aes-encrypt-internal.asm 3.45 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
C -*- mode: asm; asm-comment-char: ?C; -*-  
C nettle, low-level cryptographics library
C 
C Copyright (C) 2002, 2005 Niels Mller
C  
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
C MA 02111-1307, USA.


C Arguments
23
24
25
26
27
define(<CTX>,	<%i0>)
define(<T>,	<%i1>)
define(<LENGTH>,<%i2>)
define(<DST>,	<%i3>)
define(<SRC>,	<%i4>)
Niels Möller's avatar
Niels Möller committed
28
29
30

C AES state, two copies for unrolling

31
32
33
34
define(<W0>,	<%l0>)
define(<W1>,	<%l1>)
define(<W2>,	<%l2>)
define(<W3>,	<%l3>)
Niels Möller's avatar
Niels Möller committed
35

36
37
38
39
40
41
42
43
define(<T0>,	<%l4>)
define(<T1>,	<%l5>)
define(<T2>,	<%l6>)
define(<T3>,	<%l7>)

C %o0 and %01 are TMP1 and TMP2
define(<KEY>,	<%o4>)
define(<ROUND>, <%o5>)
Niels Möller's avatar
Niels Möller committed
44
45
46
47
48
49
50
51
52
53
54
55

C Registers %g1-%g3 and %o0 - %o5 are free to use.

C The sparc32 stack frame looks like
C
C %fp -   4: OS-dependent link field
C %fp -   8: OS-dependent link field
C %fp -  24: tmp, uint32_t[4]
C %fp -  40: wtxt, uint32_t[4]
C %fp - 136: OS register save area. 
define(<FRAME_SIZE>, 136)

56
57
58
59
60
61
62
	.file "aes-encrypt-internal.asm"

	C _aes_encrypt(struct aes_context *ctx, 
	C	       const struct aes_table *T,
	C	       unsigned length, uint8_t *dst,
	C	       uint8_t *src)

Niels Möller's avatar
Niels Möller committed
63
64
65
66
67
68
69
	.section	".text"
	.align 16
	.proc	020
	
PROLOGUE(_nettle_aes_encrypt)

	save	%sp, -FRAME_SIZE, %sp
70
	cmp	LENGTH, 0
Niels Möller's avatar
Niels Möller committed
71
	be	.Lend
72
	nop
Niels Möller's avatar
Niels Möller committed
73
74
75

.Lblock_loop:
	C  Read src, and add initial subkey
76
77
78
79
80
81
82
83
84
85
86
	add	CTX, AES_KEYS, KEY
	AES_LOAD(0, SRC, KEY, W0)
	AES_LOAD(1, SRC, KEY, W1)
	AES_LOAD(2, SRC, KEY, W2)
	AES_LOAD(3, SRC, KEY, W3)

	add	SRC, 16, SRC
	add	KEY, 16, KEY

	C	Must be even, and includes the final round
	ld	[AES_NROUNDS + CTX], ROUND
87
	nop
88
	srl	ROUND, 1, ROUND
89
90
	C	Last two rounds handled specially
	sub	ROUND, 1, ROUND
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
.Lround_loop:
	C	Transform W -> T
	AES_ROUND(0, T, W0, W1, W2, W3, KEY, T0)
	AES_ROUND(1, T, W1, W2, W3, W0, KEY, T1)
	AES_ROUND(2, T, W2, W3, W0, W1, KEY, T2)
	AES_ROUND(3, T, W3, W0, W1, W2, KEY, T3)

	C	Transform T -> W
	AES_ROUND(4, T, T0, T1, T2, T3, KEY, W0)
	AES_ROUND(5, T, T1, T2, T3, T0, KEY, W1)
	AES_ROUND(6, T, T2, T3, T0, T1, KEY, W2)
	AES_ROUND(7, T, T3, T0, T1, T2, KEY, W3)

	subcc	ROUND, 1, ROUND
	bne	.Lround_loop
	add	KEY, 32, KEY

	C	Penultimate round
	AES_ROUND(0, T, W0, W1, W2, W3, KEY, T0)
	AES_ROUND(1, T, W1, W2, W3, W0, KEY, T1)
	AES_ROUND(2, T, W2, W3, W0, W1, KEY, T2)
	AES_ROUND(3, T, W3, W0, W1, W2, KEY, T3)

	add	KEY, 16, KEY
	C	Final round
116
117
118
119
	AES_FINAL_ROUND(0, T, T0, T1, T2, T3, KEY, DST)
	AES_FINAL_ROUND(1, T, T1, T2, T3, T0, KEY, DST)
	AES_FINAL_ROUND(2, T, T2, T3, T0, T1, KEY, DST)
	AES_FINAL_ROUND(3, T, T3, T0, T1, T2, KEY, DST)
120
121
122
123

	subcc	LENGTH, 16, LENGTH
	bne	.Lblock_loop
	add	DST, 16, DST
Niels Möller's avatar
Niels Möller committed
124
125
126
127
128

.Lend:
	ret
	restore
EPILOGUE(_nettle_aes_encrypt)
Niels Möller's avatar
Niels Möller committed
129
130
131

C Some stats from adriana.lysator.liu.se (SS1000$, 85 MHz), for AES 128

132
133
134
135
C A:	nettle-1.13 C-code
C B:	nettle-1.13 assembler
C C:	New C-code
C D:	New assembler, first correct version
Niels Möller's avatar
Niels Möller committed
136

137
138
139
140
141
C	MB/s	cycles/block
C A	1.2	1107
C B	2.3	572
C C	2.1	627
C D	1.8	722
Niels Möller's avatar
Niels Möller committed
142