HeliC829/golang-oerv-backport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: HeliC829:97d643045888d1af2004410365a00bafe1713f47
Branches Tags
HeliC829:oe-go-1.24.2 HeliC829:exp-rv64 HeliC829:rv-sha512 HeliC829:rv-sha256 HeliC829:oe-1.21-v2 HeliC829:oe-1.21-cgo HeliC829:oe-1.21 HeliC829:master HeliC829:rv64-zero HeliC829:oe-go-rva23-v HeliC829:release-branch.go1.23 HeliC829:release-branch.go1.25 HeliC829:release-branch.go1.24 HeliC829:oerv-go-1.24.2 HeliC829:release-branch.go1.22 HeliC829:release-branch.go1.21
...
compare: HeliC829:rv-sha256
Branches Tags
HeliC829:exp-rv64 HeliC829:rv-sha512 HeliC829:rv-sha256 HeliC829:oe-1.21-v2 HeliC829:oe-1.21-cgo HeliC829:oe-1.21 HeliC829:master HeliC829:rv64-zero HeliC829:oe-go-rva23-v HeliC829:oe-go-1.24.2 HeliC829:release-branch.go1.23 HeliC829:release-branch.go1.25 HeliC829:release-branch.go1.24 HeliC829:oerv-go-1.24.2 HeliC829:release-branch.go1.22 HeliC829:release-branch.go1.21

2 Commits
97d6430458 ... rv-sha256

Author SHA1 Message Date
Julian Zhu
a27f6624f7 crypto/sha256: improve performance of riscv64 assembly when Zbb extension available 
When both pointers are aligned and the Zbb extension is available, the REV8 instruction can be used to simplify crypto/sha256.

Change-Id: I989eb7cec947018835462fa5d063a0660594e9f8
 2026-01-02 18:21:56 +08:00
Julian Zhu
611f1dbf82 crypto/sha512: improve performance of riscv64 assembly when Zbb extension available 
When both pointers are aligned and the Zbb extension is available, the REV8 instruction can be used to simplify crypto/sha512.

goos: linux
goarch: riscv64
pkg: crypto/sha512
                    │     old     │                 new                 │
                    │   sec/op    │   sec/op     vs base                │
Hash8Bytes/New-4      1.596µ ± 0%   1.371µ ± 0%  -14.10% (p=0.000 n=10)
Hash8Bytes/Sum384-4   1.872µ ± 0%   1.484µ ± 0%  -20.73% (p=0.000 n=10)
Hash8Bytes/Sum512-4   2.026µ ± 1%   1.492µ ± 0%  -26.34% (p=0.000 n=10)
Hash1K/New-4          9.154µ ± 0%   8.816µ ± 0%   -3.70% (p=0.000 n=10)
Hash1K/Sum384-4       9.394µ ± 0%   8.912µ ± 0%   -5.12% (p=0.000 n=10)
Hash1K/Sum512-4       9.557µ ± 0%   8.925µ ± 0%   -6.62% (p=0.000 n=10)
Hash8K/New-4          62.23µ ± 0%   61.05µ ± 0%   -1.89% (p=0.000 n=10)
Hash8K/Sum384-4       62.46µ ± 0%   61.14µ ± 0%   -2.11% (p=0.000 n=10)
Hash8K/Sum512-4       62.62µ ± 0%   61.15µ ± 0%   -2.34% (p=0.000 n=10)
geomean               10.21µ        9.229µ        -9.65%

                    │     old      │                 new                  │
                    │     B/s      │     B/s       vs base                │
Hash8Bytes/New-4      4.778Mi ± 0%   5.569Mi ± 0%  +16.57% (p=0.000 n=10)
Hash8Bytes/Sum384-4   4.072Mi ± 0%   5.140Mi ± 0%  +26.23% (p=0.000 n=10)
Hash8Bytes/Sum512-4   3.767Mi ± 1%   5.112Mi ± 0%  +35.70% (p=0.000 n=10)
Hash1K/New-4          106.7Mi ± 0%   110.8Mi ± 0%   +3.85% (p=0.000 n=10)
Hash1K/Sum384-4       104.0Mi ± 0%   109.6Mi ± 0%   +5.40% (p=0.000 n=10)
Hash1K/Sum512-4       102.2Mi ± 0%   109.4Mi ± 0%   +7.09% (p=0.000 n=10)
Hash8K/New-4          125.5Mi ± 0%   128.0Mi ± 0%   +1.93% (p=0.000 n=10)
Hash8K/Sum384-4       125.1Mi ± 0%   127.8Mi ± 0%   +2.16% (p=0.000 n=10)
Hash8K/Sum512-4       124.8Mi ± 0%   127.7Mi ± 0%   +2.40% (p=0.000 n=10)
geomean               37.94Mi        41.99Mi       +10.70%

Change-Id: Icb9cdec11ce178689b0ec961e23cf3991dadd4b5
 2026-01-02 18:21:56 +08:00
7 changed files with 423 additions and 202 deletions
Expand all files Collapse all files

2
src/crypto/internal/fips140/sha256/sha256block_asm.go
View File

@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build (386 || loong64 || riscv64) && !purego
//go:build (386 || loong64) && !purego
package sha256

41
src/crypto/internal/fips140/sha256/sha256block_riscv64.go Normal file
View File

@@ -0,0 +1,41 @@
// Copyright 2025 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !purego
package sha256
import (
"crypto/internal/fips140deps/cpu"
"crypto/internal/impl"
"unsafe"
)
const wordSize = unsafe.Sizeof(uint32(0))
// TODO(juliaj): use Zvknha when available.
var useZbb = cpu.RISCV64HasZbb
func init() {
impl.Register("sha256", "Zbb", &useZbb)
}
func aligned(p []byte) bool {
return (uintptr(unsafe.Pointer(&p[0]))&(wordSize-1)) == 0
}
//go:noescape
func blockZbb(dig *Digest, p []byte)
//go:noescape
func blockAsm(dig *Digest, p []byte)
func block(dig *Digest, p []byte) {
if aligned(p) && useZbb {
blockZbb(dig, p)
} else {
blockAsm(dig, p)
}
}

253
src/crypto/internal/fips140/sha256/sha256block_riscv64.s
View File

@@ -47,6 +47,12 @@
// H7 = h + H7
// Wt = Mt; for 0 <= t <= 15
#define MSGSCHEDULE0_ZBB(index) \
MOVW ((index*4))(X29), X5; \
REV8 X5, X5; \
SRL $32, X5; \
MOVW X5, (index*4)(X19)
#define MSGSCHEDULE0(index) \
MOVBU ((index*4)+0)(X29), X5; \
MOVBU ((index*4)+1)(X29), X6; \
@@ -133,15 +139,131 @@
MSGSCHEDULE0(index); \
SHA256ROUND(index, a, b, c, d, e, f, g, h)
#define SHA256ROUND0_ZBB(index, a, b, c, d, e, f, g, h) \
MSGSCHEDULE0_ZBB(index); \
SHA256ROUND(index, a, b, c, d, e, f, g, h)
#define SHA256ROUND1(index, a, b, c, d, e, f, g, h) \
MSGSCHEDULE1(index); \
SHA256ROUND(index, a, b, c, d, e, f, g, h)
#define SHA256ROUND0_0_15() \
SHA256ROUND0(0, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND0(1, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND0(2, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND0(3, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND0(4, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND0(5, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND0(6, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND0(7, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND0(8, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND0(9, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND0(10, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND0(11, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND0(12, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND0(13, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND0(14, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND0(15, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA256ROUND0_ZBB_0_15() \
SHA256ROUND0_ZBB(0, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND0_ZBB(1, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND0_ZBB(2, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND0_ZBB(3, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND0_ZBB(4, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND0_ZBB(5, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND0_ZBB(6, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND0_ZBB(7, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND0_ZBB(8, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND0_ZBB(9, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND0_ZBB(10, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND0_ZBB(11, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND0_ZBB(12, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND0_ZBB(13, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND0_ZBB(14, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND0_ZBB(15, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA256ROUND1_16_79() \
SHA256ROUND1(16, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(17, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(18, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(19, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(20, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(21, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(22, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(23, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND1(24, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(25, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(26, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(27, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(28, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(29, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(30, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(31, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND1(32, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(33, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(34, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(35, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(36, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(37, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(38, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(39, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND1(40, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(41, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(42, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(43, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(44, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(45, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(46, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(47, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND1(48, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(49, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(50, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(51, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(52, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(53, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(54, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(55, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA256ROUND1(56, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA256ROUND1(57, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA256ROUND1(58, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA256ROUND1(59, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA256ROUND1(60, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA256ROUND1(61, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA256ROUND1(62, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA256ROUND1(63, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA256UPDATEHASH() \
MOVWU (0*4)(X20), X5 \
MOVWU (1*4)(X20), X6 \
MOVWU (2*4)(X20), X7 \
MOVWU (3*4)(X20), X8 \
ADD X5, X10 \
ADD X6, X11 \
ADD X7, X12 \
ADD X8, X13 \
MOVW X10, (0*4)(X20) \
MOVW X11, (1*4)(X20) \
MOVW X12, (2*4)(X20) \
MOVW X13, (3*4)(X20) \
MOVWU (4*4)(X20), X5 \
MOVWU (5*4)(X20), X6 \
MOVWU (6*4)(X20), X7 \
MOVWU (7*4)(X20), X8 \
ADD X5, X14 \
ADD X6, X15 \
ADD X7, X16 \
ADD X8, X17 \
MOVW X14, (4*4)(X20) \
MOVW X15, (5*4)(X20) \
MOVW X16, (6*4)(X20) \
MOVW X17, (7*4)(X20)
// Note that 64 bytes of stack space is used as a circular buffer
// for the message schedule (4 bytes * 16 entries).
//
// func block(dig *Digest, p []byte)
TEXT ·block(SB),0,$64-32
// func blockAsm(dig *Digest, p []byte)
TEXT ·blockAsm(SB),0,$64-32
MOV p_base+8(FP), X29
MOV p_len+16(FP), X30
SRL $6, X30
@@ -164,96 +286,43 @@ TEXT ·block(SB),0,$64-32
MOVWU (7*4)(X20), X17 // h = H7
loop:
SHA256ROUND0(0, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND0(1, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND0(2, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND0(3, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND0(4, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND0(5, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND0(6, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND0(7, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND0(8, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND0(9, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND0(10, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND0(11, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND0(12, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND0(13, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND0(14, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND0(15, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(16, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(17, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(18, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(19, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(20, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(21, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(22, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(23, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(24, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(25, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(26, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(27, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(28, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(29, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(30, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(31, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(32, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(33, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(34, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(35, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(36, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(37, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(38, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(39, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(40, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(41, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(42, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(43, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(44, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(45, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(46, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(47, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(48, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(49, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(50, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(51, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(52, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(53, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(54, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(55, X11, X12, X13, X14, X15, X16, X17, X10)
SHA256ROUND1(56, X10, X11, X12, X13, X14, X15, X16, X17)
SHA256ROUND1(57, X17, X10, X11, X12, X13, X14, X15, X16)
SHA256ROUND1(58, X16, X17, X10, X11, X12, X13, X14, X15)
SHA256ROUND1(59, X15, X16, X17, X10, X11, X12, X13, X14)
SHA256ROUND1(60, X14, X15, X16, X17, X10, X11, X12, X13)
SHA256ROUND1(61, X13, X14, X15, X16, X17, X10, X11, X12)
SHA256ROUND1(62, X12, X13, X14, X15, X16, X17, X10, X11)
SHA256ROUND1(63, X11, X12, X13, X14, X15, X16, X17, X10)
MOVWU (0*4)(X20), X5
MOVWU (1*4)(X20), X6
MOVWU (2*4)(X20), X7
MOVWU (3*4)(X20), X8
ADD X5, X10 // H0 = a + H0
ADD X6, X11 // H1 = b + H1
ADD X7, X12 // H2 = c + H2
ADD X8, X13 // H3 = d + H3
MOVW X10, (0*4)(X20)
MOVW X11, (1*4)(X20)
MOVW X12, (2*4)(X20)
MOVW X13, (3*4)(X20)
MOVWU (4*4)(X20), X5
MOVWU (5*4)(X20), X6
MOVWU (6*4)(X20), X7
MOVWU (7*4)(X20), X8
ADD X5, X14 // H4 = e + H4
ADD X6, X15 // H5 = f + H5
ADD X7, X16 // H6 = g + H6
ADD X8, X17 // H7 = h + H7
MOVW X14, (4*4)(X20)
MOVW X15, (5*4)(X20)
MOVW X16, (6*4)(X20)
MOVW X17, (7*4)(X20)
SHA256ROUND0_0_15()
SHA256ROUND1_16_79()
SHA256UPDATEHASH()
ADD $64, X29
BNE X28, X29, loop
end:
RET
// func blockZbb(dig *Digest, p []byte)
TEXT ·blockZbb(SB),0,$64-32
MOV p_base+8(FP), X29
MOV p_len+16(FP), X30
SRL $6, X30
SLL $6, X30
ADD X29, X30, X28
BEQ X28, X29, end
MOV $·_K(SB), X18 // const table
ADD $8, X2, X19 // message schedule
MOV dig+0(FP), X20
MOVWU (0*4)(X20), X10 // a = H0
MOVWU (1*4)(X20), X11 // b = H1
MOVWU (2*4)(X20), X12 // c = H2
MOVWU (3*4)(X20), X13 // d = H3
MOVWU (4*4)(X20), X14 // e = H4
MOVWU (5*4)(X20), X15 // f = H5
MOVWU (6*4)(X20), X16 // g = H6
MOVWU (7*4)(X20), X17 // h = H7
loop:
SHA256ROUND0_ZBB_0_15()
SHA256ROUND1_16_79()
SHA256UPDATEHASH()
ADD $64, X29
BNE X28, X29, loop

2
src/crypto/internal/fips140/sha512/sha512block_asm.go
View File

@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build (loong64 || riscv64) && !purego
//go:build loong64 && !purego
package sha512

41
src/crypto/internal/fips140/sha512/sha512block_riscv64.go Normal file
View File

@@ -0,0 +1,41 @@
// Copyright 2025 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !purego
package sha512
import (
"crypto/internal/fips140deps/cpu"
"crypto/internal/impl"
"unsafe"
)
const wordSize = unsafe.Sizeof(uintptr(0))
// TODO(juliaj): use Zvknhb when available.
var useZbb = cpu.RISCV64HasZbb
func init() {
impl.Register("sha512", "Zbb", &useZbb)
}
func aligned(p []byte) bool {
return (uintptr(unsafe.Pointer(&p[0]))&(wordSize-1)) == 0
}
//go:noescape
func blockZbb(dig *Digest, p []byte)
//go:noescape
func blockAsm(dig *Digest, p []byte)
func block(dig *Digest, p []byte) {
if aligned(p) && useZbb {
blockZbb(dig, p)
} else {
blockAsm(dig, p)
}
}

284
src/crypto/internal/fips140/sha512/sha512block_riscv64.s
View File

@@ -72,6 +72,11 @@
OR X5, X8, X5; \
MOV X5, (index*8)(X19)
#define MSGSCHEDULE0_ZBB(index) \
MOV ((index*8))(X29), X5; \
REV8 X5, X5; \
MOV X5, (index*8)(X19)
// Wt = SIGMA1(Wt-2) + Wt-7 + SIGMA0(Wt-15) + Wt-16; for 16 <= t <= 79
// SIGMA0(x) = ROTR(1,x) XOR ROTR(8,x) XOR SHR(7,x)
// SIGMA1(x) = ROTR(19,x) XOR ROTR(61,x) XOR SHR(6,x)
@@ -145,12 +150,144 @@
MSGSCHEDULE0(index); \
SHA512ROUND(index, a, b, c, d, e, f, g, h)
#define SHA512ROUND0_ZBB(index, a, b, c, d, e, f, g, h) \
MSGSCHEDULE0_ZBB(index); \
SHA512ROUND(index, a, b, c, d, e, f, g, h)
#define SHA512ROUND1(index, a, b, c, d, e, f, g, h) \
MSGSCHEDULE1(index); \
SHA512ROUND(index, a, b, c, d, e, f, g, h)
// func block(dig *Digest, p []byte)
TEXT ·block(SB),0,$128-32
#define SHA512ROUND0_0_15() \
SHA512ROUND0(0, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND0(1, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND0(2, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND0(3, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND0(4, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND0(5, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND0(6, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND0(7, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND0(8, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND0(9, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND0(10, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND0(11, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND0(12, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND0(13, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND0(14, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND0(15, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA512ROUND0_ZBB_0_15() \
SHA512ROUND0_ZBB(0, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND0_ZBB(1, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND0_ZBB(2, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND0_ZBB(3, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND0_ZBB(4, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND0_ZBB(5, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND0_ZBB(6, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND0_ZBB(7, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND0_ZBB(8, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND0_ZBB(9, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND0_ZBB(10, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND0_ZBB(11, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND0_ZBB(12, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND0_ZBB(13, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND0_ZBB(14, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND0_ZBB(15, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA512ROUND1_16_79() \
SHA512ROUND1(16, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(17, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(18, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(19, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(20, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(21, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(22, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(23, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(24, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(25, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(26, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(27, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(28, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(29, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(30, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(31, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(32, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(33, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(34, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(35, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(36, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(37, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(38, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(39, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(40, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(41, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(42, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(43, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(44, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(45, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(46, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(47, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(48, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(49, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(50, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(51, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(52, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(53, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(54, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(55, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(56, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(57, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(58, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(59, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(60, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(61, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(62, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(63, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(64, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(65, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(66, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(67, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(68, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(69, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(70, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(71, X11, X12, X13, X14, X15, X16, X17, X10) \
SHA512ROUND1(72, X10, X11, X12, X13, X14, X15, X16, X17) \
SHA512ROUND1(73, X17, X10, X11, X12, X13, X14, X15, X16) \
SHA512ROUND1(74, X16, X17, X10, X11, X12, X13, X14, X15) \
SHA512ROUND1(75, X15, X16, X17, X10, X11, X12, X13, X14) \
SHA512ROUND1(76, X14, X15, X16, X17, X10, X11, X12, X13) \
SHA512ROUND1(77, X13, X14, X15, X16, X17, X10, X11, X12) \
SHA512ROUND1(78, X12, X13, X14, X15, X16, X17, X10, X11) \
SHA512ROUND1(79, X11, X12, X13, X14, X15, X16, X17, X10)
#define SHA512UPDATEHASH() \
MOV (0*8)(X20), X5 \
MOV (1*8)(X20), X6 \
MOV (2*8)(X20), X7 \
MOV (3*8)(X20), X8 \
ADD X5, X10 \
ADD X6, X11 \
ADD X7, X12 \
ADD X8, X13 \
MOV X10, (0*8)(X20) \
MOV X11, (1*8)(X20) \
MOV X12, (2*8)(X20) \
MOV X13, (3*8)(X20) \
MOV (4*8)(X20), X5 \
MOV (5*8)(X20), X6 \
MOV (6*8)(X20), X7 \
MOV (7*8)(X20), X8 \
ADD X5, X14 \
ADD X6, X15 \
ADD X7, X16 \
ADD X8, X17 \
MOV X14, (4*8)(X20) \
MOV X15, (5*8)(X20) \
MOV X16, (6*8)(X20) \
MOV X17, (7*8)(X20)
// func blockAsm(dig *Digest, p []byte)
TEXT ·blockAsm(SB),0,$128-32
MOV p_base+8(FP), X29
MOV p_len+16(FP), X30
SRL $7, X30
@@ -173,112 +310,43 @@ TEXT ·block(SB),0,$128-32
MOV (7*8)(X20), X17 // h = H7
loop:
SHA512ROUND0(0, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND0(1, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND0(2, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND0(3, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND0(4, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND0(5, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND0(6, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND0(7, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND0(8, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND0(9, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND0(10, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND0(11, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND0(12, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND0(13, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND0(14, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND0(15, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(16, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(17, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(18, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(19, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(20, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(21, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(22, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(23, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(24, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(25, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(26, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(27, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(28, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(29, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(30, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(31, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(32, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(33, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(34, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(35, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(36, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(37, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(38, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(39, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(40, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(41, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(42, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(43, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(44, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(45, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(46, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(47, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(48, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(49, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(50, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(51, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(52, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(53, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(54, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(55, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(56, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(57, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(58, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(59, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(60, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(61, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(62, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(63, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(64, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(65, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(66, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(67, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(68, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(69, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(70, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(71, X11, X12, X13, X14, X15, X16, X17, X10)
SHA512ROUND1(72, X10, X11, X12, X13, X14, X15, X16, X17)
SHA512ROUND1(73, X17, X10, X11, X12, X13, X14, X15, X16)
SHA512ROUND1(74, X16, X17, X10, X11, X12, X13, X14, X15)
SHA512ROUND1(75, X15, X16, X17, X10, X11, X12, X13, X14)
SHA512ROUND1(76, X14, X15, X16, X17, X10, X11, X12, X13)
SHA512ROUND1(77, X13, X14, X15, X16, X17, X10, X11, X12)
SHA512ROUND1(78, X12, X13, X14, X15, X16, X17, X10, X11)
SHA512ROUND1(79, X11, X12, X13, X14, X15, X16, X17, X10)
MOV (0*8)(X20), X5
MOV (1*8)(X20), X6
MOV (2*8)(X20), X7
MOV (3*8)(X20), X8
ADD X5, X10 // H0 = a + H0
ADD X6, X11 // H1 = b + H1
ADD X7, X12 // H2 = c + H2
ADD X8, X13 // H3 = d + H3
MOV X10, (0*8)(X20)
MOV X11, (1*8)(X20)
MOV X12, (2*8)(X20)
MOV X13, (3*8)(X20)
MOV (4*8)(X20), X5
MOV (5*8)(X20), X6
MOV (6*8)(X20), X7
MOV (7*8)(X20), X8
ADD X5, X14 // H4 = e + H4
ADD X6, X15 // H5 = f + H5
ADD X7, X16 // H6 = g + H6
ADD X8, X17 // H7 = h + H7
MOV X14, (4*8)(X20)
MOV X15, (5*8)(X20)
MOV X16, (6*8)(X20)
MOV X17, (7*8)(X20)
SHA512ROUND0_0_15()
SHA512ROUND1_16_79()
SHA512UPDATEHASH()
ADD $128, X29
BNE X28, X29, loop
end:
RET
// func blockZbb(dig *Digest, p []byte)
TEXT ·blockZbb(SB),0,$128-32
MOV p_base+8(FP), X29
MOV p_len+16(FP), X30
SRL $7, X30
SLL $7, X30
ADD X29, X30, X28
BEQ X28, X29, end
MOV $·_K(SB), X18 // const table
ADD $8, X2, X19 // message schedule
MOV dig+0(FP), X20
MOV (0*8)(X20), X10 // a = H0
MOV (1*8)(X20), X11 // b = H1
MOV (2*8)(X20), X12 // c = H2
MOV (3*8)(X20), X13 // d = H3
MOV (4*8)(X20), X14 // e = H4
MOV (5*8)(X20), X15 // f = H5
MOV (6*8)(X20), X16 // g = H6
MOV (7*8)(X20), X17 // h = H7
loop:
SHA512ROUND0_ZBB_0_15()
SHA512ROUND1_16_79()
SHA512UPDATEHASH()
ADD $128, X29
BNE X28, X29, loop

2
src/crypto/internal/fips140deps/cpu/cpu.go
View File

@@ -27,6 +27,8 @@ var (
LOONG64HasLSX = cpu.Loong64.HasLSX
LOONG64HasLASX = cpu.Loong64.HasLASX
RISCV64HasZbb = cpu.RISCV64.HasZbb
S390XHasAES = cpu.S390X.HasAES
S390XHasAESCBC = cpu.S390X.HasAESCBC
S390XHasAESCTR = cpu.S390X.HasAESCTR