3 # Specific modes implementations for SPARC Architecture 2011. There
4 # is T4 dependency though, an ASI value that is not specified in the
5 # Architecture Manual. But as SPARC universe is rather monocultural,
6 # we imply that processor capable of executing crypto instructions
7 # can handle the ASI in question as well. This means that we ought to
8 # keep eyes open when new processors emerge...
10 # As for above mentioned ASI. It's so called "block initializing
11 # store" which cancels "read" in "read-update-write" on cache lines.
12 # This is "cooperative" optimization, as it reduces overall pressure
13 # on memory interface. Benefits can't be observed/quantified with
14 # usual benchmarks, on the contrary you can notice that single-thread
15 # performance for parallelizable modes is ~1.5% worse for largest
16 # block sizes [though few percent better for not so long ones]. All
17 # this based on suggestions from David Miller.
19 sub asm_init { # to be called with @ARGV as argument
20 for (@_) { $::abibits=64 if (/\-m64/ || /\-xarch\=v9/); }
21 if ($::abibits==64) { $::bias=2047; $::frame=192; $::size_t_cc="%xcc"; }
22 else { $::bias=0; $::frame=112; $::size_t_cc="%icc"; }
26 my ($inp,$out,$len,$key,$ivec)=map("%i$_",(0..5));
28 my ($ileft,$iright,$ooff,$omask,$ivoff,$blk_init)=map("%l$_",(0..7));
30 sub alg_cbc_encrypt_implement {
34 .globl ${alg}${bits}_t4_cbc_encrypt
36 ${alg}${bits}_t4_cbc_encrypt:
37 save %sp, -$::frame, %sp
39 be,pn $::size_t_cc, .L${bits}_cbc_enc_abort
40 srln $len, 0, $len ! needed on v8+, "nop" on v9
41 sub $inp, $out, $blk_init ! $inp!=$out
43 $::code.=<<___ if (!$::evp);
44 andcc $ivec, 7, $ivoff
45 alignaddr $ivec, %g0, $ivec
47 ldd [$ivec + 0], %f0 ! load ivec
51 faligndata %f0, %f2, %f0
52 faligndata %f2, %f4, %f2
55 $::code.=<<___ if ($::evp);
63 prefetch [$inp + 63], 20
64 call _${alg}${bits}_load_enckey
70 sub $iright, $ileft, $iright
73 movrnz $ooff, 0, $blk_init ! if ( $out&7 ||
74 movleu $::size_t_cc, 0, $blk_init ! $len<128 ||
75 brnz,pn $blk_init, .L${bits}cbc_enc_blk ! $inp==$out)
76 srl $omask, $ooff, $omask
78 alignaddrl $out, %g0, $out
82 .L${bits}_cbc_enc_loop:
89 srlx %o1, $iright, %g1
92 srlx %o2, $iright, %o2
95 xor %g4, %o0, %o0 ! ^= rk[0]
100 fxor %f12, %f0, %f0 ! ^= ivec
102 prefetch [$out + 63], 22
103 prefetch [$inp + 16+63], 20
104 call _${alg}${bits}_encrypt_1x
112 brnz,pt $len, .L${bits}_cbc_enc_loop
115 $::code.=<<___ if ($::evp);
121 $::code.=<<___ if (!$::evp);
125 std %f0, [$ivec + 0] ! write out ivec
129 .L${bits}_cbc_enc_abort:
134 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
135 ! and ~3x deterioration
137 faligndata %f0, %f0, %f4 ! handle unaligned output
138 faligndata %f0, %f2, %f6
139 faligndata %f2, %f2, %f8
141 stda %f4, [$out + $omask]0xc0 ! partial store
144 orn %g0, $omask, $omask
145 stda %f8, [$out + $omask]0xc0 ! partial store
147 brnz,pt $len, .L${bits}_cbc_enc_loop+4
148 orn %g0, $omask, $omask
150 $::code.=<<___ if ($::evp);
156 $::code.=<<___ if (!$::evp);
160 std %f0, [$ivec + 0] ! write out ivec
166 3: alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec
168 srl $omask, $ivoff, $omask
169 faligndata %f0, %f0, %f4
170 faligndata %f0, %f2, %f6
171 faligndata %f2, %f2, %f8
172 stda %f4, [$ivec + $omask]0xc0
175 orn %g0, $omask, $omask
176 stda %f8, [$ivec + $omask]0xc0
182 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
184 .L${bits}cbc_enc_blk:
185 add $out, $len, $blk_init
186 and $blk_init, 63, $blk_init ! tail
187 sub $len, $blk_init, $len
188 add $blk_init, 15, $blk_init ! round up to 16n
190 srl $blk_init, 4, $blk_init
192 .L${bits}_cbc_enc_blk_loop:
198 sllx %o0, $ileft, %o0
199 srlx %o1, $iright, %g1
200 sllx %o1, $ileft, %o1
202 srlx %o2, $iright, %o2
205 xor %g4, %o0, %o0 ! ^= rk[0]
210 fxor %f12, %f0, %f0 ! ^= ivec
212 prefetch [$inp + 16+63], 20
213 call _${alg}${bits}_encrypt_1x
217 stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
219 stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
220 brnz,pt $len, .L${bits}_cbc_enc_blk_loop
223 membar #StoreLoad|#StoreStore
224 brnz,pt $blk_init, .L${bits}_cbc_enc_loop
227 $::code.=<<___ if ($::evp);
233 $::code.=<<___ if (!$::evp);
237 std %f0, [$ivec + 0] ! write out ivec
243 .type ${alg}${bits}_t4_cbc_encrypt,#function
244 .size ${alg}${bits}_t4_cbc_encrypt,.-${alg}${bits}_t4_cbc_encrypt
248 sub alg_cbc_decrypt_implement {
249 my ($alg,$bits) = @_;
252 .globl ${alg}${bits}_t4_cbc_decrypt
254 ${alg}${bits}_t4_cbc_decrypt:
255 save %sp, -$::frame, %sp
257 be,pn $::size_t_cc, .L${bits}_cbc_dec_abort
258 srln $len, 0, $len ! needed on v8+, "nop" on v9
259 sub $inp, $out, $blk_init ! $inp!=$out
261 $::code.=<<___ if (!$::evp);
262 andcc $ivec, 7, $ivoff
263 alignaddr $ivec, %g0, $ivec
265 ldd [$ivec + 0], %f12 ! load ivec
267 ldd [$ivec + 8], %f14
268 ldd [$ivec + 16], %f0
269 faligndata %f12, %f14, %f12
270 faligndata %f14, %f0, %f14
273 $::code.=<<___ if ($::evp);
274 ld [$ivec + 0], %f12 ! load ivec
277 ld [$ivec + 12], %f15
281 prefetch [$inp + 63], 20
282 call _${alg}${bits}_load_deckey
285 sll $ileft, 3, $ileft
288 sub $iright, $ileft, $iright
291 movrnz $ooff, 0, $blk_init ! if ( $out&7 ||
292 movleu $::size_t_cc, 0, $blk_init ! $len<256 ||
293 brnz,pn $blk_init, .L${bits}cbc_dec_blk ! $inp==$out)
294 srl $omask, $ooff, $omask
296 andcc $len, 16, %g0 ! is number of blocks even?
298 alignaddrl $out, %g0, $out
299 bz %icc, .L${bits}_cbc_dec_loop2x
301 .L${bits}_cbc_dec_loop:
307 sllx %o0, $ileft, %o0
308 srlx %o1, $iright, %g1
309 sllx %o1, $ileft, %o1
311 srlx %o2, $iright, %o2
314 xor %g4, %o0, %o2 ! ^= rk[0]
319 prefetch [$out + 63], 22
320 prefetch [$inp + 16+63], 20
321 call _${alg}${bits}_decrypt_1x
324 fxor %f12, %f0, %f0 ! ^= ivec
334 brnz,pt $len, .L${bits}_cbc_dec_loop2x
337 $::code.=<<___ if ($::evp);
341 st %f15, [$ivec + 12]
343 $::code.=<<___ if (!$::evp);
344 brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec
347 std %f12, [$ivec + 0] ! write out ivec
348 std %f14, [$ivec + 8]
351 .L${bits}_cbc_dec_abort:
356 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
357 ! and ~3x deterioration
359 faligndata %f0, %f0, %f4 ! handle unaligned output
360 faligndata %f0, %f2, %f6
361 faligndata %f2, %f2, %f8
363 stda %f4, [$out + $omask]0xc0 ! partial store
366 orn %g0, $omask, $omask
367 stda %f8, [$out + $omask]0xc0 ! partial store
369 brnz,pt $len, .L${bits}_cbc_dec_loop2x+4
370 orn %g0, $omask, $omask
372 $::code.=<<___ if ($::evp);
376 st %f15, [$ivec + 12]
378 $::code.=<<___ if (!$::evp);
379 brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec
382 std %f12, [$ivec + 0] ! write out ivec
383 std %f14, [$ivec + 8]
389 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
391 .L${bits}_cbc_dec_loop2x:
399 sllx %o0, $ileft, %o0
400 srlx %o1, $iright, %g1
402 sllx %o1, $ileft, %o1
403 srlx %o2, $iright, %g1
405 sllx %o2, $ileft, %o2
406 srlx %o3, $iright, %g1
408 sllx %o3, $ileft, %o3
409 srlx %o4, $iright, %o4
412 xor %g4, %o0, %o4 ! ^= rk[0]
421 prefetch [$out + 63], 22
422 prefetch [$inp + 32+63], 20
423 call _${alg}${bits}_decrypt_2x
428 fxor %f12, %f0, %f0 ! ^= ivec
442 brnz,pt $len, .L${bits}_cbc_dec_loop2x
445 $::code.=<<___ if ($::evp);
449 st %f15, [$ivec + 12]
451 $::code.=<<___ if (!$::evp);
452 brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec
455 std %f12, [$ivec + 0] ! write out ivec
456 std %f14, [$ivec + 8]
463 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
464 ! and ~3x deterioration
466 faligndata %f0, %f0, %f8 ! handle unaligned output
467 faligndata %f0, %f2, %f0
468 faligndata %f2, %f4, %f2
469 faligndata %f4, %f6, %f4
470 faligndata %f6, %f6, %f6
471 stda %f8, [$out + $omask]0xc0 ! partial store
476 orn %g0, $omask, $omask
477 stda %f6, [$out + $omask]0xc0 ! partial store
479 brnz,pt $len, .L${bits}_cbc_dec_loop2x+4
480 orn %g0, $omask, $omask
482 $::code.=<<___ if ($::evp);
486 st %f15, [$ivec + 12]
488 $::code.=<<___ if (!$::evp);
489 brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec
492 std %f12, [$ivec + 0] ! write out ivec
493 std %f14, [$ivec + 8]
498 .L${bits}_cbc_dec_unaligned_ivec:
499 alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec
501 srl $omask, $ivoff, $omask
502 faligndata %f12, %f12, %f0
503 faligndata %f12, %f14, %f2
504 faligndata %f14, %f14, %f4
505 stda %f0, [$ivec + $omask]0xc0
508 orn %g0, $omask, $omask
509 stda %f4, [$ivec + $omask]0xc0
515 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
517 .L${bits}cbc_dec_blk:
518 add $out, $len, $blk_init
519 and $blk_init, 63, $blk_init ! tail
520 sub $len, $blk_init, $len
521 add $blk_init, 15, $blk_init ! round up to 16n
523 srl $blk_init, 4, $blk_init
525 add $blk_init, 1, $blk_init
527 .L${bits}_cbc_dec_blk_loop2x:
535 sllx %o0, $ileft, %o0
536 srlx %o1, $iright, %g1
538 sllx %o1, $ileft, %o1
539 srlx %o2, $iright, %g1
541 sllx %o2, $ileft, %o2
542 srlx %o3, $iright, %g1
544 sllx %o3, $ileft, %o3
545 srlx %o4, $iright, %o4
548 xor %g4, %o0, %o4 ! ^= rk[0]
557 prefetch [$inp + 32+63], 20
558 call _${alg}${bits}_decrypt_2x
564 fxor %f12, %f0, %f0 ! ^= ivec
571 stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
573 stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
575 stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
577 stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
578 bgu,pt $::size_t_cc, .L${bits}_cbc_dec_blk_loop2x
581 add $blk_init, $len, $len
582 andcc $len, 1, %g0 ! is number of blocks even?
583 membar #StoreLoad|#StoreStore
584 bnz,pt %icc, .L${bits}_cbc_dec_loop
586 brnz,pn $len, .L${bits}_cbc_dec_loop2x
589 $::code.=<<___ if ($::evp);
590 st %f12, [$ivec + 0] ! write out ivec
593 st %f15, [$ivec + 12]
595 $::code.=<<___ if (!$::evp);
599 std %f12, [$ivec + 0] ! write out ivec
600 std %f14, [$ivec + 8]
605 .type ${alg}${bits}_t4_cbc_decrypt,#function
606 .size ${alg}${bits}_t4_cbc_decrypt,.-${alg}${bits}_t4_cbc_decrypt
610 sub alg_ctr32_implement {
611 my ($alg,$bits) = @_;
614 .globl ${alg}${bits}_t4_ctr32_encrypt
616 ${alg}${bits}_t4_ctr32_encrypt:
617 save %sp, -$::frame, %sp
618 srln $len, 0, $len ! needed on v8+, "nop" on v9
621 prefetch [$inp + 63], 20
622 call _${alg}${bits}_load_enckey
625 ld [$ivec + 0], %l4 ! counter
633 xor %o5, %g4, %g4 ! ^= rk[0]
635 movxtod %g4, %f14 ! most significant 64 bits
637 sub $inp, $out, $blk_init ! $inp!=$out
640 sll $ileft, 3, $ileft
643 sub $iright, $ileft, $iright
646 movrnz $ooff, 0, $blk_init ! if ( $out&7 ||
647 movleu $::size_t_cc, 0, $blk_init ! $len<256 ||
648 brnz,pn $blk_init, .L${bits}_ctr32_blk ! $inp==$out)
649 srl $omask, $ooff, $omask
651 andcc $len, 16, %g0 ! is number of blocks even?
652 alignaddrl $out, %g0, $out
653 bz %icc, .L${bits}_ctr32_loop2x
655 .L${bits}_ctr32_loop:
661 sllx %o0, $ileft, %o0
662 srlx %o1, $iright, %g1
663 sllx %o1, $ileft, %o1
665 srlx %o2, $iright, %o2
668 xor %g5, %l7, %g1 ! ^= rk[0]
671 srl %l7, 0, %l7 ! clruw
672 prefetch [$out + 63], 22
673 prefetch [$inp + 16+63], 20
675 $::code.=<<___ if ($alg eq "aes");
676 aes_eround01 %f16, %f14, %f2, %f4
677 aes_eround23 %f18, %f14, %f2, %f2
679 $::code.=<<___ if ($alg eq "cmll");
680 camellia_f %f16, %f2, %f14, %f2
681 camellia_f %f18, %f14, %f2, %f0
684 call _${alg}${bits}_encrypt_1x+8
689 fxor %f10, %f0, %f0 ! ^= inp
697 brnz,pt $len, .L${bits}_ctr32_loop2x
704 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
705 ! and ~3x deterioration
707 faligndata %f0, %f0, %f4 ! handle unaligned output
708 faligndata %f0, %f2, %f6
709 faligndata %f2, %f2, %f8
710 stda %f4, [$out + $omask]0xc0 ! partial store
713 orn %g0, $omask, $omask
714 stda %f8, [$out + $omask]0xc0 ! partial store
716 brnz,pt $len, .L${bits}_ctr32_loop2x+4
717 orn %g0, $omask, $omask
722 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
724 .L${bits}_ctr32_loop2x:
732 sllx %o0, $ileft, %o0
733 srlx %o1, $iright, %g1
735 sllx %o1, $ileft, %o1
736 srlx %o2, $iright, %g1
738 sllx %o2, $ileft, %o2
739 srlx %o3, $iright, %g1
741 sllx %o3, $ileft, %o3
742 srlx %o4, $iright, %o4
745 xor %g5, %l7, %g1 ! ^= rk[0]
748 srl %l7, 0, %l7 ! clruw
752 srl %l7, 0, %l7 ! clruw
753 prefetch [$out + 63], 22
754 prefetch [$inp + 32+63], 20
756 $::code.=<<___ if ($alg eq "aes");
757 aes_eround01 %f16, %f14, %f2, %f8
758 aes_eround23 %f18, %f14, %f2, %f2
759 aes_eround01 %f16, %f14, %f6, %f10
760 aes_eround23 %f18, %f14, %f6, %f6
762 $::code.=<<___ if ($alg eq "cmll");
763 camellia_f %f16, %f2, %f14, %f2
764 camellia_f %f16, %f6, %f14, %f6
765 camellia_f %f18, %f14, %f2, %f0
766 camellia_f %f18, %f14, %f6, %f4
769 call _${alg}${bits}_encrypt_2x+16
775 fxor %f8, %f0, %f0 ! ^= inp
788 brnz,pt $len, .L${bits}_ctr32_loop2x
795 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
796 ! and ~3x deterioration
798 faligndata %f0, %f0, %f8 ! handle unaligned output
799 faligndata %f0, %f2, %f0
800 faligndata %f2, %f4, %f2
801 faligndata %f4, %f6, %f4
802 faligndata %f6, %f6, %f6
804 stda %f8, [$out + $omask]0xc0 ! partial store
809 orn %g0, $omask, $omask
810 stda %f6, [$out + $omask]0xc0 ! partial store
812 brnz,pt $len, .L${bits}_ctr32_loop2x+4
813 orn %g0, $omask, $omask
818 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
821 add $out, $len, $blk_init
822 and $blk_init, 63, $blk_init ! tail
823 sub $len, $blk_init, $len
824 add $blk_init, 15, $blk_init ! round up to 16n
826 srl $blk_init, 4, $blk_init
828 add $blk_init, 1, $blk_init
830 .L${bits}_ctr32_blk_loop2x:
838 sllx %o0, $ileft, %o0
839 srlx %o1, $iright, %g1
841 sllx %o1, $ileft, %o1
842 srlx %o2, $iright, %g1
844 sllx %o2, $ileft, %o2
845 srlx %o3, $iright, %g1
847 sllx %o3, $ileft, %o3
848 srlx %o4, $iright, %o4
851 xor %g5, %l7, %g1 ! ^= rk[0]
854 srl %l7, 0, %l7 ! clruw
858 srl %l7, 0, %l7 ! clruw
859 prefetch [$inp + 32+63], 20
861 $::code.=<<___ if ($alg eq "aes");
862 aes_eround01 %f16, %f14, %f2, %f8
863 aes_eround23 %f18, %f14, %f2, %f2
864 aes_eround01 %f16, %f14, %f6, %f10
865 aes_eround23 %f18, %f14, %f6, %f6
867 $::code.=<<___ if ($alg eq "cmll");
868 camellia_f %f16, %f2, %f14, %f2
869 camellia_f %f16, %f6, %f14, %f6
870 camellia_f %f18, %f14, %f2, %f0
871 camellia_f %f18, %f14, %f6, %f4
874 call _${alg}${bits}_encrypt_2x+16
881 fxor %f8, %f0, %f0 ! ^= inp
887 stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
889 stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
891 stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
893 stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
894 bgu,pt $::size_t_cc, .L${bits}_ctr32_blk_loop2x
897 add $blk_init, $len, $len
898 andcc $len, 1, %g0 ! is number of blocks even?
899 membar #StoreLoad|#StoreStore
900 bnz,pt %icc, .L${bits}_ctr32_loop
902 brnz,pn $len, .L${bits}_ctr32_loop2x
907 .type ${alg}${bits}_t4_ctr32_encrypt,#function
908 .size ${alg}${bits}_t4_ctr32_encrypt,.-${alg}${bits}_t4_ctr32_encrypt
912 sub alg_xts_implement {
913 my ($alg,$bits,$dir) = @_;
914 my ($inp,$out,$len,$key1,$key2,$ivec)=map("%i$_",(0..5));
918 .globl ${alg}${bits}_t4_xts_${dir}crypt
920 ${alg}${bits}_t4_xts_${dir}crypt:
921 save %sp, -$::frame-16, %sp
922 srln $len, 0, $len ! needed on v8+, "nop" on v9
925 add %fp, $::bias-16, %o1
926 call ${alg}_t4_encrypt
929 add %fp, $::bias-16, %l7
931 add %fp, $::bias-8, %l7
932 ldxa [%l7]0x88, %g3 ! %g3:%g2 is tweak
934 sethi %hi(0x76543210), %l7
935 or %l7, %lo(0x76543210), %l7
936 bmask %l7, %g0, %g0 ! byte swap mask
939 prefetch [$inp + 63], 20
940 call _${alg}${bits}_load_${dir}ckey
944 $code.=<<___ if ($dir eq "de");
951 sub $inp, $out, $blk_init ! $inp!=$out
954 sll $ileft, 3, $ileft
957 sub $iright, $ileft, $iright
960 movrnz $ooff, 0, $blk_init ! if ( $out&7 ||
961 movleu $::size_t_cc, 0, $blk_init ! $len<256 ||
962 brnz,pn $blk_init, .L${bits}_xts_${dir}blk ! $inp==$out)
963 srl $omask, $ooff, $omask
965 andcc $len, 16, %g0 ! is number of blocks even?
967 $code.=<<___ if ($dir eq "de");
968 brz,pn $len, .L${bits}_xts_${dir}steal
971 alignaddrl $out, %g0, $out
972 bz %icc, .L${bits}_xts_${dir}loop2x
974 .L${bits}_xts_${dir}loop:
980 sllx %o0, $ileft, %o0
981 srlx %o1, $iright, %g1
982 sllx %o1, $ileft, %o1
984 srlx %o2, $iright, %o2
989 bshuffle %f12, %f12, %f12
990 bshuffle %f14, %f14, %f14
992 xor %g4, %o0, %o0 ! ^= rk[0]
997 fxor %f12, %f0, %f0 ! ^= tweak[0]
1000 prefetch [$out + 63], 22
1001 prefetch [$inp + 16+63], 20
1002 call _${alg}${bits}_${dir}crypt_1x
1005 fxor %f12, %f0, %f0 ! ^= tweak[0]
1008 srax %g3, 63, %l7 ! next tweak value
1019 brnz,pt $len, .L${bits}_xts_${dir}loop2x
1022 brnz,pn $rem, .L${bits}_xts_${dir}steal
1029 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
1030 ! and ~3x deterioration
1032 faligndata %f0, %f0, %f4 ! handle unaligned output
1033 faligndata %f0, %f2, %f6
1034 faligndata %f2, %f2, %f8
1035 stda %f4, [$out + $omask]0xc0 ! partial store
1038 orn %g0, $omask, $omask
1039 stda %f8, [$out + $omask]0xc0 ! partial store
1041 brnz,pt $len, .L${bits}_xts_${dir}loop2x+4
1042 orn %g0, $omask, $omask
1044 brnz,pn $rem, .L${bits}_xts_${dir}steal
1050 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1052 .L${bits}_xts_${dir}loop2x:
1055 ldx [$inp + 16], %o2
1057 ldx [$inp + 24], %o3
1059 ldx [$inp + 32], %o4
1060 sllx %o0, $ileft, %o0
1061 srlx %o1, $iright, %g1
1063 sllx %o1, $ileft, %o1
1064 srlx %o2, $iright, %g1
1066 sllx %o2, $ileft, %o2
1067 srlx %o3, $iright, %g1
1069 sllx %o3, $ileft, %o3
1070 srlx %o4, $iright, %o4
1075 bshuffle %f12, %f12, %f12
1076 bshuffle %f14, %f14, %f14
1078 srax %g3, 63, %l7 ! next tweak value
1086 bshuffle %f8, %f8, %f8
1087 bshuffle %f10, %f10, %f10
1089 xor %g4, %o0, %o0 ! ^= rk[0]
1091 xor %g4, %o2, %o2 ! ^= rk[0]
1098 fxor %f12, %f0, %f0 ! ^= tweak[0]
1100 fxor %f8, %f4, %f4 ! ^= tweak[0]
1103 prefetch [$out + 63], 22
1104 prefetch [$inp + 32+63], 20
1105 call _${alg}${bits}_${dir}crypt_2x
1111 srax %g3, 63, %l7 ! next tweak value
1117 bshuffle %f8, %f8, %f8
1118 bshuffle %f10, %f10, %f10
1120 fxor %f12, %f0, %f0 ! ^= tweak[0]
1130 std %f4, [$out + 16]
1131 std %f6, [$out + 24]
1132 brnz,pt $len, .L${bits}_xts_${dir}loop2x
1137 brnz,pn $rem, .L${bits}_xts_${dir}steal
1144 2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard
1145 ! and ~3x deterioration
1147 faligndata %f0, %f0, %f8 ! handle unaligned output
1148 faligndata %f0, %f2, %f10
1149 faligndata %f2, %f4, %f12
1150 faligndata %f4, %f6, %f14
1151 faligndata %f6, %f6, %f0
1153 stda %f8, [$out + $omask]0xc0 ! partial store
1154 std %f10, [$out + 8]
1155 std %f12, [$out + 16]
1156 std %f14, [$out + 24]
1158 orn %g0, $omask, $omask
1159 stda %f0, [$out + $omask]0xc0 ! partial store
1161 brnz,pt $len, .L${bits}_xts_${dir}loop2x+4
1162 orn %g0, $omask, $omask
1166 brnz,pn $rem, .L${bits}_xts_${dir}steal
1172 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1174 .L${bits}_xts_${dir}blk:
1175 add $out, $len, $blk_init
1176 and $blk_init, 63, $blk_init ! tail
1177 sub $len, $blk_init, $len
1178 add $blk_init, 15, $blk_init ! round up to 16n
1180 srl $blk_init, 4, $blk_init
1182 add $blk_init, 1, $blk_init
1184 .L${bits}_xts_${dir}blk2x:
1187 ldx [$inp + 16], %o2
1189 ldx [$inp + 24], %o3
1191 ldx [$inp + 32], %o4
1192 sllx %o0, $ileft, %o0
1193 srlx %o1, $iright, %g1
1195 sllx %o1, $ileft, %o1
1196 srlx %o2, $iright, %g1
1198 sllx %o2, $ileft, %o2
1199 srlx %o3, $iright, %g1
1201 sllx %o3, $ileft, %o3
1202 srlx %o4, $iright, %o4
1207 bshuffle %f12, %f12, %f12
1208 bshuffle %f14, %f14, %f14
1210 srax %g3, 63, %l7 ! next tweak value
1218 bshuffle %f8, %f8, %f8
1219 bshuffle %f10, %f10, %f10
1221 xor %g4, %o0, %o0 ! ^= rk[0]
1223 xor %g4, %o2, %o2 ! ^= rk[0]
1230 fxor %f12, %f0, %f0 ! ^= tweak[0]
1232 fxor %f8, %f4, %f4 ! ^= tweak[0]
1235 prefetch [$inp + 32+63], 20
1236 call _${alg}${bits}_${dir}crypt_2x
1242 srax %g3, 63, %l7 ! next tweak value
1248 bshuffle %f8, %f8, %f8
1249 bshuffle %f10, %f10, %f10
1251 fxor %f12, %f0, %f0 ! ^= tweak[0]
1257 stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
1259 stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
1261 stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
1263 stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific
1264 bgu,pt $::size_t_cc, .L${bits}_xts_${dir}blk2x
1267 add $blk_init, $len, $len
1268 andcc $len, 1, %g0 ! is number of blocks even?
1269 membar #StoreLoad|#StoreStore
1270 bnz,pt %icc, .L${bits}_xts_${dir}loop
1272 brnz,pn $len, .L${bits}_xts_${dir}loop2x
1277 brnz,pn $rem, .L${bits}_xts_${dir}steal
1282 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1284 $code.=<<___ if ($dir eq "en");
1286 .L${bits}_xts_${dir}steal:
1287 std %f0, [%fp + $::bias-16] ! copy of output
1288 std %f2, [%fp + $::bias-8]
1290 srl $ileft, 3, $ileft
1291 add %fp, $::bias-16, %l7
1292 add $inp, $ileft, $inp ! original $inp+$len&-15
1293 add $out, $ooff, $out ! original $out+$len&-15
1297 .L${bits}_xts_${dir}stealing:
1298 ldub [$inp + $ileft], %o0
1299 ldub [%l7 + $ileft], %o1
1301 stb %o0, [%l7 + $ileft]
1302 stb %o1, [$out + $ileft]
1303 brnz $rem, .L${bits}_xts_${dir}stealing
1309 sub $out, $ooff, $out
1310 ba .L${bits}_xts_${dir}loop ! one more time
1311 mov 1, $len ! $rem is 0
1313 $code.=<<___ if ($dir eq "de");
1315 .L${bits}_xts_${dir}steal:
1320 ldx [$inp + 16], %o2
1321 sllx %o0, $ileft, %o0
1322 srlx %o1, $iright, %g1
1323 sllx %o1, $ileft, %o1
1325 srlx %o2, $iright, %o2
1328 srax %g3, 63, %l7 ! next tweak value
1336 bshuffle %f12, %f12, %f12
1337 bshuffle %f14, %f14, %f14
1339 xor %g4, %o0, %o0 ! ^= rk[0]
1344 fxor %f12, %f0, %f0 ! ^= tweak[0]
1347 call _${alg}${bits}_${dir}crypt_1x
1350 fxor %f12, %f0, %f0 ! ^= tweak[0]
1353 std %f0, [%fp + $::bias-16]
1354 std %f2, [%fp + $::bias-8]
1356 srl $ileft, 3, $ileft
1357 add %fp, $::bias-16, %l7
1358 add $inp, $ileft, $inp ! original $inp+$len&-15
1359 add $out, $ooff, $out ! original $out+$len&-15
1364 .L${bits}_xts_${dir}stealing:
1365 ldub [$inp + $ileft], %o0
1366 ldub [%l7 + $ileft], %o1
1368 stb %o0, [%l7 + $ileft]
1369 stb %o1, [$out + $ileft]
1370 brnz $rem, .L${bits}_xts_${dir}stealing
1376 sub $out, $ooff, $out
1377 ba .L${bits}_xts_${dir}loop ! one more time
1378 mov 1, $len ! $rem is 0
1383 .type ${alg}${bits}_t4_xts_${dir}crypt,#function
1384 .size ${alg}${bits}_t4_xts_${dir}crypt,.-${alg}${bits}_t4_xts_${dir}crypt
1388 # Purpose of these subroutines is to explicitly encode VIS instructions,
1389 # so that one can compile the module without having to specify VIS
1390 # extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
1391 # Idea is to reserve for option to produce "universal" binary and let
1392 # programmer detect if current CPU is VIS capable at run-time.
1394 my ($mnemonic,$rs1,$rs2,$rd)=@_;
1396 my %visopf = ( "faligndata" => 0x048,
1397 "bshuffle" => 0x04c,
1402 $ref = "$mnemonic\t$rs1,$rs2,$rd";
1404 if ($opf=$visopf{$mnemonic}) {
1405 foreach ($rs1,$rs2,$rd) {
1406 return $ref if (!/%f([0-9]{1,2})/);
1409 return $ref if ($1&1);
1410 # re-encode for upper double register addressing
1415 return sprintf ".word\t0x%08x !%s",
1416 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
1424 my ($mnemonic,$rs1,$rs2,$rd)=@_;
1425 my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 );
1427 my %visopf = ( "addxc" => 0x011,
1430 "alignaddr" => 0x018,
1432 "alignaddrl" => 0x01a );
1434 $ref = "$mnemonic\t$rs1,$rs2,$rd";
1436 if ($opf=$visopf{$mnemonic}) {
1437 foreach ($rs1,$rs2,$rd) {
1438 return $ref if (!/%([goli])([0-9])/);
1442 return sprintf ".word\t0x%08x !%s",
1443 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2,
1450 sub unaes_round { # 4-argument instructions
1451 my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
1453 my %aesopf = ( "aes_eround01" => 0,
1454 "aes_eround23" => 1,
1455 "aes_dround01" => 2,
1456 "aes_dround23" => 3,
1457 "aes_eround01_l"=> 4,
1458 "aes_eround23_l"=> 5,
1459 "aes_dround01_l"=> 6,
1460 "aes_dround23_l"=> 7,
1461 "aes_kexpand1" => 8 );
1463 $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
1465 if (defined($opf=$aesopf{$mnemonic})) {
1466 $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
1467 foreach ($rs1,$rs2,$rd) {
1468 return $ref if (!/%f([0-9]{1,2})/);
1471 return $ref if ($1&1);
1472 # re-encode for upper double register addressing
1477 return sprintf ".word\t0x%08x !%s",
1478 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2,
1485 sub unaes_kexpand { # 3-argument instructions
1486 my ($mnemonic,$rs1,$rs2,$rd)=@_;
1488 my %aesopf = ( "aes_kexpand0" => 0x130,
1489 "aes_kexpand2" => 0x131 );
1491 $ref = "$mnemonic\t$rs1,$rs2,$rd";
1493 if (defined($opf=$aesopf{$mnemonic})) {
1494 foreach ($rs1,$rs2,$rd) {
1495 return $ref if (!/%f([0-9]{1,2})/);
1498 return $ref if ($1&1);
1499 # re-encode for upper double register addressing
1504 return sprintf ".word\t0x%08x !%s",
1505 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
1512 sub uncamellia_f { # 4-argument instructions
1513 my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_;
1516 $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd";
1519 $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3;
1520 foreach ($rs1,$rs2,$rd) {
1521 return $ref if (!/%f([0-9]{1,2})/);
1524 return $ref if ($1&1);
1525 # re-encode for upper double register addressing
1530 return sprintf ".word\t0x%08x !%s",
1531 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|0xc<<5|$rs2,
1538 sub uncamellia3 { # 3-argument instructions
1539 my ($mnemonic,$rs1,$rs2,$rd)=@_;
1541 my %cmllopf = ( "camellia_fl" => 0x13c,
1542 "camellia_fli" => 0x13d );
1544 $ref = "$mnemonic\t$rs1,$rs2,$rd";
1546 if (defined($opf=$cmllopf{$mnemonic})) {
1547 foreach ($rs1,$rs2,$rd) {
1548 return $ref if (!/%f([0-9]{1,2})/);
1551 return $ref if ($1&1);
1552 # re-encode for upper double register addressing
1557 return sprintf ".word\t0x%08x !%s",
1558 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2,
1565 sub unmovxtox { # 2-argument instructions
1566 my ($mnemonic,$rs,$rd)=@_;
1567 my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24, "f" => 0 );
1569 my %movxopf = ( "movdtox" => 0x110,
1570 "movstouw" => 0x111,
1571 "movstosw" => 0x113,
1573 "movwtos" => 0x119 );
1575 $ref = "$mnemonic\t$rs,$rd";
1577 if (defined($opf=$movxopf{$mnemonic})) {
1579 return $ref if (!/%([fgoli])([0-9]{1,2})/);
1582 return $ref if ($2&1);
1583 # re-encode for upper double register addressing
1588 return sprintf ".word\t0x%08x !%s",
1589 2<<30|$rd<<25|0x36<<19|$opf<<5|$rs,
1597 my ($mnemonic)=shift;
1600 my %desopf = ( "des_round" => 0b1001,
1601 "des_ip" => 0b100110100,
1602 "des_iip" => 0b100110101,
1603 "des_kexpand" => 0b100110110 );
1605 $ref = "$mnemonic\t".join(",",@_);
1607 if (defined($opf=$desopf{$mnemonic})) { # 4-arg
1608 if ($mnemonic eq "des_round") {
1609 foreach (@args[0..3]) {
1610 return $ref if (!/%f([0-9]{1,2})/);
1613 return $ref if ($1&1);
1614 # re-encode for upper double register addressing
1618 return sprintf ".word\t0x%08x !%s",
1619 2<<30|0b011001<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<9|$args[3]<<25,
1621 } elsif ($mnemonic eq "des_kexpand") { # 3-arg
1622 foreach (@args[0..2]) {
1623 return $ref if (!/(%f)?([0-9]{1,2})/);
1626 return $ref if ($2&1);
1627 # re-encode for upper double register addressing
1631 return sprintf ".word\t0x%08x !%s",
1632 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<25,
1635 foreach (@args[0..1]) {
1636 return $ref if (!/%f([0-9]{1,2})/);
1639 return $ref if ($2&1);
1640 # re-encode for upper double register addressing
1644 return sprintf ".word\t0x%08x !%s",
1645 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]<<25,
1653 sub emit_assembler {
1654 foreach (split("\n",$::code)) {
1655 s/\`([^\`]*)\`/eval $1/ge;
1657 s/\b(f[a-z]+2[sd]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})\s*$/$1\t%f0,$2,$3/go;
1659 s/\b(aes_[edk][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
1660 &unaes_round($1,$2,$3,$4,$5)
1662 s/\b(aes_kexpand[02])\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
1663 &unaes_kexpand($1,$2,$3,$4)
1665 s/\b(camellia_f)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/
1666 &uncamellia_f($1,$2,$3,$4,$5)
1668 s/\b(camellia_[^s]+)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
1669 &uncamellia3($1,$2,$3,$4)
1671 s/\b(des_\w+)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+)(?:,\s*(%f[0-9]{1,2})(?:,\s*(%f[0-9]{1,2}))?)?/
1672 &undes($1,$2,$3,$4,$5)
1674 s/\b(mov[ds]to\w+)\s+(%f[0-9]{1,2}),\s*(%[goli][0-7])/
1675 &unmovxtox($1,$2,$3)
1677 s/\b(mov[xw]to[ds])\s+(%[goli][0-7]),\s*(%f[0-9]{1,2})/
1678 &unmovxtox($1,$2,$3)
1680 s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/
1683 s/\b(umulxhi|bmask|addxc[c]{0,2}|alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/
1684 &unvis3($1,$2,$3,$4)
projects / oweals / openssl.git / blob