diff options
| author | marha <marha@users.sourceforge.net> | 2010-03-30 12:36:28 +0000 | 
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2010-03-30 12:36:28 +0000 | 
| commit | ff48c0d9098080b51ea12710029135916d117806 (patch) | |
| tree | 96e6af9caf170ba21a1027b24e306a07e27d7b75 /openssl/crypto/rc4/asm/rc4-586.pl | |
| parent | bb731f5ac92655c4860a41fa818a7a63005f8369 (diff) | |
| download | vcxsrv-ff48c0d9098080b51ea12710029135916d117806.tar.gz vcxsrv-ff48c0d9098080b51ea12710029135916d117806.tar.bz2 vcxsrv-ff48c0d9098080b51ea12710029135916d117806.zip | |
svn merge -r514:HEAD ^/branches/released .
Diffstat (limited to 'openssl/crypto/rc4/asm/rc4-586.pl')
| -rw-r--r-- | openssl/crypto/rc4/asm/rc4-586.pl | 448 | 
1 files changed, 244 insertions, 204 deletions
| diff --git a/openssl/crypto/rc4/asm/rc4-586.pl b/openssl/crypto/rc4/asm/rc4-586.pl index ef7eee766..38a44a70e 100644 --- a/openssl/crypto/rc4/asm/rc4-586.pl +++ b/openssl/crypto/rc4/asm/rc4-586.pl @@ -1,14 +1,21 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl + +# ==================================================================== +# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ====================================================================  # At some point it became apparent that the original SSLeay RC4 -# assembler implementation performs suboptimaly on latest IA-32 +# assembler implementation performs suboptimally on latest IA-32  # microarchitectures. After re-tuning performance has changed as  # following:  # -# Pentium	+0% -# Pentium III	+17% -# AMD		+52%(*) -# P4		+180%(**) +# Pentium	-10% +# Pentium III	+12% +# AMD		+50%(*) +# P4		+250%(**)  #  # (*)	This number is actually a trade-off:-) It's possible to  #	achieve	+72%, but at the cost of -48% off PIII performance. @@ -17,214 +24,247 @@  #	For reference! This code delivers ~80% of rc4-amd64.pl  #	performance on the same Opteron machine.  # (**)	This number requires compressed key schedule set up by -#	RC4_set_key and therefore doesn't apply to 0.9.7 [option for -#	compressed key schedule is implemented in 0.9.8 and later, -#	see commentary section in rc4_skey.c for further details]. +#	RC4_set_key [see commentary below for further details].  #  #					<appro@fy.chalmers.se> -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm");  require "x86asm.pl";  &asm_init($ARGV[0],"rc4-586.pl"); -$x="eax"; -$y="ebx"; +$xx="eax"; +$yy="ebx";  $tx="ecx";  $ty="edx"; -$in="esi"; -$out="edi"; -$d="ebp"; - -&RC4("RC4"); - -&asm_finish(); - -sub RC4_loop -	{ -	local($n,$p,$char)=@_; - -	&comment("Round $n"); - -	if ($char) -		{ -		if ($p >= 0) -			{ -			 &mov($ty,	&swtmp(2)); -			&cmp($ty,	$in); -			 &jbe(&label("finished")); -			&inc($in); -			} -		else -			{ -			&add($ty,	8); -			 &inc($in); -			&cmp($ty,	$in); -			 &jb(&label("finished")); -			&mov(&swtmp(2),	$ty); -			} -		} -	# Moved out -	# &mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 0; - -	&add(	&LB($y),	&LB($tx)); -	&mov(	$ty,		&DWP(0,$d,$y,4)); -	 # XXX -	&mov(	&DWP(0,$d,$x,4),$ty); -	 &add(	$ty,		$tx); -	&mov(	&DWP(0,$d,$y,4),$tx); -	 &and(	$ty,		0xff); -	 &inc(	&LB($x));			# NEXT ROUND -	&mov(	$tx,		&DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND -	 &mov(	$ty,		&DWP(0,$d,$ty,4)); - -	if (!$char) -		{ -		#moved up into last round -		if ($p >= 1) -			{ -			&add(	$out,	8) -			} -		&movb(	&BP($n,"esp","",0),	&LB($ty)); -		} -	else -		{ -		# Note in+=8 has occured -		&movb(	&HB($ty),	&BP(-1,$in,"",0)); -		 # XXX -		&xorb(&LB($ty),		&HB($ty)); -		 # XXX -		&movb(&BP($n,$out,"",0),&LB($ty)); -		} +$inp="esi"; +$out="ebp"; +$dat="edi"; + +sub RC4_loop { +  my $i=shift; +  my $func = ($i==0)?*mov:*or; + +	&add	(&LB($yy),&LB($tx)); +	&mov	($ty,&DWP(0,$dat,$yy,4)); +	&mov	(&DWP(0,$dat,$yy,4),$tx); +	&mov	(&DWP(0,$dat,$xx,4),$ty); +	&add	($ty,$tx); +	&inc	(&LB($xx)); +	&and	($ty,0xff); +	&ror	($out,8)	if ($i!=0); +	if ($i<3) { +	  &mov	($tx,&DWP(0,$dat,$xx,4)); +	} else { +	  &mov	($tx,&wparam(3));	# reload [re-biased] out  	} - - -sub RC4 -	{ -	local($name)=@_; - -	&function_begin_B($name,""); - -	&mov($ty,&wparam(1));		# len -	&cmp($ty,0); -	&jne(&label("proceed")); -	&ret(); -	&set_label("proceed"); - -	&comment(""); - -	&push("ebp"); -	 &push("ebx"); -	&push("esi"); -	 &xor(	$x,	$x);		# avoid partial register stalls -	&push("edi"); -	 &xor(	$y,	$y);		# avoid partial register stalls -	&mov(	$d,	&wparam(0));	# key -	 &mov(	$in,	&wparam(2)); - -	&movb(	&LB($x),	&BP(0,$d,"",1)); -	 &movb(	&LB($y),	&BP(4,$d,"",1)); - -	&mov(	$out,	&wparam(3)); -	 &inc(	&LB($x)); - -	&stack_push(3);	# 3 temp variables -	 &add(	$d,	8); - -	# detect compressed schedule, see commentary section in rc4_skey.c... -	# in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant, -	# as compressed key schedule is set up in 0.9.8 and later. -	&cmp(&DWP(256,$d),-1); -	&je(&label("RC4_CHAR")); - -	 &lea(	$ty,	&DWP(-8,$ty,$in)); - -	# check for 0 length input - -	 &mov(	&swtmp(2),	$ty);	# this is now address to exit at -	&mov(	$tx,	&DWP(0,$d,$x,4)); - -	 &cmp(	$ty,	$in); -	&jb(	&label("end")); # less than 8 bytes - -	&set_label("start"); - -	# filling DELAY SLOT -	&add(	$in,	8); - -	&RC4_loop(0,-1,0); -	&RC4_loop(1,0,0); -	&RC4_loop(2,0,0); -	&RC4_loop(3,0,0); -	&RC4_loop(4,0,0); -	&RC4_loop(5,0,0); -	&RC4_loop(6,0,0); -	&RC4_loop(7,1,0); -	 -	&comment("apply the cipher text"); -	# xor the cipher data with input - -	#&add(	$out,	8); #moved up into last round - -	&mov(	$tx,	&swtmp(0)); -	 &mov(	$ty,	&DWP(-8,$in,"",0)); -	&xor(	$tx,	$ty); -	 &mov(	$ty,	&DWP(-4,$in,"",0));  -	&mov(	&DWP(-8,$out,"",0),	$tx); -	 &mov(	$tx,	&swtmp(1)); -	&xor(	$tx,	$ty); -	 &mov(	$ty,	&swtmp(2));	# load end ptr; -	&mov(	&DWP(-4,$out,"",0),	$tx); -	 &mov(	$tx,		&DWP(0,$d,$x,4)); -	&cmp($in,	$ty); -	 &jbe(&label("start")); - -	&set_label("end"); - -	# There is quite a bit of extra crap in RC4_loop() for this -	# first round -	&RC4_loop(0,-1,1); -	&RC4_loop(1,0,1); -	&RC4_loop(2,0,1); -	&RC4_loop(3,0,1); -	&RC4_loop(4,0,1); -	&RC4_loop(5,0,1); -	&RC4_loop(6,1,1); - -	&jmp(&label("finished")); - -	&align(16); -	# this is essentially Intel P4 specific codepath, see rc4_skey.c, -	# and is engaged in 0.9.8 and later context... -	&set_label("RC4_CHAR"); - -	&lea	($ty,&DWP(0,$in,$ty)); -	&mov	(&swtmp(2),$ty); -	&movz	($tx,&BP(0,$d,$x)); - +	&$func	($out,&DWP(0,$dat,$ty,4)); +} + +# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out); +&function_begin("RC4"); +	&mov	($dat,&wparam(0));	# load key schedule pointer +	&mov	($ty, &wparam(1));	# load len +	&mov	($inp,&wparam(2));	# load inp +	&mov	($out,&wparam(3));	# load out + +	&xor	($xx,$xx);		# avoid partial register stalls +	&xor	($yy,$yy); + +	&cmp	($ty,0);		# safety net +	&je	(&label("abort")); + +	&mov	(&LB($xx),&BP(0,$dat));	# load key->x +	&mov	(&LB($yy),&BP(4,$dat));	# load key->y +	&add	($dat,8); + +	&lea	($tx,&DWP(0,$inp,$ty)); +	&sub	($out,$inp);		# re-bias out +	&mov	(&wparam(1),$tx);	# save input+len + +	&inc	(&LB($xx)); + +	# detect compressed key schedule... +	&cmp	(&DWP(256,$dat),-1); +	&je	(&label("RC4_CHAR")); + +	&mov	($tx,&DWP(0,$dat,$xx,4)); + +	&and	($ty,-4);		# how many 4-byte chunks? +	&jz	(&label("loop1")); + +	&lea	($ty,&DWP(-4,$inp,$ty)); +	&mov	(&wparam(2),$ty);	# save input+(len/4)*4-4 +	&mov	(&wparam(3),$out);	# $out as accumulator in this loop + +	&set_label("loop4",16); +		for ($i=0;$i<4;$i++) { RC4_loop($i); } +		&ror	($out,8); +		&xor	($out,&DWP(0,$inp)); +		&cmp	($inp,&wparam(2));	# compare to input+(len/4)*4-4 +		&mov	(&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here +		&lea	($inp,&DWP(4,$inp)); +		&mov	($tx,&DWP(0,$dat,$xx,4)); +	&jb	(&label("loop4")); + +	&cmp	($inp,&wparam(1));	# compare to input+len +	&je	(&label("done")); +	&mov	($out,&wparam(3));	# restore $out + +	&set_label("loop1",16); +		&add	(&LB($yy),&LB($tx)); +		&mov	($ty,&DWP(0,$dat,$yy,4)); +		&mov	(&DWP(0,$dat,$yy,4),$tx); +		&mov	(&DWP(0,$dat,$xx,4),$ty); +		&add	($ty,$tx); +		&inc	(&LB($xx)); +		&and	($ty,0xff); +		&mov	($ty,&DWP(0,$dat,$ty,4)); +		&xor	(&LB($ty),&BP(0,$inp)); +		&lea	($inp,&DWP(1,$inp)); +		&mov	($tx,&DWP(0,$dat,$xx,4)); +		&cmp	($inp,&wparam(1));	# compare to input+len +		&mov	(&BP(-1,$out,$inp),&LB($ty)); +	&jb	(&label("loop1")); + +	&jmp	(&label("done")); + +# this is essentially Intel P4 specific codepath... +&set_label("RC4_CHAR",16); +	&movz	($tx,&BP(0,$dat,$xx));  	# strangely enough unrolled loop performs over 20% slower... -	&set_label("RC4_CHAR_loop"); -		&add	(&LB($y),&LB($tx)); -		&movz	($ty,&BP(0,$d,$y)); -		&movb	(&BP(0,$d,$y),&LB($tx)); -		&movb	(&BP(0,$d,$x),&LB($ty)); +	&set_label("cloop1"); +		&add	(&LB($yy),&LB($tx)); +		&movz	($ty,&BP(0,$dat,$yy)); +		&mov	(&BP(0,$dat,$yy),&LB($tx)); +		&mov	(&BP(0,$dat,$xx),&LB($ty));  		&add	(&LB($ty),&LB($tx)); -		&movz	($ty,&BP(0,$d,$ty)); -		&add	(&LB($x),1); -		&xorb	(&LB($ty),&BP(0,$in)); -		&lea	($in,&DWP(1,$in)); -		&movz	($tx,&BP(0,$d,$x)); -		&cmp	($in,&swtmp(2)); -		&movb	(&BP(0,$out),&LB($ty)); -		&lea	($out,&DWP(1,$out)); -	&jb	(&label("RC4_CHAR_loop")); - -	&set_label("finished"); -	&dec(	$x); -	 &stack_pop(3); -	&movb(	&BP(-4,$d,"",0),&LB($y)); -	 &movb(	&BP(-8,$d,"",0),&LB($x)); - -	&function_end($name); -	} +		&movz	($ty,&BP(0,$dat,$ty)); +		&add	(&LB($xx),1); +		&xor	(&LB($ty),&BP(0,$inp)); +		&lea	($inp,&DWP(1,$inp)); +		&movz	($tx,&BP(0,$dat,$xx)); +		&cmp	($inp,&wparam(1)); +		&mov	(&BP(-1,$out,$inp),&LB($ty)); +	&jb	(&label("cloop1")); + +&set_label("done"); +	&dec	(&LB($xx)); +	&mov	(&BP(-4,$dat),&LB($yy));	# save key->y +	&mov	(&BP(-8,$dat),&LB($xx));	# save key->x +&set_label("abort"); +&function_end("RC4"); + +######################################################################## + +$inp="esi"; +$out="edi"; +$idi="ebp"; +$ido="ecx"; +$idx="edx"; + +&external_label("OPENSSL_ia32cap_P"); + +# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data); +&function_begin("RC4_set_key"); +	&mov	($out,&wparam(0));		# load key +	&mov	($idi,&wparam(1));		# load len +	&mov	($inp,&wparam(2));		# load data +	&picmeup($idx,"OPENSSL_ia32cap_P"); + +	&lea	($out,&DWP(2*4,$out));		# &key->data +	&lea	($inp,&DWP(0,$inp,$idi));	# $inp to point at the end +	&neg	($idi); +	&xor	("eax","eax"); +	&mov	(&DWP(-4,$out),$idi);		# borrow key->y + +	&bt	(&DWP(0,$idx),20);		# check for bit#20 +	&jc	(&label("c1stloop")); + +&set_label("w1stloop",16); +	&mov	(&DWP(0,$out,"eax",4),"eax");	# key->data[i]=i; +	&add	(&LB("eax"),1);			# i++; +	&jnc	(&label("w1stloop")); + +	&xor	($ido,$ido); +	&xor	($idx,$idx); + +&set_label("w2ndloop",16); +	&mov	("eax",&DWP(0,$out,$ido,4)); +	&add	(&LB($idx),&BP(0,$inp,$idi)); +	&add	(&LB($idx),&LB("eax")); +	&add	($idi,1); +	&mov	("ebx",&DWP(0,$out,$idx,4)); +	&jnz	(&label("wnowrap")); +	  &mov	($idi,&DWP(-4,$out)); +	&set_label("wnowrap"); +	&mov	(&DWP(0,$out,$idx,4),"eax"); +	&mov	(&DWP(0,$out,$ido,4),"ebx"); +	&add	(&LB($ido),1); +	&jnc	(&label("w2ndloop")); +&jmp	(&label("exit")); + +# Unlike all other x86 [and x86_64] implementations, Intel P4 core +# [including EM64T] was found to perform poorly with above "32-bit" key +# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded +# assembler turned out to be 3.5x if re-coded for compressed 8-bit one, +# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit +# schedule for x86[_64], because non-P4 implementations suffer from +# significant performance losses then, e.g. PIII exhibits >2x +# deterioration, and so does Opteron. In order to assure optimal +# all-round performance, we detect P4 at run-time and set up compressed +# key schedule, which is recognized by RC4 procedure. + +&set_label("c1stloop",16); +	&mov	(&BP(0,$out,"eax"),&LB("eax"));	# key->data[i]=i; +	&add	(&LB("eax"),1);			# i++; +	&jnc	(&label("c1stloop")); + +	&xor	($ido,$ido); +	&xor	($idx,$idx); +	&xor	("ebx","ebx"); + +&set_label("c2ndloop",16); +	&mov	(&LB("eax"),&BP(0,$out,$ido)); +	&add	(&LB($idx),&BP(0,$inp,$idi)); +	&add	(&LB($idx),&LB("eax")); +	&add	($idi,1); +	&mov	(&LB("ebx"),&BP(0,$out,$idx)); +	&jnz	(&label("cnowrap")); +	  &mov	($idi,&DWP(-4,$out)); +	&set_label("cnowrap"); +	&mov	(&BP(0,$out,$idx),&LB("eax")); +	&mov	(&BP(0,$out,$ido),&LB("ebx")); +	&add	(&LB($ido),1); +	&jnc	(&label("c2ndloop")); + +	&mov	(&DWP(256,$out),-1);		# mark schedule as compressed + +&set_label("exit"); +	&xor	("eax","eax"); +	&mov	(&DWP(-8,$out),"eax");		# key->x=0; +	&mov	(&DWP(-4,$out),"eax");		# key->y=0; +&function_end("RC4_set_key"); + +# const char *RC4_options(void); +&function_begin_B("RC4_options"); +	&call	(&label("pic_point")); +&set_label("pic_point"); +	&blindpop("eax"); +	&lea	("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax")); +	&picmeup("edx","OPENSSL_ia32cap_P"); +	&bt	(&DWP(0,"edx"),20); +	&jnc	(&label("skip")); +	  &add	("eax",12); +	&set_label("skip"); +	&ret	(); +&set_label("opts",64); +&asciz	("rc4(4x,int)"); +&asciz	("rc4(1x,char)"); +&asciz	("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>"); +&align	(64); +&function_end_B("RC4_options"); + +&asm_finish(); | 
