2 ;; Copyright (c) 2012-2018, Intel Corporation
4 ;; Redistribution and use in source and binary forms, with or without
5 ;; modification, are permitted provided that the following conditions are met:
7 ;; * Redistributions of source code must retain the above copyright notice,
8 ;; this list of conditions and the following disclaimer.
9 ;; * Redistributions in binary form must reproduce the above copyright
10 ;; notice, this list of conditions and the following disclaimer in the
11 ;; documentation and/or other materials provided with the distribution.
12 ;; * Neither the name of Intel Corporation nor the names of its contributors
13 ;; may be used to endorse or promote products derived from this software
14 ;; without specific prior written permission.
16 ;; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 ;; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 ;; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 ;; DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
20 ;; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 ;; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 ;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
23 ;; CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 ;; OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 ;; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 %include "job_aes_hmac.asm"
30 %include "mb_mgr_datastruct.asm"
31 %include "reg_sizes.asm"
33 extern sha_256_mult_sse
39 byteswap: ;ddq 0x0c0d0e0f08090a0b0405060700010203
40 dq 0x0405060700010203, 0x0c0d0e0f08090a0b
42 ;ddq 0x0000000000000000000000000000FFFF
43 dq 0x000000000000FFFF, 0x0000000000000000
44 ;ddq 0x000000000000000000000000FFFF0000
45 dq 0x00000000FFFF0000, 0x0000000000000000
46 ;ddq 0x00000000000000000000FFFF00000000
47 dq 0x0000FFFF00000000, 0x0000000000000000
48 ;ddq 0x0000000000000000FFFF000000000000
49 dq 0xFFFF000000000000, 0x0000000000000000
57 %define FUNC flush_job_hmac_sha_256_sse
74 ; idx needs to be in rbx, rbp, r13-r15
77 %define unused_lanes rbx
83 %define size_offset rax
85 %define start_offset rax
89 %define extra_blocks arg2
100 ; This routine clobbers rbx, rbp; called routine also clobbers r12
106 %define APPEND(a,b) a %+ b
108 ; JOB* FUNC(MB_MGR_HMAC_SHA_256_OOO *state)
109 ; arg 1 : rcx : state
110 MKGLOBAL(FUNC,function,internal)
117 mov [rsp + _gpr_save + 8*0], rbx
118 mov [rsp + _gpr_save + 8*1], rbp
119 mov [rsp + _gpr_save + 8*2], r12
120 mov [rsp + _rsp_save], rax ; original SP
122 mov unused_lanes, [state + _unused_lanes_sha256]
123 bt unused_lanes, 32+7
126 ; find a lane with a non-null job
128 cmp qword [state + _ldata_sha256 + 1 * _HMAC_SHA1_LANE_DATA_size + _job_in_lane], 0
129 cmovne idx, [rel one]
130 cmp qword [state + _ldata_sha256 + 2 * _HMAC_SHA1_LANE_DATA_size + _job_in_lane], 0
131 cmovne idx, [rel two]
132 cmp qword [state + _ldata_sha256 + 3 * _HMAC_SHA1_LANE_DATA_size + _job_in_lane], 0
133 cmovne idx, [rel three]
136 ; copy idx to empty lanes
137 movdqa xmm0, [state + _lens_sha256]
138 mov tmp, [state + _args_data_ptr_sha256 + 8*idx]
142 cmp qword [state + _ldata_sha256 + I * _HMAC_SHA1_LANE_DATA_size + _job_in_lane], 0
144 mov [state + _args_data_ptr_sha256 + 8*I], tmp
145 por xmm0, [rel len_masks + 16*I]
150 movdqa [state + _lens_sha256], xmm0
152 phminposuw xmm1, xmm0
153 pextrw len2, xmm1, 0 ; min value
154 pextrw idx, xmm1, 1 ; min index (0...3)
158 pshuflw xmm1, xmm1, 0
160 movdqa [state + _lens_sha256], xmm0
162 ; "state" and "args" are the same address, arg1
164 call sha_256_mult_sse
165 ; state and idx are intact
168 ; process completed job "idx"
169 imul lane_data, idx, _HMAC_SHA1_LANE_DATA_size
170 lea lane_data, [state + _ldata_sha256 + lane_data]
171 mov DWORD(extra_blocks), [lane_data + _extra_blocks]
173 jne proc_extra_blocks
174 cmp dword [lane_data + _outer_done], 0
178 mov dword [lane_data + _outer_done], 1
179 mov DWORD(size_offset), [lane_data + _size_offset]
180 mov qword [lane_data + _extra_block + size_offset], 0
181 mov word [state + _lens_sha256 + 2*idx], 1
182 lea tmp, [lane_data + _outer_block]
183 mov job, [lane_data + _job_in_lane]
184 mov [state + _args_data_ptr_sha256 + 8*idx], tmp
186 movd xmm0, [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE]
187 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE], 1
188 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE], 2
189 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE], 3
190 pshufb xmm0, [rel byteswap]
191 movd xmm1, [state + _args_digest_sha256 + 4*idx + 4*SHA256_DIGEST_ROW_SIZE]
192 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 5*SHA256_DIGEST_ROW_SIZE], 1
193 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 6*SHA256_DIGEST_ROW_SIZE], 2
195 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 7*SHA256_DIGEST_ROW_SIZE], 3
197 pshufb xmm1, [rel byteswap]
198 movdqa [lane_data + _outer_block], xmm0
199 movdqa [lane_data + _outer_block + 4*4], xmm1
201 mov dword [lane_data + _outer_block + 7*4], 0x80
204 mov tmp, [job + _auth_key_xor_opad]
206 movdqu xmm1, [tmp + 4*4]
207 movd [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE], xmm0
208 pextrd [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE], xmm0, 1
209 pextrd [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE], xmm0, 2
210 pextrd [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE], xmm0, 3
211 movd [state + _args_digest_sha256 + 4*idx + 4*SHA256_DIGEST_ROW_SIZE], xmm1
212 pextrd [state + _args_digest_sha256 + 4*idx + 5*SHA256_DIGEST_ROW_SIZE], xmm1, 1
213 pextrd [state + _args_digest_sha256 + 4*idx + 6*SHA256_DIGEST_ROW_SIZE], xmm1, 2
214 pextrd [state + _args_digest_sha256 + 4*idx + 7*SHA256_DIGEST_ROW_SIZE], xmm1, 3
219 mov DWORD(start_offset), [lane_data + _start_offset]
220 mov [state + _lens_sha256 + 2*idx], WORD(extra_blocks)
221 lea tmp, [lane_data + _extra_block + start_offset]
222 mov [state + _args_data_ptr_sha256 + 8*idx], tmp
223 mov dword [lane_data + _extra_blocks], 0
232 mov job_rax, [lane_data + _job_in_lane]
233 mov qword [lane_data + _job_in_lane], 0
234 or dword [job_rax + _status], STS_COMPLETED_HMAC
235 mov unused_lanes, [state + _unused_lanes_sha256]
238 mov [state + _unused_lanes_sha256], unused_lanes
240 mov p, [job_rax + _auth_tag_output]
243 cmp qword [job_rax + _auth_tag_output_len_in_bytes], 14
246 cmp qword [job_rax + _auth_tag_output_len_in_bytes], 16
249 ;; copy 14 bytes for SHA224 / 16 bytes for SHA256
250 mov DWORD(tmp2), [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE]
251 mov DWORD(tmp4), [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE]
252 mov DWORD(tmp6), [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE]
253 mov DWORD(tmp5), [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE]
258 mov [p + 0*4], DWORD(tmp2)
259 mov [p + 1*4], DWORD(tmp4)
260 mov [p + 2*4], DWORD(tmp6)
262 mov [p + 3*4], WORD(tmp5)
264 mov [p + 3*4], DWORD(tmp5)
269 ;; copy 28 bytes for SHA224 / 32 bytes for SHA256
270 mov DWORD(tmp2), [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE]
271 mov DWORD(tmp4), [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE]
272 mov DWORD(tmp6), [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE]
273 mov DWORD(tmp5), [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE]
278 mov [p + 0*4], DWORD(tmp2)
279 mov [p + 1*4], DWORD(tmp4)
280 mov [p + 2*4], DWORD(tmp6)
281 mov [p + 3*4], DWORD(tmp5)
283 mov DWORD(tmp2), [state + _args_digest_sha256 + 4*idx + 4*SHA256_DIGEST_ROW_SIZE]
284 mov DWORD(tmp4), [state + _args_digest_sha256 + 4*idx + 5*SHA256_DIGEST_ROW_SIZE]
285 mov DWORD(tmp6), [state + _args_digest_sha256 + 4*idx + 6*SHA256_DIGEST_ROW_SIZE]
287 mov DWORD(tmp5), [state + _args_digest_sha256 + 4*idx + 7*SHA256_DIGEST_ROW_SIZE]
295 mov [p + 4*4], DWORD(tmp2)
296 mov [p + 5*4], DWORD(tmp4)
297 mov [p + 6*4], DWORD(tmp6)
299 mov [p + 7*4], DWORD(tmp5)
303 mov rbx, [rsp + _gpr_save + 8*0]
304 mov rbp, [rsp + _gpr_save + 8*1]
305 mov r12, [rsp + _gpr_save + 8*2]
306 mov rsp, [rsp + _rsp_save] ; original SP
310 section .note.GNU-stack noalloc noexec nowrite progbits