• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /usr/bin/env perl
2# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10# ====================================================================
11# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12# project. The module is, however, dual licensed under OpenSSL and
13# CRYPTOGAMS licenses depending on where you obtain it. For further
14# details see http://www.openssl.org/~appro/cryptogams/.
15# ====================================================================
16
17# September 2011
18#
19# Assembler helpers for Padlock engine. See even e_padlock-x86.pl for
20# details.
21
22# $output is the last argument if it looks like a file (it has an extension)
23# $flavour is the first argument if it doesn't look like a file
24$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
25$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
26
27$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
28
29$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
30( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
31( $xlate="${dir}../../crypto/perlasm/x86_64-xlate.pl" and -f $xlate) or
32die "can't locate x86_64-xlate.pl";
33
34open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
35     or die "can't call $xlate: $!";
36*STDOUT=*OUT;
37
38$code=".text\n";
39
40%PADLOCK_PREFETCH=(ecb=>128, cbc=>64, ctr32=>32);	# prefetch errata
41$PADLOCK_CHUNK=512;	# Must be a power of 2 between 32 and 2^20
42
43$ctx="%rdx";
44$out="%rdi";
45$inp="%rsi";
46$len="%rcx";
47$chunk="%rbx";
48
49($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
50                                 ("%rdi","%rsi","%rdx","%rcx"); # Unix order
51
52$code.=<<___;
53.globl	padlock_capability
54.type	padlock_capability,\@abi-omnipotent
55.align	16
56padlock_capability:
57	mov	%rbx,%r8
58	xor	%eax,%eax
59	cpuid
60	xor	%eax,%eax
61	cmp	\$`"0x".unpack("H*",'tneC')`,%ebx
62	jne	.Lzhaoxin
63	cmp	\$`"0x".unpack("H*",'Hrua')`,%edx
64	jne	.Lnoluck
65	cmp	\$`"0x".unpack("H*",'slua')`,%ecx
66	jne	.Lnoluck
67	jmp	.LzhaoxinEnd
68.Lzhaoxin:
69	cmp	\$`"0x".unpack("H*",'hS  ')`,%ebx
70	jne	.Lnoluck
71	cmp	\$`"0x".unpack("H*",'hgna')`,%edx
72	jne	.Lnoluck
73	cmp	\$`"0x".unpack("H*",'  ia')`,%ecx
74	jne	.Lnoluck
75.LzhaoxinEnd:
76	mov	\$0xC0000000,%eax
77	cpuid
78	mov	%eax,%edx
79	xor	%eax,%eax
80	cmp	\$0xC0000001,%edx
81	jb	.Lnoluck
82	mov	\$0xC0000001,%eax
83	cpuid
84	mov	%edx,%eax
85	and	\$0xffffffef,%eax
86	or	\$0x10,%eax		# set Nano bit#4
87.Lnoluck:
88	mov	%r8,%rbx
89	ret
90.size	padlock_capability,.-padlock_capability
91
92.globl	padlock_key_bswap
93.type	padlock_key_bswap,\@abi-omnipotent,0
94.align	16
95padlock_key_bswap:
96	mov	240($arg1),%edx
97.Lbswap_loop:
98	mov	($arg1),%eax
99	bswap	%eax
100	mov	%eax,($arg1)
101	lea	4($arg1),$arg1
102	sub	\$1,%edx
103	jnz	.Lbswap_loop
104	ret
105.size	padlock_key_bswap,.-padlock_key_bswap
106
107.globl	padlock_verify_context
108.type	padlock_verify_context,\@abi-omnipotent
109.align	16
110padlock_verify_context:
111	mov	$arg1,$ctx
112	pushf
113	lea	.Lpadlock_saved_context(%rip),%rax
114	call	_padlock_verify_ctx
115	lea	8(%rsp),%rsp
116	ret
117.size	padlock_verify_context,.-padlock_verify_context
118
119.type	_padlock_verify_ctx,\@abi-omnipotent
120.align	16
121_padlock_verify_ctx:
122	mov	8(%rsp),%r8
123	bt	\$30,%r8
124	jnc	.Lverified
125	cmp	(%rax),$ctx
126	je	.Lverified
127	pushf
128	popf
129.Lverified:
130	mov	$ctx,(%rax)
131	ret
132.size	_padlock_verify_ctx,.-_padlock_verify_ctx
133
134.globl	padlock_reload_key
135.type	padlock_reload_key,\@abi-omnipotent
136.align	16
137padlock_reload_key:
138	pushf
139	popf
140	ret
141.size	padlock_reload_key,.-padlock_reload_key
142
143.globl	padlock_aes_block
144.type	padlock_aes_block,\@function,3
145.align	16
146padlock_aes_block:
147	mov	%rbx,%r8
148	mov	\$1,$len
149	lea	32($ctx),%rbx		# key
150	lea	16($ctx),$ctx		# control word
151	.byte	0xf3,0x0f,0xa7,0xc8	# rep xcryptecb
152	mov	%r8,%rbx
153	ret
154.size	padlock_aes_block,.-padlock_aes_block
155
156.globl	padlock_xstore
157.type	padlock_xstore,\@function,2
158.align	16
159padlock_xstore:
160	mov	%esi,%edx
161	.byte	0x0f,0xa7,0xc0		# xstore
162	ret
163.size	padlock_xstore,.-padlock_xstore
164
165.globl	padlock_sha1_oneshot
166.type	padlock_sha1_oneshot,\@function,3
167.align	16
168padlock_sha1_oneshot:
169	mov	%rdx,%rcx
170	mov	%rdi,%rdx		# put aside %rdi
171	movups	(%rdi),%xmm0		# copy-in context
172	sub	\$128+8,%rsp
173	mov	16(%rdi),%eax
174	movaps	%xmm0,(%rsp)
175	mov	%rsp,%rdi
176	mov	%eax,16(%rsp)
177	xor	%rax,%rax
178	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
179	movaps	(%rsp),%xmm0
180	mov	16(%rsp),%eax
181	add	\$128+8,%rsp
182	movups	%xmm0,(%rdx)		# copy-out context
183	mov	%eax,16(%rdx)
184	ret
185.size	padlock_sha1_oneshot,.-padlock_sha1_oneshot
186
187.globl	padlock_sha1_blocks
188.type	padlock_sha1_blocks,\@function,3
189.align	16
190padlock_sha1_blocks:
191	mov	%rdx,%rcx
192	mov	%rdi,%rdx		# put aside %rdi
193	movups	(%rdi),%xmm0		# copy-in context
194	sub	\$128+8,%rsp
195	mov	16(%rdi),%eax
196	movaps	%xmm0,(%rsp)
197	mov	%rsp,%rdi
198	mov	%eax,16(%rsp)
199	mov	\$-1,%rax
200	.byte	0xf3,0x0f,0xa6,0xc8	# rep xsha1
201	movaps	(%rsp),%xmm0
202	mov	16(%rsp),%eax
203	add	\$128+8,%rsp
204	movups	%xmm0,(%rdx)		# copy-out context
205	mov	%eax,16(%rdx)
206	ret
207.size	padlock_sha1_blocks,.-padlock_sha1_blocks
208
209.globl	padlock_sha256_oneshot
210.type	padlock_sha256_oneshot,\@function,3
211.align	16
212padlock_sha256_oneshot:
213	mov	%rdx,%rcx
214	mov	%rdi,%rdx		# put aside %rdi
215	movups	(%rdi),%xmm0		# copy-in context
216	sub	\$128+8,%rsp
217	movups	16(%rdi),%xmm1
218	movaps	%xmm0,(%rsp)
219	mov	%rsp,%rdi
220	movaps	%xmm1,16(%rsp)
221	xor	%rax,%rax
222	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
223	movaps	(%rsp),%xmm0
224	movaps	16(%rsp),%xmm1
225	add	\$128+8,%rsp
226	movups	%xmm0,(%rdx)		# copy-out context
227	movups	%xmm1,16(%rdx)
228	ret
229.size	padlock_sha256_oneshot,.-padlock_sha256_oneshot
230
231.globl	padlock_sha256_blocks
232.type	padlock_sha256_blocks,\@function,3
233.align	16
234padlock_sha256_blocks:
235	mov	%rdx,%rcx
236	mov	%rdi,%rdx		# put aside %rdi
237	movups	(%rdi),%xmm0		# copy-in context
238	sub	\$128+8,%rsp
239	movups	16(%rdi),%xmm1
240	movaps	%xmm0,(%rsp)
241	mov	%rsp,%rdi
242	movaps	%xmm1,16(%rsp)
243	mov	\$-1,%rax
244	.byte	0xf3,0x0f,0xa6,0xd0	# rep xsha256
245	movaps	(%rsp),%xmm0
246	movaps	16(%rsp),%xmm1
247	add	\$128+8,%rsp
248	movups	%xmm0,(%rdx)		# copy-out context
249	movups	%xmm1,16(%rdx)
250	ret
251.size	padlock_sha256_blocks,.-padlock_sha256_blocks
252
253.globl	padlock_sha512_blocks
254.type	padlock_sha512_blocks,\@function,3
255.align	16
256padlock_sha512_blocks:
257	mov	%rdx,%rcx
258	mov	%rdi,%rdx		# put aside %rdi
259	movups	(%rdi),%xmm0		# copy-in context
260	sub	\$128+8,%rsp
261	movups	16(%rdi),%xmm1
262	movups	32(%rdi),%xmm2
263	movups	48(%rdi),%xmm3
264	movaps	%xmm0,(%rsp)
265	mov	%rsp,%rdi
266	movaps	%xmm1,16(%rsp)
267	movaps	%xmm2,32(%rsp)
268	movaps	%xmm3,48(%rsp)
269	.byte	0xf3,0x0f,0xa6,0xe0	# rep xha512
270	movaps	(%rsp),%xmm0
271	movaps	16(%rsp),%xmm1
272	movaps	32(%rsp),%xmm2
273	movaps	48(%rsp),%xmm3
274	add	\$128+8,%rsp
275	movups	%xmm0,(%rdx)		# copy-out context
276	movups	%xmm1,16(%rdx)
277	movups	%xmm2,32(%rdx)
278	movups	%xmm3,48(%rdx)
279	ret
280.size	padlock_sha512_blocks,.-padlock_sha512_blocks
281___
282
283sub generate_mode {
284my ($mode,$opcode) = @_;
285# int padlock_$mode_encrypt(void *out, const void *inp,
286#		struct padlock_cipher_data *ctx, size_t len);
287$code.=<<___;
288.globl	padlock_${mode}_encrypt
289.type	padlock_${mode}_encrypt,\@function,4
290.align	16
291padlock_${mode}_encrypt:
292	push	%rbp
293	push	%rbx
294
295	xor	%eax,%eax
296	test	\$15,$ctx
297	jnz	.L${mode}_abort
298	test	\$15,$len
299	jnz	.L${mode}_abort
300	lea	.Lpadlock_saved_context(%rip),%rax
301	pushf
302	cld
303	call	_padlock_verify_ctx
304	lea	16($ctx),$ctx		# control word
305	xor	%eax,%eax
306	xor	%ebx,%ebx
307	testl	\$`1<<5`,($ctx)		# align bit in control word
308	jnz	.L${mode}_aligned
309	test	\$0x0f,$out
310	setz	%al			# !out_misaligned
311	test	\$0x0f,$inp
312	setz	%bl			# !inp_misaligned
313	test	%ebx,%eax
314	jnz	.L${mode}_aligned
315	neg	%rax
316	mov	\$$PADLOCK_CHUNK,$chunk
317	not	%rax			# out_misaligned?-1:0
318	lea	(%rsp),%rbp
319	cmp	$chunk,$len
320	cmovc	$len,$chunk		# chunk=len>PADLOCK_CHUNK?PADLOCK_CHUNK:len
321	and	$chunk,%rax		# out_misaligned?chunk:0
322	mov	$len,$chunk
323	neg	%rax
324	and	\$$PADLOCK_CHUNK-1,$chunk	# chunk%=PADLOCK_CHUNK
325	lea	(%rax,%rbp),%rsp
326	mov	\$$PADLOCK_CHUNK,%rax
327	cmovz	%rax,$chunk			# chunk=chunk?:PADLOCK_CHUNK
328___
329$code.=<<___				if ($mode eq "ctr32");
330.L${mode}_reenter:
331	mov	-4($ctx),%eax		# pull 32-bit counter
332	bswap	%eax
333	neg	%eax
334	and	\$`$PADLOCK_CHUNK/16-1`,%eax
335	mov	\$$PADLOCK_CHUNK,$chunk
336	shl	\$4,%eax
337	cmovz	$chunk,%rax
338	cmp	%rax,$len
339	cmova	%rax,$chunk		# don't let counter cross PADLOCK_CHUNK
340	cmovbe	$len,$chunk
341___
342$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
343	cmp	$chunk,$len
344	ja	.L${mode}_loop
345	mov	$inp,%rax		# check if prefetch crosses page
346	cmp	%rsp,%rbp
347	cmove	$out,%rax
348	add	$len,%rax
349	neg	%rax
350	and	\$0xfff,%rax		# distance to page boundary
351	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
352	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
353	cmovae	$chunk,%rax		# mask=distance<prefetch?-prefetch:-1
354	and	%rax,$chunk
355	jz	.L${mode}_unaligned_tail
356___
357$code.=<<___;
358	jmp	.L${mode}_loop
359.align	16
360.L${mode}_loop:
361	cmp	$len,$chunk		# ctr32 artefact
362	cmova	$len,$chunk		# ctr32 artefact
363	mov	$out,%r8		# save parameters
364	mov	$inp,%r9
365	mov	$len,%r10
366	mov	$chunk,$len
367	mov	$chunk,%r11
368	test	\$0x0f,$out		# out_misaligned
369	cmovnz	%rsp,$out
370	test	\$0x0f,$inp		# inp_misaligned
371	jz	.L${mode}_inp_aligned
372	shr	\$3,$len
373	.byte	0xf3,0x48,0xa5		# rep movsq
374	sub	$chunk,$out
375	mov	$chunk,$len
376	mov	$out,$inp
377.L${mode}_inp_aligned:
378	lea	-16($ctx),%rax		# ivp
379	lea	16($ctx),%rbx		# key
380	shr	\$4,$len
381	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
382___
383$code.=<<___				if ($mode !~ /ecb|ctr/);
384	movdqa	(%rax),%xmm0
385	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
386___
387$code.=<<___				if ($mode eq "ctr32");
388	mov	-4($ctx),%eax		# pull 32-bit counter
389	test	\$0xffff0000,%eax
390	jnz	.L${mode}_no_carry
391	bswap	%eax
392	add	\$0x10000,%eax
393	bswap	%eax
394	mov	%eax,-4($ctx)
395.L${mode}_no_carry:
396___
397$code.=<<___;
398	mov	%r8,$out		# restore parameters
399	mov	%r11,$chunk
400	test	\$0x0f,$out
401	jz	.L${mode}_out_aligned
402	mov	$chunk,$len
403	lea	(%rsp),$inp
404	shr	\$3,$len
405	.byte	0xf3,0x48,0xa5		# rep movsq
406	sub	$chunk,$out
407.L${mode}_out_aligned:
408	mov	%r9,$inp
409	mov	%r10,$len
410	add	$chunk,$out
411	add	$chunk,$inp
412	sub	$chunk,$len
413	mov	\$$PADLOCK_CHUNK,$chunk
414___
415					if (!$PADLOCK_PREFETCH{$mode}) {
416$code.=<<___;
417	jnz	.L${mode}_loop
418___
419					} else {
420$code.=<<___;
421	jz	.L${mode}_break
422	cmp	$chunk,$len
423	jae	.L${mode}_loop
424___
425$code.=<<___				if ($mode eq "ctr32");
426	mov	$len,$chunk
427	mov	$inp,%rax		# check if prefetch crosses page
428	cmp	%rsp,%rbp
429	cmove	$out,%rax
430	add	$len,%rax
431	neg	%rax
432	and	\$0xfff,%rax		# distance to page boundary
433	cmp	\$$PADLOCK_PREFETCH{$mode},%rax
434	mov	\$-$PADLOCK_PREFETCH{$mode},%rax
435	cmovae	$chunk,%rax
436	and	%rax,$chunk
437	jnz	.L${mode}_loop
438___
439$code.=<<___;
440.L${mode}_unaligned_tail:
441	xor	%eax,%eax
442	cmp	%rsp,%rbp
443	cmove	$len,%rax
444	mov	$out,%r8		# save parameters
445	mov	$len,$chunk
446	sub	%rax,%rsp		# alloca
447	shr	\$3,$len
448	lea	(%rsp),$out
449	.byte	0xf3,0x48,0xa5		# rep movsq
450	mov	%rsp,$inp
451	mov	%r8, $out		# restore parameters
452	mov	$chunk,$len
453	jmp	.L${mode}_loop
454.align	16
455.L${mode}_break:
456___
457					}
458$code.=<<___;
459	cmp	%rbp,%rsp
460	je	.L${mode}_done
461
462	pxor	%xmm0,%xmm0
463	lea	(%rsp),%rax
464.L${mode}_bzero:
465	movaps	%xmm0,(%rax)
466	lea	16(%rax),%rax
467	cmp	%rax,%rbp
468	ja	.L${mode}_bzero
469
470.L${mode}_done:
471	lea	(%rbp),%rsp
472	jmp	.L${mode}_exit
473
474.align	16
475.L${mode}_aligned:
476___
477$code.=<<___				if ($mode eq "ctr32");
478	mov	-4($ctx),%eax		# pull 32-bit counter
479	bswap	%eax
480	neg	%eax
481	and	\$0xffff,%eax
482	mov	\$`16*0x10000`,$chunk
483	shl	\$4,%eax
484	cmovz	$chunk,%rax
485	cmp	%rax,$len
486	cmova	%rax,$chunk		# don't let counter cross 2^16
487	cmovbe	$len,$chunk
488	jbe	.L${mode}_aligned_skip
489
490.L${mode}_aligned_loop:
491	mov	$len,%r10		# save parameters
492	mov	$chunk,$len
493	mov	$chunk,%r11
494
495	lea	-16($ctx),%rax		# ivp
496	lea	16($ctx),%rbx		# key
497	shr	\$4,$len		# len/=AES_BLOCK_SIZE
498	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
499
500	mov	-4($ctx),%eax		# pull 32-bit counter
501	bswap	%eax
502	add	\$0x10000,%eax
503	bswap	%eax
504	mov	%eax,-4($ctx)
505
506	mov	%r10,$len		# restore parameters
507	sub	%r11,$len
508	mov	\$`16*0x10000`,$chunk
509	jz	.L${mode}_exit
510	cmp	$chunk,$len
511	jae	.L${mode}_aligned_loop
512
513.L${mode}_aligned_skip:
514___
515$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
516	lea	($inp,$len),%rbp
517	neg	%rbp
518	and	\$0xfff,%rbp		# distance to page boundary
519	xor	%eax,%eax
520	cmp	\$$PADLOCK_PREFETCH{$mode},%rbp
521	mov	\$$PADLOCK_PREFETCH{$mode}-1,%rbp
522	cmovae	%rax,%rbp
523	and	$len,%rbp		# remainder
524	sub	%rbp,$len
525	jz	.L${mode}_aligned_tail
526___
527$code.=<<___;
528	lea	-16($ctx),%rax		# ivp
529	lea	16($ctx),%rbx		# key
530	shr	\$4,$len		# len/=AES_BLOCK_SIZE
531	.byte	0xf3,0x0f,0xa7,$opcode	# rep xcrypt*
532___
533$code.=<<___				if ($mode !~ /ecb|ctr/);
534	movdqa	(%rax),%xmm0
535	movdqa	%xmm0,-16($ctx)		# copy [or refresh] iv
536___
537$code.=<<___				if ($PADLOCK_PREFETCH{$mode});
538	test	%rbp,%rbp		# check remainder
539	jz	.L${mode}_exit
540
541.L${mode}_aligned_tail:
542	mov	$out,%r8
543	mov	%rbp,$chunk
544	mov	%rbp,$len
545	lea	(%rsp),%rbp
546	sub	$len,%rsp
547	shr	\$3,$len
548	lea	(%rsp),$out
549	.byte	0xf3,0x48,0xa5		# rep movsq
550	lea	(%r8),$out
551	lea	(%rsp),$inp
552	mov	$chunk,$len
553	jmp	.L${mode}_loop
554___
555$code.=<<___;
556.L${mode}_exit:
557	mov	\$1,%eax
558	lea	8(%rsp),%rsp
559.L${mode}_abort:
560	pop	%rbx
561	pop	%rbp
562	ret
563.size	padlock_${mode}_encrypt,.-padlock_${mode}_encrypt
564___
565}
566
567&generate_mode("ecb",0xc8);
568&generate_mode("cbc",0xd0);
569&generate_mode("cfb",0xe0);
570&generate_mode("ofb",0xe8);
571&generate_mode("ctr32",0xd8);	# all 64-bit CPUs have working CTR...
572
573$code.=<<___;
574.asciz	"VIA Padlock x86_64 module, CRYPTOGAMS by <appro\@openssl.org>"
575.align	16
576.data
577.align	8
578.Lpadlock_saved_context:
579	.quad	0
580___
581$code =~ s/\`([^\`]*)\`/eval($1)/gem;
582
583print $code;
584
585close STDOUT;
586