1 C
-*- mode: asm
; asm-comment-char: ?C; -*-
2 C nettle
, low-level cryptographics library
4 C Copyright
(C
) 2002, 2005 Niels Möller
6 C The nettle library is free software
; you can redistribute it and/or modify
7 C it under the terms of the GNU Lesser General
Public License as published by
8 C the Free Software Foundation
; either version 2.1 of the License, or (at your
9 C option
) any later version.
11 C The nettle library is distributed
in the hope that it will be useful
, but
12 C WITHOUT ANY WARRANTY
; without even the implied warranty of MERCHANTABILITY
13 C
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
Public
14 C License for more details.
16 C You should have received a copy of the GNU Lesser General
Public License
17 C along with the nettle library
; see the file COPYING.LIB. If not, write to
18 C the Free Software Foundation
, Inc.
, 51 Franklin Street
, Fifth Floor
, Boston
,
21 C The only difference between
this code
and the sparc32 code is the
22 C frame offsets
, and the magic BIAS when accessing the stack
(which
23 C doesn
't matter, since we don't access any data on the stack
).
26 C Use the same AES macros as on sparc32.
27 include_src
(sparc32
/aes.m4
)
32 define
(<LENGTH>,<%i2
>)
36 C AES state
, two copies for unrolling
48 C
%o0
-%03 are used for
loop invariants T0
-T3
50 define
(<ROUND
>, <%o5
>)
52 C
%g1
, %g2
, %g3 are TMP1
, TMP2
and TMP3
54 C The sparc64 stack frame looks like
56 C
%fp
- 8: OS
-dependent link field
57 C
%fp
- 16: OS
-dependent link field
58 C
%fp
- 192: OS register save area
(22*8 == 176 bytes
)
59 define
(<FRAME_SIZE
>, 192)
61 .file
"aes-decrypt-internal.asm"
63 C _aes_decrypt
(struct aes_context
*ctx
,
64 C const
struct aes_table
*T
,
65 C unsigned
length, uint8_t
*dst
,
72 PROLOGUE
(_nettle_aes_decrypt
)
74 save
%sp, -FRAME_SIZE
, %sp
85 C Read src
, and add initial subkey
86 add CTX
, AES_KEYS
, KEY
87 AES_LOAD
(0, SRC
, KEY
, W0
)
88 AES_LOAD
(1, SRC
, KEY
, W1
)
89 AES_LOAD
(2, SRC
, KEY
, W2
)
90 AES_LOAD
(3, SRC
, KEY
, W3
)
92 C Must be even
, and includes the final round
93 ld
[AES_NROUNDS
+ CTX
], ROUND
98 C Last two rounds handled specially
101 C The AES_ROUND
macro uses T0
,... T3
103 AES_ROUND
(0, W0
, W3
, W2
, W1
, KEY
, X0
)
104 AES_ROUND
(1, W1
, W0
, W3
, W2
, KEY
, X1
)
105 AES_ROUND
(2, W2
, W1
, W0
, W3
, KEY
, X2
)
106 AES_ROUND
(3, W3
, W2
, W1
, W0
, KEY
, X3
)
109 AES_ROUND
(4, X0
, X3
, X2
, X1
, KEY
, W0
)
110 AES_ROUND
(5, X1
, X0
, X3
, X2
, KEY
, W1
)
111 AES_ROUND
(6, X2
, X1
, X0
, X3
, KEY
, W2
)
112 AES_ROUND
(7, X3
, X2
, X1
, X0
, KEY
, W3
)
114 subcc ROUND
, 1, ROUND
119 AES_ROUND
(0, W0
, W3
, W2
, W1
, KEY
, X0
)
120 AES_ROUND
(1, W1
, W0
, W3
, W2
, KEY
, X1
)
121 AES_ROUND
(2, W2
, W1
, W0
, W3
, KEY
, X2
)
122 AES_ROUND
(3, W3
, W2
, W1
, W0
, KEY
, X3
)
126 AES_FINAL_ROUND
(0, T
, X0
, X3
, X2
, X1
, KEY
, DST
)
127 AES_FINAL_ROUND
(1, T
, X1
, X0
, X3
, X2
, KEY
, DST
)
128 AES_FINAL_ROUND
(2, T
, X2
, X1
, X0
, X3
, KEY
, DST
)
129 AES_FINAL_ROUND
(3, T
, X3
, X2
, X1
, X0
, KEY
, DST
)
131 subcc
LENGTH, 16, LENGTH
138 EPILOGUE
(_nettle_aes_decrypt
)