2 # Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by David S. Miller and Andy Polyakov.
12 # The module is licensed under 2-clause BSD license. October 2012.
13 # All rights reserved.
14 # ====================================================================
16 ######################################################################
19 # AES round instructions complete in 3 cycles and can be issued every
20 # cycle. It means that round calculations should take 4*rounds cycles,
21 # because any given round instruction depends on result of *both*
22 # previous instructions:
30 # Provided that fxor [with IV] takes 3 cycles to complete, critical
31 # path length for CBC encrypt would be 3+4*rounds, or in other words
32 # it should process one byte in at least (3+4*rounds)/16 cycles. This
33 # estimate doesn't account for "collateral" instructions, such as
34 # fetching input from memory, xor-ing it with zero-round key and
35 # storing the result. Yet, *measured* performance [for data aligned
36 # at 64-bit boundary!] deviates from this equation by less than 0.5%:
38 # 128-bit key 192- 256-
39 # CBC encrypt 2.70/2.90(*) 3.20/3.40 3.70/3.90
40 # (*) numbers after slash are for
43 # Out-of-order execution logic managed to fully overlap "collateral"
44 # instructions with those on critical path. Amazing!
46 # As with Intel AES-NI, question is if it's possible to improve
47 # performance of parallelizable modes by interleaving round
48 # instructions. Provided round instruction latency and throughput
49 # optimal interleave factor is 2. But can we expect 2x performance
50 # improvement? Well, as round instructions can be issued one per
51 # cycle, they don't saturate the 2-way issue pipeline and therefore
52 # there is room for "collateral" calculations... Yet, 2x speed-up
53 # over CBC encrypt remains unattaintable:
55 # 128-bit key 192- 256-
56 # CBC decrypt 1.64/2.11 1.89/2.37 2.23/2.61
57 # CTR 1.64/2.08(*) 1.89/2.33 2.23/2.61
58 # (*) numbers after slash are for
61 # Estimates based on amount of instructions under assumption that
62 # round instructions are not pairable with any other instruction
63 # suggest that latter is the actual case and pipeline runs
64 # underutilized. It should be noted that T4 out-of-order execution
65 # logic is so capable that performance gain from 2x interleave is
66 # not even impressive, ~7-13% over non-interleaved code, largest
69 # To anchor to something else, software implementation processes
70 # one byte in 29 cycles with 128-bit key on same processor. Intel
71 # Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts
72 # in 0.93, naturally with AES-NI.
74 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
75 push(@INC,"${dir}","${dir}../../perlasm");
76 require "sparcv9_modes.pl";
78 $output = pop and open STDOUT,">$output";
80 $::evp=1; # if $evp is set to 0, script generates module with
81 # AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry
82 # points. These however are not fully compatible with openssl/aes.h,
83 # because they expect AES_KEY to be aligned at 64-bit boundary. When
84 # used through EVP, alignment is arranged at EVP layer. Second thing
85 # that is arranged by EVP is at least 32-bit alignment of IV.
87 ######################################################################
88 # single-round subroutines
91 my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
95 # define __ASSEMBLER__ 1
97 #include "crypto/sparc_arch.h"
100 .register %g2,#scratch
101 .register %g3,#scratch
106 .globl aes_t4_encrypt
109 andcc $inp, 7, %g1 ! is input aligned?
118 ldx [$inp + 16], $inp
128 ld [$key + 240], $rounds
129 ldd [$key + 16], %f12
130 ldd [$key + 24], %f14
135 srl $rounds, 1, $rounds
136 ldd [$key + 32], %f16
137 sub $rounds, 1, $rounds
138 ldd [$key + 40], %f18
142 aes_eround01 %f12, %f0, %f2, %f4
143 aes_eround23 %f14, %f0, %f2, %f2
146 sub $rounds,1,$rounds
147 aes_eround01 %f16, %f4, %f2, %f0
148 aes_eround23 %f18, %f4, %f2, %f2
149 ldd [$key + 16], %f16
150 ldd [$key + 24], %f18
151 brnz,pt $rounds, .Lenc
154 andcc $out, 7, $tmp ! is output aligned?
155 aes_eround01 %f12, %f0, %f2, %f4
156 aes_eround23 %f14, %f0, %f2, %f2
157 aes_eround01_l %f16, %f4, %f2, %f0
158 aes_eround23_l %f18, %f4, %f2, %f2
167 2: alignaddrl $out, %g0, $out
169 srl $mask, $tmp, $mask
171 faligndata %f0, %f0, %f4
172 faligndata %f0, %f2, %f6
173 faligndata %f2, %f2, %f8
175 stda %f4, [$out + $mask]0xc0 ! partial store
178 orn %g0, $mask, $mask
180 stda %f8, [$out + $mask]0xc0 ! partial store
181 .type aes_t4_encrypt,#function
182 .size aes_t4_encrypt,.-aes_t4_encrypt
184 .globl aes_t4_decrypt
187 andcc $inp, 7, %g1 ! is input aligned?
196 ldx [$inp + 16], $inp
206 ld [$key + 240], $rounds
207 ldd [$key + 16], %f12
208 ldd [$key + 24], %f14
213 srl $rounds, 1, $rounds
214 ldd [$key + 32], %f16
215 sub $rounds, 1, $rounds
216 ldd [$key + 40], %f18
220 aes_dround01 %f12, %f0, %f2, %f4
221 aes_dround23 %f14, %f0, %f2, %f2
224 sub $rounds,1,$rounds
225 aes_dround01 %f16, %f4, %f2, %f0
226 aes_dround23 %f18, %f4, %f2, %f2
227 ldd [$key + 16], %f16
228 ldd [$key + 24], %f18
229 brnz,pt $rounds, .Ldec
232 andcc $out, 7, $tmp ! is output aligned?
233 aes_dround01 %f12, %f0, %f2, %f4
234 aes_dround23 %f14, %f0, %f2, %f2
235 aes_dround01_l %f16, %f4, %f2, %f0
236 aes_dround23_l %f18, %f4, %f2, %f2
245 2: alignaddrl $out, %g0, $out
247 srl $mask, $tmp, $mask
249 faligndata %f0, %f0, %f4
250 faligndata %f0, %f2, %f6
251 faligndata %f2, %f2, %f8
253 stda %f4, [$out + $mask]0xc0 ! partial store
256 orn %g0, $mask, $mask
258 stda %f8, [$out + $mask]0xc0 ! partial store
259 .type aes_t4_decrypt,#function
260 .size aes_t4_decrypt,.-aes_t4_decrypt
264 ######################################################################
265 # key setup subroutines
268 my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
270 .globl aes_t4_set_encrypt_key
272 aes_t4_set_encrypt_key:
275 alignaddr $inp, %g0, $inp
283 brz,pt $tmp, .L256aligned
287 faligndata %f0, %f2, %f0
288 faligndata %f2, %f4, %f2
289 faligndata %f4, %f6, %f4
290 faligndata %f6, %f8, %f6
293 for ($i=0; $i<6; $i++) {
295 std %f0, [$out + `32*$i+0`]
296 aes_kexpand1 %f0, %f6, $i, %f0
297 std %f2, [$out + `32*$i+8`]
298 aes_kexpand2 %f2, %f0, %f2
299 std %f4, [$out + `32*$i+16`]
300 aes_kexpand0 %f4, %f2, %f4
301 std %f6, [$out + `32*$i+24`]
302 aes_kexpand2 %f6, %f4, %f6
306 std %f0, [$out + `32*$i+0`]
307 aes_kexpand1 %f0, %f6, $i, %f0
308 std %f2, [$out + `32*$i+8`]
309 aes_kexpand2 %f2, %f0, %f2
310 std %f4, [$out + `32*$i+16`]
311 std %f6, [$out + `32*$i+24`]
312 std %f0, [$out + `32*$i+32`]
313 std %f2, [$out + `32*$i+40`]
316 st $tmp, [$out + 240]
322 brz,pt $tmp, .L192aligned
326 faligndata %f0, %f2, %f0
327 faligndata %f2, %f4, %f2
328 faligndata %f4, %f6, %f4
331 for ($i=0; $i<7; $i++) {
333 std %f0, [$out + `24*$i+0`]
334 aes_kexpand1 %f0, %f4, $i, %f0
335 std %f2, [$out + `24*$i+8`]
336 aes_kexpand2 %f2, %f0, %f2
337 std %f4, [$out + `24*$i+16`]
338 aes_kexpand2 %f4, %f2, %f4
342 std %f0, [$out + `24*$i+0`]
343 aes_kexpand1 %f0, %f4, $i, %f0
344 std %f2, [$out + `24*$i+8`]
345 aes_kexpand2 %f2, %f0, %f2
346 std %f4, [$out + `24*$i+16`]
347 std %f0, [$out + `24*$i+24`]
348 std %f2, [$out + `24*$i+32`]
351 st $tmp, [$out + 240]
357 brz,pt $tmp, .L128aligned
361 faligndata %f0, %f2, %f0
362 faligndata %f2, %f4, %f2
365 for ($i=0; $i<10; $i++) {
367 std %f0, [$out + `16*$i+0`]
368 aes_kexpand1 %f0, %f2, $i, %f0
369 std %f2, [$out + `16*$i+8`]
370 aes_kexpand2 %f2, %f0, %f2
374 std %f0, [$out + `16*$i+0`]
375 std %f2, [$out + `16*$i+8`]
378 st $tmp, [$out + 240]
381 .type aes_t4_set_encrypt_key,#function
382 .size aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key
384 .globl aes_t4_set_decrypt_key
386 aes_t4_set_decrypt_key:
388 call .Lset_encrypt_key
392 sll $tmp, 4, $inp ! $tmp is number of rounds
394 add $out, $inp, $inp ! $inp=$out+16*rounds
395 srl $tmp, 2, $tmp ! $tmp=(rounds+2)/4
404 ldd [$inp - 16], %f12
413 std %f12, [$out + 16]
414 std %f14, [$out + 24]
416 brnz $tmp, .Lkey_flip
421 .type aes_t4_set_decrypt_key,#function
422 .size aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key
427 my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
428 my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
434 for ($i=0; $i<4; $i++) {
436 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
437 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
438 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
439 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
443 aes_eround01 %f48, %f0, %f2, %f4
444 aes_eround23 %f50, %f0, %f2, %f2
445 aes_eround01_l %f52, %f4, %f2, %f0
447 aes_eround23_l %f54, %f4, %f2, %f2
448 .type _aes128_encrypt_1x,#function
449 .size _aes128_encrypt_1x,.-_aes128_encrypt_1x
454 for ($i=0; $i<4; $i++) {
456 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
457 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
458 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
459 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
460 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
461 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
462 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
463 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
467 aes_eround01 %f48, %f0, %f2, %f8
468 aes_eround23 %f50, %f0, %f2, %f2
469 aes_eround01 %f48, %f4, %f6, %f10
470 aes_eround23 %f50, %f4, %f6, %f6
471 aes_eround01_l %f52, %f8, %f2, %f0
472 aes_eround23_l %f54, %f8, %f2, %f2
473 aes_eround01_l %f52, %f10, %f6, %f4
475 aes_eround23_l %f54, %f10, %f6, %f6
476 .type _aes128_encrypt_2x,#function
477 .size _aes128_encrypt_2x,.-_aes128_encrypt_2x
484 for ($i=2; $i<22;$i++) { # load key schedule
486 ldd [$key + `8*$i`], %f`12+2*$i`
492 .type _aes128_loadkey,#function
493 .size _aes128_loadkey,.-_aes128_loadkey
494 _aes128_load_enckey=_aes128_loadkey
495 _aes128_load_deckey=_aes128_loadkey
499 &alg_cbc_encrypt_implement("aes",128);
501 &alg_ctr32_implement("aes",128);
502 &alg_xts_implement("aes",128,"en");
503 &alg_xts_implement("aes",128,"de");
505 &alg_cbc_decrypt_implement("aes",128);
511 for ($i=0; $i<4; $i++) {
513 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
514 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
515 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
516 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
520 aes_dround01 %f48, %f0, %f2, %f4
521 aes_dround23 %f50, %f0, %f2, %f2
522 aes_dround01_l %f52, %f4, %f2, %f0
524 aes_dround23_l %f54, %f4, %f2, %f2
525 .type _aes128_decrypt_1x,#function
526 .size _aes128_decrypt_1x,.-_aes128_decrypt_1x
531 for ($i=0; $i<4; $i++) {
533 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
534 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
535 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
536 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
537 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
538 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
539 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
540 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
544 aes_dround01 %f48, %f0, %f2, %f8
545 aes_dround23 %f50, %f0, %f2, %f2
546 aes_dround01 %f48, %f4, %f6, %f10
547 aes_dround23 %f50, %f4, %f6, %f6
548 aes_dround01_l %f52, %f8, %f2, %f0
549 aes_dround23_l %f54, %f8, %f2, %f2
550 aes_dround01_l %f52, %f10, %f6, %f4
552 aes_dround23_l %f54, %f10, %f6, %f6
553 .type _aes128_decrypt_2x,#function
554 .size _aes128_decrypt_2x,.-_aes128_decrypt_2x
561 for ($i=0; $i<5; $i++) {
563 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
564 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
565 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
566 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
570 aes_eround01 %f56, %f0, %f2, %f4
571 aes_eround23 %f58, %f0, %f2, %f2
572 aes_eround01_l %f60, %f4, %f2, %f0
574 aes_eround23_l %f62, %f4, %f2, %f2
575 .type _aes192_encrypt_1x,#function
576 .size _aes192_encrypt_1x,.-_aes192_encrypt_1x
581 for ($i=0; $i<5; $i++) {
583 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
584 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
585 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
586 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
587 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
588 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
589 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
590 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
594 aes_eround01 %f56, %f0, %f2, %f8
595 aes_eround23 %f58, %f0, %f2, %f2
596 aes_eround01 %f56, %f4, %f6, %f10
597 aes_eround23 %f58, %f4, %f6, %f6
598 aes_eround01_l %f60, %f8, %f2, %f0
599 aes_eround23_l %f62, %f8, %f2, %f2
600 aes_eround01_l %f60, %f10, %f6, %f4
602 aes_eround23_l %f62, %f10, %f6, %f6
603 .type _aes192_encrypt_2x,#function
604 .size _aes192_encrypt_2x,.-_aes192_encrypt_2x
608 aes_eround01 %f16, %f0, %f2, %f4
609 aes_eround23 %f18, %f0, %f2, %f2
610 ldd [$key + 208], %f16
611 ldd [$key + 216], %f18
612 aes_eround01 %f20, %f4, %f2, %f0
613 aes_eround23 %f22, %f4, %f2, %f2
614 ldd [$key + 224], %f20
615 ldd [$key + 232], %f22
617 for ($i=1; $i<6; $i++) {
619 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
620 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
621 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
622 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
626 aes_eround01 %f16, %f0, %f2, %f4
627 aes_eround23 %f18, %f0, %f2, %f2
628 ldd [$key + 16], %f16
629 ldd [$key + 24], %f18
630 aes_eround01_l %f20, %f4, %f2, %f0
631 aes_eround23_l %f22, %f4, %f2, %f2
632 ldd [$key + 32], %f20
634 ldd [$key + 40], %f22
635 .type _aes256_encrypt_1x,#function
636 .size _aes256_encrypt_1x,.-_aes256_encrypt_1x
640 aes_eround01 %f16, %f0, %f2, %f8
641 aes_eround23 %f18, %f0, %f2, %f2
642 aes_eround01 %f16, %f4, %f6, %f10
643 aes_eround23 %f18, %f4, %f6, %f6
644 ldd [$key + 208], %f16
645 ldd [$key + 216], %f18
646 aes_eround01 %f20, %f8, %f2, %f0
647 aes_eround23 %f22, %f8, %f2, %f2
648 aes_eround01 %f20, %f10, %f6, %f4
649 aes_eround23 %f22, %f10, %f6, %f6
650 ldd [$key + 224], %f20
651 ldd [$key + 232], %f22
653 for ($i=1; $i<6; $i++) {
655 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
656 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
657 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
658 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
659 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
660 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
661 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
662 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
666 aes_eround01 %f16, %f0, %f2, %f8
667 aes_eround23 %f18, %f0, %f2, %f2
668 aes_eround01 %f16, %f4, %f6, %f10
669 aes_eround23 %f18, %f4, %f6, %f6
670 ldd [$key + 16], %f16
671 ldd [$key + 24], %f18
672 aes_eround01_l %f20, %f8, %f2, %f0
673 aes_eround23_l %f22, %f8, %f2, %f2
674 aes_eround01_l %f20, %f10, %f6, %f4
675 aes_eround23_l %f22, %f10, %f6, %f6
676 ldd [$key + 32], %f20
678 ldd [$key + 40], %f22
679 .type _aes256_encrypt_2x,#function
680 .size _aes256_encrypt_2x,.-_aes256_encrypt_2x
687 for ($i=2; $i<26;$i++) { # load key schedule
689 ldd [$key + `8*$i`], %f`12+2*$i`
695 .type _aes192_loadkey,#function
696 .size _aes192_loadkey,.-_aes192_loadkey
697 _aes256_loadkey=_aes192_loadkey
698 _aes192_load_enckey=_aes192_loadkey
699 _aes192_load_deckey=_aes192_loadkey
700 _aes256_load_enckey=_aes192_loadkey
701 _aes256_load_deckey=_aes192_loadkey
704 &alg_cbc_encrypt_implement("aes",256);
705 &alg_cbc_encrypt_implement("aes",192);
707 &alg_ctr32_implement("aes",256);
708 &alg_xts_implement("aes",256,"en");
709 &alg_xts_implement("aes",256,"de");
710 &alg_ctr32_implement("aes",192);
712 &alg_cbc_decrypt_implement("aes",192);
713 &alg_cbc_decrypt_implement("aes",256);
718 aes_dround01 %f16, %f0, %f2, %f4
719 aes_dround23 %f18, %f0, %f2, %f2
720 ldd [$key + 208], %f16
721 ldd [$key + 216], %f18
722 aes_dround01 %f20, %f4, %f2, %f0
723 aes_dround23 %f22, %f4, %f2, %f2
724 ldd [$key + 224], %f20
725 ldd [$key + 232], %f22
727 for ($i=1; $i<6; $i++) {
729 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
730 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
731 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
732 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
736 aes_dround01 %f16, %f0, %f2, %f4
737 aes_dround23 %f18, %f0, %f2, %f2
738 ldd [$key + 16], %f16
739 ldd [$key + 24], %f18
740 aes_dround01_l %f20, %f4, %f2, %f0
741 aes_dround23_l %f22, %f4, %f2, %f2
742 ldd [$key + 32], %f20
744 ldd [$key + 40], %f22
745 .type _aes256_decrypt_1x,#function
746 .size _aes256_decrypt_1x,.-_aes256_decrypt_1x
750 aes_dround01 %f16, %f0, %f2, %f8
751 aes_dround23 %f18, %f0, %f2, %f2
752 aes_dround01 %f16, %f4, %f6, %f10
753 aes_dround23 %f18, %f4, %f6, %f6
754 ldd [$key + 208], %f16
755 ldd [$key + 216], %f18
756 aes_dround01 %f20, %f8, %f2, %f0
757 aes_dround23 %f22, %f8, %f2, %f2
758 aes_dround01 %f20, %f10, %f6, %f4
759 aes_dround23 %f22, %f10, %f6, %f6
760 ldd [$key + 224], %f20
761 ldd [$key + 232], %f22
763 for ($i=1; $i<6; $i++) {
765 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
766 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
767 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
768 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
769 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
770 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
771 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
772 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
776 aes_dround01 %f16, %f0, %f2, %f8
777 aes_dround23 %f18, %f0, %f2, %f2
778 aes_dround01 %f16, %f4, %f6, %f10
779 aes_dround23 %f18, %f4, %f6, %f6
780 ldd [$key + 16], %f16
781 ldd [$key + 24], %f18
782 aes_dround01_l %f20, %f8, %f2, %f0
783 aes_dround23_l %f22, %f8, %f2, %f2
784 aes_dround01_l %f20, %f10, %f6, %f4
785 aes_dround23_l %f22, %f10, %f6, %f6
786 ldd [$key + 32], %f20
788 ldd [$key + 40], %f22
789 .type _aes256_decrypt_2x,#function
790 .size _aes256_decrypt_2x,.-_aes256_decrypt_2x
795 for ($i=0; $i<5; $i++) {
797 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
798 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
799 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
800 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
804 aes_dround01 %f56, %f0, %f2, %f4
805 aes_dround23 %f58, %f0, %f2, %f2
806 aes_dround01_l %f60, %f4, %f2, %f0
808 aes_dround23_l %f62, %f4, %f2, %f2
809 .type _aes192_decrypt_1x,#function
810 .size _aes192_decrypt_1x,.-_aes192_decrypt_1x
815 for ($i=0; $i<5; $i++) {
817 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
818 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
819 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
820 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
821 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
822 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
823 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
824 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
828 aes_dround01 %f56, %f0, %f2, %f8
829 aes_dround23 %f58, %f0, %f2, %f2
830 aes_dround01 %f56, %f4, %f6, %f10
831 aes_dround23 %f58, %f4, %f6, %f6
832 aes_dround01_l %f60, %f8, %f2, %f0
833 aes_dround23_l %f62, %f8, %f2, %f2
834 aes_dround01_l %f60, %f10, %f6, %f4
836 aes_dround23_l %f62, %f10, %f6, %f6
837 .type _aes192_decrypt_2x,#function
838 .size _aes192_decrypt_2x,.-_aes192_decrypt_2x
845 AES_encrypt=aes_t4_encrypt
847 AES_decrypt=aes_t4_decrypt
848 .global AES_set_encrypt_key
851 andcc %o2, 7, %g0 ! check alignment
858 andncc %o1, 0x1c0, %g0
864 b aes_t4_set_encrypt_key
868 .type AES_set_encrypt_key,#function
869 .size AES_set_encrypt_key,.-AES_set_encrypt_key
871 .global AES_set_decrypt_key
874 andcc %o2, 7, %g0 ! check alignment
881 andncc %o1, 0x1c0, %g0
887 b aes_t4_set_decrypt_key
891 .type AES_set_decrypt_key,#function
892 .size AES_set_decrypt_key,.-AES_set_decrypt_key
895 my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
898 .globl AES_cbc_encrypt
903 brz $enc, .Lcbc_decrypt
906 bl,pt %icc, aes128_t4_cbc_encrypt
908 be,pn %icc, aes192_t4_cbc_encrypt
910 ba aes256_t4_cbc_encrypt
914 bl,pt %icc, aes128_t4_cbc_decrypt
916 be,pn %icc, aes192_t4_cbc_decrypt
918 ba aes256_t4_cbc_decrypt
920 .type AES_cbc_encrypt,#function
921 .size AES_cbc_encrypt,.-AES_cbc_encrypt
925 .asciz "AES for SPARC T4, David S. Miller, Andy Polyakov"
931 close STDOUT or die "error closing STDOUT: $!";
projects / openssl.git / blob