r4";
238384Sjkim$c="r5";
238384Sjkim$d="r6";
238384Sjkim$e="r7";
238384Sjkim$K="r8";	# "upper" registers can be used in add/sub and mov insns
238384Sjkim$ctx="r9";
238384Sjkim$inp="r10";
238384Sjkim$len="r11";
238384Sjkim$Xi="r12";
238384Sjkim
238384Sjkimsub common {
238384Sjkim<<___;
238384Sjkim	sub	$t0,#4
238384Sjkim	ldr	$t1,[$t0]
238384Sjkim	add	$e,$K			@ E+=K_xx_xx
238384Sjkim	lsl	$t2,$a,#5
238384Sjkim	add	$t2,$e
238384Sjkim	lsr	$e,$a,#27
238384Sjkim	add	$t2,$e			@ E+=ROR(A,27)
238384Sjkim	add	$t2,$t1			@ E+=X[i]
238384Sjkim___
238384Sjkim}
238384Sjkimsub rotate {
238384Sjkim<<___;
238384Sjkim	mov	$e,$d			@ E=D
238384Sjkim	mov	$d,$c			@ D=C
238384Sjkim	lsl	$c,$b,#30
238384Sjkim	lsr	$b,$b,#2
238384Sjkim	orr	$c,$b			@ C=ROR(B,2)
238384Sjkim	mov	$b,$a			@ B=A
238384Sjkim	add	$a,$t2,$t1		@ A=E+F_xx_xx(B,C,D)
238384Sjkim___
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_00_19 {
238384Sjkim$code.=$inline?&common():"\tbl	.Lcommon\n";
238384Sjkim$code.=<<___;
238384Sjkim	mov	$t1,$c
238384Sjkim	eor	$t1,$d
238384Sjkim	and	$t1,$b
238384Sjkim	eor	$t1,$d			@ F_00_19(B,C,D)
238384Sjkim___
238384Sjkim$code.=$inline?&rotate():"\tbl	.Lrotate\n";
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_20_39 {
238384Sjkim$code.=$inline?&common():"\tbl	.Lcommon\n";
238384Sjkim$code.=<<___;
238384Sjkim	mov	$t1,$b
238384Sjkim	eor	$t1,$c
238384Sjkim	eor	$t1,$d			@ F_20_39(B,C,D)
238384Sjkim___
238384Sjkim$code.=$inline?&rotate():"\tbl	.Lrotate\n";
238384Sjkim}
238384Sjkim
238384Sjkimsub BODY_40_59 {
238384Sjkim$code.=$inline?&common():"\tbl	.Lcommon\n";
238384Sjkim$code.=<<___;
238384Sjkim	mov	$t1,$b
238384Sjkim	and	$t1,$c
238384Sjkim	mov	$e,$b
238384Sjkim	orr	$e,$c
238384Sjkim	and	$e,$d
238384Sjkim	orr	$t1,$e			@ F_40_59(B,C,D)
238384Sjkim___
238384Sjkim$code.=$inline?&rotate():"\tbl	.Lrotate\n";
238384Sjkim}
238384Sjkim
238384Sjkim$code=<<___;
238384Sjkim.text
238384Sjkim.code	16
238384Sjkim
238384Sjkim.global	sha1_block_data_order
238384Sjkim.type	sha1_block_data_order,%function
238384Sjkim
238384Sjkim.align	2
238384Sjkimsha1_block_data_order:
238384Sjkim___
238384Sjkimif ($cheat_on_binutils) {
238384Sjkim$code.=<<___;
238384Sjkim.code	32
238384Sjkim	add	r3,pc,#1
238384Sjkim	bx	r3			@ switch to Thumb ISA
238384Sjkim.code	16
238384Sjkim___
238384Sjkim}
238384Sjkim$code.=<<___;
238384Sjkim	push	{r4-r7}
238384Sjkim	mov	r3,r8
238384Sjkim	mov	r4,r9
238384Sjkim	mov	r5,r10
238384Sjkim	mov	r6,r11
238384Sjkim	mov	r7,r12
238384Sjkim	push	{r3-r7,lr}
238384Sjkim	lsl	r2,#6
238384Sjkim	mov	$ctx,r0			@ save context
238384Sjkim	mov	$inp,r1			@ save inp
238384Sjkim	mov	$len,r2			@ save len
238384Sjkim	add	$len,$inp		@ $len to point at inp end
238384Sjkim
238384Sjkim.Lloop:
238384Sjkim	mov	$Xi,sp
238384Sjkim	mov	$t2,sp
238384Sjkim	sub	$t2,#16*4		@ [3]
238384Sjkim.LXload:
238384Sjkim	ldrb	$a,[$t1,#0]		@ $t1 is r1 and holds inp
238384Sjkim	ldrb	$b,[$t1,#1]
238384Sjkim	ldrb	$c,[$t1,#2]
238384Sjkim	ldrb	$d,[$t1,#3]
238384Sjkim	lsl	$a,#24
238384Sjkim	lsl	$b,#16
238384Sjkim	lsl	$c,#8
238384Sjkim	orr	$a,$b
238384Sjkim	orr	$a,$c
238384Sjkim	orr	$a,$d
238384Sjkim	add	$t1,#4
238384Sjkim	push	{$a}
238384Sjkim	cmp	sp,$t2
238384Sjkim	bne	.LXload			@ [+14*16]
238384Sjkim
238384Sjkim	mov	$inp,$t1		@ update $inp
238384Sjkim	sub	$t2,#32*4
238384Sjkim	sub	$t2,#32*4
238384Sjkim	mov	$e,#31			@ [+4]
238384Sjkim.LXupdate:
238384Sjkim	ldr	$a,[sp,#15*4]
238384Sjkim	ldr	$b,[sp,#13*4]
238384Sjkim	ldr	$c,[sp,#7*4]
238384Sjkim	ldr	$d,[sp,#2*4]
238384Sjkim	eor	$a,$b
238384Sjkim	eor	$a,$c
238384Sjkim	eor	$a,$d
238384Sjkim	ror	$a,$e
238384Sjkim	push	{$a}
238384Sjkim	cmp	sp,$t2
238384Sjkim	bne	.LXupdate		@ [+(11+1)*64]
238384Sjkim
238384Sjkim	ldmia	$t0!,{$a,$b,$c,$d,$e}	@ $t0 is r0 and holds ctx
238384Sjkim	mov	$t0,$Xi
238384Sjkim
238384Sjkim	ldr	$t2,.LK_00_19
238384Sjkim	mov	$t1,$t0
238384Sjkim	sub	$t1,#20*4
238384Sjkim	mov	$Xi,$t1
238384Sjkim	mov	$K,$t2			@ [+7+4]
238384Sjkim.L_00_19:
238384Sjkim___
238384Sjkim	&BODY_00_19();
238384Sjkim$code.=<<___;
238384Sjkim	cmp	$Xi,$t0
238384Sjkim	bne	.L_00_19		@ [+(2+9+4+2+8+2)*20]
238384Sjkim
238384Sjkim	ldr	$t2,.LK_20_39
238384Sjkim	mov	$t1,$t0
238384Sjkim	sub	$t1,#20*4
238384Sjkim	mov	$Xi,$t1
238384Sjkim	mov	$K,$t2			@ [+5]
238384Sjkim.L_20_39_or_60_79:
238384Sjkim___
238384Sjkim	&BODY_20_39();
238384Sjkim$code.=<<___;
238384Sjkim	cmp	$Xi,$t0
238384Sjkim	bne	.L_20_39_or_60_79	@ [+(2+9+3+2+8+2)*20*2]
238384Sjkim	cmp	sp,$t0
238384Sjkim	beq	.Ldone			@ [+2]
238384Sjkim
238384Sjkim	ldr	$t2,.LK_40_59
238384Sjkim	mov	$t1,$t0
238384Sjkim	sub	$t1,#20*4
238384Sjkim	mov	$Xi,$t1
238384Sjkim	mov	$K,$t2			@ [+5]
238384Sjkim.L_40_59:
238384Sjkim___
238384Sjkim	&BODY_40_59();
238384Sjkim$code.=<<___;
238384Sjkim	cmp	$Xi,$t0
238384Sjkim	bne	.L_40_59		@ [+(2+9+6+2+8+2)*20]
238384Sjkim
238384Sjkim	ldr	$t2,.LK_60_79
238384Sjkim	mov	$Xi,sp
238384Sjkim	mov	$K,$t2
238384Sjkim	b	.L_20_39_or_60_79	@ [+4]
238384Sjkim.Ldone:
238384Sjkim	mov	$t0,$ctx
238384Sjkim	ldr	$t1,[$t0,#0]
238384Sjkim	ldr	$t2,[$t0,#4]
238384Sjkim	add	$a,$t1
238384Sjkim	ldr	$t1,[$t0,#8]
238384Sjkim	add	$b,$t2
238384Sjkim	ldr	$t2,[$t0,#12]
238384Sjkim	add	$c,$t1
238384Sjkim	ldr	$t1,[$t0,#16]
238384Sjkim	add	$d,$t2
238384Sjkim	add	$e,$t1
238384Sjkim	stmia	$t0!,{$a,$b,$c,$d,$e}	@ [+20]
238384Sjkim
238384Sjkim	add	sp,#80*4		@ deallocate stack frame
238384Sjkim	mov	$t0,$ctx		@ restore ctx
238384Sjkim	mov	$t1,$inp		@ restore inp
238384Sjkim	cmp	$t1,$len
238384Sjkim	beq	.Lexit
238384Sjkim	b	.Lloop			@ [+6] total 3212 cycles
238384Sjkim.Lexit:
238384Sjkim	pop	{r2-r7}
238384Sjkim	mov	r8,r2
238384Sjkim	mov	r9,r3
238384Sjkim	mov	r10,r4
238384Sjkim	mov	r11,r5
238384Sjkim	mov	r12,r6
238384Sjkim	mov	lr,r7
238384Sjkim	pop	{r4-r7}
238384Sjkim	bx	lr
238384Sjkim.align	2
238384Sjkim___
238384Sjkim$code.=".Lcommon:\n".&common()."\tmov	pc,lr\n" if (!$inline);
238384Sjkim$code.=".Lrotate:\n".&rotate()."\tmov	pc,lr\n" if (!$inline);
238384Sjkim$code.=<<___;
238384Sjkim.align	2
238384Sjkim.LK_00_19:	.word	0x5a827999
238384Sjkim.LK_20_39:	.word	0x6ed9eba1
238384Sjkim.LK_40_59:	.word	0x8f1bbcdc
238384Sjkim.LK_60_79:	.word	0xca62c1d6
238384Sjkim.size	sha1_block_data_order,.-sha1_block_data_order
238384Sjkim.asciz	"SHA1 block transform for Thumb, CRYPTOGAMS by <appro\@openssl.org>"
238384Sjkim___
238384Sjkim
238384Sjkimprint $code;
238384Sjkimclose STDOUT; # enforce flush