Startseite Erkunden Hilfe
Anmelden
cloudflare
/
cfssl
Mirror von https://github.com/cloudflare/cfssl
Beobachten 1
Favorit hinzufügen 0
Fork 0
Dateien Issues
Struktur: 5be9a745f0
Branches Tags
cfssl
/
scan
/
crypto
/
sha1
/
sha1block_arm.s

sha1block_arm.s 5.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. // Copyright 2014 The Go Authors.  All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. //
    5. 

  5. // ARM version of md5block.go
    6. 

  6. 

  7. #include "textflag.h"
    8. 

  8. 

  9. // SHA1 block routine. See sha1block.go for Go equivalent.
    10. 

  10. //
    11. 

  11. // There are 80 rounds of 4 types:
    12. 

  12. //   - rounds 0-15 are type 1 and load data (ROUND1 macro).
    13. 

  13. //   - rounds 16-19 are type 1 and do not load data (ROUND1x macro).
    14. 

  14. //   - rounds 20-39 are type 2 and do not load data (ROUND2 macro).
    15. 

  15. //   - rounds 40-59 are type 3 and do not load data (ROUND3 macro).
    16. 

  16. //   - rounds 60-79 are type 4 and do not load data (ROUND4 macro).
    17. 

  17. //
    18. 

  18. // Each round loads or shuffles the data, then computes a per-round
    19. 

  19. // function of b, c, d, and then mixes the result into and rotates the
    20. 

  20. // five registers a, b, c, d, e holding the intermediate results.
    21. 

  21. //
    22. 

  22. // The register rotation is implemented by rotating the arguments to
    23. 

  23. // the round macros instead of by explicit move instructions.
    24. 

  24. 

  25. // Register definitions
    26. 

  26. #define Rdata	R0	// Pointer to incoming data
    27. 

  27. #define Rconst	R1	// Current constant for SHA round
    28. 

  28. #define Ra	R2		// SHA1 accumulator
    29. 

  29. #define Rb	R3		// SHA1 accumulator
    30. 

  30. #define Rc	R4		// SHA1 accumulator
    31. 

  31. #define Rd	R5		// SHA1 accumulator
    32. 

  32. #define Re	R6		// SHA1 accumulator
    33. 

  33. #define Rt0	R7		// Temporary
    34. 

  34. #define Rt1	R8		// Temporary
    35. 

  35. // r9, r10 are forbidden
    36. 

  36. // r11 is OK provided you check the assembler that no synthetic instructions use it
    37. 

  37. #define Rt2	R11		// Temporary
    38. 

  38. #define Rctr	R12	// loop counter
    39. 

  39. #define Rw	R14		// point to w buffer
    40. 

  40. 

  41. // func block(dig *digest, p []byte)
    42. 

  42. // 0(FP) is *digest
    43. 

  43. // 4(FP) is p.array (struct Slice)
    44. 

  44. // 8(FP) is p.len
    45. 

  45. //12(FP) is p.cap
    46. 

  46. //
    47. 

  47. // Stack frame
    48. 

  48. #define p_end	end-4(SP)		// pointer to the end of data
    49. 

  49. #define p_data	data-8(SP)	// current data pointer (unused?)
    50. 

  50. #define w_buf	buf-(8+4*80)(SP)	//80 words temporary buffer w uint32[80]
    51. 

  51. #define saved	abcde-(8+4*80+4*5)(SP)	// saved sha1 registers a,b,c,d,e - these must be last (unused?)
    52. 

  52. // Total size +4 for saved LR is 352
    53. 

  53. 

  54. 	// w[i] = p[j]<<24 | p[j+1]<<16 | p[j+2]<<8 | p[j+3]
    55. 

  55. 	// e += w[i]
    56. 

  56. #define LOAD(Re) \
    57. 

  57. 	MOVBU	2(Rdata), Rt0 ; \
    58. 

  58. 	MOVBU	3(Rdata), Rt1 ; \
    59. 

  59. 	MOVBU	1(Rdata), Rt2 ; \
    60. 

  60. 	ORR	Rt0<<8, Rt1, Rt0	    ; \
    61. 

  61. 	MOVBU.P	4(Rdata), Rt1 ; \
    62. 

  62. 	ORR	Rt2<<16, Rt0, Rt0	    ; \
    63. 

  63. 	ORR	Rt1<<24, Rt0, Rt0	    ; \
    64. 

  64. 	MOVW.P	Rt0, 4(Rw)		    ; \
    65. 

  65. 	ADD	Rt0, Re, Re
    66. 

  66. 	
    67. 

  67. 	// tmp := w[(i-3)&0xf] ^ w[(i-8)&0xf] ^ w[(i-14)&0xf] ^ w[(i)&0xf]
    68. 

  68. 	// w[i&0xf] = tmp<<1 | tmp>>(32-1)
    69. 

  69. 	// e += w[i&0xf] 
    70. 

  70. #define SHUFFLE(Re) \
    71. 

  71. 	MOVW	(-16*4)(Rw), Rt0 ; \
    72. 

  72. 	MOVW	(-14*4)(Rw), Rt1 ; \
    73. 

  73. 	MOVW	(-8*4)(Rw), Rt2  ; \
    74. 

  74. 	EOR	Rt0, Rt1, Rt0  ; \
    75. 

  75. 	MOVW	(-3*4)(Rw), Rt1  ; \
    76. 

  76. 	EOR	Rt2, Rt0, Rt0  ; \
    77. 

  77. 	EOR	Rt0, Rt1, Rt0  ; \
    78. 

  78. 	MOVW	Rt0@>(32-1), Rt0  ; \
    79. 

  79. 	MOVW.P	Rt0, 4(Rw)	  ; \
    80. 

  80. 	ADD	Rt0, Re, Re
    81. 

  81. 

  82. 	// t1 = (b & c) | ((~b) & d)
    83. 

  83. #define FUNC1(Ra, Rb, Rc, Rd, Re) \
    84. 

  84. 	MVN	Rb, Rt1	   ; \
    85. 

  85. 	AND	Rb, Rc, Rt0  ; \
    86. 

  86. 	AND	Rd, Rt1, Rt1 ; \
    87. 

  87. 	ORR	Rt0, Rt1, Rt1
    88. 

  88. 

  89. 	// t1 = b ^ c ^ d
    90. 

  90. #define FUNC2(Ra, Rb, Rc, Rd, Re) \
    91. 

  91. 	EOR	Rb, Rc, Rt1 ; \
    92. 

  92. 	EOR	Rd, Rt1, Rt1
    93. 

  93. 

  94. 	// t1 = (b & c) | (b & d) | (c & d) =
    95. 

  95. 	// t1 = (b & c) | ((b | c) & d)
    96. 

  96. #define FUNC3(Ra, Rb, Rc, Rd, Re) \
    97. 

  97. 	ORR	Rb, Rc, Rt0  ; \
    98. 

  98. 	AND	Rb, Rc, Rt1  ; \
    99. 

  99. 	AND	Rd, Rt0, Rt0 ; \
    100. 

  100. 	ORR	Rt0, Rt1, Rt1
    101. 

  101. 

  102. #define FUNC4 FUNC2
    103. 

  103. 

  104. 	// a5 := a<<5 | a>>(32-5)
    105. 

  105. 	// b = b<<30 | b>>(32-30)
    106. 

  106. 	// e = a5 + t1 + e + const
    107. 

  107. #define MIX(Ra, Rb, Rc, Rd, Re) \
    108. 

  108. 	ADD	Rt1, Re, Re	 ; \
    109. 

  109. 	MOVW	Rb@>(32-30), Rb	 ; \
    110. 

  110. 	ADD	Ra@>(32-5), Re, Re ; \
    111. 

  111. 	ADD	Rconst, Re, Re
    112. 

  112. 

  113. #define ROUND1(Ra, Rb, Rc, Rd, Re) \
    114. 

  114. 	LOAD(Re)		; \
    115. 

  115. 	FUNC1(Ra, Rb, Rc, Rd, Re)	; \
    116. 

  116. 	MIX(Ra, Rb, Rc, Rd, Re)
    117. 

  117. 

  118. #define ROUND1x(Ra, Rb, Rc, Rd, Re) \
    119. 

  119. 	SHUFFLE(Re)	; \
    120. 

  120. 	FUNC1(Ra, Rb, Rc, Rd, Re)	; \
    121. 

  121. 	MIX(Ra, Rb, Rc, Rd, Re)
    122. 

  122. 

  123. #define ROUND2(Ra, Rb, Rc, Rd, Re) \
    124. 

  124. 	SHUFFLE(Re)	; \
    125. 

  125. 	FUNC2(Ra, Rb, Rc, Rd, Re)	; \
    126. 

  126. 	MIX(Ra, Rb, Rc, Rd, Re)
    127. 

  127. 

  128. #define ROUND3(Ra, Rb, Rc, Rd, Re) \
    129. 

  129. 	SHUFFLE(Re)	; \
    130. 

  130. 	FUNC3(Ra, Rb, Rc, Rd, Re)	; \
    131. 

  131. 	MIX(Ra, Rb, Rc, Rd, Re)
    132. 

  132. 

  133. #define ROUND4(Ra, Rb, Rc, Rd, Re) \
    134. 

  134. 	SHUFFLE(Re)	; \
    135. 

  135. 	FUNC4(Ra, Rb, Rc, Rd, Re)	; \
    136. 

  136. 	MIX(Ra, Rb, Rc, Rd, Re)
    137. 

  137. 

  138. 

  139. // func block(dig *digest, p []byte)
    140. 

  140. TEXT	·block(SB), 0, $352-16
    141. 

  141. 	MOVW	p+4(FP), Rdata	// pointer to the data
    142. 

  142. 	MOVW	p_len+8(FP), Rt0	// number of bytes
    143. 

  143. 	ADD	Rdata, Rt0
    144. 

  144. 	MOVW	Rt0, p_end	// pointer to end of data
    145. 

  145. 

  146. 	// Load up initial SHA1 accumulator
    147. 

  147. 	MOVW	dig+0(FP), Rt0
    148. 

  148. 	MOVM.IA (Rt0), [Ra,Rb,Rc,Rd,Re]
    149. 

  149. 

  150. loop:
    151. 

  151. 	// Save registers at SP+4 onwards
    152. 

  152. 	MOVM.IB [Ra,Rb,Rc,Rd,Re], (R13)
    153. 

  153. 

  154. 	MOVW	$w_buf, Rw
    155. 

  155. 	MOVW	$0x5A827999, Rconst
    156. 

  156. 	MOVW	$3, Rctr
    157. 

  157. loop1:	ROUND1(Ra, Rb, Rc, Rd, Re)
    158. 

  158. 	ROUND1(Re, Ra, Rb, Rc, Rd)
    159. 

  159. 	ROUND1(Rd, Re, Ra, Rb, Rc)
    160. 

  160. 	ROUND1(Rc, Rd, Re, Ra, Rb)
    161. 

  161. 	ROUND1(Rb, Rc, Rd, Re, Ra)
    162. 

  162. 	SUB.S	$1, Rctr
    163. 

  163. 	BNE	loop1
    164. 

  164. 

  165. 	ROUND1(Ra, Rb, Rc, Rd, Re)
    166. 

  166. 	ROUND1x(Re, Ra, Rb, Rc, Rd)
    167. 

  167. 	ROUND1x(Rd, Re, Ra, Rb, Rc)
    168. 

  168. 	ROUND1x(Rc, Rd, Re, Ra, Rb)
    169. 

  169. 	ROUND1x(Rb, Rc, Rd, Re, Ra)
    170. 

  170. 	
    171. 

  171. 	MOVW	$0x6ED9EBA1, Rconst
    172. 

  172. 	MOVW	$4, Rctr
    173. 

  173. loop2:	ROUND2(Ra, Rb, Rc, Rd, Re)
    174. 

  174. 	ROUND2(Re, Ra, Rb, Rc, Rd)
    175. 

  175. 	ROUND2(Rd, Re, Ra, Rb, Rc)
    176. 

  176. 	ROUND2(Rc, Rd, Re, Ra, Rb)
    177. 

  177. 	ROUND2(Rb, Rc, Rd, Re, Ra)
    178. 

  178. 	SUB.S	$1, Rctr
    179. 

  179. 	BNE	loop2
    180. 

  180. 	
    181. 

  181. 	MOVW	$0x8F1BBCDC, Rconst
    182. 

  182. 	MOVW	$4, Rctr
    183. 

  183. loop3:	ROUND3(Ra, Rb, Rc, Rd, Re)
    184. 

  184. 	ROUND3(Re, Ra, Rb, Rc, Rd)
    185. 

  185. 	ROUND3(Rd, Re, Ra, Rb, Rc)
    186. 

  186. 	ROUND3(Rc, Rd, Re, Ra, Rb)
    187. 

  187. 	ROUND3(Rb, Rc, Rd, Re, Ra)
    188. 

  188. 	SUB.S	$1, Rctr
    189. 

  189. 	BNE	loop3
    190. 

  190. 	
    191. 

  191. 	MOVW	$0xCA62C1D6, Rconst
    192. 

  192. 	MOVW	$4, Rctr
    193. 

  193. loop4:	ROUND4(Ra, Rb, Rc, Rd, Re)
    194. 

  194. 	ROUND4(Re, Ra, Rb, Rc, Rd)
    195. 

  195. 	ROUND4(Rd, Re, Ra, Rb, Rc)
    196. 

  196. 	ROUND4(Rc, Rd, Re, Ra, Rb)
    197. 

  197. 	ROUND4(Rb, Rc, Rd, Re, Ra)
    198. 

  198. 	SUB.S	$1, Rctr
    199. 

  199. 	BNE	loop4
    200. 

  200. 

  201. 	// Accumulate - restoring registers from SP+4
    202. 

  202. 	MOVM.IB (R13), [Rt0,Rt1,Rt2,Rctr,Rw]
    203. 

  203. 	ADD	Rt0, Ra
    204. 

  204. 	ADD	Rt1, Rb
    205. 

  205. 	ADD	Rt2, Rc
    206. 

  206. 	ADD	Rctr, Rd
    207. 

  207. 	ADD	Rw, Re
    208. 

  208. 

  209. 	MOVW	p_end, Rt0
    210. 

  210. 	CMP	Rt0, Rdata
    211. 

  211. 	BLO	loop
    212. 

  212. 

  213. 	// Save final SHA1 accumulator
    214. 

  214. 	MOVW	dig+0(FP), Rt0
    215. 

  215. 	MOVM.IA [Ra,Rb,Rc,Rd,Re], (Rt0)
    216. 

  216. 

  217. 	RET
    218. 

  218.