7237N/A#!/usr/bin/env perl
7237N/A
7237N/A# ====================================================================
7237N/A# Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
7237N/A# <appro@openssl.org>. The module is licensed under 2-clause BSD
7237N/A# license. October 2012. All rights reserved.
7237N/A# ====================================================================
7237N/A
7237N/A######################################################################
7237N/A# AES for SPARC T4.
7237N/A#
7237N/A# AES round instructions complete in 3 cycles and can be issued every
7237N/A# cycle. It means that round calculations should take 4*rounds cycles,
7237N/A# because any given round instruction depends on result of *both*
7237N/A# previous instructions:
7237N/A#
7237N/A# |0 |1 |2 |3 |4
7237N/A# |01|01|01|
7237N/A# |23|23|23|
7237N/A# |01|01|...
7237N/A# |23|...
7237N/A#
7237N/A# Provided that fxor [with IV] takes 3 cycles to complete, critical
7237N/A# path length for CBC encrypt would be 3+4*rounds, or in other words
7237N/A# it should process one byte in at least (3+4*rounds)/16 cycles. This
7237N/A# estimate doesn't account for "collateral" instructions, such as
7237N/A# fetching input from memory, xor-ing it with zero-round key and
7237N/A# storing the result. Yet, *measured* performance [for data aligned
7237N/A# at 64-bit boundary!] deviates from this equation by less than 0.5%:
7237N/A#
7237N/A# 128-bit key 192- 256-
7237N/A# CBC encrypt 2.70/2.90(*) 3.20/3.40 3.70/3.90
7237N/A# (*) numbers after slash are for
7237N/A# misaligned data.
7237N/A#
7237N/A# Out-of-order execution logic managed to fully overlap "collateral"
7237N/A# instructions with those on critical path. Amazing!
7237N/A#
7237N/A# As with Intel AES-NI, question is if it's possible to improve
7237N/A# performance of parallelizeable modes by interleaving round
7237N/A# instructions. Provided round instruction latency and throughput
7237N/A# optimal interleave factor is 2. But can we expect 2x performance
7237N/A# improvement? Well, as round instructions can be issued one per
7237N/A# cycle, they don't saturate the 2-way issue pipeline and therefore
7237N/A# there is room for "collateral" calculations... Yet, 2x speed-up
7237N/A# over CBC encrypt remains unattaintable:
7237N/A#
7237N/A# 128-bit key 192- 256-
7237N/A# CBC decrypt 1.64/2.11 1.89/2.37 2.23/2.61
7237N/A# CTR 1.64/2.08(*) 1.89/2.33 2.23/2.61
7237N/A# (*) numbers after slash are for
7237N/A# misaligned data.
7237N/A#
7237N/A# Estimates based on amount of instructions under assumption that
7237N/A# round instructions are not pairable with any other instruction
7237N/A# suggest that latter is the actual case and pipeline runs
7237N/A# underutilized. It should be noted that T4 out-of-order execution
7237N/A# logic is so capable that performance gain from 2x interleave is
7237N/A# not even impressive, ~7-13% over non-interleaved code, largest
7237N/A# for 256-bit keys.
7237N/A
7237N/A# To anchor to something else, software implementation processes
7237N/A# one byte in 29 cycles with 128-bit key on same processor. Intel
7237N/A# Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts
7237N/A# in 0.93, naturally with AES-NI.
7237N/A
7237N/A$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
7237N/Apush(@INC,"${dir}","${dir}../../perlasm");
7237N/Arequire "sparcv9_modes.pl";
7237N/A
7237N/A&asm_init(@ARGV);
7237N/A
7237N/A$::evp=1; # if $evp is set to 0, script generates module with
7237N/A# AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry
7237N/A# points. These however are not fully compatible with openssl/aes.h,
7237N/A# because they expect AES_KEY to be aligned at 64-bit boundary. When
7237N/A# used through EVP, alignment is arranged at EVP layer. Second thing
7237N/A# that is arranged by EVP is at least 32-bit alignment of IV.
7237N/A
7237N/A######################################################################
7237N/A# single-round subroutines
7237N/A#
7237N/A{
7237N/Amy ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
7237N/A
7237N/A$code.=<<___ if ($::abibits==64);
7237N/A.register %g2,#scratch
7237N/A.register %g3,#scratch
7237N/A
7237N/A___
7237N/A$code.=<<___;
7237N/A#include <openssl/fipssyms.h>
7237N/A
7237N/A.text
7237N/A
7237N/A.globl aes_t4_encrypt
7237N/A.align 32
7237N/Aaes_t4_encrypt:
7237N/A andcc $inp, 7, %g1 ! is input aligned?
7237N/A andn $inp, 7, $inp
7237N/A
7237N/A ldx [$key + 0], %g4
7237N/A ldx [$key + 8], %g5
7237N/A
7237N/A ldx [$inp + 0], %o4
7237N/A bz,pt %icc, 1f
7237N/A ldx [$inp + 8], %o5
7237N/A ldx [$inp + 16], $inp
7237N/A sll %g1, 3, %g1
7237N/A sub %g0, %g1, %o3
7237N/A sllx %o4, %g1, %o4
7237N/A sllx %o5, %g1, %g1
7237N/A srlx %o5, %o3, %o5
7237N/A srlx $inp, %o3, %o3
7237N/A or %o5, %o4, %o4
7237N/A or %o3, %g1, %o5
7237N/A1:
7237N/A ld [$key + 240], $rounds
7237N/A ldd [$key + 16], %f12
7237N/A ldd [$key + 24], %f14
7237N/A xor %g4, %o4, %o4
7237N/A xor %g5, %o5, %o5
7237N/A movxtod %o4, %f0
7237N/A movxtod %o5, %f2
7237N/A srl $rounds, 1, $rounds
7237N/A ldd [$key + 32], %f16
7237N/A sub $rounds, 1, $rounds
7237N/A ldd [$key + 40], %f18
7237N/A add $key, 48, $key
7237N/A
7237N/A.Lenc:
7237N/A aes_eround01 %f12, %f0, %f2, %f4
7237N/A aes_eround23 %f14, %f0, %f2, %f2
7237N/A ldd [$key + 0], %f12
7237N/A ldd [$key + 8], %f14
7237N/A sub $rounds,1,$rounds
7237N/A aes_eround01 %f16, %f4, %f2, %f0
7237N/A aes_eround23 %f18, %f4, %f2, %f2
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A brnz,pt $rounds, .Lenc
7237N/A add $key, 32, $key
7237N/A
7237N/A andcc $out, 7, $tmp ! is output aligned?
7237N/A aes_eround01 %f12, %f0, %f2, %f4
7237N/A aes_eround23 %f14, %f0, %f2, %f2
7237N/A aes_eround01_l %f16, %f4, %f2, %f0
7237N/A aes_eround23_l %f18, %f4, %f2, %f2
7237N/A
7237N/A bnz,pn %icc, 2f
7237N/A nop
7237N/A
7237N/A std %f0, [$out + 0]
7237N/A retl
7237N/A std %f2, [$out + 8]
7237N/A
7237N/A2: alignaddrl $out, %g0, $out
7237N/A mov 0xff, $mask
7237N/A srl $mask, $tmp, $mask
7237N/A
7237N/A faligndata %f0, %f0, %f4
7237N/A faligndata %f0, %f2, %f6
7237N/A faligndata %f2, %f2, %f8
7237N/A
7237N/A stda %f4, [$out + $mask]0xc0 ! partial store
7237N/A std %f6, [$out + 8]
7237N/A add $out, 16, $out
7237N/A orn %g0, $mask, $mask
7237N/A retl
7237N/A stda %f8, [$out + $mask]0xc0 ! partial store
7237N/A.type aes_t4_encrypt,#function
7237N/A.size aes_t4_encrypt,.-aes_t4_encrypt
7237N/A
7237N/A.globl aes_t4_decrypt
7237N/A.align 32
7237N/Aaes_t4_decrypt:
7237N/A andcc $inp, 7, %g1 ! is input aligned?
7237N/A andn $inp, 7, $inp
7237N/A
7237N/A ldx [$key + 0], %g4
7237N/A ldx [$key + 8], %g5
7237N/A
7237N/A ldx [$inp + 0], %o4
7237N/A bz,pt %icc, 1f
7237N/A ldx [$inp + 8], %o5
7237N/A ldx [$inp + 16], $inp
7237N/A sll %g1, 3, %g1
7237N/A sub %g0, %g1, %o3
7237N/A sllx %o4, %g1, %o4
7237N/A sllx %o5, %g1, %g1
7237N/A srlx %o5, %o3, %o5
7237N/A srlx $inp, %o3, %o3
7237N/A or %o5, %o4, %o4
7237N/A or %o3, %g1, %o5
7237N/A1:
7237N/A ld [$key + 240], $rounds
7237N/A ldd [$key + 16], %f12
7237N/A ldd [$key + 24], %f14
7237N/A xor %g4, %o4, %o4
7237N/A xor %g5, %o5, %o5
7237N/A movxtod %o4, %f0
7237N/A movxtod %o5, %f2
7237N/A srl $rounds, 1, $rounds
7237N/A ldd [$key + 32], %f16
7237N/A sub $rounds, 1, $rounds
7237N/A ldd [$key + 40], %f18
7237N/A add $key, 48, $key
7237N/A
7237N/A.Ldec:
7237N/A aes_dround01 %f12, %f0, %f2, %f4
7237N/A aes_dround23 %f14, %f0, %f2, %f2
7237N/A ldd [$key + 0], %f12
7237N/A ldd [$key + 8], %f14
7237N/A sub $rounds,1,$rounds
7237N/A aes_dround01 %f16, %f4, %f2, %f0
7237N/A aes_dround23 %f18, %f4, %f2, %f2
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A brnz,pt $rounds, .Ldec
7237N/A add $key, 32, $key
7237N/A
7237N/A andcc $out, 7, $tmp ! is output aligned?
7237N/A aes_dround01 %f12, %f0, %f2, %f4
7237N/A aes_dround23 %f14, %f0, %f2, %f2
7237N/A aes_dround01_l %f16, %f4, %f2, %f0
7237N/A aes_dround23_l %f18, %f4, %f2, %f2
7237N/A
7237N/A bnz,pn %icc, 2f
7237N/A nop
7237N/A
7237N/A std %f0, [$out + 0]
7237N/A retl
7237N/A std %f2, [$out + 8]
7237N/A
7237N/A2: alignaddrl $out, %g0, $out
7237N/A mov 0xff, $mask
7237N/A srl $mask, $tmp, $mask
7237N/A
7237N/A faligndata %f0, %f0, %f4
7237N/A faligndata %f0, %f2, %f6
7237N/A faligndata %f2, %f2, %f8
7237N/A
7237N/A stda %f4, [$out + $mask]0xc0 ! partial store
7237N/A std %f6, [$out + 8]
7237N/A add $out, 16, $out
7237N/A orn %g0, $mask, $mask
7237N/A retl
7237N/A stda %f8, [$out + $mask]0xc0 ! partial store
7237N/A.type aes_t4_decrypt,#function
7237N/A.size aes_t4_decrypt,.-aes_t4_decrypt
7237N/A___
7237N/A}
7237N/A
7237N/A######################################################################
7237N/A# key setup subroutines
7237N/A#
7237N/A{
7237N/Amy ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
7237N/A$code.=<<___;
7237N/A.globl aes_t4_set_encrypt_key
7237N/A.align 32
7237N/Aaes_t4_set_encrypt_key:
7237N/A.Lset_encrypt_key:
7237N/A and $inp, 7, $tmp
7237N/A alignaddr $inp, %g0, $inp
7237N/A cmp $bits, 192
7237N/A ldd [$inp + 0], %f0
7237N/A bl,pt %icc,.L128
7237N/A ldd [$inp + 8], %f2
7237N/A
7237N/A be,pt %icc,.L192
7237N/A ldd [$inp + 16], %f4
7237N/A brz,pt $tmp, .L256aligned
7237N/A ldd [$inp + 24], %f6
7237N/A
7237N/A ldd [$inp + 32], %f8
7237N/A faligndata %f0, %f2, %f0
7237N/A faligndata %f2, %f4, %f2
7237N/A faligndata %f4, %f6, %f4
7237N/A faligndata %f6, %f8, %f6
7237N/A.L256aligned:
7237N/A___
7237N/Afor ($i=0; $i<6; $i++) {
7237N/A $code.=<<___;
7237N/A std %f0, [$out + `32*$i+0`]
7237N/A aes_kexpand1 %f0, %f6, $i, %f0
7237N/A std %f2, [$out + `32*$i+8`]
7237N/A aes_kexpand2 %f2, %f0, %f2
7237N/A std %f4, [$out + `32*$i+16`]
7237N/A aes_kexpand0 %f4, %f2, %f4
7237N/A std %f6, [$out + `32*$i+24`]
7237N/A aes_kexpand2 %f6, %f4, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A std %f0, [$out + `32*$i+0`]
7237N/A aes_kexpand1 %f0, %f6, $i, %f0
7237N/A std %f2, [$out + `32*$i+8`]
7237N/A aes_kexpand2 %f2, %f0, %f2
7237N/A std %f4, [$out + `32*$i+16`]
7237N/A std %f6, [$out + `32*$i+24`]
7237N/A std %f0, [$out + `32*$i+32`]
7237N/A std %f2, [$out + `32*$i+40`]
7237N/A
7237N/A mov 14, $tmp
7237N/A st $tmp, [$out + 240]
7237N/A retl
7237N/A xor %o0, %o0, %o0
7237N/A
7237N/A.align 16
7237N/A.L192:
7237N/A brz,pt $tmp, .L192aligned
7237N/A nop
7237N/A
7237N/A ldd [$inp + 24], %f6
7237N/A faligndata %f0, %f2, %f0
7237N/A faligndata %f2, %f4, %f2
7237N/A faligndata %f4, %f6, %f4
7237N/A.L192aligned:
7237N/A___
7237N/Afor ($i=0; $i<7; $i++) {
7237N/A $code.=<<___;
7237N/A std %f0, [$out + `24*$i+0`]
7237N/A aes_kexpand1 %f0, %f4, $i, %f0
7237N/A std %f2, [$out + `24*$i+8`]
7237N/A aes_kexpand2 %f2, %f0, %f2
7237N/A std %f4, [$out + `24*$i+16`]
7237N/A aes_kexpand2 %f4, %f2, %f4
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A std %f0, [$out + `24*$i+0`]
7237N/A aes_kexpand1 %f0, %f4, $i, %f0
7237N/A std %f2, [$out + `24*$i+8`]
7237N/A aes_kexpand2 %f2, %f0, %f2
7237N/A std %f4, [$out + `24*$i+16`]
7237N/A std %f0, [$out + `24*$i+24`]
7237N/A std %f2, [$out + `24*$i+32`]
7237N/A
7237N/A mov 12, $tmp
7237N/A st $tmp, [$out + 240]
7237N/A retl
7237N/A xor %o0, %o0, %o0
7237N/A
7237N/A.align 16
7237N/A.L128:
7237N/A brz,pt $tmp, .L128aligned
7237N/A nop
7237N/A
7237N/A ldd [$inp + 16], %f4
7237N/A faligndata %f0, %f2, %f0
7237N/A faligndata %f2, %f4, %f2
7237N/A.L128aligned:
7237N/A___
7237N/Afor ($i=0; $i<10; $i++) {
7237N/A $code.=<<___;
7237N/A std %f0, [$out + `16*$i+0`]
7237N/A aes_kexpand1 %f0, %f2, $i, %f0
7237N/A std %f2, [$out + `16*$i+8`]
7237N/A aes_kexpand2 %f2, %f0, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A std %f0, [$out + `16*$i+0`]
7237N/A std %f2, [$out + `16*$i+8`]
7237N/A
7237N/A mov 10, $tmp
7237N/A st $tmp, [$out + 240]
7237N/A retl
7237N/A xor %o0, %o0, %o0
7237N/A.type aes_t4_set_encrypt_key,#function
7237N/A.size aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key
7237N/A
7237N/A.globl aes_t4_set_decrypt_key
7237N/A.align 32
7237N/Aaes_t4_set_decrypt_key:
7237N/A mov %o7, %o5
7237N/A call .Lset_encrypt_key
7237N/A nop
7237N/A
7237N/A mov %o5, %o7
7237N/A sll $tmp, 4, $inp ! $tmp is number of rounds
7237N/A add $tmp, 2, $tmp
7237N/A add $out, $inp, $inp ! $inp=$out+16*rounds
7237N/A srl $tmp, 2, $tmp ! $tmp=(rounds+2)/4
7237N/A
7237N/A.Lkey_flip:
7237N/A ldd [$out + 0], %f0
7237N/A ldd [$out + 8], %f2
7237N/A ldd [$out + 16], %f4
7237N/A ldd [$out + 24], %f6
7237N/A ldd [$inp + 0], %f8
7237N/A ldd [$inp + 8], %f10
7237N/A ldd [$inp - 16], %f12
7237N/A ldd [$inp - 8], %f14
7237N/A sub $tmp, 1, $tmp
7237N/A std %f0, [$inp + 0]
7237N/A std %f2, [$inp + 8]
7237N/A std %f4, [$inp - 16]
7237N/A std %f6, [$inp - 8]
7237N/A std %f8, [$out + 0]
7237N/A std %f10, [$out + 8]
7237N/A std %f12, [$out + 16]
7237N/A std %f14, [$out + 24]
7237N/A add $out, 32, $out
7237N/A brnz $tmp, .Lkey_flip
7237N/A sub $inp, 32, $inp
7237N/A
7237N/A retl
7237N/A xor %o0, %o0, %o0
7237N/A.type aes_t4_set_decrypt_key,#function
7237N/A.size aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key
7237N/A___
7237N/A}
7237N/A
7237N/A{{{
7237N/Amy ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
7237N/Amy ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
7237N/A
7237N/A$code.=<<___;
7237N/A.align 32
7237N/A_aes128_encrypt_1x:
7237N/A___
7237N/Afor ($i=0; $i<4; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f48, %f0, %f2, %f4
7237N/A aes_eround23 %f50, %f0, %f2, %f2
7237N/A aes_eround01_l %f52, %f4, %f2, %f0
7237N/A retl
7237N/A aes_eround23_l %f54, %f4, %f2, %f2
7237N/A.type _aes128_encrypt_1x,#function
7237N/A.size _aes128_encrypt_1x,.-_aes128_encrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes128_encrypt_2x:
7237N/A___
7237N/Afor ($i=0; $i<4; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f48, %f0, %f2, %f8
7237N/A aes_eround23 %f50, %f0, %f2, %f2
7237N/A aes_eround01 %f48, %f4, %f6, %f10
7237N/A aes_eround23 %f50, %f4, %f6, %f6
7237N/A aes_eround01_l %f52, %f8, %f2, %f0
7237N/A aes_eround23_l %f54, %f8, %f2, %f2
7237N/A aes_eround01_l %f52, %f10, %f6, %f4
7237N/A retl
7237N/A aes_eround23_l %f54, %f10, %f6, %f6
7237N/A.type _aes128_encrypt_2x,#function
7237N/A.size _aes128_encrypt_2x,.-_aes128_encrypt_2x
7237N/A
7237N/A.align 32
7237N/A_aes128_loadkey:
7237N/A ldx [$key + 0], %g4
7237N/A ldx [$key + 8], %g5
7237N/A___
7237N/Afor ($i=2; $i<22;$i++) { # load key schedule
7237N/A $code.=<<___;
7237N/A ldd [$key + `8*$i`], %f`12+2*$i`
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A retl
7237N/A nop
7237N/A.type _aes128_loadkey,#function
7237N/A.size _aes128_loadkey,.-_aes128_loadkey
7237N/A_aes128_load_enckey=_aes128_loadkey
7237N/A_aes128_load_deckey=_aes128_loadkey
7237N/A
7237N/A___
7237N/A
7237N/A&alg_cbc_encrypt_implement("aes",128);
7237N/Aif ($::evp) {
7237N/A &alg_ctr32_implement("aes",128);
7237N/A &alg_xts_implement("aes",128,"en");
7237N/A &alg_xts_implement("aes",128,"de");
7237N/A}
7237N/A&alg_cbc_decrypt_implement("aes",128);
7237N/A
7237N/A$code.=<<___;
7237N/A.align 32
7237N/A_aes128_decrypt_1x:
7237N/A___
7237N/Afor ($i=0; $i<4; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f48, %f0, %f2, %f4
7237N/A aes_dround23 %f50, %f0, %f2, %f2
7237N/A aes_dround01_l %f52, %f4, %f2, %f0
7237N/A retl
7237N/A aes_dround23_l %f54, %f4, %f2, %f2
7237N/A.type _aes128_decrypt_1x,#function
7237N/A.size _aes128_decrypt_1x,.-_aes128_decrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes128_decrypt_2x:
7237N/A___
7237N/Afor ($i=0; $i<4; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f48, %f0, %f2, %f8
7237N/A aes_dround23 %f50, %f0, %f2, %f2
7237N/A aes_dround01 %f48, %f4, %f6, %f10
7237N/A aes_dround23 %f50, %f4, %f6, %f6
7237N/A aes_dround01_l %f52, %f8, %f2, %f0
7237N/A aes_dround23_l %f54, %f8, %f2, %f2
7237N/A aes_dround01_l %f52, %f10, %f6, %f4
7237N/A retl
7237N/A aes_dround23_l %f54, %f10, %f6, %f6
7237N/A.type _aes128_decrypt_2x,#function
7237N/A.size _aes128_decrypt_2x,.-_aes128_decrypt_2x
7237N/A___
7237N/A
7237N/A$code.=<<___;
7237N/A.align 32
7237N/A_aes192_encrypt_1x:
7237N/A___
7237N/Afor ($i=0; $i<5; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f56, %f0, %f2, %f4
7237N/A aes_eround23 %f58, %f0, %f2, %f2
7237N/A aes_eround01_l %f60, %f4, %f2, %f0
7237N/A retl
7237N/A aes_eround23_l %f62, %f4, %f2, %f2
7237N/A.type _aes192_encrypt_1x,#function
7237N/A.size _aes192_encrypt_1x,.-_aes192_encrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes192_encrypt_2x:
7237N/A___
7237N/Afor ($i=0; $i<5; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f56, %f0, %f2, %f8
7237N/A aes_eround23 %f58, %f0, %f2, %f2
7237N/A aes_eround01 %f56, %f4, %f6, %f10
7237N/A aes_eround23 %f58, %f4, %f6, %f6
7237N/A aes_eround01_l %f60, %f8, %f2, %f0
7237N/A aes_eround23_l %f62, %f8, %f2, %f2
7237N/A aes_eround01_l %f60, %f10, %f6, %f4
7237N/A retl
7237N/A aes_eround23_l %f62, %f10, %f6, %f6
7237N/A.type _aes192_encrypt_2x,#function
7237N/A.size _aes192_encrypt_2x,.-_aes192_encrypt_2x
7237N/A
7237N/A.align 32
7237N/A_aes256_encrypt_1x:
7237N/A aes_eround01 %f16, %f0, %f2, %f4
7237N/A aes_eround23 %f18, %f0, %f2, %f2
7237N/A ldd [$key + 208], %f16
7237N/A ldd [$key + 216], %f18
7237N/A aes_eround01 %f20, %f4, %f2, %f0
7237N/A aes_eround23 %f22, %f4, %f2, %f2
7237N/A ldd [$key + 224], %f20
7237N/A ldd [$key + 232], %f22
7237N/A___
7237N/Afor ($i=1; $i<6; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f16, %f0, %f2, %f4
7237N/A aes_eround23 %f18, %f0, %f2, %f2
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A aes_eround01_l %f20, %f4, %f2, %f0
7237N/A aes_eround23_l %f22, %f4, %f2, %f2
7237N/A ldd [$key + 32], %f20
7237N/A retl
7237N/A ldd [$key + 40], %f22
7237N/A.type _aes256_encrypt_1x,#function
7237N/A.size _aes256_encrypt_1x,.-_aes256_encrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes256_encrypt_2x:
7237N/A aes_eround01 %f16, %f0, %f2, %f8
7237N/A aes_eround23 %f18, %f0, %f2, %f2
7237N/A aes_eround01 %f16, %f4, %f6, %f10
7237N/A aes_eround23 %f18, %f4, %f6, %f6
7237N/A ldd [$key + 208], %f16
7237N/A ldd [$key + 216], %f18
7237N/A aes_eround01 %f20, %f8, %f2, %f0
7237N/A aes_eround23 %f22, %f8, %f2, %f2
7237N/A aes_eround01 %f20, %f10, %f6, %f4
7237N/A aes_eround23 %f22, %f10, %f6, %f6
7237N/A ldd [$key + 224], %f20
7237N/A ldd [$key + 232], %f22
7237N/A___
7237N/Afor ($i=1; $i<6; $i++) {
7237N/A $code.=<<___;
7237N/A aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_eround01 %f16, %f0, %f2, %f8
7237N/A aes_eround23 %f18, %f0, %f2, %f2
7237N/A aes_eround01 %f16, %f4, %f6, %f10
7237N/A aes_eround23 %f18, %f4, %f6, %f6
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A aes_eround01_l %f20, %f8, %f2, %f0
7237N/A aes_eround23_l %f22, %f8, %f2, %f2
7237N/A aes_eround01_l %f20, %f10, %f6, %f4
7237N/A aes_eround23_l %f22, %f10, %f6, %f6
7237N/A ldd [$key + 32], %f20
7237N/A retl
7237N/A ldd [$key + 40], %f22
7237N/A.type _aes256_encrypt_2x,#function
7237N/A.size _aes256_encrypt_2x,.-_aes256_encrypt_2x
7237N/A
7237N/A.align 32
7237N/A_aes192_loadkey:
7237N/A ldx [$key + 0], %g4
7237N/A ldx [$key + 8], %g5
7237N/A___
7237N/Afor ($i=2; $i<26;$i++) { # load key schedule
7237N/A $code.=<<___;
7237N/A ldd [$key + `8*$i`], %f`12+2*$i`
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A retl
7237N/A nop
7237N/A.type _aes192_loadkey,#function
7237N/A.size _aes192_loadkey,.-_aes192_loadkey
7237N/A_aes256_loadkey=_aes192_loadkey
7237N/A_aes192_load_enckey=_aes192_loadkey
7237N/A_aes192_load_deckey=_aes192_loadkey
7237N/A_aes256_load_enckey=_aes192_loadkey
7237N/A_aes256_load_deckey=_aes192_loadkey
7237N/A___
7237N/A
7237N/A&alg_cbc_encrypt_implement("aes",256);
7237N/A&alg_cbc_encrypt_implement("aes",192);
7237N/Aif ($::evp) {
7237N/A &alg_ctr32_implement("aes",256);
7237N/A &alg_xts_implement("aes",256,"en");
7237N/A &alg_xts_implement("aes",256,"de");
7237N/A &alg_ctr32_implement("aes",192);
7237N/A}
7237N/A&alg_cbc_decrypt_implement("aes",192);
7237N/A&alg_cbc_decrypt_implement("aes",256);
7237N/A
7237N/A$code.=<<___;
7237N/A.align 32
7237N/A_aes256_decrypt_1x:
7237N/A aes_dround01 %f16, %f0, %f2, %f4
7237N/A aes_dround23 %f18, %f0, %f2, %f2
7237N/A ldd [$key + 208], %f16
7237N/A ldd [$key + 216], %f18
7237N/A aes_dround01 %f20, %f4, %f2, %f0
7237N/A aes_dround23 %f22, %f4, %f2, %f2
7237N/A ldd [$key + 224], %f20
7237N/A ldd [$key + 232], %f22
7237N/A___
7237N/Afor ($i=1; $i<6; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f16, %f0, %f2, %f4
7237N/A aes_dround23 %f18, %f0, %f2, %f2
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A aes_dround01_l %f20, %f4, %f2, %f0
7237N/A aes_dround23_l %f22, %f4, %f2, %f2
7237N/A ldd [$key + 32], %f20
7237N/A retl
7237N/A ldd [$key + 40], %f22
7237N/A.type _aes256_decrypt_1x,#function
7237N/A.size _aes256_decrypt_1x,.-_aes256_decrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes256_decrypt_2x:
7237N/A aes_dround01 %f16, %f0, %f2, %f8
7237N/A aes_dround23 %f18, %f0, %f2, %f2
7237N/A aes_dround01 %f16, %f4, %f6, %f10
7237N/A aes_dround23 %f18, %f4, %f6, %f6
7237N/A ldd [$key + 208], %f16
7237N/A ldd [$key + 216], %f18
7237N/A aes_dround01 %f20, %f8, %f2, %f0
7237N/A aes_dround23 %f22, %f8, %f2, %f2
7237N/A aes_dround01 %f20, %f10, %f6, %f4
7237N/A aes_dround23 %f22, %f10, %f6, %f6
7237N/A ldd [$key + 224], %f20
7237N/A ldd [$key + 232], %f22
7237N/A___
7237N/Afor ($i=1; $i<6; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f16, %f0, %f2, %f8
7237N/A aes_dround23 %f18, %f0, %f2, %f2
7237N/A aes_dround01 %f16, %f4, %f6, %f10
7237N/A aes_dround23 %f18, %f4, %f6, %f6
7237N/A ldd [$key + 16], %f16
7237N/A ldd [$key + 24], %f18
7237N/A aes_dround01_l %f20, %f8, %f2, %f0
7237N/A aes_dround23_l %f22, %f8, %f2, %f2
7237N/A aes_dround01_l %f20, %f10, %f6, %f4
7237N/A aes_dround23_l %f22, %f10, %f6, %f6
7237N/A ldd [$key + 32], %f20
7237N/A retl
7237N/A ldd [$key + 40], %f22
7237N/A.type _aes256_decrypt_2x,#function
7237N/A.size _aes256_decrypt_2x,.-_aes256_decrypt_2x
7237N/A
7237N/A.align 32
7237N/A_aes192_decrypt_1x:
7237N/A___
7237N/Afor ($i=0; $i<5; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f56, %f0, %f2, %f4
7237N/A aes_dround23 %f58, %f0, %f2, %f2
7237N/A aes_dround01_l %f60, %f4, %f2, %f0
7237N/A retl
7237N/A aes_dround23_l %f62, %f4, %f2, %f2
7237N/A.type _aes192_decrypt_1x,#function
7237N/A.size _aes192_decrypt_1x,.-_aes192_decrypt_1x
7237N/A
7237N/A.align 32
7237N/A_aes192_decrypt_2x:
7237N/A___
7237N/Afor ($i=0; $i<5; $i++) {
7237N/A $code.=<<___;
7237N/A aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8
7237N/A aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10
7237N/A aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6
7237N/A aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0
7237N/A aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2
7237N/A aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4
7237N/A aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A aes_dround01 %f56, %f0, %f2, %f8
7237N/A aes_dround23 %f58, %f0, %f2, %f2
7237N/A aes_dround01 %f56, %f4, %f6, %f10
7237N/A aes_dround23 %f58, %f4, %f6, %f6
7237N/A aes_dround01_l %f60, %f8, %f2, %f0
7237N/A aes_dround23_l %f62, %f8, %f2, %f2
7237N/A aes_dround01_l %f60, %f10, %f6, %f4
7237N/A retl
7237N/A aes_dround23_l %f62, %f10, %f6, %f6
7237N/A.type _aes192_decrypt_2x,#function
7237N/A.size _aes192_decrypt_2x,.-_aes192_decrypt_2x
7237N/A___
7237N/A}}}
7237N/A
7237N/Aif (!$::evp) {
7237N/A$code.=<<___;
7237N/A.global AES_encrypt
7237N/AAES_encrypt=aes_t4_encrypt
7237N/A.global AES_decrypt
7237N/AAES_decrypt=aes_t4_decrypt
7237N/A.global AES_set_encrypt_key
7237N/A.align 32
7237N/AAES_set_encrypt_key:
7237N/A andcc %o2, 7, %g0 ! check alignment
7237N/A bnz,a,pn %icc, 1f
7237N/A mov -1, %o0
7237N/A brz,a,pn %o0, 1f
7237N/A mov -1, %o0
7237N/A brz,a,pn %o2, 1f
7237N/A mov -1, %o0
7237N/A andncc %o1, 0x1c0, %g0
7237N/A bnz,a,pn %icc, 1f
7237N/A mov -2, %o0
7237N/A cmp %o1, 128
7237N/A bl,a,pn %icc, 1f
7237N/A mov -2, %o0
7237N/A b aes_t4_set_encrypt_key
7237N/A nop
7237N/A1: retl
7237N/A nop
7237N/A.type AES_set_encrypt_key,#function
7237N/A.size AES_set_encrypt_key,.-AES_set_encrypt_key
7237N/A
7237N/A.global AES_set_decrypt_key
7237N/A.align 32
7237N/AAES_set_decrypt_key:
7237N/A andcc %o2, 7, %g0 ! check alignment
7237N/A bnz,a,pn %icc, 1f
7237N/A mov -1, %o0
7237N/A brz,a,pn %o0, 1f
7237N/A mov -1, %o0
7237N/A brz,a,pn %o2, 1f
7237N/A mov -1, %o0
7237N/A andncc %o1, 0x1c0, %g0
7237N/A bnz,a,pn %icc, 1f
7237N/A mov -2, %o0
7237N/A cmp %o1, 128
7237N/A bl,a,pn %icc, 1f
7237N/A mov -2, %o0
7237N/A b aes_t4_set_decrypt_key
7237N/A nop
7237N/A1: retl
7237N/A nop
7237N/A.type AES_set_decrypt_key,#function
7237N/A.size AES_set_decrypt_key,.-AES_set_decrypt_key
7237N/A___
7237N/A
7237N/Amy ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
7237N/A
7237N/A$code.=<<___;
7237N/A.globl AES_cbc_encrypt
7237N/A.align 32
7237N/AAES_cbc_encrypt:
7237N/A ld [$key + 240], %g1
7237N/A nop
7237N/A brz $enc, .Lcbc_decrypt
7237N/A cmp %g1, 12
7237N/A
7237N/A bl,pt %icc, aes128_t4_cbc_encrypt
7237N/A nop
7237N/A be,pn %icc, aes192_t4_cbc_encrypt
7237N/A nop
7237N/A ba aes256_t4_cbc_encrypt
7237N/A nop
7237N/A
7237N/A.Lcbc_decrypt:
7237N/A bl,pt %icc, aes128_t4_cbc_decrypt
7237N/A nop
7237N/A be,pn %icc, aes192_t4_cbc_decrypt
7237N/A nop
7237N/A ba aes256_t4_cbc_decrypt
7237N/A nop
7237N/A.type AES_cbc_encrypt,#function
7237N/A.size AES_cbc_encrypt,.-AES_cbc_encrypt
7237N/A___
7237N/A}
7237N/A$code.=<<___;
7237N/A.asciz "AES for SPARC T4, David S. Miller, Andy Polyakov"
7237N/A.align 4
7237N/A___
7237N/A
7237N/A&emit_assembler();
7237N/A
7237N/Aclose STDOUT;