24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 /*
30 * Unified version for both position independent and non position independent
31 * for both v8plus and v9
32 * compile with:
33 *
34 * cc -c -xarch=v8plus des_crypt_asm.s or
35 * cc -c -arch=v9 des_crypt_asm.s
36 * for kernel use (no -KPIC)
37 *
38 * and with
39 *
40 * cc -c -xarch=v8plus -KPIC -DPIC des_crypt_asm.s or
41 * cc -c -arch=v9 -KPIC -DPIC des_crypt_asm.s
42 * for .so use
43 *
44 * EXPORT DELETE START
45 *
46 * The tables were generated by a C program, compiled into the C version
47 * of this function, from which a .s was generated by the C compiler and
48 * that .s was used as a starting point for this one, in particular for
49 * the data definitions. It is important, though that the tables and
50 * the code both remain in the text section and in this order, otherwise,
51 * at least on UltraSparc-II processors, collisions in the E-cache are
52 * highly probable between the code and the data it is using which can
53 * result in up to 40% performance loss
54 *
55 * For a description of the DES algithm, see NIST publication FIPS PUB 46-3
56 *
57 * In this implementation, the 16 rounds of DES are carried out by unrolling
58 * a loop that computes two rounds. For those 2 rounds, the two parts of
59 * the intermediate variable (L and R in the FIPS pub) are kept in their
60 * extended forms (i.e. in the one after applying the transformation E),
61 * with the appropriate bits repeated so that bits needed for the S-box
62 * lookups are in consecutive positions. So the bits of the L (or R)
63 * variable appear in the following order (X represents a bit that is not
64 * from L (R), these bits are always 0):
65 * 32 1 2 3 4 5 X X X X X X X X 4 5
66 * 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17
67 * 16 17 18 19 20 21 X X X X X 20 21 22 23 24
68 * 25 24 25 26 27 28 29 28 29 30 31 32 1 X X X
69 * This arrangement makes it possible that 3 of the 8 S-box indices
70 * can be extracted by a single instruction: srlx by 55 for the S1 index,
71 * srl by 23 for the S5 index and and by 0x1f80 for the S8 index. The rest
72 * of the indices requires two operations, a shift and an and.
73 * The tables for the S-boxes are computed in such a way that when or-ed
74 * together, they give the result of the S-box, P and E computations.
75 * Also, the key schedule bits are computed to follow this bit-scheme.
76 * The initial permutation tables are also computed to produce this
77 * bit distribution and the final permutation works from these, too.
78 *
79 * The end of each round is overlapped with the beginning of the next
80 * one since after the first 6 S-box lookups all the bits necessary
81 * for one S-box lookup in the next round can be computed (by xor-ing
82 * the next key schedule item to the partially computed next R).
83 *
84 * EXPORT DELETE END
85 */
86
87 #if defined(lint) || defined(__lint)
88 /* LINTED */
89 /* Nothing to be linted in this file, its pure assembly source */
90 #else /* lint || __lint */
91
92 .register %g2,#scratch
93 .register %g3,#scratch
94
95 .file "encrypt_asm.S"
96
97 .section ".text",#alloc
98 .align 32
99
100 /* EXPORT DELETE START */
101
102 !
103 ! CONSTANT POOL
104 !
105
106 des_sbox_table:
107 .word 5121
108 .word 1073872896
109 .word 0
110 .word 0
111 .word 1
112 .word 1073741824
113 .word 5121
114 .word 1073872928
115 .word 5121
116 .word 1073741856
117 .word 1
118 .word 1073872928
119 .word 0
120 .word 32
121 .word 1
3632 .word -2134851392
3633 .word 1077952576
3634 .word -1069531072
3635 .word 1086341184
3636 .word -1061142464
3637 .word 1077985344
3638 .word -1069498304
3639 .word 1086373952
3640 .word -1061109696
3641 .word 1077952704
3642 .word -1069530944
3643 .word 1086341312
3644 .word -1061142336
3645 .word 1077985472
3646 .word -1069498176
3647 .word 1086374080
3648 .word -1061109568
3649 .type des_fp_table,#object
3650 .size des_fp_table,1024
3651
3652 /* EXPORT DELETE END */
3653
3654 #endif /* lint || __lint */
|
24 * Use is subject to license terms.
25 */
26
27 #pragma ident "%Z%%M% %I% %E% SMI"
28
29 /*
30 * Unified version for both position independent and non position independent
31 * for both v8plus and v9
32 * compile with:
33 *
34 * cc -c -xarch=v8plus des_crypt_asm.s or
35 * cc -c -arch=v9 des_crypt_asm.s
36 * for kernel use (no -KPIC)
37 *
38 * and with
39 *
40 * cc -c -xarch=v8plus -KPIC -DPIC des_crypt_asm.s or
41 * cc -c -arch=v9 -KPIC -DPIC des_crypt_asm.s
42 * for .so use
43 *
44 * The tables were generated by a C program, compiled into the C version
45 * of this function, from which a .s was generated by the C compiler and
46 * that .s was used as a starting point for this one, in particular for
47 * the data definitions. It is important, though that the tables and
48 * the code both remain in the text section and in this order, otherwise,
49 * at least on UltraSparc-II processors, collisions in the E-cache are
50 * highly probable between the code and the data it is using which can
51 * result in up to 40% performance loss
52 *
53 * For a description of the DES algithm, see NIST publication FIPS PUB 46-3
54 *
55 * In this implementation, the 16 rounds of DES are carried out by unrolling
56 * a loop that computes two rounds. For those 2 rounds, the two parts of
57 * the intermediate variable (L and R in the FIPS pub) are kept in their
58 * extended forms (i.e. in the one after applying the transformation E),
59 * with the appropriate bits repeated so that bits needed for the S-box
60 * lookups are in consecutive positions. So the bits of the L (or R)
61 * variable appear in the following order (X represents a bit that is not
62 * from L (R), these bits are always 0):
63 * 32 1 2 3 4 5 X X X X X X X X 4 5
64 * 6 7 8 9 8 9 10 11 12 13 12 13 14 15 16 17
65 * 16 17 18 19 20 21 X X X X X 20 21 22 23 24
66 * 25 24 25 26 27 28 29 28 29 30 31 32 1 X X X
67 * This arrangement makes it possible that 3 of the 8 S-box indices
68 * can be extracted by a single instruction: srlx by 55 for the S1 index,
69 * srl by 23 for the S5 index and and by 0x1f80 for the S8 index. The rest
70 * of the indices requires two operations, a shift and an and.
71 * The tables for the S-boxes are computed in such a way that when or-ed
72 * together, they give the result of the S-box, P and E computations.
73 * Also, the key schedule bits are computed to follow this bit-scheme.
74 * The initial permutation tables are also computed to produce this
75 * bit distribution and the final permutation works from these, too.
76 *
77 * The end of each round is overlapped with the beginning of the next
78 * one since after the first 6 S-box lookups all the bits necessary
79 * for one S-box lookup in the next round can be computed (by xor-ing
80 * the next key schedule item to the partially computed next R).
81 */
82
83 #if defined(lint) || defined(__lint)
84 /* LINTED */
85 /* Nothing to be linted in this file, its pure assembly source */
86 #else /* lint || __lint */
87
88 .register %g2,#scratch
89 .register %g3,#scratch
90
91 .file "encrypt_asm.S"
92
93 .section ".text",#alloc
94 .align 32
95
96 !
97 ! CONSTANT POOL
98 !
99
100 des_sbox_table:
101 .word 5121
102 .word 1073872896
103 .word 0
104 .word 0
105 .word 1
106 .word 1073741824
107 .word 5121
108 .word 1073872928
109 .word 5121
110 .word 1073741856
111 .word 1
112 .word 1073872928
113 .word 0
114 .word 32
115 .word 1
3626 .word -2134851392
3627 .word 1077952576
3628 .word -1069531072
3629 .word 1086341184
3630 .word -1061142464
3631 .word 1077985344
3632 .word -1069498304
3633 .word 1086373952
3634 .word -1061109696
3635 .word 1077952704
3636 .word -1069530944
3637 .word 1086341312
3638 .word -1061142336
3639 .word 1077985472
3640 .word -1069498176
3641 .word 1086374080
3642 .word -1061109568
3643 .type des_fp_table,#object
3644 .size des_fp_table,1024
3645
3646 #endif /* lint || __lint */
|