2 ;; Copyright (c) 2012-2018, Intel Corporation
4 ;; Redistribution and use in source and binary forms, with or without
5 ;; modification, are permitted provided that the following conditions are met:
7 ;; * Redistributions of source code must retain the above copyright notice,
8 ;; this list of conditions and the following disclaimer.
9 ;; * Redistributions in binary form must reproduce the above copyright
10 ;; notice, this list of conditions and the following disclaimer in the
11 ;; documentation and/or other materials provided with the distribution.
12 ;; * Neither the name of Intel Corporation nor the names of its contributors
13 ;; may be used to endorse or promote products derived from this software
14 ;; without specific prior written permission.
16 ;; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17 ;; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 ;; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19 ;; DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
20 ;; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 ;; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
22 ;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
23 ;; CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 ;; OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25 ;; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 %include "job_aes_hmac.asm"
30 %include "mb_mgr_datastruct.asm"
31 %include "reg_sizes.asm"
34 extern sha_256_mult_sse
39 byteswap: ;ddq 0x0c0d0e0f08090a0b0405060700010203
40 dq 0x0405060700010203, 0x0c0d0e0f08090a0b
45 %define FUNC submit_job_hmac_sha_256_sse
66 ; idx needs to be in rbx, rbp, r13-r15
71 %define start_offset r11
73 %define unused_lanes rbx
79 %define size_offset reg3
85 %define extra_blocks r8
94 ; This routine clobbers rbx, rbp, rsi, rdi; called routine also clobbers r12
100 ; JOB* FUNC(MB_MGR_HMAC_SHA_256_OOO *state, JOB_AES_HMAC *job)
101 ; arg 1 : rcx : state
103 MKGLOBAL(FUNC,function,internal)
110 mov [rsp + _gpr_save + 8*0], rbx
111 mov [rsp + _gpr_save + 8*1], rbp
112 mov [rsp + _gpr_save + 8*2], r12
114 mov [rsp + _gpr_save + 8*3], rsi
115 mov [rsp + _gpr_save + 8*4], rdi
117 mov [rsp + _rsp_save], rax ; original SP
119 mov unused_lanes, [state + _unused_lanes_sha256]
120 movzx lane, BYTE(unused_lanes)
122 imul lane_data, lane, _HMAC_SHA1_LANE_DATA_size
123 lea lane_data, [state + _ldata_sha256 + lane_data]
124 mov [state + _unused_lanes_sha256], unused_lanes
125 mov len, [job + _msg_len_to_hash_in_bytes]
127 shr tmp, 6 ; divide by 64, len in terms of blocks
129 mov [lane_data + _job_in_lane], job
130 mov dword [lane_data + _outer_done], 0
131 mov [state + _lens_sha256 + 2*lane], WORD(tmp)
135 lea extra_blocks, [last_len + 9 + 63]
137 mov [lane_data + _extra_blocks], DWORD(extra_blocks)
140 add p, [job + _hash_start_src_offset_in_bytes]
141 mov [state + _args_data_ptr_sha256 + 8*lane], p
148 movdqu xmm0, [p - 64 + 0*16]
149 movdqu xmm1, [p - 64 + 1*16]
150 movdqu xmm2, [p - 64 + 2*16]
151 movdqu xmm3, [p - 64 + 3*16]
152 movdqa [lane_data + _extra_block + 0*16], xmm0
153 movdqa [lane_data + _extra_block + 1*16], xmm1
154 movdqa [lane_data + _extra_block + 2*16], xmm2
155 movdqa [lane_data + _extra_block + 3*16], xmm3
158 mov size_offset, extra_blocks
160 sub size_offset, last_len
161 add size_offset, 64-8
162 mov [lane_data + _size_offset], DWORD(size_offset)
164 sub start_offset, last_len
165 mov [lane_data + _start_offset], DWORD(start_offset)
167 lea tmp, [8*64 + 8*len]
169 mov [lane_data + _extra_block + size_offset], tmp
171 mov tmp, [job + _auth_key_xor_ipad]
173 movdqu xmm1, [tmp + 4*4]
174 movd [state + _args_digest_sha256 + 4*lane + 0*SHA256_DIGEST_ROW_SIZE], xmm0
175 pextrd [state + _args_digest_sha256 + 4*lane + 1*SHA256_DIGEST_ROW_SIZE], xmm0, 1
176 pextrd [state + _args_digest_sha256 + 4*lane + 2*SHA256_DIGEST_ROW_SIZE], xmm0, 2
177 pextrd [state + _args_digest_sha256 + 4*lane + 3*SHA256_DIGEST_ROW_SIZE], xmm0, 3
178 movd [state + _args_digest_sha256 + 4*lane + 4*SHA256_DIGEST_ROW_SIZE], xmm1
179 pextrd [state + _args_digest_sha256 + 4*lane + 5*SHA256_DIGEST_ROW_SIZE], xmm1, 1
180 pextrd [state + _args_digest_sha256 + 4*lane + 6*SHA256_DIGEST_ROW_SIZE], xmm1, 2
181 pextrd [state + _args_digest_sha256 + 4*lane + 7*SHA256_DIGEST_ROW_SIZE], xmm1, 3
186 mov [state + _lens_sha256 + 2*lane], WORD(extra_blocks)
187 lea tmp, [lane_data + _extra_block + start_offset]
188 mov [state + _args_data_ptr_sha256 + 8*lane], tmp
189 mov dword [lane_data + _extra_blocks], 0
192 cmp unused_lanes, 0xff
199 movdqa xmm0, [state + _lens_sha256]
200 phminposuw xmm1, xmm0
201 pextrw len2, xmm1, 0 ; min value
202 pextrw idx, xmm1, 1 ; min index (0...3)
206 pshuflw xmm1, xmm1, 0
208 movdqa [state + _lens_sha256], xmm0
210 ; "state" and "args" are the same address, arg1
212 call sha_256_mult_sse
213 ; state and idx are intact
216 ; process completed job "idx"
217 imul lane_data, idx, _HMAC_SHA1_LANE_DATA_size
218 lea lane_data, [state + _ldata_sha256 + lane_data]
219 mov DWORD(extra_blocks), [lane_data + _extra_blocks]
221 jne proc_extra_blocks
222 cmp dword [lane_data + _outer_done], 0
226 mov dword [lane_data + _outer_done], 1
227 mov DWORD(size_offset), [lane_data + _size_offset]
228 mov qword [lane_data + _extra_block + size_offset], 0
229 mov word [state + _lens_sha256 + 2*idx], 1
230 lea tmp, [lane_data + _outer_block]
231 mov job, [lane_data + _job_in_lane]
232 mov [state + _args_data_ptr_sha256 + 8*idx], tmp
234 movd xmm0, [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE]
235 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE], 1
236 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE], 2
237 pinsrd xmm0, [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE], 3
238 pshufb xmm0, [rel byteswap]
239 movd xmm1, [state + _args_digest_sha256 + 4*idx + 4*SHA256_DIGEST_ROW_SIZE]
240 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 5*SHA256_DIGEST_ROW_SIZE], 1
241 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 6*SHA256_DIGEST_ROW_SIZE], 2
243 pinsrd xmm1, [state + _args_digest_sha256 + 4*idx + 7*SHA256_DIGEST_ROW_SIZE], 3
245 pshufb xmm1, [rel byteswap]
246 movdqa [lane_data + _outer_block], xmm0
247 movdqa [lane_data + _outer_block + 4*4], xmm1
249 mov dword [lane_data + _outer_block + 7*4], 0x80
253 mov tmp, [job + _auth_key_xor_opad]
255 movdqu xmm1, [tmp + 4*4]
256 movd [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE], xmm0
257 pextrd [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE], xmm0, 1
258 pextrd [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE], xmm0, 2
259 pextrd [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE], xmm0, 3
260 movd [state + _args_digest_sha256 + 4*idx + 4*SHA256_DIGEST_ROW_SIZE], xmm1
261 pextrd [state + _args_digest_sha256 + 4*idx + 5*SHA256_DIGEST_ROW_SIZE], xmm1, 1
262 pextrd [state + _args_digest_sha256 + 4*idx + 6*SHA256_DIGEST_ROW_SIZE], xmm1, 2
263 pextrd [state + _args_digest_sha256 + 4*idx + 7*SHA256_DIGEST_ROW_SIZE], xmm1, 3
268 mov DWORD(start_offset), [lane_data + _start_offset]
269 mov [state + _lens_sha256 + 2*idx], WORD(extra_blocks)
270 lea tmp, [lane_data + _extra_block + start_offset]
271 mov [state + _args_data_ptr_sha256 + 8*idx], tmp
272 mov dword [lane_data + _extra_blocks], 0
278 ;; less than one message block of data
279 ;; beginning of source block
280 ;; destination extrablock but backwards by len from where 0x80 pre-populated
281 ;; p2 clobbers unused_lanes, undo before exit
282 lea p2, [lane_data + _extra_block + 64]
284 memcpy_sse_64_1 p2, p, len, tmp4, tmp2, xmm0, xmm1, xmm2, xmm3
285 mov unused_lanes, [state + _unused_lanes_sha256]
294 mov job_rax, [lane_data + _job_in_lane]
295 mov unused_lanes, [state + _unused_lanes_sha256]
296 mov qword [lane_data + _job_in_lane], 0
297 or dword [job_rax + _status], STS_COMPLETED_HMAC
300 mov [state + _unused_lanes_sha256], unused_lanes
302 mov p, [job_rax + _auth_tag_output]
304 ; copy 14 bytes for SHA224 and 16 bytes for SHA256
305 mov DWORD(tmp), [state + _args_digest_sha256 + 4*idx + 0*SHA256_DIGEST_ROW_SIZE]
306 mov DWORD(tmp2), [state + _args_digest_sha256 + 4*idx + 1*SHA256_DIGEST_ROW_SIZE]
307 mov DWORD(tmp3), [state + _args_digest_sha256 + 4*idx + 2*SHA256_DIGEST_ROW_SIZE]
308 mov DWORD(tmp4), [state + _args_digest_sha256 + 4*idx + 3*SHA256_DIGEST_ROW_SIZE]
315 mov [p + 0*4], DWORD(tmp)
316 mov [p + 1*4], DWORD(tmp2)
317 mov [p + 2*4], DWORD(tmp3)
320 mov [p + 3*4], WORD(tmp4)
322 mov [p + 3*4], DWORD(tmp4)
328 mov rbx, [rsp + _gpr_save + 8*0]
329 mov rbp, [rsp + _gpr_save + 8*1]
330 mov r12, [rsp + _gpr_save + 8*2]
332 mov rsi, [rsp + _gpr_save + 8*3]
333 mov rdi, [rsp + _gpr_save + 8*4]
335 mov rsp, [rsp + _rsp_save] ; original SP
340 section .note.GNU-stack noalloc noexec nowrite progbits