1 C sparc64/aes-decrypt-internal.asm
4 Copyright (C) 2002, 2005, 2013 Niels Möller
6 This file is part of GNU Nettle.
8 GNU Nettle is free software: you can redistribute it and/or
9 modify it under the terms of either:
11 * the GNU Lesser General Public License as published by the Free
12 Software Foundation; either version 3 of the License, or (at your
13 option) any later version.
17 * the GNU General Public License as published by the Free
18 Software Foundation; either version 2 of the License, or (at your
19 option) any later version.
21 or both in parallel, as here.
23 GNU Nettle is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
26 General Public License for more details.
28 You should have received copies of the GNU General Public License and
29 the GNU Lesser General Public License along with this program. If
30 not, see http://www.gnu.org/licenses/.
33 C The only difference between this code and the sparc32 code is the
34 C frame offsets, and the magic BIAS when accessing the stack (which
35 C doesn't matter, since we don't access any data on the stack).
38 C Use the same AES macros as on sparc32.
39 include_src(<sparc32/aes.m4>)
42 define(<ROUNDS>,<%i0>)
45 define(<LENGTH>,<%i3>)
49 C AES state, two copies for unrolling
61 C %o0-%03 are used for loop invariants T0-T3
63 define(<COUNT>, <%o5>)
65 C %g1, %g2, %g3 are TMP1, TMP2 and TMP3
67 C The sparc64 stack frame looks like
69 C %fp - 8: OS-dependent link field
70 C %fp - 16: OS-dependent link field
71 C %fp - 192: OS register save area (22*8 == 176 bytes)
72 define(<FRAME_SIZE>, 192)
74 .file "aes-decrypt-internal.asm"
76 C _aes_decrypt(unsigned rounds, const uint32_t *keys,
77 C const struct aes_table *T,
78 C size_t length, uint8_t *dst,
85 PROLOGUE(_nettle_aes_decrypt)
87 save %sp, -FRAME_SIZE, %sp
97 C Must be even, and includes the final round
99 C Last two rounds handled specially
100 sub ROUNDS, 1, ROUNDS
103 C Read src, and add initial subkey
105 AES_LOAD(0, SRC, KEY, W0)
106 AES_LOAD(1, SRC, KEY, W1)
107 AES_LOAD(2, SRC, KEY, W2)
108 AES_LOAD(3, SRC, KEY, W3)
115 C The AES_ROUND macro uses T0,... T3
117 AES_ROUND(0, W0, W3, W2, W1, KEY, X0)
118 AES_ROUND(1, W1, W0, W3, W2, KEY, X1)
119 AES_ROUND(2, W2, W1, W0, W3, KEY, X2)
120 AES_ROUND(3, W3, W2, W1, W0, KEY, X3)
123 AES_ROUND(4, X0, X3, X2, X1, KEY, W0)
124 AES_ROUND(5, X1, X0, X3, X2, KEY, W1)
125 AES_ROUND(6, X2, X1, X0, X3, KEY, W2)
126 AES_ROUND(7, X3, X2, X1, X0, KEY, W3)
128 subcc COUNT, 1, COUNT
133 AES_ROUND(0, W0, W3, W2, W1, KEY, X0)
134 AES_ROUND(1, W1, W0, W3, W2, KEY, X1)
135 AES_ROUND(2, W2, W1, W0, W3, KEY, X2)
136 AES_ROUND(3, W3, W2, W1, W0, KEY, X3)
140 AES_FINAL_ROUND(0, T, X0, X3, X2, X1, KEY, DST)
141 AES_FINAL_ROUND(1, T, X1, X0, X3, X2, KEY, DST)
142 AES_FINAL_ROUND(2, T, X2, X1, X0, X3, KEY, DST)
143 AES_FINAL_ROUND(3, T, X3, X2, X1, X0, KEY, DST)
145 subcc LENGTH, 16, LENGTH
152 EPILOGUE(_nettle_aes_decrypt)