10 #ifndef CRYPTOPP_IMPORTS
11 #ifndef CRYPTOPP_GENERATE_X64_MASM
17 NAMESPACE_BEGIN(CryptoPP)
21 #define blk0(i) (W[i] = data[i])
22 #define blk1(i) (W[i&15] = rotlFixed(W[(i+13)&15]^W[(i+8)&15]^W[(i+2)&15]^W[i&15],1))
24 void SHA1::InitState(HashWordType *state)
26 state[0] = 0x67452301L;
27 state[1] = 0xEFCDAB89L;
28 state[2] = 0x98BADCFEL;
29 state[3] = 0x10325476L;
30 state[4] = 0xC3D2E1F0L;
33 #define f1(x,y,z) (z^(x&(y^z)))
34 #define f2(x,y,z) (x^y^z)
35 #define f3(x,y,z) ((x&y)|(z&(x|y)))
36 #define f4(x,y,z) (x^y^z)
39 #define R0(v,w,x,y,z,i) z+=f1(w,x,y)+blk0(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30);
40 #define R1(v,w,x,y,z,i) z+=f1(w,x,y)+blk1(i)+0x5A827999+rotlFixed(v,5);w=rotlFixed(w,30);
41 #define R2(v,w,x,y,z,i) z+=f2(w,x,y)+blk1(i)+0x6ED9EBA1+rotlFixed(v,5);w=rotlFixed(w,30);
42 #define R3(v,w,x,y,z,i) z+=f3(w,x,y)+blk1(i)+0x8F1BBCDC+rotlFixed(v,5);w=rotlFixed(w,30);
43 #define R4(v,w,x,y,z,i) z+=f4(w,x,y)+blk1(i)+0xCA62C1D6+rotlFixed(v,5);w=rotlFixed(w,30);
45 void SHA1::Transform(word32 *state,
const word32 *data)
55 R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
56 R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
57 R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
58 R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
59 R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
60 R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
61 R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
62 R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
63 R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
64 R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
65 R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
66 R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
67 R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
68 R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
69 R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
70 R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
71 R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
72 R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
73 R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
74 R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
87 void SHA224::InitState(HashWordType *state)
89 static const word32 s[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4};
90 memcpy(state, s,
sizeof(s));
93 void SHA256::InitState(HashWordType *state)
95 static const word32 s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
96 memcpy(state, s,
sizeof(s));
99 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
100 CRYPTOPP_ALIGN_DATA(16) extern const word32 SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {
102 extern const word32 SHA256_K[64] = {
104 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
105 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
106 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
107 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
108 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
109 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
110 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
111 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
112 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
113 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
114 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
115 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
116 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
117 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
118 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
119 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
122 #endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
124 #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM)
126 #pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code
128 static void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state,
const word32 *data,
size_t len
129 #
if defined(_MSC_VER) && (_MSC_VER == 1200)
134 #if defined(_MSC_VER) && (_MSC_VER == 1200)
135 AS2(mov ecx, [state])
139 #define LOCALS_SIZE 8*4 + 16*4 + 4*WORD_SZ
140 #define H(i) [BASE+ASM_MOD(1024+7-(i),8)*4]
148 #define Wt(i) BASE+8*4+ASM_MOD(1024+15-(i),16)*4
149 #define Wt_2(i) Wt((i)-2)
150 #define Wt_15(i) Wt((i)-15)
151 #define Wt_7(i) Wt((i)-7)
152 #define K_END [BASE+8*4+16*4+0*WORD_SZ]
153 #define STATE_SAVE [BASE+8*4+16*4+1*WORD_SZ]
154 #define DATA_SAVE [BASE+8*4+16*4+2*WORD_SZ]
155 #define DATA_END [BASE+8*4+16*4+3*WORD_SZ]
156 #define Kt(i) WORD_REG(si)+(i)*4
157 #if CRYPTOPP_BOOL_X86
159 #elif defined(__GNUC__)
165 #define RA0(i, edx, edi) \
166 AS2( add edx, [Kt(i)] )\
167 AS2( add edx, [Wt(i)] )\
168 AS2( add edx, H(i) )\
170 #define RA1(i, edx, edi)
172 #define RB0(i, edx, edi)
174 #define RB1(i, edx, edi) \
175 AS2( mov AS_REG_7d, [Wt_2(i)] )\
176 AS2( mov edi, [Wt_15(i)])\
177 AS2( mov ebx, AS_REG_7d )\
178 AS2( shr AS_REG_7d, 10 )\
180 AS2( xor AS_REG_7d, ebx )\
182 AS2( xor ebx, AS_REG_7d )\
183 AS2( add ebx, [Wt_7(i)])\
184 AS2( mov AS_REG_7d, edi )\
185 AS2( shr AS_REG_7d, 3 )\
187 AS2( add ebx, [Wt(i)])\
188 AS2( xor AS_REG_7d, edi )\
189 AS2( add edx, [Kt(i)])\
191 AS2( add edx, H(i) )\
192 AS2( xor AS_REG_7d, edi )\
193 AS2( add AS_REG_7d, ebx )\
194 AS2( mov [Wt(i)], AS_REG_7d)\
195 AS2( add edx, AS_REG_7d )\
197 #define ROUND(i, r, eax, ecx, edi, edx)\
200 AS2( mov edx, F(i) )\
201 AS2( xor edx, G(i) )\
203 AS2( xor edx, G(i) )\
204 AS2( mov AS_REG_7d, edi )\
206 AS2( ror AS_REG_7d, 25 )\
208 AS2( xor AS_REG_7d, edi )\
210 AS2( xor AS_REG_7d, edi )\
211 AS2( add edx, AS_REG_7d )\
216 AS2( xor ecx, B(i) )\
218 AS2( xor eax, B(i) )\
219 AS2( mov AS_REG_7d, ebx )\
222 AS2( add edx, D(i) )\
223 AS2( mov D(i), edx )\
224 AS2( ror AS_REG_7d, 22 )\
225 AS2( xor AS_REG_7d, ebx )\
227 AS2( xor AS_REG_7d, ebx )\
228 AS2( add eax, AS_REG_7d )\
229 AS2( mov H(i), eax )\
231 #define SWAP_COPY(i) \
232 AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\
233 AS1( bswap WORD_REG(bx))\
234 AS2( mov [Wt(i*(1+CRYPTOPP_BOOL_X64)+CRYPTOPP_BOOL_X64)], WORD_REG(bx))
236 #if defined(__GNUC__)
237 #if CRYPTOPP_BOOL_X64
242 #
if CRYPTOPP_BOOL_X64
245 ".intel_syntax noprefix;"
246 #elif defined(CRYPTOPP_GENERATE_X64_MASM)
248 X86_SHA256_HashBlocks PROC FRAME
253 alloc_stack(LOCALS_SIZE+8)
256 lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4]
259 #
if CRYPTOPP_BOOL_X86
262 AS2( lea WORD_REG(si), [SHA256_K+48*4])
264 #
if !defined(_MSC_VER) || (_MSC_VER < 1400)
271 AS2( sub WORD_REG(sp), LOCALS_SIZE)
274 AS2( mov STATE_SAVE, WORD_REG(cx))
275 AS2( mov DATA_SAVE, WORD_REG(dx))
276 AS2( lea WORD_REG(ax), [WORD_REG(di) + WORD_REG(dx)])
277 AS2( mov DATA_END, WORD_REG(ax))
278 AS2( mov K_END, WORD_REG(si))
280 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
281 #
if CRYPTOPP_BOOL_X86
284 AS1( dec DWORD PTR K_END)
286 AS2( movdqa xmm0, XMMWORD_PTR [WORD_REG(cx)+0*16])
287 AS2( movdqa xmm1, XMMWORD_PTR [WORD_REG(cx)+1*16])
290 #
if CRYPTOPP_BOOL_X86
291 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
303 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
305 AS2( movdqa E(0), xmm1)
306 AS2( movdqa A(0), xmm0)
308 #
if CRYPTOPP_BOOL_X86
311 AS2( sub WORD_REG(si), 48*4)
312 SWAP_COPY(0) SWAP_COPY(1) SWAP_COPY(2) SWAP_COPY(3)
313 SWAP_COPY(4) SWAP_COPY(5) SWAP_COPY(6) SWAP_COPY(7)
314 #
if CRYPTOPP_BOOL_X86
315 SWAP_COPY(8) SWAP_COPY(9) SWAP_COPY(10) SWAP_COPY(11)
316 SWAP_COPY(12) SWAP_COPY(13) SWAP_COPY(14) SWAP_COPY(15)
323 ROUND(0, 0, eax, ecx, edi, edx)
324 ROUND(1, 0, ecx, eax, edx, edi)
325 ROUND(2, 0, eax, ecx, edi, edx)
326 ROUND(3, 0, ecx, eax, edx, edi)
327 ROUND(4, 0, eax, ecx, edi, edx)
328 ROUND(5, 0, ecx, eax, edx, edi)
329 ROUND(6, 0, eax, ecx, edi, edx)
330 ROUND(7, 0, ecx, eax, edx, edi)
331 ROUND(8, 0, eax, ecx, edi, edx)
332 ROUND(9, 0, ecx, eax, edx, edi)
333 ROUND(10, 0, eax, ecx, edi, edx)
334 ROUND(11, 0, ecx, eax, edx, edi)
335 ROUND(12, 0, eax, ecx, edi, edx)
336 ROUND(13, 0, ecx, eax, edx, edi)
337 ROUND(14, 0, eax, ecx, edi, edx)
338 ROUND(15, 0, ecx, eax, edx, edi)
341 AS2(add WORD_REG(si), 4*16)
342 ROUND(0, 1, eax, ecx, edi, edx)
343 ROUND(1, 1, ecx, eax, edx, edi)
344 ROUND(2, 1, eax, ecx, edi, edx)
345 ROUND(3, 1, ecx, eax, edx, edi)
346 ROUND(4, 1, eax, ecx, edi, edx)
347 ROUND(5, 1, ecx, eax, edx, edi)
348 ROUND(6, 1, eax, ecx, edi, edx)
349 ROUND(7, 1, ecx, eax, edx, edi)
350 ROUND(8, 1, eax, ecx, edi, edx)
351 ROUND(9, 1, ecx, eax, edx, edi)
352 ROUND(10, 1, eax, ecx, edi, edx)
353 ROUND(11, 1, ecx, eax, edx, edi)
354 ROUND(12, 1, eax, ecx, edi, edx)
355 ROUND(13, 1, ecx, eax, edx, edi)
356 ROUND(14, 1, eax, ecx, edi, edx)
357 ROUND(15, 1, ecx, eax, edx, edi)
358 AS2( cmp WORD_REG(si), K_END)
361 AS2( mov WORD_REG(dx), DATA_SAVE)
362 AS2( add WORD_REG(dx), 64)
363 AS2( mov AS_REG_7, STATE_SAVE)
364 AS2( mov DATA_SAVE, WORD_REG(dx))
366 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
367 #
if CRYPTOPP_BOOL_X86
368 AS2( test DWORD PTR K_END, 1)
371 AS2( movdqa xmm1, XMMWORD_PTR [AS_REG_7+1*16])
372 AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_7+0*16])
373 AS2( paddd xmm1, E(0))
374 AS2( paddd xmm0, A(0))
375 AS2( movdqa [AS_REG_7+1*16], xmm1)
376 AS2( movdqa [AS_REG_7+0*16], xmm0)
377 AS2( cmp WORD_REG(dx), DATA_END)
381 #
if CRYPTOPP_BOOL_X86
382 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
386 AS2( add [AS_REG_7+0*4], ecx)
387 AS2( add [AS_REG_7+4*4], edi)
391 AS2( add [AS_REG_7+1*4], eax)
392 AS2( add [AS_REG_7+2*4], ebx)
393 AS2( add [AS_REG_7+3*4], ecx)
397 AS2( add [AS_REG_7+5*4], eax)
398 AS2( add [AS_REG_7+6*4], ebx)
399 AS2( add [AS_REG_7+7*4], ecx)
400 AS2( mov ecx, AS_REG_7d)
401 AS2( cmp WORD_REG(dx), DATA_END)
403 #
if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
410 #
if !defined(_MSC_VER) || (_MSC_VER < 1400)
414 #ifdef CRYPTOPP_GENERATE_X64_MASM
415 add rsp, LOCALS_SIZE+8
421 X86_SHA256_HashBlocks ENDP
425 ".att_syntax prefix;"
427 :
"c" (state),
"d" (data),
"S" (SHA256_K+48),
"D" (len)
428 #
if CRYPTOPP_BOOL_X64
431 :
"memory",
"cc",
"%eax"
432 #
if CRYPTOPP_BOOL_X64
433 ,
"%rbx",
"%r8",
"%r10"
439 #endif // #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM)
441 #ifndef CRYPTOPP_GENERATE_X64_MASM
443 #ifdef CRYPTOPP_X64_MASM_AVAILABLE
445 void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(word32 *state,
const word32 *data,
size_t len);
449 #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)
451 size_t SHA256::HashMultipleBlocks(
const word32 *input,
size_t length)
453 X86_SHA256_HashBlocks(m_state, input, (length&(
size_t(0)-BLOCKSIZE)) - !HasSSE2());
454 return length % BLOCKSIZE;
457 size_t SHA224::HashMultipleBlocks(
const word32 *input,
size_t length)
459 X86_SHA256_HashBlocks(m_state, input, (length&(
size_t(0)-BLOCKSIZE)) - !HasSSE2());
460 return length % BLOCKSIZE;
465 #define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
467 #define Ch(x,y,z) (z^(x&(y^z)))
468 #define Maj(x,y,z) (y^((x^y)&(y^z)))
470 #define a(i) T[(0-i)&7]
471 #define b(i) T[(1-i)&7]
472 #define c(i) T[(2-i)&7]
473 #define d(i) T[(3-i)&7]
474 #define e(i) T[(4-i)&7]
475 #define f(i) T[(5-i)&7]
476 #define g(i) T[(6-i)&7]
477 #define h(i) T[(7-i)&7]
479 #define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i));\
480 d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
483 #define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
484 #define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
485 #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
486 #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
488 void SHA256::Transform(word32 *state,
const word32 *data)
491 #if defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)
493 ByteReverse(W, data, BLOCKSIZE);
494 X86_SHA256_HashBlocks(state, W, BLOCKSIZE - !HasSSE2());
498 memcpy(T, state,
sizeof(T));
500 for (
unsigned int j=0; j<64; j+=16)
502 R( 0); R( 1); R( 2); R( 3);
503 R( 4); R( 5); R( 6); R( 7);
504 R( 8); R( 9); R(10); R(11);
505 R(12); R(13); R(14); R(15);
602 void SHA384::InitState(HashWordType *state)
604 static const word64 s[8] = {
605 W64LIT(0xcbbb9d5dc1059ed8), W64LIT(0x629a292a367cd507),
606 W64LIT(0x9159015a3070dd17), W64LIT(0x152fecd8f70e5939),
607 W64LIT(0x67332667ffc00b31), W64LIT(0x8eb44a8768581511),
608 W64LIT(0xdb0c2e0d64f98fa7), W64LIT(0x47b5481dbefa4fa4)};
609 memcpy(state, s,
sizeof(s));
612 void SHA512::InitState(HashWordType *state)
614 static const word64 s[8] = {
615 W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b),
616 W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1),
617 W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f),
618 W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179)};
619 memcpy(state, s,
sizeof(s));
622 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
623 CRYPTOPP_ALIGN_DATA(16) static const word64 SHA512_K[80] CRYPTOPP_SECTION_ALIGN16 = {
625 static const word64 SHA512_K[80] = {
627 W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd),
628 W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc),
629 W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019),
630 W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118),
631 W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe),
632 W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2),
633 W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1),
634 W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694),
635 W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3),
636 W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65),
637 W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483),
638 W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5),
639 W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210),
640 W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4),
641 W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725),
642 W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70),
643 W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926),
644 W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df),
645 W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8),
646 W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b),
647 W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001),
648 W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30),
649 W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910),
650 W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8),
651 W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53),
652 W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8),
653 W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb),
654 W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3),
655 W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60),
656 W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec),
657 W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9),
658 W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b),
659 W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207),
660 W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178),
661 W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6),
662 W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b),
663 W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493),
664 W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c),
665 W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a),
666 W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817)
669 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
671 CRYPTOPP_NAKED
static void CRYPTOPP_FASTCALL SHA512_SSE2_Transform(word64 *state,
const word64 *data)
676 ".intel_syntax noprefix;"
683 AS2( lea ebx, SHA512_K)
687 AS2( and esp, 0xfffffff0)
691 AS2( lea edi, [esp+4+8*8])
692 AS2( lea esi, [esp+4+20*8+8])
694 AS2( movdqa xmm0, [ecx+0*16])
695 AS2( movdq2q mm4, xmm0)
696 AS2( movdqa [edi+0*16], xmm0)
697 AS2( movdqa xmm0, [ecx+1*16])
698 AS2( movdqa [edi+1*16], xmm0)
699 AS2( movdqa xmm0, [ecx+2*16])
700 AS2( movdq2q mm5, xmm0)
701 AS2( movdqa [edi+2*16], xmm0)
702 AS2( movdqa xmm0, [ecx+3*16])
703 AS2( movdqa [edi+3*16], xmm0)
706 #define SSE2_S0_S1(r, a, b, c) \
710 AS2( psllq mm6, 64-c)\
714 AS2( psllq mm6, c-b)\
718 AS2( psllq mm6, b-a)\
721 #define SSE2_s0(r, a, b, c) \
722 AS2( movdqa xmm6, r)\
724 AS2( movdqa xmm7, r)\
725 AS2( psllq xmm6, 64-c)\
726 AS2( pxor xmm7, xmm6)\
731 AS2( psllq xmm6, c-a)\
734 #define SSE2_s1(r, a, b, c) \
735 AS2( movdqa xmm6, r)\
737 AS2( movdqa xmm7, r)\
738 AS2( psllq xmm6, 64-c)\
739 AS2( pxor xmm7, xmm6)\
742 AS2( psllq xmm6, c-b)\
743 AS2( pxor xmm7, xmm6)\
749 AS2( paddq mm0, [edi+7*8])
750 AS2( movq mm2, [edi+5*8])
751 AS2( movq mm3, [edi+6*8])
754 SSE2_S0_S1(mm5,14,18,41)
758 AS2( movq mm2, [edi+1*8])
761 AS2( pand mm2, [edi+2*8])
765 AS2( paddq mm5, [edi+3*8])
766 AS2( movq [edi+3*8], mm5)
767 AS2( movq [edi+11*8], mm5)
768 SSE2_S0_S1(mm4,28,34,39)
770 AS2( movq [edi-8], mm4)
771 AS2( movq [edi+7*8], mm4)
776 AS2( movq mm0, [edx+eax*8])
777 AS2( movq [esi+eax*8], mm0)
778 AS2( movq [esi+eax*8+16*8], mm0)
779 AS2( paddq mm0, [ebx+eax*8])
780 ASC( call, SHA512_Round)
790 AS2( movdqu xmm0, [esi+(16-2)*8])
793 AS2( movdqu xmm3, [esi])
794 AS2( paddq xmm3, [esi+(16-7)*8])
795 AS2( movdqa xmm2, [esi+(16-15)*8])
796 SSE2_s1(xmm0, 6, 19, 61)
797 AS2( paddq xmm0, xmm3)
798 SSE2_s0(xmm2, 1, 7, 8)
799 AS2( paddq xmm0, xmm2)
800 AS2( movdq2q mm0, xmm0)
801 AS2( movhlps xmm1, xmm0)
802 AS2( paddq mm0, [ebx+eax*8])
803 AS2( movlps [esi], xmm0)
804 AS2( movlps [esi+8], xmm1)
805 AS2( movlps [esi+8*16], xmm0)
806 AS2( movlps [esi+8*17], xmm1)
808 ASC( call, SHA512_Round)
810 AS2( movdq2q mm0, xmm1)
811 AS2( paddq mm0, [ebx+eax*8+8])
812 ASC( call, SHA512_Round)
822 AS2( lea esi, [esp+4+20*8+8+esi*8])
827 #define SSE2_CombineState(i) \
828 AS2( movdqa xmm0, [edi+i*16])\
829 AS2( paddq xmm0, [ecx+i*16])\
830 AS2( movdqa [ecx+i*16], xmm0)
840 #
if defined(__GNUC__)
842 ".att_syntax prefix;"
844 :
"a" (SHA512_K),
"c" (state),
"d" (data)
845 :
"%esi",
"%edi",
"memory",
"cc"
854 #endif // #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
856 void SHA512::Transform(word64 *state,
const word64 *data)
858 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
861 SHA512_SSE2_Transform(state, data);
866 #define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
867 #define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
868 #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
869 #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
871 #define R(i) h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i));\
872 d(i)+=h(i);h(i)+=S0(a(i))+Maj(a(i),b(i),c(i))
877 memcpy(T, state,
sizeof(T));
879 for (
unsigned int j=0; j<80; j+=16)
881 R( 0); R( 1); R( 2); R( 3);
882 R( 4); R( 5); R( 6); R( 7);
883 R( 8); R( 9); R(10); R(11);
884 R(12); R(13); R(14); R(15);
899 #endif // #ifndef CRYPTOPP_GENERATE_X64_MASM
900 #endif // #ifndef CRYPTOPP_IMPORTS