2 # Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by David S. Miller and Andy Polyakov.
12 # The module is licensed under 2-clause BSD license. October 2012.
13 # All rights reserved.
14 # ====================================================================
16 ######################################################################
19 # AES round instructions complete in 3 cycles and can be issued every
20 # cycle. It means that round calculations should take 4*rounds cycles,
21 # because any given round instruction depends on result of *both*
22 # previous instructions:
30 # Provided that fxor [with IV] takes 3 cycles to complete, critical
31 # path length for CBC encrypt would be 3+4*rounds, or in other words
32 # it should process one byte in at least (3+4*rounds)/16 cycles. This
33 # estimate doesn't account for "collateral" instructions, such as
34 # fetching input from memory, xor-ing it with zero-round key and
35 # storing the result. Yet, *measured* performance [for data aligned
36 # at 64-bit boundary!] deviates from this equation by less than 0.5%:
38 # 128-bit key 192- 256-
39 # CBC encrypt 2.70/2.90(*) 3.20/3.40 3.70/3.90
40 # (*) numbers after slash are for
43 # Out-of-order execution logic managed to fully overlap "collateral"
44 # instructions with those on critical path. Amazing!
46 # As with Intel AES-NI, question is if it's possible to improve
47 # performance of parallelizable modes by interleaving round
48 # instructions. Provided round instruction latency and throughput
49 # optimal interleave factor is 2. But can we expect 2x performance
50 # improvement? Well, as round instructions can be issued one per
51 # cycle, they don't saturate the 2-way issue pipeline and therefore
52 # there is room for "collateral" calculations... Yet, 2x speed-up
53 # over CBC encrypt remains unattaintable:
55 # 128-bit key 192- 256-
56 # CBC decrypt 1.64/2.11 1.89/2.37 2.23/2.61
57 # CTR 1.64/2.08(*) 1.89/2.33 2.23/2.61
58 # (*) numbers after slash are for
61 # Estimates based on amount of instructions under assumption that
62 # round instructions are not pairable with any other instruction
63 # suggest that latter is the actual case and pipeline runs
64 # underutilized. It should be noted that T4 out-of-order execution
65 # logic is so capable that performance gain from 2x interleave is
66 # not even impressive, ~7-13% over non-interleaved code, largest
69 # To anchor to something else, software implementation processes
70 # one byte in 29 cycles with 128-bit key on same processor. Intel
71 # Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts
72 # in 0.93, naturally with AES-NI.
74 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
75 push(@INC,"${dir}","${dir}../../perlasm");
76 require "sparcv9_modes.pl";
78 $output = pop and open STDOUT,">$output";
80 $::evp=1; # if $evp is set to 0, script generates module with
81 # AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry
82 # points. These however are not fully compatible with openssl/aes.h,
83 # because they expect AES_KEY to be aligned at 64-bit boundary. When
84 # used through EVP, alignment is arranged at EVP layer. Second thing
85 # that is arranged by EVP is at least 32-bit alignment of IV.
87 ######################################################################
88 # single-round subroutines
91 my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
94 #include "sparc_arch.h"
97 .register %g2,#scratch
98 .register %g3,#scratch
103 .globl aes_t4_encrypt
106 andcc $inp, 7, %g1 ! is input aligned?
115 ldx [$inp + 16], $inp
125 ld [$key + 240], $rounds
126 ldd [$key + 16], %f12
127 ldd [$key + 24], %f14
132 srl $rounds, 1, $rounds
133 ldd [$key + 32], %f16
134 sub $rounds, 1, $rounds
135 ldd [$key + 40], %f18
139 aes_eround01 %f12, %f0, %f2, %f4
140 aes_eround23 %f14, %f0, %f2, %f2
143 sub $rounds,1,$rounds
144 aes_eround01 %f16, %f4, %f2, %f0
145 aes_eround23 %f18, %f4, %f2, %f2
146 ldd [$key + 16], %f16
147 ldd [$key + 24], %f18
148 brnz,pt $rounds, .Lenc
151 andcc $out, 7, $tmp ! is output aligned?
152 aes_eround01 %f12, %f0, %f2, %f4
153 aes_eround23 %f14, %f0, %f2, %f2
154 aes_eround01_l %f16, %f4, %f2, %f0
155 aes_eround23_l %f18, %f4, %f2, %f2
164 2: alignaddrl $out, %g0, $out
166 srl $mask, $tmp, $mask
168 faligndata %f0, %f0, %f4
169 faligndata %f0, %f2, %f6
170 faligndata %f2, %f2, %f8
172 stda %f4, [$out + $mask]0xc0 ! partial store
175 orn %g0, $mask, $mask
177 stda %f8, [$out + $mask]0xc0 ! partial store
178 .type aes_t4_encrypt,#function
179 .size aes_t4_encrypt,.-aes_t4_encrypt
181 .globl aes_t4_decrypt
184 andcc $inp, 7, %g1 ! is input aligned?
193 ldx [$inp + 16], $inp
203 ld [$key + 240], $rounds
204 ldd [$key + 16], %f12
205 ldd [$key + 24], %f14
210 srl $rounds, 1, $rounds
211 ldd [$key + 32], %f16
212 sub $rounds, 1, $rounds
213 ldd [$key + 40], %f18
217 aes_dround01 %f12, %f0, %f2, %f4
218 aes_dround23 %f14, %f0, %f2, %f2
221 sub $rounds,1,$rounds
222 aes_dround01 %f16, %f4, %f2, %f0
223 aes_dround23 %f18, %f4, %f2, %f2
224 ldd [$key + 16], %f16
225 ldd [$key + 24], %f18
226 brnz,pt $rounds, .Ldec
229 andcc $out, 7, $tmp ! is output aligned?
230 aes_dround01 %f12, %f0, %f2, %f4
231 aes_dround23 %f14, %f0, %f2, %f2
232 aes_dround01_l %f16, %f4, %f2, %f0
233 aes_dround23_l %f18, %f4, %f2, %f2
242 2: alignaddrl $out, %g0, $out
244 srl $mask, $tmp, $mask
246 faligndata %f0, %f0, %f4
247 faligndata %f0, %f2, %f6
248 faligndata %f2, %f2, %f8
250 stda %f4, [$out + $mask]0xc0 ! partial store
253 orn %g0, $mask, $mask
255 stda %f8, [$out + $mask]0xc0 ! partial store
256 .type aes_t4_decrypt,#function
257 .size aes_t4_decrypt,.-aes_t4_decrypt
261 ######################################################################
262 # key setup subroutines
265 my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
267 .globl aes_t4_set_encrypt_key
269 aes_t4_set_encrypt_key:
272 alignaddr $inp, %g0, $inp
280 brz,pt $tmp, .L256aligned
284 faligndata %f0, %f2, %f0
285 faligndata %f2, %f4, %f2
286 faligndata %f4, %f6, %f4
287 faligndata %f6, %f8, %f6
290 for ($i=0; $i<6; $i++) {
292 std %f0, [$out + `32*$i+0`]
293 aes_kexpand1 %f0, %f6, $i, %f0
294 std %f2, [$out + `32*$i+8`]
295 aes_kexpand2 %f2, %f0, %f2
296 std %f4, [$out + `32*$i+16`]
297 aes_kexpand0 %f4, %f2, %f4
298 std %f6, [$out + `32*$i+24`]
299 aes_kexpand2 %f6, %f4, %f6
303 std %f0, [$out + `32*$i+0`]
304 aes_kexpand1 %f0, %f6, $i, %f0
305 std %f2, [$out + `32*$i+8`]
306 aes_kexpand2 %f2, %f0, %f2
307 std %f4, [$out + `32*$i+16`]
308 std %f6, [$out + `32*$i+24`]
309 std %f0, [$out + `32*$i+32`]
310 std %f2, [$out + `32*$i+40`]
313 st $tmp, [$out + 240]
319 brz,pt $tmp, .L192aligned
323 faligndata %f0, %f2, %f0
324 faligndata %f2, %f4, %f2
325 faligndata %f4, %f6, %f4
328 for ($i=0; $i<7; $i++) {
330 std %f0, [$out + `24*$i+0`]
331 aes_kexpand1 %f0, %f4, $i, %f0
332 std %f2, [$out + `24*$i+8`]
333 aes_kexpand2 %f2, %f0, %f2
334 std %f4, [$out + `24*$i+16`]
335 aes_kexpand2 %f4, %f2, %f4
339 std %f0, [$out + `24*$i+0`]
340 aes_kexpand1 %f0, %f4, $i, %f0
341 std %f2, [$out + `24*$i+8`]
342 aes_kexpand2 %f2, %f0, %f2
343 std %f4, [$out + `24*$i+16`]
344 std %f0, [$out + `24*$i+24`]
345 std %f2, [$out + `24*$i+32`]
348 st $tmp, [$out + 240]
354 brz,pt $tmp, .L128aligned
358 faligndata %f0, %f2, %f0
359 faligndata %f2, %f4, %f2
362 for ($i=0; $i<10; $i++) {
364 std %f0, [$out + `16*$i+0`]
365 aes_kexpand1 %f0, %f2, $i, %f0
366 std %f2, [$out + `16*$i+8`]
367 aes_kexpand2 %f2, %f0, %f2
371 std %f0, [$out + `16*$i+0`]
372 std %f2, [$out + `16*$i+8`]
375 st $tmp, [$out + 240]
378 .type aes_t4_set_encrypt_key,#function
379 .size aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key
381 .globl aes_t4_set_decrypt_key
383 aes_t4_set_decrypt_key:
385 call .Lset_encrypt_key
389 sll $tmp, 4, $inp ! $tmp is number of rounds
391 add $out, $inp, $inp ! $inp=$out+16*rounds
392 srl $tmp, 2, $tmp ! $tmp=(rounds+2)/4
401 ldd [$inp - 16], %f12
410 std %f12, [$out + 16]
411 std %f14, [$out + 24]
413 brnz $tmp, .Lkey_flip
418 .type aes_t4_set_decrypt_key,#function
419 .size aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key
424 my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
425 my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
431 for ($i=0; $i<4; $i++) {
433 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
434 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
435 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
436 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
440 aes_eround01 %f48, %f0, %f2, %f4
441 aes_eround23 %f50, %f0, %f2, %f2
442 aes_eround01_l %f52, %f4, %f2, %f0
444 aes_eround23_l %f54, %f4, %f2, %f2
445 .type _aes128_encrypt_1x,#function
446 .size _aes128_encrypt_1x,.-_aes128_encrypt_1x
451 for ($i=0; $i<4; $i++) {
453 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
454 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
455 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
456 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
457 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
458 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
459 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
460 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
464 aes_eround01 %f48, %f0, %f2, %f8
465 aes_eround23 %f50, %f0, %f2, %f2
466 aes_eround01 %f48, %f4, %f6, %f10
467 aes_eround23 %f50, %f4, %f6, %f6
468 aes_eround01_l %f52, %f8, %f2, %f0
469 aes_eround23_l %f54, %f8, %f2, %f2
470 aes_eround01_l %f52, %f10, %f6, %f4
472 aes_eround23_l %f54, %f10, %f6, %f6
473 .type _aes128_encrypt_2x,#function
474 .size _aes128_encrypt_2x,.-_aes128_encrypt_2x
481 for ($i=2; $i<22;$i++) { # load key schedule
483 ldd [$key + `8*$i`], %f`12+2*$i`
489 .type _aes128_loadkey,#function
490 .size _aes128_loadkey,.-_aes128_loadkey
491 _aes128_load_enckey=_aes128_loadkey
492 _aes128_load_deckey=_aes128_loadkey
496 &alg_cbc_encrypt_implement("aes",128);
498 &alg_ctr32_implement("aes",128);
499 &alg_xts_implement("aes",128,"en");
500 &alg_xts_implement("aes",128,"de");
502 &alg_cbc_decrypt_implement("aes",128);
508 for ($i=0; $i<4; $i++) {
510 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
511 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
512 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
513 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
517 aes_dround01 %f48, %f0, %f2, %f4
518 aes_dround23 %f50, %f0, %f2, %f2
519 aes_dround01_l %f52, %f4, %f2, %f0
521 aes_dround23_l %f54, %f4, %f2, %f2
522 .type _aes128_decrypt_1x,#function
523 .size _aes128_decrypt_1x,.-_aes128_decrypt_1x
528 for ($i=0; $i<4; $i++) {
530 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
531 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
532 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
533 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
534 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
535 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
536 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
537 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
541 aes_dround01 %f48, %f0, %f2, %f8
542 aes_dround23 %f50, %f0, %f2, %f2
543 aes_dround01 %f48, %f4, %f6, %f10
544 aes_dround23 %f50, %f4, %f6, %f6
545 aes_dround01_l %f52, %f8, %f2, %f0
546 aes_dround23_l %f54, %f8, %f2, %f2
547 aes_dround01_l %f52, %f10, %f6, %f4
549 aes_dround23_l %f54, %f10, %f6, %f6
550 .type _aes128_decrypt_2x,#function
551 .size _aes128_decrypt_2x,.-_aes128_decrypt_2x
558 for ($i=0; $i<5; $i++) {
560 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
561 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
562 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
563 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
567 aes_eround01 %f56, %f0, %f2, %f4
568 aes_eround23 %f58, %f0, %f2, %f2
569 aes_eround01_l %f60, %f4, %f2, %f0
571 aes_eround23_l %f62, %f4, %f2, %f2
572 .type _aes192_encrypt_1x,#function
573 .size _aes192_encrypt_1x,.-_aes192_encrypt_1x
578 for ($i=0; $i<5; $i++) {
580 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
581 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
582 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
583 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
584 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
585 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
586 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
587 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
591 aes_eround01 %f56, %f0, %f2, %f8
592 aes_eround23 %f58, %f0, %f2, %f2
593 aes_eround01 %f56, %f4, %f6, %f10
594 aes_eround23 %f58, %f4, %f6, %f6
595 aes_eround01_l %f60, %f8, %f2, %f0
596 aes_eround23_l %f62, %f8, %f2, %f2
597 aes_eround01_l %f60, %f10, %f6, %f4
599 aes_eround23_l %f62, %f10, %f6, %f6
600 .type _aes192_encrypt_2x,#function
601 .size _aes192_encrypt_2x,.-_aes192_encrypt_2x
605 aes_eround01 %f16, %f0, %f2, %f4
606 aes_eround23 %f18, %f0, %f2, %f2
607 ldd [$key + 208], %f16
608 ldd [$key + 216], %f18
609 aes_eround01 %f20, %f4, %f2, %f0
610 aes_eround23 %f22, %f4, %f2, %f2
611 ldd [$key + 224], %f20
612 ldd [$key + 232], %f22
614 for ($i=1; $i<6; $i++) {
616 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
617 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
618 aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
619 aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
623 aes_eround01 %f16, %f0, %f2, %f4
624 aes_eround23 %f18, %f0, %f2, %f2
625 ldd [$key + 16], %f16
626 ldd [$key + 24], %f18
627 aes_eround01_l %f20, %f4, %f2, %f0
628 aes_eround23_l %f22, %f4, %f2, %f2
629 ldd [$key + 32], %f20
631 ldd [$key + 40], %f22
632 .type _aes256_encrypt_1x,#function
633 .size _aes256_encrypt_1x,.-_aes256_encrypt_1x
637 aes_eround01 %f16, %f0, %f2, %f8
638 aes_eround23 %f18, %f0, %f2, %f2
639 aes_eround01 %f16, %f4, %f6, %f10
640 aes_eround23 %f18, %f4, %f6, %f6
641 ldd [$key + 208], %f16
642 ldd [$key + 216], %f18
643 aes_eround01 %f20, %f8, %f2, %f0
644 aes_eround23 %f22, %f8, %f2, %f2
645 aes_eround01 %f20, %f10, %f6, %f4
646 aes_eround23 %f22, %f10, %f6, %f6
647 ldd [$key + 224], %f20
648 ldd [$key + 232], %f22
650 for ($i=1; $i<6; $i++) {
652 aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
653 aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
654 aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
655 aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
656 aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
657 aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
658 aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
659 aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
663 aes_eround01 %f16, %f0, %f2, %f8
664 aes_eround23 %f18, %f0, %f2, %f2
665 aes_eround01 %f16, %f4, %f6, %f10
666 aes_eround23 %f18, %f4, %f6, %f6
667 ldd [$key + 16], %f16
668 ldd [$key + 24], %f18
669 aes_eround01_l %f20, %f8, %f2, %f0
670 aes_eround23_l %f22, %f8, %f2, %f2
671 aes_eround01_l %f20, %f10, %f6, %f4
672 aes_eround23_l %f22, %f10, %f6, %f6
673 ldd [$key + 32], %f20
675 ldd [$key + 40], %f22
676 .type _aes256_encrypt_2x,#function
677 .size _aes256_encrypt_2x,.-_aes256_encrypt_2x
684 for ($i=2; $i<26;$i++) { # load key schedule
686 ldd [$key + `8*$i`], %f`12+2*$i`
692 .type _aes192_loadkey,#function
693 .size _aes192_loadkey,.-_aes192_loadkey
694 _aes256_loadkey=_aes192_loadkey
695 _aes192_load_enckey=_aes192_loadkey
696 _aes192_load_deckey=_aes192_loadkey
697 _aes256_load_enckey=_aes192_loadkey
698 _aes256_load_deckey=_aes192_loadkey
701 &alg_cbc_encrypt_implement("aes",256);
702 &alg_cbc_encrypt_implement("aes",192);
704 &alg_ctr32_implement("aes",256);
705 &alg_xts_implement("aes",256,"en");
706 &alg_xts_implement("aes",256,"de");
707 &alg_ctr32_implement("aes",192);
709 &alg_cbc_decrypt_implement("aes",192);
710 &alg_cbc_decrypt_implement("aes",256);
715 aes_dround01 %f16, %f0, %f2, %f4
716 aes_dround23 %f18, %f0, %f2, %f2
717 ldd [$key + 208], %f16
718 ldd [$key + 216], %f18
719 aes_dround01 %f20, %f4, %f2, %f0
720 aes_dround23 %f22, %f4, %f2, %f2
721 ldd [$key + 224], %f20
722 ldd [$key + 232], %f22
724 for ($i=1; $i<6; $i++) {
726 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
727 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
728 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
729 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
733 aes_dround01 %f16, %f0, %f2, %f4
734 aes_dround23 %f18, %f0, %f2, %f2
735 ldd [$key + 16], %f16
736 ldd [$key + 24], %f18
737 aes_dround01_l %f20, %f4, %f2, %f0
738 aes_dround23_l %f22, %f4, %f2, %f2
739 ldd [$key + 32], %f20
741 ldd [$key + 40], %f22
742 .type _aes256_decrypt_1x,#function
743 .size _aes256_decrypt_1x,.-_aes256_decrypt_1x
747 aes_dround01 %f16, %f0, %f2, %f8
748 aes_dround23 %f18, %f0, %f2, %f2
749 aes_dround01 %f16, %f4, %f6, %f10
750 aes_dround23 %f18, %f4, %f6, %f6
751 ldd [$key + 208], %f16
752 ldd [$key + 216], %f18
753 aes_dround01 %f20, %f8, %f2, %f0
754 aes_dround23 %f22, %f8, %f2, %f2
755 aes_dround01 %f20, %f10, %f6, %f4
756 aes_dround23 %f22, %f10, %f6, %f6
757 ldd [$key + 224], %f20
758 ldd [$key + 232], %f22
760 for ($i=1; $i<6; $i++) {
762 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
763 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
764 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
765 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
766 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
767 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
768 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
769 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
773 aes_dround01 %f16, %f0, %f2, %f8
774 aes_dround23 %f18, %f0, %f2, %f2
775 aes_dround01 %f16, %f4, %f6, %f10
776 aes_dround23 %f18, %f4, %f6, %f6
777 ldd [$key + 16], %f16
778 ldd [$key + 24], %f18
779 aes_dround01_l %f20, %f8, %f2, %f0
780 aes_dround23_l %f22, %f8, %f2, %f2
781 aes_dround01_l %f20, %f10, %f6, %f4
782 aes_dround23_l %f22, %f10, %f6, %f6
783 ldd [$key + 32], %f20
785 ldd [$key + 40], %f22
786 .type _aes256_decrypt_2x,#function
787 .size _aes256_decrypt_2x,.-_aes256_decrypt_2x
792 for ($i=0; $i<5; $i++) {
794 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
795 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
796 aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
797 aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
801 aes_dround01 %f56, %f0, %f2, %f4
802 aes_dround23 %f58, %f0, %f2, %f2
803 aes_dround01_l %f60, %f4, %f2, %f0
805 aes_dround23_l %f62, %f4, %f2, %f2
806 .type _aes192_decrypt_1x,#function
807 .size _aes192_decrypt_1x,.-_aes192_decrypt_1x
812 for ($i=0; $i<5; $i++) {
814 aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
815 aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
816 aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
817 aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
818 aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
819 aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
820 aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
821 aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
825 aes_dround01 %f56, %f0, %f2, %f8
826 aes_dround23 %f58, %f0, %f2, %f2
827 aes_dround01 %f56, %f4, %f6, %f10
828 aes_dround23 %f58, %f4, %f6, %f6
829 aes_dround01_l %f60, %f8, %f2, %f0
830 aes_dround23_l %f62, %f8, %f2, %f2
831 aes_dround01_l %f60, %f10, %f6, %f4
833 aes_dround23_l %f62, %f10, %f6, %f6
834 .type _aes192_decrypt_2x,#function
835 .size _aes192_decrypt_2x,.-_aes192_decrypt_2x
842 AES_encrypt=aes_t4_encrypt
844 AES_decrypt=aes_t4_decrypt
845 .global AES_set_encrypt_key
848 andcc %o2, 7, %g0 ! check alignment
855 andncc %o1, 0x1c0, %g0
861 b aes_t4_set_encrypt_key
865 .type AES_set_encrypt_key,#function
866 .size AES_set_encrypt_key,.-AES_set_encrypt_key
868 .global AES_set_decrypt_key
871 andcc %o2, 7, %g0 ! check alignment
878 andncc %o1, 0x1c0, %g0
884 b aes_t4_set_decrypt_key
888 .type AES_set_decrypt_key,#function
889 .size AES_set_decrypt_key,.-AES_set_decrypt_key
892 my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
895 .globl AES_cbc_encrypt
900 brz $enc, .Lcbc_decrypt
903 bl,pt %icc, aes128_t4_cbc_encrypt
905 be,pn %icc, aes192_t4_cbc_encrypt
907 ba aes256_t4_cbc_encrypt
911 bl,pt %icc, aes128_t4_cbc_decrypt
913 be,pn %icc, aes192_t4_cbc_decrypt
915 ba aes256_t4_cbc_decrypt
917 .type AES_cbc_encrypt,#function
918 .size AES_cbc_encrypt,.-AES_cbc_encrypt
922 .asciz "AES for SPARC T4, David S. Miller, Andy Polyakov"
928 close STDOUT or die "error closing STDOUT";
projects / openssl.git / blob