2 # Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the OpenSSL license (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Written by David S. Miller <davem@devemloft.net> and Andy Polyakov
12 # <appro@openssl.org>. The module is licensed under 2-clause BSD
13 # license. October 2012. All rights reserved.
14 # ====================================================================
16 ######################################################################
17 # Camellia for SPARC T4.
19 # As with AES below results [for aligned data] are virtually identical
20 # to critical path lenths for 3-cycle instruction latency:
22 # 128-bit key 192/256-
23 # CBC encrypt 4.14/4.21(*) 5.46/5.52
24 # (*) numbers after slash are for
27 # As with Intel AES-NI, question is if it's possible to improve
28 # performance of parallelizeable modes by interleaving round
29 # instructions. In Camellia every instruction is dependent on
30 # previous, which means that there is place for 2 additional ones
31 # in between two dependent. Can we expect 3x performance improvement?
32 # At least one can argue that it should be possible to break 2x
33 # barrier... For some reason not even 2x appears to be possible:
35 # 128-bit key 192/256-
36 # CBC decrypt 2.21/2.74 2.99/3.40
37 # CTR 2.15/2.68(*) 2.93/3.34
38 # (*) numbers after slash are for
41 # This is for 2x interleave. But compared to 1x interleave CBC decrypt
42 # improved by ... 0% for 128-bit key, and 11% for 192/256-bit one.
43 # So that out-of-order execution logic can take non-interleaved code
44 # to 1.87x, but can't take 2x interleaved one any further. There
45 # surely is some explanation... As result 3x interleave was not even
46 # attempted. Instead an effort was made to share specific modes
47 # implementations with AES module (therefore sparct4_modes.pl).
49 # To anchor to something else, software C implementation processes
50 # one byte in 38 cycles with 128-bit key on same processor.
52 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
53 push(@INC,"${dir}","${dir}../../perlasm");
54 require "sparcv9_modes.pl";
57 open STDOUT,">$output";
59 $::evp=1; # if $evp is set to 0, script generates module with
60 # Camellia_[en|de]crypt, Camellia_set_key and Camellia_cbc_encrypt
61 # entry points. These are fully compatible with openssl/camellia.h.
63 ######################################################################
64 # single-round subroutines
67 my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5));
70 #include "sparc_arch.h"
74 .globl cmll_t4_encrypt
77 andcc $inp, 7, %g1 ! is input aligned?
96 ld [$key + 272], $rounds ! grandRounds, 3 or 4
101 ldd [$key + 32], %f16
102 ldd [$key + 40], %f18
105 ldd [$key + 48], %f20
106 ldd [$key + 56], %f22
107 sub $rounds, 1, $rounds
108 ldd [$key + 64], %f24
109 ldd [$key + 72], %f26
113 camellia_f %f12, %f2, %f0, %f2
115 sub $rounds,1,$rounds
116 camellia_f %f14, %f0, %f2, %f0
118 camellia_f %f16, %f2, %f0, %f2
119 ldd [$key + 16], %f16
120 camellia_f %f18, %f0, %f2, %f0
121 ldd [$key + 24], %f18
122 camellia_f %f20, %f2, %f0, %f2
123 ldd [$key + 32], %f20
124 camellia_f %f22, %f0, %f2, %f0
125 ldd [$key + 40], %f22
126 camellia_fl %f24, %f0, %f0
127 ldd [$key + 48], %f24
128 camellia_fli %f26, %f2, %f2
129 ldd [$key + 56], %f26
130 brnz,pt $rounds, .Lenc
133 andcc $out, 7, $tmp ! is output aligned?
134 camellia_f %f12, %f2, %f0, %f2
135 camellia_f %f14, %f0, %f2, %f0
136 camellia_f %f16, %f2, %f0, %f2
137 camellia_f %f18, %f0, %f2, %f0
138 camellia_f %f20, %f2, %f0, %f4
139 camellia_f %f22, %f0, %f4, %f2
150 2: alignaddrl $out, %g0, $out
152 srl $mask, $tmp, $mask
154 faligndata %f0, %f0, %f4
155 faligndata %f0, %f2, %f6
156 faligndata %f2, %f2, %f8
158 stda %f4, [$out + $mask]0xc0 ! partial store
161 orn %g0, $mask, $mask
163 stda %f8, [$out + $mask]0xc0 ! partial store
164 .type cmll_t4_encrypt,#function
165 .size cmll_t4_encrypt,.-cmll_t4_encrypt
167 .globl cmll_t4_decrypt
170 ld [$key + 272], $rounds ! grandRounds, 3 or 4
171 andcc $inp, 7, %g1 ! is input aligned?
174 sll $rounds, 6, $rounds
175 add $rounds, $key, $key
180 ldx [$inp + 16], $inp
193 ldd [$key - 16], %f14
196 ldd [$key - 24], %f16
197 ldd [$key - 32], %f18
200 ldd [$key - 40], %f20
201 ldd [$key - 48], %f22
202 sub $rounds, 64, $rounds
203 ldd [$key - 56], %f24
204 ldd [$key - 64], %f26
208 camellia_f %f12, %f2, %f0, %f2
210 sub $rounds, 64, $rounds
211 camellia_f %f14, %f0, %f2, %f0
212 ldd [$key - 16], %f14
213 camellia_f %f16, %f2, %f0, %f2
214 ldd [$key - 24], %f16
215 camellia_f %f18, %f0, %f2, %f0
216 ldd [$key - 32], %f18
217 camellia_f %f20, %f2, %f0, %f2
218 ldd [$key - 40], %f20
219 camellia_f %f22, %f0, %f2, %f0
220 ldd [$key - 48], %f22
221 camellia_fl %f24, %f0, %f0
222 ldd [$key - 56], %f24
223 camellia_fli %f26, %f2, %f2
224 ldd [$key - 64], %f26
225 brnz,pt $rounds, .Ldec
228 andcc $out, 7, $tmp ! is output aligned?
229 camellia_f %f12, %f2, %f0, %f2
230 camellia_f %f14, %f0, %f2, %f0
231 camellia_f %f16, %f2, %f0, %f2
232 camellia_f %f18, %f0, %f2, %f0
233 camellia_f %f20, %f2, %f0, %f4
234 camellia_f %f22, %f0, %f4, %f2
245 2: alignaddrl $out, %g0, $out
247 srl $mask, $tmp, $mask
249 faligndata %f0, %f0, %f4
250 faligndata %f0, %f2, %f6
251 faligndata %f2, %f2, %f8
253 stda %f4, [$out + $mask]0xc0 ! partial store
256 orn %g0, $mask, $mask
258 stda %f8, [$out + $mask]0xc0 ! partial store
259 .type cmll_t4_decrypt,#function
260 .size cmll_t4_decrypt,.-cmll_t4_decrypt
264 ######################################################################
265 # key setup subroutines
271 "srlx %o4, 64-$rot, %g4\n\t".
272 "sllx %o4, $rot, %o4\n\t".
273 "srlx %o5, 64-$rot, %g5\n\t".
274 "sllx %o5, $rot, %o5\n\t".
275 "or %o4, %g5, %o4\n\t".
279 my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5));
281 .globl cmll_t4_set_key
285 alignaddr $inp, %g0, $inp
294 brz,pt $tmp, .L256aligned
298 faligndata %f0, %f2, %f0
299 faligndata %f2, %f4, %f2
300 faligndata %f4, %f6, %f4
302 faligndata %f6, %f8, %f6
306 brz,a,pt $tmp, .L256aligned
311 faligndata %f0, %f2, %f0
312 faligndata %f2, %f4, %f2
313 faligndata %f4, %f6, %f4
317 std %f0, [$out + 0] ! k[0, 1]
319 std %f2, [$out + 8] ! k[2, 3]
327 brz,pt $tmp, .L128aligned
332 faligndata %f0, %f2, %f0
333 faligndata %f2, %f4, %f2
336 std %f0, [$out + 0] ! k[0, 1]
338 std %f2, [$out + 8] ! k[2, 3]
344 add %o7, SIGMA-1b, %o4
352 camellia_f %f16, %f2, %f0, %f2
353 camellia_f %f18, %f0, %f2, %f0
356 camellia_f %f20, %f2, %f0, %f2
357 camellia_f %f22, %f0, %f2, %f0
359 bge,pn %icc, .L256key
361 std %f0, [$out + 0x10] ! k[ 4, 5]
362 std %f2, [$out + 0x18] ! k[ 6, 7]
367 stx %o4, [$out + 0x30] ! k[12, 13]
368 stx %o5, [$out + 0x38] ! k[14, 15]
370 stx %o4, [$out + 0x40] ! k[16, 17]
371 stx %o5, [$out + 0x48] ! k[18, 19]
373 stx %o4, [$out + 0x60] ! k[24, 25]
375 stx %o4, [$out + 0x70] ! k[28, 29]
376 stx %o5, [$out + 0x78] ! k[30, 31]
378 stx %o4, [$out + 0xa0] ! k[40, 41]
379 stx %o5, [$out + 0xa8] ! k[42, 43]
381 stx %o4, [$out + 0xc0] ! k[48, 49]
382 stx %o5, [$out + 0xc8] ! k[50, 51]
384 movdtox %f28, %o4 ! k[ 0, 1]
385 movdtox %f30, %o5 ! k[ 2, 3]
387 stx %o4, [$out + 0x20] ! k[ 8, 9]
388 stx %o5, [$out + 0x28] ! k[10, 11]
390 stx %o4, [$out + 0x50] ! k[20, 21]
391 stx %o5, [$out + 0x58] ! k[22, 23]
393 stx %o5, [$out + 0x68] ! k[26, 27]
395 stx %o4, [$out + 0x80] ! k[32, 33]
396 stx %o5, [$out + 0x88] ! k[34, 35]
398 stx %o4, [$out + 0x90] ! k[36, 37]
399 stx %o5, [$out + 0x98] ! k[38, 39]
401 stx %o4, [$out + 0xb0] ! k[44, 45]
402 stx %o5, [$out + 0xb8] ! k[46, 47]
405 st $tmp, [$out + 0x110]
414 std %f0, [$out + 0x30] ! k[12, 13]
415 std %f2, [$out + 0x38] ! k[14, 15]
419 camellia_f %f24, %f2, %f0, %f2
420 camellia_f %f26, %f0, %f2, %f0
422 std %f0, [$out + 0x10] ! k[ 4, 5]
423 std %f2, [$out + 0x18] ! k[ 6, 7]
428 stx %o4, [$out + 0x50] ! k[20, 21]
429 stx %o5, [$out + 0x58] ! k[22, 23]
431 stx %o4, [$out + 0xa0] ! k[40, 41]
432 stx %o5, [$out + 0xa8] ! k[42, 43]
434 stx %o4, [$out + 0x100] ! k[64, 65]
435 stx %o5, [$out + 0x108] ! k[66, 67]
437 movdtox %f4, %o4 ! k[ 8, 9]
438 movdtox %f6, %o5 ! k[10, 11]
440 stx %o4, [$out + 0x20] ! k[ 8, 9]
441 stx %o5, [$out + 0x28] ! k[10, 11]
443 stx %o4, [$out + 0x40] ! k[16, 17]
444 stx %o5, [$out + 0x48] ! k[18, 19]
446 stx %o4, [$out + 0x90] ! k[36, 37]
447 stx %o5, [$out + 0x98] ! k[38, 39]
449 stx %o4, [$out + 0xd0] ! k[52, 53]
450 stx %o5, [$out + 0xd8] ! k[54, 55]
451 ldx [$out + 0x30], %o4 ! k[12, 13]
452 ldx [$out + 0x38], %o5 ! k[14, 15]
454 stx %o4, [$out + 0x30] ! k[12, 13]
455 stx %o5, [$out + 0x38] ! k[14, 15]
457 stx %o4, [$out + 0x70] ! k[28, 29]
458 stx %o5, [$out + 0x78] ! k[30, 31]
461 st %o4, [$out + 0xc0] ! k[48]
462 st %g5, [$out + 0xc4] ! k[49]
463 st %o5, [$out + 0xc8] ! k[50]
464 st %g4, [$out + 0xcc] ! k[51]
466 stx %o4, [$out + 0xe0] ! k[56, 57]
467 stx %o5, [$out + 0xe8] ! k[58, 59]
469 movdtox %f28, %o4 ! k[ 0, 1]
470 movdtox %f30, %o5 ! k[ 2, 3]
472 stx %o4, [$out + 0x60] ! k[24, 25]
473 stx %o5, [$out + 0x68] ! k[26, 27]
475 stx %o4, [$out + 0x80] ! k[32, 33]
476 stx %o5, [$out + 0x88] ! k[34, 35]
478 stx %o4, [$out + 0xb0] ! k[44, 45]
479 stx %o5, [$out + 0xb8] ! k[46, 47]
481 stx %o4, [$out + 0xf0] ! k[60, 61]
482 stx %o5, [$out + 0xf8] ! k[62, 63]
485 st $tmp, [$out + 0x110]
488 .type cmll_t4_set_key,#function
489 .size cmll_t4_set_key,.-cmll_t4_set_key
492 .long 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2
493 .long 0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c
494 .long 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
497 .asciz "Camellia for SPARC T4, David S. Miller, Andy Polyakov"
502 my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5));
503 my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7));
507 _cmll128_load_enckey:
511 for ($i=2; $i<26;$i++) { # load key schedule
513 ldd [$key + `8*$i`], %f`12+2*$i`
519 .type _cmll128_load_enckey,#function
520 .size _cmll128_load_enckey,.-_cmll128_load_enckey
521 _cmll256_load_enckey=_cmll128_load_enckey
524 _cmll256_load_deckey:
525 ldd [$key + 64], %f62
526 ldd [$key + 72], %f60
529 _cmll128_load_deckey:
534 for ($i=2; $i<24;$i++) { # load key schedule
536 ldd [$key + `8*$i`], %f`62-2*$i`
540 ldx [$key + 192], %g4
542 ldx [$key + 200], %g5
543 .type _cmll256_load_deckey,#function
544 .size _cmll256_load_deckey,.-_cmll256_load_deckey
549 for ($i=0; $i<3; $i++) {
551 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
552 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
553 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
554 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
556 $code.=<<___ if ($i<2);
557 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
558 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
559 camellia_fl %f`16+16*$i+12`, %f0, %f0
560 camellia_fli %f`16+16*$i+14`, %f2, %f2
564 camellia_f %f56, %f2, %f0, %f4
565 camellia_f %f58, %f0, %f4, %f2
569 .type _cmll128_encrypt_1x,#function
570 .size _cmll128_encrypt_1x,.-_cmll128_encrypt_1x
571 _cmll128_decrypt_1x=_cmll128_encrypt_1x
576 for ($i=0; $i<3; $i++) {
578 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
579 camellia_f %f`16+16*$i+0`, %f6, %f4, %f6
580 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
581 camellia_f %f`16+16*$i+2`, %f4, %f6, %f4
582 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
583 camellia_f %f`16+16*$i+4`, %f6, %f4, %f6
584 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
585 camellia_f %f`16+16*$i+6`, %f4, %f6, %f4
587 $code.=<<___ if ($i<2);
588 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
589 camellia_f %f`16+16*$i+8`, %f6, %f4, %f6
590 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
591 camellia_f %f`16+16*$i+10`, %f4, %f6, %f4
592 camellia_fl %f`16+16*$i+12`, %f0, %f0
593 camellia_fl %f`16+16*$i+12`, %f4, %f4
594 camellia_fli %f`16+16*$i+14`, %f2, %f2
595 camellia_fli %f`16+16*$i+14`, %f6, %f6
599 camellia_f %f56, %f2, %f0, %f8
600 camellia_f %f56, %f6, %f4, %f10
601 camellia_f %f58, %f0, %f8, %f2
602 camellia_f %f58, %f4, %f10, %f6
608 .type _cmll128_encrypt_2x,#function
609 .size _cmll128_encrypt_2x,.-_cmll128_encrypt_2x
610 _cmll128_decrypt_2x=_cmll128_encrypt_2x
614 camellia_f %f16, %f2, %f0, %f2
615 camellia_f %f18, %f0, %f2, %f0
616 ldd [$key + 208], %f16
617 ldd [$key + 216], %f18
618 camellia_f %f20, %f2, %f0, %f2
619 camellia_f %f22, %f0, %f2, %f0
620 ldd [$key + 224], %f20
621 ldd [$key + 232], %f22
622 camellia_f %f24, %f2, %f0, %f2
623 camellia_f %f26, %f0, %f2, %f0
624 ldd [$key + 240], %f24
625 ldd [$key + 248], %f26
626 camellia_fl %f28, %f0, %f0
627 camellia_fli %f30, %f2, %f2
628 ldd [$key + 256], %f28
629 ldd [$key + 264], %f30
631 for ($i=1; $i<3; $i++) {
633 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
634 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
635 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
636 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
637 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
638 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
639 camellia_fl %f`16+16*$i+12`, %f0, %f0
640 camellia_fli %f`16+16*$i+14`, %f2, %f2
644 camellia_f %f16, %f2, %f0, %f2
645 camellia_f %f18, %f0, %f2, %f0
646 ldd [$key + 16], %f16
647 ldd [$key + 24], %f18
648 camellia_f %f20, %f2, %f0, %f2
649 camellia_f %f22, %f0, %f2, %f0
650 ldd [$key + 32], %f20
651 ldd [$key + 40], %f22
652 camellia_f %f24, %f2, %f0, %f4
653 camellia_f %f26, %f0, %f4, %f2
654 ldd [$key + 48], %f24
655 ldd [$key + 56], %f26
658 ldd [$key + 64], %f28
660 ldd [$key + 72], %f30
661 .type _cmll256_encrypt_1x,#function
662 .size _cmll256_encrypt_1x,.-_cmll256_encrypt_1x
666 camellia_f %f16, %f2, %f0, %f2
667 camellia_f %f16, %f6, %f4, %f6
668 camellia_f %f18, %f0, %f2, %f0
669 camellia_f %f18, %f4, %f6, %f4
670 ldd [$key + 208], %f16
671 ldd [$key + 216], %f18
672 camellia_f %f20, %f2, %f0, %f2
673 camellia_f %f20, %f6, %f4, %f6
674 camellia_f %f22, %f0, %f2, %f0
675 camellia_f %f22, %f4, %f6, %f4
676 ldd [$key + 224], %f20
677 ldd [$key + 232], %f22
678 camellia_f %f24, %f2, %f0, %f2
679 camellia_f %f24, %f6, %f4, %f6
680 camellia_f %f26, %f0, %f2, %f0
681 camellia_f %f26, %f4, %f6, %f4
682 ldd [$key + 240], %f24
683 ldd [$key + 248], %f26
684 camellia_fl %f28, %f0, %f0
685 camellia_fl %f28, %f4, %f4
686 camellia_fli %f30, %f2, %f2
687 camellia_fli %f30, %f6, %f6
688 ldd [$key + 256], %f28
689 ldd [$key + 264], %f30
691 for ($i=1; $i<3; $i++) {
693 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
694 camellia_f %f`16+16*$i+0`, %f6, %f4, %f6
695 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
696 camellia_f %f`16+16*$i+2`, %f4, %f6, %f4
697 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
698 camellia_f %f`16+16*$i+4`, %f6, %f4, %f6
699 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
700 camellia_f %f`16+16*$i+6`, %f4, %f6, %f4
701 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
702 camellia_f %f`16+16*$i+8`, %f6, %f4, %f6
703 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
704 camellia_f %f`16+16*$i+10`, %f4, %f6, %f4
705 camellia_fl %f`16+16*$i+12`, %f0, %f0
706 camellia_fl %f`16+16*$i+12`, %f4, %f4
707 camellia_fli %f`16+16*$i+14`, %f2, %f2
708 camellia_fli %f`16+16*$i+14`, %f6, %f6
712 camellia_f %f16, %f2, %f0, %f2
713 camellia_f %f16, %f6, %f4, %f6
714 camellia_f %f18, %f0, %f2, %f0
715 camellia_f %f18, %f4, %f6, %f4
716 ldd [$key + 16], %f16
717 ldd [$key + 24], %f18
718 camellia_f %f20, %f2, %f0, %f2
719 camellia_f %f20, %f6, %f4, %f6
720 camellia_f %f22, %f0, %f2, %f0
721 camellia_f %f22, %f4, %f6, %f4
722 ldd [$key + 32], %f20
723 ldd [$key + 40], %f22
724 camellia_f %f24, %f2, %f0, %f8
725 camellia_f %f24, %f6, %f4, %f10
726 camellia_f %f26, %f0, %f8, %f2
727 camellia_f %f26, %f4, %f10, %f6
728 ldd [$key + 48], %f24
729 ldd [$key + 56], %f26
734 ldd [$key + 64], %f28
736 ldd [$key + 72], %f30
737 .type _cmll256_encrypt_2x,#function
738 .size _cmll256_encrypt_2x,.-_cmll256_encrypt_2x
742 camellia_f %f16, %f2, %f0, %f2
743 camellia_f %f18, %f0, %f2, %f0
745 ldd [$key - 16], %f18
746 camellia_f %f20, %f2, %f0, %f2
747 camellia_f %f22, %f0, %f2, %f0
748 ldd [$key - 24], %f20
749 ldd [$key - 32], %f22
750 camellia_f %f24, %f2, %f0, %f2
751 camellia_f %f26, %f0, %f2, %f0
752 ldd [$key - 40], %f24
753 ldd [$key - 48], %f26
754 camellia_fl %f28, %f0, %f0
755 camellia_fli %f30, %f2, %f2
756 ldd [$key - 56], %f28
757 ldd [$key - 64], %f30
759 for ($i=1; $i<3; $i++) {
761 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
762 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
763 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
764 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
765 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
766 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
767 camellia_fl %f`16+16*$i+12`, %f0, %f0
768 camellia_fli %f`16+16*$i+14`, %f2, %f2
772 camellia_f %f16, %f2, %f0, %f2
773 camellia_f %f18, %f0, %f2, %f0
774 ldd [$key + 184], %f16
775 ldd [$key + 176], %f18
776 camellia_f %f20, %f2, %f0, %f2
777 camellia_f %f22, %f0, %f2, %f0
778 ldd [$key + 168], %f20
779 ldd [$key + 160], %f22
780 camellia_f %f24, %f2, %f0, %f4
781 camellia_f %f26, %f0, %f4, %f2
782 ldd [$key + 152], %f24
783 ldd [$key + 144], %f26
786 ldd [$key + 136], %f28
788 ldd [$key + 128], %f30
789 .type _cmll256_decrypt_1x,#function
790 .size _cmll256_decrypt_1x,.-_cmll256_decrypt_1x
794 camellia_f %f16, %f2, %f0, %f2
795 camellia_f %f16, %f6, %f4, %f6
796 camellia_f %f18, %f0, %f2, %f0
797 camellia_f %f18, %f4, %f6, %f4
799 ldd [$key - 16], %f18
800 camellia_f %f20, %f2, %f0, %f2
801 camellia_f %f20, %f6, %f4, %f6
802 camellia_f %f22, %f0, %f2, %f0
803 camellia_f %f22, %f4, %f6, %f4
804 ldd [$key - 24], %f20
805 ldd [$key - 32], %f22
806 camellia_f %f24, %f2, %f0, %f2
807 camellia_f %f24, %f6, %f4, %f6
808 camellia_f %f26, %f0, %f2, %f0
809 camellia_f %f26, %f4, %f6, %f4
810 ldd [$key - 40], %f24
811 ldd [$key - 48], %f26
812 camellia_fl %f28, %f0, %f0
813 camellia_fl %f28, %f4, %f4
814 camellia_fli %f30, %f2, %f2
815 camellia_fli %f30, %f6, %f6
816 ldd [$key - 56], %f28
817 ldd [$key - 64], %f30
819 for ($i=1; $i<3; $i++) {
821 camellia_f %f`16+16*$i+0`, %f2, %f0, %f2
822 camellia_f %f`16+16*$i+0`, %f6, %f4, %f6
823 camellia_f %f`16+16*$i+2`, %f0, %f2, %f0
824 camellia_f %f`16+16*$i+2`, %f4, %f6, %f4
825 camellia_f %f`16+16*$i+4`, %f2, %f0, %f2
826 camellia_f %f`16+16*$i+4`, %f6, %f4, %f6
827 camellia_f %f`16+16*$i+6`, %f0, %f2, %f0
828 camellia_f %f`16+16*$i+6`, %f4, %f6, %f4
829 camellia_f %f`16+16*$i+8`, %f2, %f0, %f2
830 camellia_f %f`16+16*$i+8`, %f6, %f4, %f6
831 camellia_f %f`16+16*$i+10`, %f0, %f2, %f0
832 camellia_f %f`16+16*$i+10`, %f4, %f6, %f4
833 camellia_fl %f`16+16*$i+12`, %f0, %f0
834 camellia_fl %f`16+16*$i+12`, %f4, %f4
835 camellia_fli %f`16+16*$i+14`, %f2, %f2
836 camellia_fli %f`16+16*$i+14`, %f6, %f6
840 camellia_f %f16, %f2, %f0, %f2
841 camellia_f %f16, %f6, %f4, %f6
842 camellia_f %f18, %f0, %f2, %f0
843 camellia_f %f18, %f4, %f6, %f4
844 ldd [$key + 184], %f16
845 ldd [$key + 176], %f18
846 camellia_f %f20, %f2, %f0, %f2
847 camellia_f %f20, %f6, %f4, %f6
848 camellia_f %f22, %f0, %f2, %f0
849 camellia_f %f22, %f4, %f6, %f4
850 ldd [$key + 168], %f20
851 ldd [$key + 160], %f22
852 camellia_f %f24, %f2, %f0, %f8
853 camellia_f %f24, %f6, %f4, %f10
854 camellia_f %f26, %f0, %f8, %f2
855 camellia_f %f26, %f4, %f10, %f6
856 ldd [$key + 152], %f24
857 ldd [$key + 144], %f26
862 ldd [$key + 136], %f28
864 ldd [$key + 128], %f30
865 .type _cmll256_decrypt_2x,#function
866 .size _cmll256_decrypt_2x,.-_cmll256_decrypt_2x
869 &alg_cbc_encrypt_implement("cmll",128);
870 &alg_cbc_encrypt_implement("cmll",256);
872 &alg_cbc_decrypt_implement("cmll",128);
873 &alg_cbc_decrypt_implement("cmll",256);
876 &alg_ctr32_implement("cmll",128);
877 &alg_ctr32_implement("cmll",256);
883 .global Camellia_encrypt
884 Camellia_encrypt=cmll_t4_encrypt
885 .global Camellia_decrypt
886 Camellia_decrypt=cmll_t4_decrypt
887 .global Camellia_set_key
890 andcc %o2, 7, %g0 ! double-check alignment
897 andncc %o1, 0x1c0, %g0
907 .type Camellia_set_key,#function
908 .size Camellia_set_key,.-Camellia_set_key
911 my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5));
914 .globl Camellia_cbc_encrypt
916 Camellia_cbc_encrypt:
919 brz $enc, .Lcbc_decrypt
922 be,pt %icc, cmll128_t4_cbc_encrypt
924 ba cmll256_t4_cbc_encrypt
928 be,pt %icc, cmll128_t4_cbc_decrypt
930 ba cmll256_t4_cbc_decrypt
932 .type Camellia_cbc_encrypt,#function
933 .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt