| blob | f82cd8cf5a093f5bb79c911a45513864dcdbe271 |
1 #define __ARM_ARCH__ __LINUX_ARM_ARCH__
2 @ SPDX-License-Identifier: GPL-2.0
4 @ This code is taken from the OpenSSL project but the author (Andy Polyakov)
5 @ has relicensed it under the GPLv2. Therefore this program is free software;
6 @ you can redistribute it and/or modify it under the terms of the GNU General
7 @ Public License version 2 as published by the Free Software Foundation.
8 @
9 @ The original headers, including the original license headers, are
10 @ included below for completeness.
12 @ ====================================================================
13 @ Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
14 @ project. The module is, however, dual licensed under OpenSSL and
15 @ CRYPTOGAMS licenses depending on where you obtain it. For further
16 @ details see http://www.openssl.org/~appro/cryptogams/.
17 @ ====================================================================
19 @ sha1_block procedure for ARMv4.
20 @
21 @ January 2007.
23 @ Size/performance trade-off
24 @ ====================================================================
25 @ impl size in bytes comp cycles[*] measured performance
26 @ ====================================================================
27 @ thumb 304 3212 4420
28 @ armv4-small 392/+29% 1958/+64% 2250/+96%
29 @ armv4-compact 740/+89% 1552/+26% 1840/+22%
30 @ armv4-large 1420/+92% 1307/+19% 1370/+34%[***]
31 @ full unroll ~5100/+260% ~1260/+4% ~1300/+5%
32 @ ====================================================================
33 @ thumb = same as 'small' but in Thumb instructions[**] and
34 @ with recurring code in two private functions;
35 @ small = detached Xload/update, loops are folded;
36 @ compact = detached Xload/update, 5x unroll;
37 @ large = interleaved Xload/update, 5x unroll;
38 @ full unroll = interleaved Xload/update, full unroll, estimated[!];
39 @
40 @ [*] Manually counted instructions in "grand" loop body. Measured
41 @ performance is affected by prologue and epilogue overhead,
42 @ i-cache availability, branch penalties, etc.
43 @ [**] While each Thumb instruction is twice smaller, they are not as
44 @ diverse as ARM ones: e.g., there are only two arithmetic
45 @ instructions with 3 arguments, no [fixed] rotate, addressing
46 @ modes are limited. As result it takes more instructions to do
47 @ the same job in Thumb, therefore the code is never twice as
48 @ small and always slower.
49 @ [***] which is also ~35% better than compiler generated code. Dual-
50 @ issue Cortex A8 core was measured to process input block in
51 @ ~990 cycles.
53 @ August 2010.
54 @
55 @ Rescheduling for dual-issue pipeline resulted in 13% improvement on
56 @ Cortex A8 core and in absolute terms ~870 cycles per input block
57 @ [or 13.6 cycles per byte].
59 @ February 2011.
60 @
61 @ Profiler-assisted and platform-specific optimization resulted in 10%
62 @ improvement on Cortex A8 core and 12.2 cycles per byte.
64 #include <linux/linkage.h>
66 .text
68 .align 2
69 ENTRY(sha1_block_data_order)
70 stmdb sp!,{r4-r12,lr}
71 add r2,r1,r2,lsl#6 @ r2 to point at the end of r1
72 ldmia r0,{r3,r4,r5,r6,r7}
73 .Lloop:
74 ldr r8,.LK_00_19
75 mov r14,sp
76 sub sp,sp,#15*4
77 mov r5,r5,ror#30
78 mov r6,r6,ror#30
79 mov r7,r7,ror#30 @ [6]
80 .L_00_15:
81 #if __ARM_ARCH__<7
82 ldrb r10,[r1,#2]
83 ldrb r9,[r1,#3]
84 ldrb r11,[r1,#1]
85 add r7,r8,r7,ror#2 @ E+=K_00_19
86 ldrb r12,[r1],#4
87 orr r9,r9,r10,lsl#8
88 eor r10,r5,r6 @ F_xx_xx
89 orr r9,r9,r11,lsl#16
90 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
91 orr r9,r9,r12,lsl#24
92 #else
93 ldr r9,[r1],#4 @ handles unaligned
94 add r7,r8,r7,ror#2 @ E+=K_00_19
95 eor r10,r5,r6 @ F_xx_xx
96 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
97 #ifdef __ARMEL__
98 rev r9,r9 @ byte swap
99 #endif
100 #endif
101 and r10,r4,r10,ror#2
102 add r7,r7,r9 @ E+=X[i]
103 eor r10,r10,r6,ror#2 @ F_00_19(B,C,D)
104 str r9,[r14,#-4]!
105 add r7,r7,r10 @ E+=F_00_19(B,C,D)
106 #if __ARM_ARCH__<7
107 ldrb r10,[r1,#2]
108 ldrb r9,[r1,#3]
109 ldrb r11,[r1,#1]
110 add r6,r8,r6,ror#2 @ E+=K_00_19
111 ldrb r12,[r1],#4
112 orr r9,r9,r10,lsl#8
113 eor r10,r4,r5 @ F_xx_xx
114 orr r9,r9,r11,lsl#16
115 add r6,r6,r7,ror#27 @ E+=ROR(A,27)
116 orr r9,r9,r12,lsl#24
117 #else
118 ldr r9,[r1],#4 @ handles unaligned
119 add r6,r8,r6,ror#2 @ E+=K_00_19
120 eor r10,r4,r5 @ F_xx_xx
121 add r6,r6,r7,ror#27 @ E+=ROR(A,27)
122 #ifdef __ARMEL__
123 rev r9,r9 @ byte swap
124 #endif
125 #endif
126 and r10,r3,r10,ror#2
127 add r6,r6,r9 @ E+=X[i]
128 eor r10,r10,r5,ror#2 @ F_00_19(B,C,D)
129 str r9,[r14,#-4]!
130 add r6,r6,r10 @ E+=F_00_19(B,C,D)
131 #if __ARM_ARCH__<7
132 ldrb r10,[r1,#2]
133 ldrb r9,[r1,#3]
134 ldrb r11,[r1,#1]
135 add r5,r8,r5,ror#2 @ E+=K_00_19
136 ldrb r12,[r1],#4
137 orr r9,r9,r10,lsl#8
138 eor r10,r3,r4 @ F_xx_xx
139 orr r9,r9,r11,lsl#16
140 add r5,r5,r6,ror#27 @ E+=ROR(A,27)
141 orr r9,r9,r12,lsl#24
142 #else
143 ldr r9,[r1],#4 @ handles unaligned
144 add r5,r8,r5,ror#2 @ E+=K_00_19
145 eor r10,r3,r4 @ F_xx_xx
146 add r5,r5,r6,ror#27 @ E+=ROR(A,27)
147 #ifdef __ARMEL__
148 rev r9,r9 @ byte swap
149 #endif
150 #endif
151 and r10,r7,r10,ror#2
152 add r5,r5,r9 @ E+=X[i]
153 eor r10,r10,r4,ror#2 @ F_00_19(B,C,D)
154 str r9,[r14,#-4]!
155 add r5,r5,r10 @ E+=F_00_19(B,C,D)
156 #if __ARM_ARCH__<7
157 ldrb r10,[r1,#2]
158 ldrb r9,[r1,#3]
159 ldrb r11,[r1,#1]
160 add r4,r8,r4,ror#2 @ E+=K_00_19
161 ldrb r12,[r1],#4
162 orr r9,r9,r10,lsl#8
163 eor r10,r7,r3 @ F_xx_xx
164 orr r9,r9,r11,lsl#16
165 add r4,r4,r5,ror#27 @ E+=ROR(A,27)
166 orr r9,r9,r12,lsl#24
167 #else
168 ldr r9,[r1],#4 @ handles unaligned
169 add r4,r8,r4,ror#2 @ E+=K_00_19
170 eor r10,r7,r3 @ F_xx_xx
171 add r4,r4,r5,ror#27 @ E+=ROR(A,27)
172 #ifdef __ARMEL__
173 rev r9,r9 @ byte swap
174 #endif
175 #endif
176 and r10,r6,r10,ror#2
177 add r4,r4,r9 @ E+=X[i]
178 eor r10,r10,r3,ror#2 @ F_00_19(B,C,D)
179 str r9,[r14,#-4]!
180 add r4,r4,r10 @ E+=F_00_19(B,C,D)
181 #if __ARM_ARCH__<7
182 ldrb r10,[r1,#2]
183 ldrb r9,[r1,#3]
184 ldrb r11,[r1,#1]
185 add r3,r8,r3,ror#2 @ E+=K_00_19
186 ldrb r12,[r1],#4
187 orr r9,r9,r10,lsl#8
188 eor r10,r6,r7 @ F_xx_xx
189 orr r9,r9,r11,lsl#16
190 add r3,r3,r4,ror#27 @ E+=ROR(A,27)
191 orr r9,r9,r12,lsl#24
192 #else
193 ldr r9,[r1],#4 @ handles unaligned
194 add r3,r8,r3,ror#2 @ E+=K_00_19
195 eor r10,r6,r7 @ F_xx_xx
196 add r3,r3,r4,ror#27 @ E+=ROR(A,27)
197 #ifdef __ARMEL__
198 rev r9,r9 @ byte swap
199 #endif
200 #endif
201 and r10,r5,r10,ror#2
202 add r3,r3,r9 @ E+=X[i]
203 eor r10,r10,r7,ror#2 @ F_00_19(B,C,D)
204 str r9,[r14,#-4]!
205 add r3,r3,r10 @ E+=F_00_19(B,C,D)
206 cmp r14,sp
207 bne .L_00_15 @ [((11+4)*5+2)*3]
208 sub sp,sp,#25*4
209 #if __ARM_ARCH__<7
210 ldrb r10,[r1,#2]
211 ldrb r9,[r1,#3]
212 ldrb r11,[r1,#1]
213 add r7,r8,r7,ror#2 @ E+=K_00_19
214 ldrb r12,[r1],#4
215 orr r9,r9,r10,lsl#8
216 eor r10,r5,r6 @ F_xx_xx
217 orr r9,r9,r11,lsl#16
218 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
219 orr r9,r9,r12,lsl#24
220 #else
221 ldr r9,[r1],#4 @ handles unaligned
222 add r7,r8,r7,ror#2 @ E+=K_00_19
223 eor r10,r5,r6 @ F_xx_xx
224 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
225 #ifdef __ARMEL__
226 rev r9,r9 @ byte swap
227 #endif
228 #endif
229 and r10,r4,r10,ror#2
230 add r7,r7,r9 @ E+=X[i]
231 eor r10,r10,r6,ror#2 @ F_00_19(B,C,D)
232 str r9,[r14,#-4]!
233 add r7,r7,r10 @ E+=F_00_19(B,C,D)
234 ldr r9,[r14,#15*4]
235 ldr r10,[r14,#13*4]
236 ldr r11,[r14,#7*4]
237 add r6,r8,r6,ror#2 @ E+=K_xx_xx
238 ldr r12,[r14,#2*4]
239 eor r9,r9,r10
240 eor r11,r11,r12 @ 1 cycle stall
241 eor r10,r4,r5 @ F_xx_xx
242 mov r9,r9,ror#31
243 add r6,r6,r7,ror#27 @ E+=ROR(A,27)
244 eor r9,r9,r11,ror#31
245 str r9,[r14,#-4]!
246 and r10,r3,r10,ror#2 @ F_xx_xx
247 @ F_xx_xx
248 add r6,r6,r9 @ E+=X[i]
249 eor r10,r10,r5,ror#2 @ F_00_19(B,C,D)
250 add r6,r6,r10 @ E+=F_00_19(B,C,D)
251 ldr r9,[r14,#15*4]
252 ldr r10,[r14,#13*4]
253 ldr r11,[r14,#7*4]
254 add r5,r8,r5,ror#2 @ E+=K_xx_xx
255 ldr r12,[r14,#2*4]
256 eor r9,r9,r10
257 eor r11,r11,r12 @ 1 cycle stall
258 eor r10,r3,r4 @ F_xx_xx
259 mov r9,r9,ror#31
260 add r5,r5,r6,ror#27 @ E+=ROR(A,27)
261 eor r9,r9,r11,ror#31
262 str r9,[r14,#-4]!
263 and r10,r7,r10,ror#2 @ F_xx_xx
264 @ F_xx_xx
265 add r5,r5,r9 @ E+=X[i]
266 eor r10,r10,r4,ror#2 @ F_00_19(B,C,D)
267 add r5,r5,r10 @ E+=F_00_19(B,C,D)
268 ldr r9,[r14,#15*4]
269 ldr r10,[r14,#13*4]
270 ldr r11,[r14,#7*4]
271 add r4,r8,r4,ror#2 @ E+=K_xx_xx
272 ldr r12,[r14,#2*4]
273 eor r9,r9,r10
274 eor r11,r11,r12 @ 1 cycle stall
275 eor r10,r7,r3 @ F_xx_xx
276 mov r9,r9,ror#31
277 add r4,r4,r5,ror#27 @ E+=ROR(A,27)
278 eor r9,r9,r11,ror#31
279 str r9,[r14,#-4]!
280 and r10,r6,r10,ror#2 @ F_xx_xx
281 @ F_xx_xx
282 add r4,r4,r9 @ E+=X[i]
283 eor r10,r10,r3,ror#2 @ F_00_19(B,C,D)
284 add r4,r4,r10 @ E+=F_00_19(B,C,D)
285 ldr r9,[r14,#15*4]
286 ldr r10,[r14,#13*4]
287 ldr r11,[r14,#7*4]
288 add r3,r8,r3,ror#2 @ E+=K_xx_xx
289 ldr r12,[r14,#2*4]
290 eor r9,r9,r10
291 eor r11,r11,r12 @ 1 cycle stall
292 eor r10,r6,r7 @ F_xx_xx
293 mov r9,r9,ror#31
294 add r3,r3,r4,ror#27 @ E+=ROR(A,27)
295 eor r9,r9,r11,ror#31
296 str r9,[r14,#-4]!
297 and r10,r5,r10,ror#2 @ F_xx_xx
298 @ F_xx_xx
299 add r3,r3,r9 @ E+=X[i]
300 eor r10,r10,r7,ror#2 @ F_00_19(B,C,D)
301 add r3,r3,r10 @ E+=F_00_19(B,C,D)
303 ldr r8,.LK_20_39 @ [+15+16*4]
304 cmn sp,#0 @ [+3], clear carry to denote 20_39
305 .L_20_39_or_60_79:
306 ldr r9,[r14,#15*4]
307 ldr r10,[r14,#13*4]
308 ldr r11,[r14,#7*4]
309 add r7,r8,r7,ror#2 @ E+=K_xx_xx
310 ldr r12,[r14,#2*4]
311 eor r9,r9,r10
312 eor r11,r11,r12 @ 1 cycle stall
313 eor r10,r5,r6 @ F_xx_xx
314 mov r9,r9,ror#31
315 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
316 eor r9,r9,r11,ror#31
317 str r9,[r14,#-4]!
318 eor r10,r4,r10,ror#2 @ F_xx_xx
319 @ F_xx_xx
320 add r7,r7,r9 @ E+=X[i]
321 add r7,r7,r10 @ E+=F_20_39(B,C,D)
322 ldr r9,[r14,#15*4]
323 ldr r10,[r14,#13*4]
324 ldr r11,[r14,#7*4]
325 add r6,r8,r6,ror#2 @ E+=K_xx_xx
326 ldr r12,[r14,#2*4]
327 eor r9,r9,r10
328 eor r11,r11,r12 @ 1 cycle stall
329 eor r10,r4,r5 @ F_xx_xx
330 mov r9,r9,ror#31
331 add r6,r6,r7,ror#27 @ E+=ROR(A,27)
332 eor r9,r9,r11,ror#31
333 str r9,[r14,#-4]!
334 eor r10,r3,r10,ror#2 @ F_xx_xx
335 @ F_xx_xx
336 add r6,r6,r9 @ E+=X[i]
337 add r6,r6,r10 @ E+=F_20_39(B,C,D)
338 ldr r9,[r14,#15*4]
339 ldr r10,[r14,#13*4]
340 ldr r11,[r14,#7*4]
341 add r5,r8,r5,ror#2 @ E+=K_xx_xx
342 ldr r12,[r14,#2*4]
343 eor r9,r9,r10
344 eor r11,r11,r12 @ 1 cycle stall
345 eor r10,r3,r4 @ F_xx_xx
346 mov r9,r9,ror#31
347 add r5,r5,r6,ror#27 @ E+=ROR(A,27)
348 eor r9,r9,r11,ror#31
349 str r9,[r14,#-4]!
350 eor r10,r7,r10,ror#2 @ F_xx_xx
351 @ F_xx_xx
352 add r5,r5,r9 @ E+=X[i]
353 add r5,r5,r10 @ E+=F_20_39(B,C,D)
354 ldr r9,[r14,#15*4]
355 ldr r10,[r14,#13*4]
356 ldr r11,[r14,#7*4]
357 add r4,r8,r4,ror#2 @ E+=K_xx_xx
358 ldr r12,[r14,#2*4]
359 eor r9,r9,r10
360 eor r11,r11,r12 @ 1 cycle stall
361 eor r10,r7,r3 @ F_xx_xx
362 mov r9,r9,ror#31
363 add r4,r4,r5,ror#27 @ E+=ROR(A,27)
364 eor r9,r9,r11,ror#31
365 str r9,[r14,#-4]!
366 eor r10,r6,r10,ror#2 @ F_xx_xx
367 @ F_xx_xx
368 add r4,r4,r9 @ E+=X[i]
369 add r4,r4,r10 @ E+=F_20_39(B,C,D)
370 ldr r9,[r14,#15*4]
371 ldr r10,[r14,#13*4]
372 ldr r11,[r14,#7*4]
373 add r3,r8,r3,ror#2 @ E+=K_xx_xx
374 ldr r12,[r14,#2*4]
375 eor r9,r9,r10
376 eor r11,r11,r12 @ 1 cycle stall
377 eor r10,r6,r7 @ F_xx_xx
378 mov r9,r9,ror#31
379 add r3,r3,r4,ror#27 @ E+=ROR(A,27)
380 eor r9,r9,r11,ror#31
381 str r9,[r14,#-4]!
382 eor r10,r5,r10,ror#2 @ F_xx_xx
383 @ F_xx_xx
384 add r3,r3,r9 @ E+=X[i]
385 add r3,r3,r10 @ E+=F_20_39(B,C,D)
386 ARM( teq r14,sp ) @ preserve carry
387 THUMB( mov r11,sp )
388 THUMB( teq r14,r11 ) @ preserve carry
389 bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4]
390 bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes
392 ldr r8,.LK_40_59
393 sub sp,sp,#20*4 @ [+2]
394 .L_40_59:
395 ldr r9,[r14,#15*4]
396 ldr r10,[r14,#13*4]
397 ldr r11,[r14,#7*4]
398 add r7,r8,r7,ror#2 @ E+=K_xx_xx
399 ldr r12,[r14,#2*4]
400 eor r9,r9,r10
401 eor r11,r11,r12 @ 1 cycle stall
402 eor r10,r5,r6 @ F_xx_xx
403 mov r9,r9,ror#31
404 add r7,r7,r3,ror#27 @ E+=ROR(A,27)
405 eor r9,r9,r11,ror#31
406 str r9,[r14,#-4]!
407 and r10,r4,r10,ror#2 @ F_xx_xx
408 and r11,r5,r6 @ F_xx_xx
409 add r7,r7,r9 @ E+=X[i]
410 add r7,r7,r10 @ E+=F_40_59(B,C,D)
411 add r7,r7,r11,ror#2
412 ldr r9,[r14,#15*4]
413 ldr r10,[r14,#13*4]
414 ldr r11,[r14,#7*4]
415 add r6,r8,r6,ror#2 @ E+=K_xx_xx
416 ldr r12,[r14,#2*4]
417 eor r9,r9,r10
418 eor r11,r11,r12 @ 1 cycle stall
419 eor r10,r4,r5 @ F_xx_xx
420 mov r9,r9,ror#31
421 add r6,r6,r7,ror#27 @ E+=ROR(A,27)
422 eor r9,r9,r11,ror#31
423 str r9,[r14,#-4]!
424 and r10,r3,r10,ror#2 @ F_xx_xx
425 and r11,r4,r5 @ F_xx_xx
426 add r6,r6,r9 @ E+=X[i]
427 add r6,r6,r10 @ E+=F_40_59(B,C,D)
428 add r6,r6,r11,ror#2
429 ldr r9,[r14,#15*4]
430 ldr r10,[r14,#13*4]
431 ldr r11,[r14,#7*4]
432 add r5,r8,r5,ror#2 @ E+=K_xx_xx
433 ldr r12,[r14,#2*4]
434 eor r9,r9,r10
435 eor r11,r11,r12 @ 1 cycle stall
436 eor r10,r3,r4 @ F_xx_xx
437 mov r9,r9,ror#31
438 add r5,r5,r6,ror#27 @ E+=ROR(A,27)
439 eor r9,r9,r11,ror#31
440 str r9,[r14,#-4]!
441 and r10,r7,r10,ror#2 @ F_xx_xx
442 and r11,r3,r4 @ F_xx_xx
443 add r5,r5,r9 @ E+=X[i]
444 add r5,r5,r10 @ E+=F_40_59(B,C,D)
445 add r5,r5,r11,ror#2
446 ldr r9,[r14,#15*4]
447 ldr r10,[r14,#13*4]
448 ldr r11,[r14,#7*4]
449 add r4,r8,r4,ror#2 @ E+=K_xx_xx
450 ldr r12,[r14,#2*4]
451 eor r9,r9,r10
452 eor r11,r11,r12 @ 1 cycle stall
453 eor r10,r7,r3 @ F_xx_xx
454 mov r9,r9,ror#31
455 add r4,r4,r5,ror#27 @ E+=ROR(A,27)
456 eor r9,r9,r11,ror#31
457 str r9,[r14,#-4]!
458 and r10,r6,r10,ror#2 @ F_xx_xx
459 and r11,r7,r3 @ F_xx_xx
460 add r4,r4,r9 @ E+=X[i]
461 add r4,r4,r10 @ E+=F_40_59(B,C,D)
462 add r4,r4,r11,ror#2
463 ldr r9,[r14,#15*4]
464 ldr r10,[r14,#13*4]
465 ldr r11,[r14,#7*4]
466 add r3,r8,r3,ror#2 @ E+=K_xx_xx
467 ldr r12,[r14,#2*4]
468 eor r9,r9,r10
469 eor r11,r11,r12 @ 1 cycle stall
470 eor r10,r6,r7 @ F_xx_xx
471 mov r9,r9,ror#31
472 add r3,r3,r4,ror#27 @ E+=ROR(A,27)
473 eor r9,r9,r11,ror#31
474 str r9,[r14,#-4]!
475 and r10,r5,r10,ror#2 @ F_xx_xx
476 and r11,r6,r7 @ F_xx_xx
477 add r3,r3,r9 @ E+=X[i]
478 add r3,r3,r10 @ E+=F_40_59(B,C,D)
479 add r3,r3,r11,ror#2
480 cmp r14,sp
481 bne .L_40_59 @ [+((12+5)*5+2)*4]
483 ldr r8,.LK_60_79
484 sub sp,sp,#20*4
485 cmp sp,#0 @ set carry to denote 60_79
486 b .L_20_39_or_60_79 @ [+4], spare 300 bytes
487 .L_done:
488 add sp,sp,#80*4 @ "deallocate" stack frame
489 ldmia r0,{r8,r9,r10,r11,r12}
490 add r3,r8,r3
491 add r4,r9,r4
492 add r5,r10,r5,ror#2
493 add r6,r11,r6,ror#2
494 add r7,r12,r7,ror#2
495 stmia r0,{r3,r4,r5,r6,r7}
496 teq r1,r2
497 bne .Lloop @ [+18], total 1307
499 ldmia sp!,{r4-r12,pc}
500 .align 2
501 .LK_00_19: .word 0x5a827999
502 .LK_20_39: .word 0x6ed9eba1
503 .LK_40_59: .word 0x8f1bbcdc
504 .LK_60_79: .word 0xca62c1d6
505 ENDPROC(sha1_block_data_order)
506 .asciz "SHA1 block transform for ARMv4, CRYPTOGAMS by <appro@openssl.org>"
507 .align 2