X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Faes%2Fasm%2Faes-sparcv9.pl;h=c57b3a2d6d341d7971712d2e38aa40d2abd537ea;hp=30f38d7a5a2ec060b97513cf16939c3ca146434b;hb=8ca28da0a798d2289b71b750dad191066600c166;hpb=7395d852c307f06e0f428a3de6783e5dc9308024;ds=sidebyside diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl index 30f38d7a5a..c57b3a2d6d 100755 --- a/crypto/aes/asm/aes-sparcv9.pl +++ b/crypto/aes/asm/aes-sparcv9.pl @@ -6,7 +6,7 @@ # forms are granted according to the OpenSSL license. # ==================================================================== # -# Version 1.0 +# Version 1.1 # # The major reason for undertaken effort was to mitigate the hazard of # cache-timing attack. This is [currently and initially!] addressed in @@ -16,6 +16,9 @@ # is an initial draft and one should expect more countermeasures to # be implemented... # +# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last +# round. +# # Even though performance was not the primary goal [on the contrary, # extra shifts "induced" by compressed S-box and longer loop epilogue # "induced" by scheduling for L2 have negative effect on performance], @@ -78,7 +81,7 @@ ___ $code.=<<___; .section ".text",#alloc,#execinstr -.align 64 +.align 256 AES_Te: ___ &_data_word( @@ -364,20 +367,28 @@ _sparcv9_AES_encrypt: ld [$key+28],$t3 ! srlx $acc9,8,$acc9 xor $acc5,$s1,$s1 + ldx [$tbl+2048+0],%g0 ! prefetch te4 srlx $acc10,16,$acc10 xor $acc6,$s1,$s1 + ldx [$tbl+2048+32],%g0 ! prefetch te4 srlx $acc11,24,$acc11 xor $acc7,$s1,$s1 + ldx [$tbl+2048+64],%g0 ! prefetch te4 srlx $acc13,8,$acc13 xor $acc8,$s2,$s2 + ldx [$tbl+2048+96],%g0 ! prefetch te4 srlx $acc14,16,$acc14 ! xor $acc9,$s2,$s2 + ldx [$tbl+2048+128],%g0 ! prefetch te4 srlx $acc15,24,$acc15 xor $acc10,$s2,$s2 + ldx [$tbl+2048+160],%g0 ! prefetch te4 srl $s0,21,$acc0 xor $acc11,$s2,$s2 + ldx [$tbl+2048+192],%g0 ! prefetch te4 xor $acc12,$acc14,$acc14 xor $acc13,$s3,$s3 + ldx [$tbl+2048+224],%g0 ! prefetch te4 srl $s1,13,$acc1 ! xor $acc14,$s3,$s3 xor $acc15,$s3,$s3 @@ -512,10 +523,9 @@ AES_encrypt: ld [%i0+12],%o3 1: call .+8 - mov %i2,%o5 - sub %o7,1b-AES_Te,%o4 + add %o7,AES_Te-1b,%o4 call _sparcv9_AES_encrypt - nop + mov %i2,%o5 st %o0,[%i1+0] st %o1,[%i1+4] @@ -573,10 +583,9 @@ AES_encrypt: or %l4,%l6,%o3 1: call .+8 - mov %i2,%o5 - sub %o7,1b-AES_Te,%o4 + add %o7,AES_Te-1b,%o4 call _sparcv9_AES_encrypt - nop + mov %i2,%o5 srl %o0,24,%l0 srl %o0,16,%l1 @@ -618,7 +627,7 @@ AES_encrypt: ___ $code.=<<___; -.align 64 +.align 256 AES_Td: ___ &_data_word( @@ -904,20 +913,28 @@ _sparcv9_AES_decrypt: ld [$key+28],$t3 ! srlx $acc9,8,$acc9 xor $acc5,$s1,$s1 + ldx [$tbl+2048+0],%g0 ! prefetch td4 srlx $acc10,16,$acc10 xor $acc6,$s1,$s1 + ldx [$tbl+2048+32],%g0 ! prefetch td4 srlx $acc11,24,$acc11 xor $acc7,$s1,$s1 + ldx [$tbl+2048+64],%g0 ! prefetch td4 srlx $acc13,8,$acc13 xor $acc8,$s2,$s2 + ldx [$tbl+2048+96],%g0 ! prefetch td4 srlx $acc14,16,$acc14 ! xor $acc9,$s2,$s2 + ldx [$tbl+2048+128],%g0 ! prefetch td4 srlx $acc15,24,$acc15 xor $acc10,$s2,$s2 + ldx [$tbl+2048+160],%g0 ! prefetch td4 srl $s0,21,$acc0 xor $acc11,$s2,$s2 + ldx [$tbl+2048+192],%g0 ! prefetch td4 xor $acc12,$acc14,$acc14 xor $acc13,$s3,$s3 + ldx [$tbl+2048+224],%g0 ! prefetch td4 and $acc0,2040,$acc0 ! xor $acc14,$s3,$s3 xor $acc15,$s3,$s3 @@ -1052,10 +1069,9 @@ AES_decrypt: ld [%i0+12],%o3 1: call .+8 - mov %i2,%o5 - sub %o7,1b-AES_Td,%o4 + add %o7,AES_Td-1b,%o4 call _sparcv9_AES_decrypt - nop + mov %i2,%o5 st %o0,[%i1+0] st %o1,[%i1+4] @@ -1113,10 +1129,9 @@ AES_decrypt: or %l4,%l6,%o3 1: call .+8 - mov %i2,%o5 - sub %o7,1b-AES_Td,%o4 + add %o7,AES_Td-1b,%o4 call _sparcv9_AES_decrypt - nop + mov %i2,%o5 srl %o0,24,%l0 srl %o0,16,%l1