libcrypto/md5/md5_amd64_generic.S

*82ab76e1Sjsing/*	$OpenBSD: md5_amd64_generic.S,v 1.1 2025/01/24 13:35:04 jsing Exp $ */
*82ab76e1Sjsing/*
*82ab76e1Sjsing * Copyright (c) 2025 Joel Sing <jsing@openbsd.org>
*82ab76e1Sjsing *
*82ab76e1Sjsing * Permission to use, copy, modify, and distribute this software for any
*82ab76e1Sjsing * purpose with or without fee is hereby granted, provided that the above
*82ab76e1Sjsing * copyright notice and this permission notice appear in all copies.
*82ab76e1Sjsing *
*82ab76e1Sjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
*82ab76e1Sjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
*82ab76e1Sjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
*82ab76e1Sjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
*82ab76e1Sjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
*82ab76e1Sjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
*82ab76e1Sjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*82ab76e1Sjsing */
*82ab76e1Sjsing
*82ab76e1Sjsing#ifdef __CET__
*82ab76e1Sjsing#include <cet.h>
*82ab76e1Sjsing#else
*82ab76e1Sjsing#define _CET_ENDBR
*82ab76e1Sjsing#endif
*82ab76e1Sjsing
*82ab76e1Sjsing#define	ctx		%rdi
*82ab76e1Sjsing#define	in		%rsi
*82ab76e1Sjsing#define	num		%rdx
*82ab76e1Sjsing
*82ab76e1Sjsing#define	end		%rbp
*82ab76e1Sjsing
*82ab76e1Sjsing#define	A		%eax
*82ab76e1Sjsing#define	B		%ebx
*82ab76e1Sjsing#define	C		%ecx
*82ab76e1Sjsing#define	D		%edx
*82ab76e1Sjsing
*82ab76e1Sjsing#define	AA		%r8d
*82ab76e1Sjsing#define	BB		%r9d
*82ab76e1Sjsing#define	CC		%r10d
*82ab76e1Sjsing#define	DD		%r11d
*82ab76e1Sjsing
*82ab76e1Sjsing#define	tmp0		%r12d
*82ab76e1Sjsing#define	tmp1		%r13d
*82ab76e1Sjsing
*82ab76e1Sjsing/*
*82ab76e1Sjsing * Compute MD5 round 1 as:
*82ab76e1Sjsing *
*82ab76e1Sjsing *   a = b + rol(a + F(b, c, d) + x + t, s)
*82ab76e1Sjsing *   F(x, y, z) = (x & y) | (~x & z)
*82ab76e1Sjsing *              = ((y ^ z) & x) ^ z
*82ab76e1Sjsing */
*82ab76e1Sjsing#define md5_round1(a, b, c, d, x, t, s) \
*82ab76e1Sjsing	addl	(x*4)(in), a;					\
*82ab76e1Sjsing	movl	c, tmp0;					\
*82ab76e1Sjsing	xorl	d, tmp0;					\
*82ab76e1Sjsing	andl	b, tmp0;					\
*82ab76e1Sjsing	xorl	d, tmp0;					\
*82ab76e1Sjsing	leal	t(tmp0, a), a;					\
*82ab76e1Sjsing	roll	$s, a;						\
*82ab76e1Sjsing	addl	b, a;
*82ab76e1Sjsing
*82ab76e1Sjsing/*
*82ab76e1Sjsing * Compute MD5 round 2 as:
*82ab76e1Sjsing *
*82ab76e1Sjsing *   a = b + rol(a + G(b, c, d) + x + t, s)
*82ab76e1Sjsing *   G(x, y, z) = (x & z) | (y & ~z)
*82ab76e1Sjsing */
*82ab76e1Sjsing#define md5_round2(a, b, c, d, x, t, s) \
*82ab76e1Sjsing	addl	(x*4)(in), a;					\
*82ab76e1Sjsing	movl	d, tmp0;					\
*82ab76e1Sjsing	xorl	$-1, tmp0;					\
*82ab76e1Sjsing	andl	c, tmp0;					\
*82ab76e1Sjsing	addl	tmp0, a;					\
*82ab76e1Sjsing	movl	d, tmp1;					\
*82ab76e1Sjsing	andl	b, tmp1;					\
*82ab76e1Sjsing	leal	t(tmp1, a), a;					\
*82ab76e1Sjsing	roll	$s, a;						\
*82ab76e1Sjsing	addl	b, a;
*82ab76e1Sjsing
*82ab76e1Sjsing/*
*82ab76e1Sjsing * Compute MD5 round 3 as:
*82ab76e1Sjsing *
*82ab76e1Sjsing *   a = b + rol(a + H(b, c, d) + x + t, s)
*82ab76e1Sjsing *   H(x, y, z) = x ^ y ^ z;
*82ab76e1Sjsing */
*82ab76e1Sjsing#define md5_round3(a, b, c, d, x, t, s) \
*82ab76e1Sjsing	addl	(x*4)(in), a;					\
*82ab76e1Sjsing	movl	d, tmp0;					\
*82ab76e1Sjsing	xorl	c, tmp0;					\
*82ab76e1Sjsing	xorl	b, tmp0;					\
*82ab76e1Sjsing	leal    t(tmp0, a), a;					\
*82ab76e1Sjsing	roll	$s, a;						\
*82ab76e1Sjsing	addl	b, a;
*82ab76e1Sjsing
*82ab76e1Sjsing/*
*82ab76e1Sjsing * Compute MD5 round 4 as:
*82ab76e1Sjsing *
*82ab76e1Sjsing *   a = b + rol(a + I(b, c, d) + x + t, s)
*82ab76e1Sjsing *   I(x, y, z) = y ^ (x | ~z)
*82ab76e1Sjsing */
*82ab76e1Sjsing#define md5_round4(a, b, c, d, x, t, s) \
*82ab76e1Sjsing	addl	(x*4)(in), a;					\
*82ab76e1Sjsing	movl	d, tmp0;					\
*82ab76e1Sjsing	xorl	$-1, tmp0;					\
*82ab76e1Sjsing	orl	b, tmp0;					\
*82ab76e1Sjsing	xorl	c, tmp0;					\
*82ab76e1Sjsing	leal    t(tmp0, a), a;					\
*82ab76e1Sjsing	roll	$s, a;						\
*82ab76e1Sjsing	addl	b, a;
*82ab76e1Sjsing
*82ab76e1Sjsing.text
*82ab76e1Sjsing
*82ab76e1Sjsing/*
*82ab76e1Sjsing * void md5_block_data_order(MD5_CTX *ctx, const void *in, size_t num);
*82ab76e1Sjsing *
*82ab76e1Sjsing * Standard x86-64 ABI: rdi = ctx, rsi = in, rdx = num
*82ab76e1Sjsing */
*82ab76e1Sjsing.align 16
*82ab76e1Sjsing.globl	md5_block_data_order
*82ab76e1Sjsing.type	md5_block_data_order,@function
*82ab76e1Sjsingmd5_block_data_order:
*82ab76e1Sjsing	_CET_ENDBR
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Save callee save registers. */
*82ab76e1Sjsing	pushq	%rbx
*82ab76e1Sjsing	pushq	%rbp
*82ab76e1Sjsing	pushq	%r12
*82ab76e1Sjsing	pushq	%r13
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Compute end of message. */
*82ab76e1Sjsing	shlq	$6, num
*82ab76e1Sjsing	leaq	(in, num, 1), end
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Load current hash state from context. */
*82ab76e1Sjsing	movl	(0*4)(ctx), AA
*82ab76e1Sjsing	movl	(1*4)(ctx), BB
*82ab76e1Sjsing	movl	(2*4)(ctx), CC
*82ab76e1Sjsing	movl	(3*4)(ctx), DD
*82ab76e1Sjsing
*82ab76e1Sjsing	jmp	.Lblock_loop
*82ab76e1Sjsing
*82ab76e1Sjsing.align 16
*82ab76e1Sjsing.Lblock_loop:
*82ab76e1Sjsing	movl	AA, A
*82ab76e1Sjsing	movl	BB, B
*82ab76e1Sjsing	movl	CC, C
*82ab76e1Sjsing	movl	DD, D
*82ab76e1Sjsing
*82ab76e1Sjsing	md5_round1(A, B, C, D, 0, 0xd76aa478L, 7);
*82ab76e1Sjsing	md5_round1(D, A, B, C, 1, 0xe8c7b756L, 12);
*82ab76e1Sjsing	md5_round1(C, D, A, B, 2, 0x242070dbL, 17);
*82ab76e1Sjsing	md5_round1(B, C, D, A, 3, 0xc1bdceeeL, 22);
*82ab76e1Sjsing	md5_round1(A, B, C, D, 4, 0xf57c0fafL, 7);
*82ab76e1Sjsing	md5_round1(D, A, B, C, 5, 0x4787c62aL, 12);
*82ab76e1Sjsing	md5_round1(C, D, A, B, 6, 0xa8304613L, 17);
*82ab76e1Sjsing	md5_round1(B, C, D, A, 7, 0xfd469501L, 22);
*82ab76e1Sjsing	md5_round1(A, B, C, D, 8, 0x698098d8L, 7);
*82ab76e1Sjsing	md5_round1(D, A, B, C, 9, 0x8b44f7afL, 12);
*82ab76e1Sjsing	md5_round1(C, D, A, B, 10, 0xffff5bb1L, 17);
*82ab76e1Sjsing	md5_round1(B, C, D, A, 11, 0x895cd7beL, 22);
*82ab76e1Sjsing	md5_round1(A, B, C, D, 12, 0x6b901122L, 7);
*82ab76e1Sjsing	md5_round1(D, A, B, C, 13, 0xfd987193L, 12);
*82ab76e1Sjsing	md5_round1(C, D, A, B, 14, 0xa679438eL, 17);
*82ab76e1Sjsing	md5_round1(B, C, D, A, 15, 0x49b40821L, 22);
*82ab76e1Sjsing
*82ab76e1Sjsing	md5_round2(A, B, C, D, 1, 0xf61e2562L, 5);
*82ab76e1Sjsing	md5_round2(D, A, B, C, 6, 0xc040b340L, 9);
*82ab76e1Sjsing	md5_round2(C, D, A, B, 11, 0x265e5a51L, 14);
*82ab76e1Sjsing	md5_round2(B, C, D, A, 0, 0xe9b6c7aaL, 20);
*82ab76e1Sjsing	md5_round2(A, B, C, D, 5, 0xd62f105dL, 5);
*82ab76e1Sjsing	md5_round2(D, A, B, C, 10, 0x02441453L, 9);
*82ab76e1Sjsing	md5_round2(C, D, A, B, 15, 0xd8a1e681L, 14);
*82ab76e1Sjsing	md5_round2(B, C, D, A, 4, 0xe7d3fbc8L, 20);
*82ab76e1Sjsing	md5_round2(A, B, C, D, 9, 0x21e1cde6L, 5);
*82ab76e1Sjsing	md5_round2(D, A, B, C, 14, 0xc33707d6L, 9);
*82ab76e1Sjsing	md5_round2(C, D, A, B, 3, 0xf4d50d87L, 14);
*82ab76e1Sjsing	md5_round2(B, C, D, A, 8, 0x455a14edL, 20);
*82ab76e1Sjsing	md5_round2(A, B, C, D, 13, 0xa9e3e905L, 5);
*82ab76e1Sjsing	md5_round2(D, A, B, C, 2, 0xfcefa3f8L, 9);
*82ab76e1Sjsing	md5_round2(C, D, A, B, 7, 0x676f02d9L, 14);
*82ab76e1Sjsing	md5_round2(B, C, D, A, 12, 0x8d2a4c8aL, 20);
*82ab76e1Sjsing
*82ab76e1Sjsing	md5_round3(A, B, C, D, 5, 0xfffa3942L, 4);
*82ab76e1Sjsing	md5_round3(D, A, B, C, 8, 0x8771f681L, 11);
*82ab76e1Sjsing	md5_round3(C, D, A, B, 11, 0x6d9d6122L, 16);
*82ab76e1Sjsing	md5_round3(B, C, D, A, 14, 0xfde5380cL, 23);
*82ab76e1Sjsing	md5_round3(A, B, C, D, 1, 0xa4beea44L, 4);
*82ab76e1Sjsing	md5_round3(D, A, B, C, 4, 0x4bdecfa9L, 11);
*82ab76e1Sjsing	md5_round3(C, D, A, B, 7, 0xf6bb4b60L, 16);
*82ab76e1Sjsing	md5_round3(B, C, D, A, 10, 0xbebfbc70L, 23);
*82ab76e1Sjsing	md5_round3(A, B, C, D, 13, 0x289b7ec6L, 4);
*82ab76e1Sjsing	md5_round3(D, A, B, C, 0, 0xeaa127faL, 11);
*82ab76e1Sjsing	md5_round3(C, D, A, B, 3, 0xd4ef3085L, 16);
*82ab76e1Sjsing	md5_round3(B, C, D, A, 6, 0x04881d05L, 23);
*82ab76e1Sjsing	md5_round3(A, B, C, D, 9, 0xd9d4d039L, 4);
*82ab76e1Sjsing	md5_round3(D, A, B, C, 12, 0xe6db99e5L, 11);
*82ab76e1Sjsing	md5_round3(C, D, A, B, 15, 0x1fa27cf8L, 16);
*82ab76e1Sjsing	md5_round3(B, C, D, A, 2, 0xc4ac5665L, 23);
*82ab76e1Sjsing
*82ab76e1Sjsing	md5_round4(A, B, C, D, 0, 0xf4292244L, 6);
*82ab76e1Sjsing	md5_round4(D, A, B, C, 7, 0x432aff97L, 10);
*82ab76e1Sjsing	md5_round4(C, D, A, B, 14, 0xab9423a7L, 15);
*82ab76e1Sjsing	md5_round4(B, C, D, A, 5, 0xfc93a039L, 21);
*82ab76e1Sjsing	md5_round4(A, B, C, D, 12, 0x655b59c3L, 6);
*82ab76e1Sjsing	md5_round4(D, A, B, C, 3, 0x8f0ccc92L, 10);
*82ab76e1Sjsing	md5_round4(C, D, A, B, 10, 0xffeff47dL, 15);
*82ab76e1Sjsing	md5_round4(B, C, D, A, 1, 0x85845dd1L, 21);
*82ab76e1Sjsing	md5_round4(A, B, C, D, 8, 0x6fa87e4fL, 6);
*82ab76e1Sjsing	md5_round4(D, A, B, C, 15, 0xfe2ce6e0L, 10);
*82ab76e1Sjsing	md5_round4(C, D, A, B, 6, 0xa3014314L, 15);
*82ab76e1Sjsing	md5_round4(B, C, D, A, 13, 0x4e0811a1L, 21);
*82ab76e1Sjsing	md5_round4(A, B, C, D, 4, 0xf7537e82L, 6);
*82ab76e1Sjsing	md5_round4(D, A, B, C, 11, 0xbd3af235L, 10);
*82ab76e1Sjsing	md5_round4(C, D, A, B, 2, 0x2ad7d2bbL, 15);
*82ab76e1Sjsing	md5_round4(B, C, D, A, 9, 0xeb86d391L, 21);
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Add intermediate state to hash state. */
*82ab76e1Sjsing	addl	A, AA
*82ab76e1Sjsing	addl	B, BB
*82ab76e1Sjsing	addl	C, CC
*82ab76e1Sjsing	addl	D, DD
*82ab76e1Sjsing
*82ab76e1Sjsing	addq	$64, in
*82ab76e1Sjsing	cmpq	end, in
*82ab76e1Sjsing	jb	.Lblock_loop
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Store new hash state to context. */
*82ab76e1Sjsing	movl	AA, (0*4)(ctx)
*82ab76e1Sjsing	movl	BB, (1*4)(ctx)
*82ab76e1Sjsing	movl	CC, (2*4)(ctx)
*82ab76e1Sjsing	movl	DD, (3*4)(ctx)
*82ab76e1Sjsing
*82ab76e1Sjsing	/* Restore callee save registers. */
*82ab76e1Sjsing	popq	%r13
*82ab76e1Sjsing	popq	%r12
*82ab76e1Sjsing	popq	%rbp
*82ab76e1Sjsing	popq	%rbx
*82ab76e1Sjsing
*82ab76e1Sjsing	ret