openssl/crypto/des/asm/des_enc.m4

! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
!
! Licensed under the Apache License 2.0 (the "License").  You may not use
! this file except in compliance with the License.  You can obtain a copy
! in the file LICENSE in the source distribution or at
! https://www.openssl.org/source/license.html
!
!  To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S
!
!  Global registers 1 to 5 are used. This is the same as done by the
!  cc compiler. The UltraSPARC load/store little endian feature is used.
!
!  Instruction grouping often refers to one CPU cycle.
!
!  Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S
!
!  Assemble through cc:  cc -c -xarch=v8plusa -o des_enc.o des_enc.S
!
!  Performance improvement according to './apps/openssl speed des'
!
!	32-bit build:
!		23%  faster than cc-5.2 -xarch=v8plus -xO5
!		115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5
!	64-bit build:
!		50%  faster than cc-5.2 -xarch=v9 -xO5
!		100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5
!

.ident "des_enc.m4 2.1"
.file  "des_enc-sparc.S"

#if defined(__SUNPRO_C) && defined(__sparcv9)
# define ABI64  /* They've said -xarch=v9 at command line */
#elif defined(__GNUC__) && defined(__arch64__)
# define ABI64  /* They've said -m64 at command line */
#endif

#ifdef ABI64
  .register	%g2,#scratch
  .register	%g3,#scratch
# define	FRAME	-192
# define	BIAS	2047
# define	LDPTR	ldx
# define	STPTR	stx
# define	ARG0	128
# define	ARGSZ	8
#else
# define	FRAME	-96
# define	BIAS	0
# define	LDPTR	ld
# define	STPTR	st
# define	ARG0	68
# define	ARGSZ	4
#endif

#define LOOPS 7

#define global0 %g0
#define global1 %g1
#define global2 %g2
#define global3 %g3
#define global4 %g4
#define global5 %g5

#define local0 %l0
#define local1 %l1
#define local2 %l2
#define local3 %l3
#define local4 %l4
#define local5 %l5
#define local7 %l6
#define local6 %l7

#define in0 %i0
#define in1 %i1
#define in2 %i2
#define in3 %i3
#define in4 %i4
#define in5 %i5
#define in6 %i6
#define in7 %i7

#define out0 %o0
#define out1 %o1
#define out2 %o2
#define out3 %o3
#define out4 %o4
#define out5 %o5
#define out6 %o6
#define out7 %o7

#define stub stb

changequote({,})


! Macro definitions:


! {ip_macro}
!
! The logic used in initial and final permutations is the same as in
! the C code. The permutations are done with a clever shift, xor, and
! technique.
!
! The macro also loads address sbox 1 to 5 to global 1 to 5, address
! sbox 6 to local6, and address sbox 8 to out3.
!
! Rotates the halves 3 left to bring the sbox bits in convenient positions.
!
! Loads key first round from address in parameter 5 to out0, out1.
!
! After the original LibDES initial permutation, the resulting left
! is in the variable initially used for right and vice versa. The macro
! implements the possibility to keep the halves in the original registers.
!
! parameter 1  left
! parameter 2  right
! parameter 3  result left (modify in first round)
! parameter 4  result right (use in first round)
! parameter 5  key address
! parameter 6  1/2 for include encryption/decryption
! parameter 7  1 for move in1 to in3
! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
! parameter 9  1 for load ks3 and ks2 to in4 and in3

define(ip_macro, {

! {ip_macro}
! $1 $2 $4 $3 $5 $6 $7 $8 $9

	ld	[out2+256], local1
	srl	$2, 4, local4

	xor	local4, $1, local4
	ifelse($7,1,{mov in1, in3},{nop})

	ld	[out2+260], local2
	and	local4, local1, local4
	ifelse($8,1,{mov in3, in4},{})
	ifelse($8,2,{mov in4, in3},{})

	ld	[out2+280], out4          ! loop counter
	sll	local4, 4, local1
	xor	$1, local4, $1

	ld	[out2+264], local3
	srl	$1, 16, local4
	xor	$2, local1, $2

	ifelse($9,1,{LDPTR	KS3, in4},{})
	xor	local4, $2, local4
	nop	!sethi	%hi(DES_SPtrans), global1 ! sbox addr

	ifelse($9,1,{LDPTR	KS2, in3},{})
	and	local4, local2, local4
	nop	!or	global1, %lo(DES_SPtrans), global1   ! sbox addr

	sll	local4, 16, local1
	xor	$2, local4, $2

	srl	$2, 2, local4
	xor	$1, local1, $1

	sethi	%hi(16711680), local5
	xor	local4, $1, local4

	and	local4, local3, local4
	or	local5, 255, local5

	sll	local4, 2, local2
	xor	$1, local4, $1

	srl	$1, 8, local4
	xor	$2, local2, $2

	xor	local4, $2, local4
	add	global1, 768, global4

	and	local4, local5, local4
	add	global1, 1024, global5

	ld	[out2+272], local7
	sll	local4, 8, local1
	xor	$2, local4, $2

	srl	$2, 1, local4
	xor	$1, local1, $1

	ld	[$5], out0                ! key 7531
	xor	local4, $1, local4
	add	global1, 256, global2

	ld	[$5+4], out1              ! key 8642
	and	local4, local7, local4
	add	global1, 512, global3

	sll	local4, 1, local1
	xor	$1, local4, $1

	sll	$1, 3, local3
	xor	$2, local1, $2

	sll	$2, 3, local2
	add	global1, 1280, local6     ! address sbox 8

	srl	$1, 29, local4
	add	global1, 1792, out3       ! address sbox 8

	srl	$2, 29, local1
	or	local4, local3, $4

	or	local2, local1, $3

	ifelse($6, 1, {

		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
		or	local2, local1, $3
		xor	$4, out0, local1

		call .des_enc.1
		and	local1, 252, local1

	},{})

	ifelse($6, 2, {

		ld	[out2+284], local5     ! 0x0000FC00 used in the rounds
		or	local2, local1, $3
		xor	$4, out0, local1

		call .des_dec.1
		and	local1, 252, local1

	},{})
})


! {rounds_macro}
!
! The logic used in the DES rounds is the same as in the C code,
! except that calculations for sbox 1 and sbox 5 begin before
! the previous round is finished.
!
! In each round one half (work) is modified based on key and the
! other half (use).
!
! In this version we do two rounds in a loop repeated 7 times
! and two rounds separately.
!
! One half has the bits for the sboxes in the following positions:
!
!	777777xx555555xx333333xx111111xx
!
!	88xx666666xx444444xx222222xx8888
!
! The bits for each sbox are xor-ed with the key bits for that box.
! The above xx bits are cleared, and the result used for lookup in
! the sbox table. Each sbox entry contains the 4 output bits permuted
! into 32 bits according to the P permutation.
!
! In the description of DES, left and right are switched after
! each round, except after last round. In this code the original
! left and right are kept in the same register in all rounds, meaning
! that after the 16 rounds the result for right is in the register
! originally used for left.
!
! parameter 1  first work (left in first round)
! parameter 2  first use (right in first round)
! parameter 3  enc/dec  1/-1
! parameter 4  loop label
! parameter 5  key address register
! parameter 6  optional address for key next encryption/decryption
! parameter 7  not empty for include retl
!
! also compares in2 to 8

define(rounds_macro, {

! {rounds_macro}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	xor	$2, out0, local1

	ld	[out2+284], local5        ! 0x0000FC00
	ba	$4
	and	local1, 252, local1

	.align 32

$4:
	! local6 is address sbox 6
	! out3   is address sbox 8
	! out4   is loop counter

	ld	[global1+local1], local1
	xor	$2, out1, out1            ! 8642
	xor	$2, out0, out0            ! 7531
	! fmovs	%f0, %f0                  ! fxor used for alignment

	srl	out1, 4, local0           ! rotate 4 right
	and	out0, local5, local3      ! 3
	! fmovs	%f0, %f0

	ld	[$5+$3*8], local7         ! key 7531 next round
	srl	local3, 8, local3         ! 3
	and	local0, 252, local2       ! 2
	! fmovs	%f0, %f0

	ld	[global3+local3],local3   ! 3
	sll	out1, 28, out1            ! rotate
	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7

	ld	[global2+local2], local2  ! 2
	srl	out0, 24, local1          ! 7
	or	out1, local0, out1        ! rotate

	ldub	[out2+local1], local1     ! 7 (and 0xFC)
	srl	out1, 24, local0          ! 8
	and	out1, local5, local4      ! 4

	ldub	[out2+local0], local0     ! 8 (and 0xFC)
	srl	local4, 8, local4         ! 4
	xor	$1, local2, $1            ! 2 finished local2 now sbox 6

	ld	[global4+local4],local4   ! 4
	srl	out1, 16, local2          ! 6
	xor	$1, local3, $1            ! 3 finished local3 now sbox 5

	ld	[out3+local0],local0      ! 8
	and	local2, 252, local2       ! 6
	add	global1, 1536, local5     ! address sbox 7

	ld	[local6+local2], local2   ! 6
	srl	out0, 16, local3          ! 5
	xor	$1, local4, $1            ! 4 finished

	ld	[local5+local1],local1    ! 7
	and	local3, 252, local3       ! 5
	xor	$1, local0, $1            ! 8 finished

	ld	[global5+local3],local3   ! 5
	xor	$1, local2, $1            ! 6 finished
	subcc	out4, 1, out4

	ld	[$5+$3*8+4], out0         ! key 8642 next round
	xor	$1, local7, local2        ! sbox 5 next round
	xor	$1, local1, $1            ! 7 finished

	srl	local2, 16, local2        ! sbox 5 next round
	xor	$1, local3, $1            ! 5 finished

	ld	[$5+$3*16+4], out1        ! key 8642 next round again
	and	local2, 252, local2       ! sbox5 next round
! next round
	xor	$1, local7, local7        ! 7531

	ld	[global5+local2], local2  ! 5
	srl	local7, 24, local3        ! 7
	xor	$1, out0, out0            ! 8642

	ldub	[out2+local3], local3     ! 7 (and 0xFC)
	srl	out0, 4, local0           ! rotate 4 right
	and	local7, 252, local1       ! 1

	sll	out0, 28, out0            ! rotate
	xor	$2, local2, $2            ! 5 finished local2 used

	srl	local0, 8, local4         ! 4
	and	local0, 252, local2       ! 2
	ld	[local5+local3], local3   ! 7

	srl	local0, 16, local5        ! 6
	or	out0, local0, out0        ! rotate
	ld	[global2+local2], local2  ! 2

	srl	out0, 24, local0
	ld	[$5+$3*16], out0          ! key 7531 next round
	and	local4, 252, local4	  ! 4

	and	local5, 252, local5       ! 6
	ld	[global4+local4], local4  ! 4
	xor	$2, local3, $2            ! 7 finished local3 used

	and	local0, 252, local0       ! 8
	ld	[local6+local5], local5   ! 6
	xor	$2, local2, $2            ! 2 finished local2 now sbox 3

	srl	local7, 8, local2         ! 3 start
	ld	[out3+local0], local0     ! 8
	xor	$2, local4, $2            ! 4 finished

	and	local2, 252, local2       ! 3
	ld	[global1+local1], local1  ! 1
	xor	$2, local5, $2            ! 6 finished local5 used

	ld	[global3+local2], local2  ! 3
	xor	$2, local0, $2            ! 8 finished
	add	$5, $3*16, $5             ! enc add 8, dec add -8 to key pointer

	ld	[out2+284], local5        ! 0x0000FC00
	xor	$2, out0, local4          ! sbox 1 next round
	xor	$2, local1, $2            ! 1 finished

	xor	$2, local2, $2            ! 3 finished
	bne	$4
	and	local4, 252, local1       ! sbox 1 next round

! two rounds more:

	ld	[global1+local1], local1
	xor	$2, out1, out1
	xor	$2, out0, out0

	srl	out1, 4, local0           ! rotate
	and	out0, local5, local3

	ld	[$5+$3*8], local7         ! key 7531
	srl	local3, 8, local3
	and	local0, 252, local2

	ld	[global3+local3],local3
	sll	out1, 28, out1            ! rotate
	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7

	ld	[global2+local2], local2
	srl	out0, 24, local1
	or	out1, local0, out1        ! rotate

	ldub	[out2+local1], local1
	srl	out1, 24, local0
	and	out1, local5, local4

	ldub	[out2+local0], local0
	srl	local4, 8, local4
	xor	$1, local2, $1            ! 2 finished local2 now sbox 6

	ld	[global4+local4],local4
	srl	out1, 16, local2
	xor	$1, local3, $1            ! 3 finished local3 now sbox 5

	ld	[out3+local0],local0
	and	local2, 252, local2
	add	global1, 1536, local5     ! address sbox 7

	ld	[local6+local2], local2
	srl	out0, 16, local3
	xor	$1, local4, $1            ! 4 finished

	ld	[local5+local1],local1
	and	local3, 252, local3
	xor	$1, local0, $1

	ld	[global5+local3],local3
	xor	$1, local2, $1            ! 6 finished
	cmp	in2, 8

	ifelse($6,{}, {}, {ld	[out2+280], out4})  ! loop counter
	xor	$1, local7, local2        ! sbox 5 next round
	xor	$1, local1, $1            ! 7 finished

	ld	[$5+$3*8+4], out0
	srl	local2, 16, local2        ! sbox 5 next round
	xor	$1, local3, $1            ! 5 finished

	and	local2, 252, local2
! next round (two rounds more)
	xor	$1, local7, local7        ! 7531

	ld	[global5+local2], local2
	srl	local7, 24, local3
	xor	$1, out0, out0            ! 8642

	ldub	[out2+local3], local3
	srl	out0, 4, local0           ! rotate
	and	local7, 252, local1

	sll	out0, 28, out0            ! rotate
	xor	$2, local2, $2            ! 5 finished local2 used

	srl	local0, 8, local4
	and	local0, 252, local2
	ld	[local5+local3], local3

	srl	local0, 16, local5
	or	out0, local0, out0        ! rotate
	ld	[global2+local2], local2

	srl	out0, 24, local0
	ifelse($6,{}, {}, {ld	[$6], out0})   ! key next encryption/decryption
	and	local4, 252, local4

	and	local5, 252, local5
	ld	[global4+local4], local4
	xor	$2, local3, $2            ! 7 finished local3 used

	and	local0, 252, local0
	ld	[local6+local5], local5
	xor	$2, local2, $2            ! 2 finished local2 now sbox 3

	srl	local7, 8, local2         ! 3 start
	ld	[out3+local0], local0
	xor	$2, local4, $2

	and	local2, 252, local2
	ld	[global1+local1], local1
	xor	$2, local5, $2            ! 6 finished local5 used

	ld	[global3+local2], local2
	srl	$1, 3, local3
	xor	$2, local0, $2

	ifelse($6,{}, {}, {ld	[$6+4], out1}) ! key next encryption/decryption
	sll	$1, 29, local4
	xor	$2, local1, $2

	ifelse($7,{}, {}, {retl})
	xor	$2, local2, $2
})


! {fp_macro}
!
!  parameter 1   right (original left)
!  parameter 2   left (original right)
!  parameter 3   1 for optional store to [in0]
!  parameter 4   1 for load input/output address to local5/7
!
!  The final permutation logic switches the halves, meaning that
!  left and right ends up the registers originally used.

define(fp_macro, {

! {fp_macro}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	! initially undo the rotate 3 left done after initial permutation
	! original left is received shifted 3 right and 29 left in local3/4

	sll	$2, 29, local1
	or	local3, local4, $1

	srl	$2, 3, $2
	sethi	%hi(0x55555555), local2

	or	$2, local1, $2
	or	local2, %lo(0x55555555), local2

	srl	$2, 1, local3
	sethi	%hi(0x00ff00ff), local1
	xor	local3, $1, local3
	or	local1, %lo(0x00ff00ff), local1
	and	local3, local2, local3
	sethi	%hi(0x33333333), local4
	sll	local3, 1, local2

	xor	$1, local3, $1

	srl	$1, 8, local3
	xor	$2, local2, $2
	xor	local3, $2, local3
	or	local4, %lo(0x33333333), local4
	and	local3, local1, local3
	sethi	%hi(0x0000ffff), local1
	sll	local3, 8, local2

	xor	$2, local3, $2

	srl	$2, 2, local3
	xor	$1, local2, $1
	xor	local3, $1, local3
	or	local1, %lo(0x0000ffff), local1
	and	local3, local4, local3
	sethi	%hi(0x0f0f0f0f), local4
	sll	local3, 2, local2

	ifelse($4,1, {LDPTR INPUT, local5})
	xor	$1, local3, $1

	ifelse($4,1, {LDPTR OUTPUT, local7})
	srl	$1, 16, local3
	xor	$2, local2, $2
	xor	local3, $2, local3
	or	local4, %lo(0x0f0f0f0f), local4
	and	local3, local1, local3
	sll	local3, 16, local2

	xor	$2, local3, local1

	srl	local1, 4, local3
	xor	$1, local2, $1
	xor	local3, $1, local3
	and	local3, local4, local3
	sll	local3, 4, local2

	xor	$1, local3, $1

	! optional store:

	ifelse($3,1, {st $1, [in0]})

	xor	local1, local2, $2

	ifelse($3,1, {st $2, [in0+4]})

})


! {fp_ip_macro}
!
! Does initial permutation for next block mixed with
! final permutation for current block.
!
! parameter 1   original left
! parameter 2   original right
! parameter 3   left ip
! parameter 4   right ip
! parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
!                2: mov in4 to in3
!
! also adds -8 to length in2 and loads loop counter to out4

define(fp_ip_macro, {

! {fp_ip_macro}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	define({temp1},{out4})
	define({temp2},{local3})

	define({ip1},{local1})
	define({ip2},{local2})
	define({ip4},{local4})
	define({ip5},{local5})

	! $1 in local3, local4

	ld	[out2+256], ip1
	sll	out5, 29, temp1
	or	local3, local4, $1

	srl	out5, 3, $2
	ifelse($5,2,{mov in4, in3})

	ld	[out2+272], ip5
	srl	$4, 4, local0
	or	$2, temp1, $2

	srl	$2, 1, temp1
	xor	temp1, $1, temp1

	and	temp1, ip5, temp1
	xor	local0, $3, local0

	sll	temp1, 1, temp2
	xor	$1, temp1, $1

	and	local0, ip1, local0
	add	in2, -8, in2

	sll	local0, 4, local7
	xor	$3, local0, $3

	ld	[out2+268], ip4
	srl	$1, 8, temp1
	xor	$2, temp2, $2
	ld	[out2+260], ip2
	srl	$3, 16, local0
	xor	$4, local7, $4
	xor	temp1, $2, temp1
	xor	local0, $4, local0
	and	temp1, ip4, temp1
	and	local0, ip2, local0
	sll	temp1, 8, temp2
	xor	$2, temp1, $2
	sll	local0, 16, local7
	xor	$4, local0, $4

	srl	$2, 2, temp1
	xor	$1, temp2, $1

	ld	[out2+264], temp2         ! ip3
	srl	$4, 2, local0
	xor	$3, local7, $3
	xor	temp1, $1, temp1
	xor	local0, $3, local0
	and	temp1, temp2, temp1
	and	local0, temp2, local0
	sll	temp1, 2, temp2
	xor	$1, temp1, $1
	sll	local0, 2, local7
	xor	$3, local0, $3

	srl	$1, 16, temp1
	xor	$2, temp2, $2
	srl	$3, 8, local0
	xor	$4, local7, $4
	xor	temp1, $2, temp1
	xor	local0, $4, local0
	and	temp1, ip2, temp1
	and	local0, ip4, local0
	sll	temp1, 16, temp2
	xor	$2, temp1, local4
	sll	local0, 8, local7
	xor	$4, local0, $4

	srl	$4, 1, local0
	xor	$3, local7, $3

	srl	local4, 4, temp1
	xor	local0, $3, local0

	xor	$1, temp2, $1
	and	local0, ip5, local0

	sll	local0, 1, local7
	xor	temp1, $1, temp1

	xor	$3, local0, $3
	xor	$4, local7, $4

	sll	$3, 3, local5
	and	temp1, ip1, temp1

	sll	temp1, 4, temp2
	xor	$1, temp1, $1

	ifelse($5,1,{LDPTR	KS2, in4})
	sll	$4, 3, local2
	xor	local4, temp2, $2

	! reload since used as temporary:

	ld	[out2+280], out4          ! loop counter

	srl	$3, 29, local0
	ifelse($5,1,{add in4, 120, in4})

	ifelse($5,1,{LDPTR	KS1, in3})
	srl	$4, 29, local7

	or	local0, local5, $4
	or	local2, local7, $3

})



! {load_little_endian}
!
! parameter 1  address
! parameter 2  destination left
! parameter 3  destination right
! parameter 4  temporary
! parameter 5  label

define(load_little_endian, {

! {load_little_endian}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	! first in memory to rightmost in register

$5:
	ldub	[$1+3], $2

	ldub	[$1+2], $4
	sll	$2, 8, $2
	or	$2, $4, $2

	ldub	[$1+1], $4
	sll	$2, 8, $2
	or	$2, $4, $2

	ldub	[$1+0], $4
	sll	$2, 8, $2
	or	$2, $4, $2


	ldub	[$1+3+4], $3

	ldub	[$1+2+4], $4
	sll	$3, 8, $3
	or	$3, $4, $3

	ldub	[$1+1+4], $4
	sll	$3, 8, $3
	or	$3, $4, $3

	ldub	[$1+0+4], $4
	sll	$3, 8, $3
	or	$3, $4, $3
$5a:

})


! {load_little_endian_inc}
!
! parameter 1  address
! parameter 2  destination left
! parameter 3  destination right
! parameter 4  temporary
! parameter 4  label
!
! adds 8 to address

define(load_little_endian_inc, {

! {load_little_endian_inc}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	! first in memory to rightmost in register

$5:
	ldub	[$1+3], $2

	ldub	[$1+2], $4
	sll	$2, 8, $2
	or	$2, $4, $2

	ldub	[$1+1], $4
	sll	$2, 8, $2
	or	$2, $4, $2

	ldub	[$1+0], $4
	sll	$2, 8, $2
	or	$2, $4, $2

	ldub	[$1+3+4], $3
	add	$1, 8, $1

	ldub	[$1+2+4-8], $4
	sll	$3, 8, $3
	or	$3, $4, $3

	ldub	[$1+1+4-8], $4
	sll	$3, 8, $3
	or	$3, $4, $3

	ldub	[$1+0+4-8], $4
	sll	$3, 8, $3
	or	$3, $4, $3
$5a:

})


! {load_n_bytes}
!
! Loads 1 to 7 bytes little endian
! Remaining bytes are zeroed.
!
! parameter 1  address
! parameter 2  length
! parameter 3  destination register left
! parameter 4  destination register right
! parameter 5  temp
! parameter 6  temp2
! parameter 7  label
! parameter 8  return label

define(load_n_bytes, {

! {load_n_bytes}
! $1 $2 $5 $6 $7 $8 $7 $8 $9

$7.0:	call	.+8
	sll	$2, 2, $6

	add	%o7,$7.jmp.table-$7.0,$5

	add	$5, $6, $5
	mov	0, $4

	ld	[$5], $5

	jmp	%o7+$5
	mov	0, $3

$7.7:
	ldub	[$1+6], $5
	sll	$5, 16, $5
	or	$3, $5, $3
$7.6:
	ldub	[$1+5], $5
	sll	$5, 8, $5
	or	$3, $5, $3
$7.5:
	ldub	[$1+4], $5
	or	$3, $5, $3
$7.4:
	ldub	[$1+3], $5
	sll	$5, 24, $5
	or	$4, $5, $4
$7.3:
	ldub	[$1+2], $5
	sll	$5, 16, $5
	or	$4, $5, $4
$7.2:
	ldub	[$1+1], $5
	sll	$5, 8, $5
	or	$4, $5, $4
$7.1:
	ldub	[$1+0], $5
	ba	$8
	or	$4, $5, $4

	.align 4

$7.jmp.table:
	.word	0
	.word	$7.1-$7.0
	.word	$7.2-$7.0
	.word	$7.3-$7.0
	.word	$7.4-$7.0
	.word	$7.5-$7.0
	.word	$7.6-$7.0
	.word	$7.7-$7.0
})


! {store_little_endian}
!
! parameter 1  address
! parameter 2  source left
! parameter 3  source right
! parameter 4  temporary

define(store_little_endian, {

! {store_little_endian}
! $1 $2 $3 $4 $5 $6 $7 $8 $9

	! rightmost in register to first in memory

$5:
	and	$2, 255, $4
	stub	$4, [$1+0]

	srl	$2, 8, $4
	and	$4, 255, $4
	stub	$4, [$1+1]

	srl	$2, 16, $4
	and	$4, 255, $4
	stub	$4, [$1+2]

	srl	$2, 24, $4
	stub	$4, [$1+3]


	and	$3, 255, $4
	stub	$4, [$1+0+4]

	srl	$3, 8, $4
	and	$4, 255, $4
	stub	$4, [$1+1+4]

	srl	$3, 16, $4
	and	$4, 255, $4
	stub	$4, [$1+2+4]

	srl	$3, 24, $4
	stub	$4, [$1+3+4]

$5a:

})


! {store_n_bytes}
!
! Stores 1 to 7 bytes little endian
!
! parameter 1  address
! parameter 2  length
! parameter 3  source register left
! parameter 4  source register right
! parameter 5  temp
! parameter 6  temp2
! parameter 7  label
! parameter 8  return label

define(store_n_bytes, {

! {store_n_bytes}
! $1 $2 $5 $6 $7 $8 $7 $8 $9

$7.0:	call	.+8
	sll	$2, 2, $6

	add	%o7,$7.jmp.table-$7.0,$5

	add	$5, $6, $5

	ld	[$5], $5

	jmp	%o7+$5
	nop

$7.7:
	srl	$3, 16, $5
	and	$5, 0xff, $5
	stub	$5, [$1+6]
$7.6:
	srl	$3, 8, $5
	and	$5, 0xff, $5
	stub	$5, [$1+5]
$7.5:
	and	$3, 0xff, $5
	stub	$5, [$1+4]
$7.4:
	srl	$4, 24, $5
	stub	$5, [$1+3]
$7.3:
	srl	$4, 16, $5
	and	$5, 0xff, $5
	stub	$5, [$1+2]
$7.2:
	srl	$4, 8, $5
	and	$5, 0xff, $5
	stub	$5, [$1+1]
$7.1:
	and	$4, 0xff, $5


	ba	$8
	stub	$5, [$1]

	.align 4

$7.jmp.table:

	.word	0
	.word	$7.1-$7.0
	.word	$7.2-$7.0
	.word	$7.3-$7.0
	.word	$7.4-$7.0
	.word	$7.5-$7.0
	.word	$7.6-$7.0
	.word	$7.7-$7.0
})


define(testvalue,{1})

define(register_init, {

! For test purposes:

	sethi	%hi(testvalue), local0
	or	local0, %lo(testvalue), local0

	ifelse($1,{},{}, {mov	local0, $1})
	ifelse($2,{},{}, {mov	local0, $2})
	ifelse($3,{},{}, {mov	local0, $3})
	ifelse($4,{},{}, {mov	local0, $4})
	ifelse($5,{},{}, {mov	local0, $5})
	ifelse($6,{},{}, {mov	local0, $6})
	ifelse($7,{},{}, {mov	local0, $7})
	ifelse($8,{},{}, {mov	local0, $8})

	mov	local0, local1
	mov	local0, local2
	mov	local0, local3
	mov	local0, local4
	mov	local0, local5
	mov	local0, local7
	mov	local0, local6
	mov	local0, out0
	mov	local0, out1
	mov	local0, out2
	mov	local0, out3
	mov	local0, out4
	mov	local0, out5
	mov	local0, global1
	mov	local0, global2
	mov	local0, global3
	mov	local0, global4
	mov	local0, global5

})

.section	".text"

	.align 32

.des_enc:

	! key address in3
	! loads key next encryption/decryption first round from [in4]

	rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl)


	.align 32

.des_dec:

	! implemented with out5 as first parameter to avoid
	! register exchange in ede modes

	! key address in4
	! loads key next encryption/decryption first round from [in3]

	rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl)



! void DES_encrypt1(data, ks, enc)
! *******************************

	.align 32
	.global DES_encrypt1
	.type	 DES_encrypt1,#function

DES_encrypt1:

	save	%sp, FRAME, %sp

	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	ld	[in0], in5                ! left
	cmp	in2, 0                    ! enc

	be	.encrypt.dec
	ld	[in0+4], out5             ! right

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for move in1 to in3
	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

	ip_macro(in5, out5, in5, out5, in3, 0, 1, 1)

	rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used

	fp_macro(in5, out5, 1)            ! 1 for store to [in0]

	ret
	restore

.encrypt.dec:

	add	in1, 120, in3             ! use last subkey for first round

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for move in1 to in3
	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3

	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec,  ks in4

	fp_macro(out5, in5, 1)            ! 1 for store to [in0]

	ret
	restore

.DES_encrypt1.end:
	.size	 DES_encrypt1,.DES_encrypt1.end-DES_encrypt1


! void DES_encrypt2(data, ks, enc)
!*********************************

	! encrypts/decrypts without initial/final permutation

	.align 32
	.global DES_encrypt2
	.type	 DES_encrypt2,#function

DES_encrypt2:

	save	%sp, FRAME, %sp

	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	! Set sbox address 1 to 6 and rotate halves 3 left
	! Errors caught by destest? Yes. Still? *NO*

	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1

	!or	global1, %lo(DES_SPtrans), global1  ! sbox 1

	add	global1, 256, global2     ! sbox 2
	add	global1, 512, global3     ! sbox 3

	ld	[in0], out5               ! right
	add	global1, 768, global4     ! sbox 4
	add	global1, 1024, global5    ! sbox 5

	ld	[in0+4], in5              ! left
	add	global1, 1280, local6     ! sbox 6
	add	global1, 1792, out3       ! sbox 8

	! rotate

	sll	in5, 3, local5
	mov	in1, in3                  ! key address to in3

	sll	out5, 3, local7
	srl	in5, 29, in5

	srl	out5, 29, out5
	add	in5, local5, in5

	add	out5, local7, out5
	cmp	in2, 0

	! we use our own stackframe

	be	.encrypt2.dec
	STPTR	in0, [%sp+BIAS+ARG0+0*ARGSZ]

	ld	[in3], out0               ! key 7531 first round
	mov	LOOPS, out4               ! loop counter

	ld	[in3+4], out1             ! key 8642 first round
	sethi	%hi(0x0000FC00), local5

	call .des_enc
	mov	in3, in4

	! rotate
	sll	in5, 29, in0
	srl	in5, 3, in5
	sll	out5, 29, in1
	add	in5, in0, in5
	srl	out5, 3, out5
	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
	add	out5, in1, out5
	st	in5, [in0]
	st	out5, [in0+4]

	ret
	restore


.encrypt2.dec:

	add in3, 120, in4

	ld	[in4], out0               ! key 7531 first round
	mov	LOOPS, out4               ! loop counter

	ld	[in4+4], out1             ! key 8642 first round
	sethi	%hi(0x0000FC00), local5

	mov	in5, local1               ! left expected in out5
	mov	out5, in5

	call .des_dec
	mov	local1, out5

.encrypt2.finish:

	! rotate
	sll	in5, 29, in0
	srl	in5, 3, in5
	sll	out5, 29, in1
	add	in5, in0, in5
	srl	out5, 3, out5
	LDPTR	[%sp+BIAS+ARG0+0*ARGSZ], in0
	add	out5, in1, out5
	st	out5, [in0]
	st	in5, [in0+4]

	ret
	restore

.DES_encrypt2.end:
	.size	 DES_encrypt2, .DES_encrypt2.end-DES_encrypt2


! void DES_encrypt3(data, ks1, ks2, ks3)
! **************************************

	.align 32
	.global DES_encrypt3
	.type	 DES_encrypt3,#function

DES_encrypt3:

	save	%sp, FRAME, %sp
	
	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	ld	[in0], in5                ! left
	add	in2, 120, in4             ! ks2

	ld	[in0+4], out5             ! right
	mov	in3, in2                  ! save ks3

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for mov in1 to in3
	! parameter 8  1 for mov in3 to in4
	! parameter 9  1 for load ks3 and ks2 to in4 and in3

	ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0)

	call	.des_dec
	mov	in2, in3                  ! preload ks3

	call	.des_enc
	nop

	fp_macro(in5, out5, 1)

	ret
	restore

.DES_encrypt3.end:
	.size	 DES_encrypt3,.DES_encrypt3.end-DES_encrypt3


! void DES_decrypt3(data, ks1, ks2, ks3)
! **************************************

	.align 32
	.global DES_decrypt3
	.type	 DES_decrypt3,#function

DES_decrypt3:

	save	%sp, FRAME, %sp
	
	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	ld	[in0], in5                ! left
	add	in3, 120, in4             ! ks3

	ld	[in0+4], out5             ! right
	mov	in2, in3                  ! ks2

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for mov in1 to in3
	! parameter 8  1 for mov in3 to in4
	! parameter 9  1 for load ks3 and ks2 to in4 and in3

	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0)

	call	.des_enc
	add	in1, 120, in4             ! preload ks1

	call	.des_dec
	nop

	fp_macro(out5, in5, 1)

	ret
	restore

.DES_decrypt3.end:
	.size	 DES_decrypt3,.DES_decrypt3.end-DES_decrypt3

! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc)
! *****************************************************************


	.align 32
	.global DES_ncbc_encrypt
	.type	 DES_ncbc_encrypt,#function

DES_ncbc_encrypt:

	save	%sp, FRAME, %sp
	
	define({INPUT},  { [%sp+BIAS+ARG0+0*ARGSZ] })
	define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] })
	define({IVEC},   { [%sp+BIAS+ARG0+4*ARGSZ] })

	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	cmp	in5, 0                    ! enc

	be	.ncbc.dec
	STPTR	in4, IVEC

	! addr  left  right  temp  label
	load_little_endian(in4, in5, out5, local3, .LLE1)  ! iv

	addcc	in2, -8, in2              ! bytes missing when first block done

	bl	.ncbc.enc.seven.or.less
	mov	in3, in4                  ! schedule

.ncbc.enc.next.block:

	load_little_endian(in0, out4, global4, local3, .LLE2)  ! block

.ncbc.enc.next.block_1:

	xor	in5, out4, in5            ! iv xor
	xor	out5, global4, out5       ! iv xor

	! parameter 8  1 for move in3 to in4, 2 for move in4 to in3
	ip_macro(in5, out5, in5, out5, in3, 0, 0, 2)

.ncbc.enc.next.block_2:

!//	call .des_enc                     ! compares in2 to 8
!	rounds inlined for alignment purposes

	add	global1, 768, global4     ! address sbox 4 since register used below

	rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption  ks in3

	bl	.ncbc.enc.next.block_fp
	add	in0, 8, in0               ! input address

	! If 8 or more bytes are to be encrypted after this block,
	! we combine final permutation for this block with initial
	! permutation for next block. Load next block:

	load_little_endian(in0, global3, global4, local5, .LLE12)

	!  parameter 1   original left
	!  parameter 2   original right
	!  parameter 3   left ip
	!  parameter 4   right ip
	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
	!                2: mov in4 to in3
	!
	! also adds -8 to length in2 and loads loop counter to out4

	fp_ip_macro(out0, out1, global3, global4, 2)

	store_little_endian(in1, out0, out1, local3, .SLE10)  ! block

	ld	[in3], out0               ! key 7531 first round next block
	mov 	in5, local1
	xor	global3, out5, in5        ! iv xor next block

	ld	[in3+4], out1             ! key 8642
	add	global1, 512, global3     ! address sbox 3 since register used
	xor	global4, local1, out5     ! iv xor next block

	ba	.ncbc.enc.next.block_2
	add	in1, 8, in1               ! output address

.ncbc.enc.next.block_fp:

	fp_macro(in5, out5)

	store_little_endian(in1, in5, out5, local3, .SLE1)  ! block

	addcc   in2, -8, in2              ! bytes missing when next block done

	bpos	.ncbc.enc.next.block
	add	in1, 8, in1

.ncbc.enc.seven.or.less:

	cmp	in2, -8

	ble	.ncbc.enc.finish
	nop

	add	in2, 8, local1            ! bytes to load

	! addr, length, dest left, dest right, temp, temp2, label, ret label
	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1)

	! Loads 1 to 7 bytes little endian to global4, out4


.ncbc.enc.finish:

	LDPTR	IVEC, local4
	store_little_endian(local4, in5, out5, local5, .SLE2)  ! ivec

	ret
	restore


.ncbc.dec:

	STPTR	in0, INPUT
	cmp	in2, 0                    ! length
	add	in3, 120, in3

	LDPTR	IVEC, local7              ! ivec
	ble	.ncbc.dec.finish
	mov	in3, in4                  ! schedule

	STPTR	in1, OUTPUT
	mov	in0, local5               ! input

	load_little_endian(local7, in0, in1, local3, .LLE3)   ! ivec

.ncbc.dec.next.block:

	load_little_endian(local5, in5, out5, local3, .LLE4)  ! block

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for mov in1 to in3
	! parameter 8  1 for mov in3 to in4

	ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryption  ks in4

	fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7

	! in2 is bytes left to be stored
	! in2 is compared to 8 in the rounds

	xor	out5, in0, out4           ! iv xor
	bl	.ncbc.dec.seven.or.less
	xor	in5, in1, global4         ! iv xor

	! Load ivec next block now, since input and output address might be the same.

	load_little_endian_inc(local5, in0, in1, local3, .LLE5)  ! iv

	store_little_endian(local7, out4, global4, local3, .SLE3)

	STPTR	local5, INPUT
	add	local7, 8, local7
	addcc   in2, -8, in2

	bg	.ncbc.dec.next.block
	STPTR	local7, OUTPUT


.ncbc.dec.store.iv:

	LDPTR	IVEC, local4              ! ivec
	store_little_endian(local4, in0, in1, local5, .SLE4)

.ncbc.dec.finish:

	ret
	restore

.ncbc.dec.seven.or.less:

	load_little_endian_inc(local5, in0, in1, local3, .LLE13)     ! ivec

	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv)


.DES_ncbc_encrypt.end:
	.size	 DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt


! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
! **************************************************************************


	.align 32
	.global DES_ede3_cbc_encrypt
	.type	 DES_ede3_cbc_encrypt,#function

DES_ede3_cbc_encrypt:

	save	%sp, FRAME, %sp

	define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] })
	define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] })
	define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] })

	sethi	%hi(.PIC.DES_SPtrans-1f),global1
	or	global1,%lo(.PIC.DES_SPtrans-1f),global1
1:	call	.+8
	add	%o7,global1,global1
	sub	global1,.PIC.DES_SPtrans-.des_and,out2

	LDPTR	[%fp+BIAS+ARG0+7*ARGSZ], local3          ! enc
	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
	cmp	local3, 0                 ! enc

	be	.ede3.dec
	STPTR	in4, KS2

	STPTR	in5, KS3

	load_little_endian(local4, in5, out5, local3, .LLE6)  ! ivec

	addcc	in2, -8, in2              ! bytes missing after next block

	bl	.ede3.enc.seven.or.less
	STPTR	in3, KS1

.ede3.enc.next.block:

	load_little_endian(in0, out4, global4, local3, .LLE7)

.ede3.enc.next.block_1:

	LDPTR	KS2, in4
	xor	in5, out4, in5            ! iv xor
	xor	out5, global4, out5       ! iv xor

	LDPTR	KS1, in3
	add	in4, 120, in4             ! for decryption we use last subkey first
	nop

	ip_macro(in5, out5, in5, out5, in3)

.ede3.enc.next.block_2:

	call .des_enc                     ! ks1 in3
	nop

	call .des_dec                     ! ks2 in4
	LDPTR	KS3, in3

	call .des_enc                     ! ks3 in3  compares in2 to 8
	nop

	bl	.ede3.enc.next.block_fp
	add	in0, 8, in0

	! If 8 or more bytes are to be encrypted after this block,
	! we combine final permutation for this block with initial
	! permutation for next block. Load next block:

	load_little_endian(in0, global3, global4, local5, .LLE11)

	!  parameter 1   original left
	!  parameter 2   original right
	!  parameter 3   left ip
	!  parameter 4   right ip
	!  parameter 5   1: load ks1/ks2 to in3/in4, add 120 to in4
	!                2: mov in4 to in3
	!
	! also adds -8 to length in2 and loads loop counter to out4

	fp_ip_macro(out0, out1, global3, global4, 1)

	store_little_endian(in1, out0, out1, local3, .SLE9)  ! block

	mov 	in5, local1
	xor	global3, out5, in5        ! iv xor next block

	ld	[in3], out0               ! key 7531
	add	global1, 512, global3     ! address sbox 3
	xor	global4, local1, out5     ! iv xor next block

	ld	[in3+4], out1             ! key 8642
	add	global1, 768, global4     ! address sbox 4
	ba	.ede3.enc.next.block_2
	add	in1, 8, in1

.ede3.enc.next.block_fp:

	fp_macro(in5, out5)

	store_little_endian(in1, in5, out5, local3, .SLE5)  ! block

	addcc   in2, -8, in2              ! bytes missing when next block done

	bpos	.ede3.enc.next.block
	add	in1, 8, in1

.ede3.enc.seven.or.less:

	cmp	in2, -8

	ble	.ede3.enc.finish
	nop

	add	in2, 8, local1            ! bytes to load

	! addr, length, dest left, dest right, temp, temp2, label, ret label
	load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1)

.ede3.enc.finish:

	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
	store_little_endian(local4, in5, out5, local5, .SLE6)  ! ivec

	ret
	restore

.ede3.dec:

	STPTR	in0, INPUT
	add	in5, 120, in5

	STPTR	in1, OUTPUT
	mov	in0, local5
	add	in3, 120, in3

	STPTR	in3, KS1
	cmp	in2, 0

	ble	.ede3.dec.finish
	STPTR	in5, KS3

	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local7          ! iv
	load_little_endian(local7, in0, in1, local3, .LLE8)

.ede3.dec.next.block:

	load_little_endian(local5, in5, out5, local3, .LLE9)

	! parameter 6  1/2 for include encryption/decryption
	! parameter 7  1 for mov in1 to in3
	! parameter 8  1 for mov in3 to in4
	! parameter 9  1 for load ks3 and ks2 to in4 and in3

	ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4

	call .des_enc                     ! ks2 in3
	LDPTR	KS1, in4

	call .des_dec                     ! ks1 in4
	nop

	fp_macro(out5, in5, 0, 1)   ! 1 for input and output address local5/7

	! in2 is bytes left to be stored
	! in2 is compared to 8 in the rounds

	xor	out5, in0, out4
	bl	.ede3.dec.seven.or.less
	xor	in5, in1, global4

	load_little_endian_inc(local5, in0, in1, local3, .LLE10)   ! iv next block

	store_little_endian(local7, out4, global4, local3, .SLE7)  ! block

	STPTR	local5, INPUT
	addcc   in2, -8, in2
	add	local7, 8, local7

	bg	.ede3.dec.next.block
	STPTR	local7, OUTPUT

.ede3.dec.store.iv:

	LDPTR	[%fp+BIAS+ARG0+6*ARGSZ], local4          ! ivec
	store_little_endian(local4, in0, in1, local5, .SLE8)  ! ivec

.ede3.dec.finish:

	ret
	restore

.ede3.dec.seven.or.less:

	load_little_endian_inc(local5, in0, in1, local3, .LLE14)     ! iv

	store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv)


.DES_ede3_cbc_encrypt.end:
	.size	 DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt

	.align	256
	.type	 .des_and,#object
	.size	 .des_and,284

.des_and:

! This table is used for AND 0xFC when it is known that register
! bits 8-31 are zero. Makes it possible to do three arithmetic
! operations in one cycle.

	.byte  0, 0, 0, 0, 4, 4, 4, 4
	.byte  8, 8, 8, 8, 12, 12, 12, 12
	.byte  16, 16, 16, 16, 20, 20, 20, 20
	.byte  24, 24, 24, 24, 28, 28, 28, 28
	.byte  32, 32, 32, 32, 36, 36, 36, 36
	.byte  40, 40, 40, 40, 44, 44, 44, 44
	.byte  48, 48, 48, 48, 52, 52, 52, 52
	.byte  56, 56, 56, 56, 60, 60, 60, 60
	.byte  64, 64, 64, 64, 68, 68, 68, 68
	.byte  72, 72, 72, 72, 76, 76, 76, 76
	.byte  80, 80, 80, 80, 84, 84, 84, 84
	.byte  88, 88, 88, 88, 92, 92, 92, 92
	.byte  96, 96, 96, 96, 100, 100, 100, 100
	.byte  104, 104, 104, 104, 108, 108, 108, 108
	.byte  112, 112, 112, 112, 116, 116, 116, 116
	.byte  120, 120, 120, 120, 124, 124, 124, 124
	.byte  128, 128, 128, 128, 132, 132, 132, 132
	.byte  136, 136, 136, 136, 140, 140, 140, 140
	.byte  144, 144, 144, 144, 148, 148, 148, 148
	.byte  152, 152, 152, 152, 156, 156, 156, 156
	.byte  160, 160, 160, 160, 164, 164, 164, 164
	.byte  168, 168, 168, 168, 172, 172, 172, 172
	.byte  176, 176, 176, 176, 180, 180, 180, 180
	.byte  184, 184, 184, 184, 188, 188, 188, 188
	.byte  192, 192, 192, 192, 196, 196, 196, 196
	.byte  200, 200, 200, 200, 204, 204, 204, 204
	.byte  208, 208, 208, 208, 212, 212, 212, 212
	.byte  216, 216, 216, 216, 220, 220, 220, 220
	.byte  224, 224, 224, 224, 228, 228, 228, 228
	.byte  232, 232, 232, 232, 236, 236, 236, 236
	.byte  240, 240, 240, 240, 244, 244, 244, 244
	.byte  248, 248, 248, 248, 252, 252, 252, 252

	! 5 numbers for initial/final permutation

	.word   0x0f0f0f0f                ! offset 256
	.word	0x0000ffff                ! 260
	.word	0x33333333                ! 264
	.word	0x00ff00ff                ! 268
	.word	0x55555555                ! 272

	.word	0                         ! 276
	.word	LOOPS                     ! 280
	.word	0x0000FC00                ! 284

	.global	DES_SPtrans
	.type	DES_SPtrans,#object
	.size	DES_SPtrans,2048
.align	64
DES_SPtrans:
.PIC.DES_SPtrans:
	! nibble 0
	.word	0x02080800, 0x00080000, 0x02000002, 0x02080802
	.word	0x02000000, 0x00080802, 0x00080002, 0x02000002
	.word	0x00080802, 0x02080800, 0x02080000, 0x00000802
	.word	0x02000802, 0x02000000, 0x00000000, 0x00080002
	.word	0x00080000, 0x00000002, 0x02000800, 0x00080800
	.word	0x02080802, 0x02080000, 0x00000802, 0x02000800
	.word	0x00000002, 0x00000800, 0x00080800, 0x02080002
	.word	0x00000800, 0x02000802, 0x02080002, 0x00000000
	.word	0x00000000, 0x02080802, 0x02000800, 0x00080002
	.word	0x02080800, 0x00080000, 0x00000802, 0x02000800
	.word	0x02080002, 0x00000800, 0x00080800, 0x02000002
	.word	0x00080802, 0x00000002, 0x02000002, 0x02080000
	.word	0x02080802, 0x00080800, 0x02080000, 0x02000802
	.word	0x02000000, 0x00000802, 0x00080002, 0x00000000
	.word	0x00080000, 0x02000000, 0x02000802, 0x02080800
	.word	0x00000002, 0x02080002, 0x00000800, 0x00080802
	! nibble 1
	.word	0x40108010, 0x00000000, 0x00108000, 0x40100000
	.word	0x40000010, 0x00008010, 0x40008000, 0x00108000
	.word	0x00008000, 0x40100010, 0x00000010, 0x40008000
	.word	0x00100010, 0x40108000, 0x40100000, 0x00000010
	.word	0x00100000, 0x40008010, 0x40100010, 0x00008000
	.word	0x00108010, 0x40000000, 0x00000000, 0x00100010
	.word	0x40008010, 0x00108010, 0x40108000, 0x40000010
	.word	0x40000000, 0x00100000, 0x00008010, 0x40108010
	.word	0x00100010, 0x40108000, 0x40008000, 0x00108010
	.word	0x40108010, 0x00100010, 0x40000010, 0x00000000
	.word	0x40000000, 0x00008010, 0x00100000, 0x40100010
	.word	0x00008000, 0x40000000, 0x00108010, 0x40008010
	.word	0x40108000, 0x00008000, 0x00000000, 0x40000010
	.word	0x00000010, 0x40108010, 0x00108000, 0x40100000
	.word	0x40100010, 0x00100000, 0x00008010, 0x40008000
	.word	0x40008010, 0x00000010, 0x40100000, 0x00108000
	! nibble 2
	.word	0x04000001, 0x04040100, 0x00000100, 0x04000101
	.word	0x00040001, 0x04000000, 0x04000101, 0x00040100
	.word	0x04000100, 0x00040000, 0x04040000, 0x00000001
	.word	0x04040101, 0x00000101, 0x00000001, 0x04040001
	.word	0x00000000, 0x00040001, 0x04040100, 0x00000100
	.word	0x00000101, 0x04040101, 0x00040000, 0x04000001
	.word	0x04040001, 0x04000100, 0x00040101, 0x04040000
	.word	0x00040100, 0x00000000, 0x04000000, 0x00040101
	.word	0x04040100, 0x00000100, 0x00000001, 0x00040000
	.word	0x00000101, 0x00040001, 0x04040000, 0x04000101
	.word	0x00000000, 0x04040100, 0x00040100, 0x04040001
	.word	0x00040001, 0x04000000, 0x04040101, 0x00000001
	.word	0x00040101, 0x04000001, 0x04000000, 0x04040101
	.word	0x00040000, 0x04000100, 0x04000101, 0x00040100
	.word	0x04000100, 0x00000000, 0x04040001, 0x00000101
	.word	0x04000001, 0x00040101, 0x00000100, 0x04040000
	! nibble 3
	.word	0x00401008, 0x10001000, 0x00000008, 0x10401008
	.word	0x00000000, 0x10400000, 0x10001008, 0x00400008
	.word	0x10401000, 0x10000008, 0x10000000, 0x00001008
	.word	0x10000008, 0x00401008, 0x00400000, 0x10000000
	.word	0x10400008, 0x00401000, 0x00001000, 0x00000008
	.word	0x00401000, 0x10001008, 0x10400000, 0x00001000
	.word	0x00001008, 0x00000000, 0x00400008, 0x10401000
	.word	0x10001000, 0x10400008, 0x10401008, 0x00400000
	.word	0x10400008, 0x00001008, 0x00400000, 0x10000008
	.word	0x00401000, 0x10001000, 0x00000008, 0x10400000
	.word	0x10001008, 0x00000000, 0x00001000, 0x00400008
	.word	0x00000000, 0x10400008, 0x10401000, 0x00001000
	.word	0x10000000, 0x10401008, 0x00401008, 0x00400000
	.word	0x10401008, 0x00000008, 0x10001000, 0x00401008
	.word	0x00400008, 0x00401000, 0x10400000, 0x10001008
	.word	0x00001008, 0x10000000, 0x10000008, 0x10401000
	! nibble 4
	.word	0x08000000, 0x00010000, 0x00000400, 0x08010420
	.word	0x08010020, 0x08000400, 0x00010420, 0x08010000
	.word	0x00010000, 0x00000020, 0x08000020, 0x00010400
	.word	0x08000420, 0x08010020, 0x08010400, 0x00000000
	.word	0x00010400, 0x08000000, 0x00010020, 0x00000420
	.word	0x08000400, 0x00010420, 0x00000000, 0x08000020
	.word	0x00000020, 0x08000420, 0x08010420, 0x00010020
	.word	0x08010000, 0x00000400, 0x00000420, 0x08010400
	.word	0x08010400, 0x08000420, 0x00010020, 0x08010000
	.word	0x00010000, 0x00000020, 0x08000020, 0x08000400
	.word	0x08000000, 0x00010400, 0x08010420, 0x00000000
	.word	0x00010420, 0x08000000, 0x00000400, 0x00010020
	.word	0x08000420, 0x00000400, 0x00000000, 0x08010420
	.word	0x08010020, 0x08010400, 0x00000420, 0x00010000
	.word	0x00010400, 0x08010020, 0x08000400, 0x00000420
	.word	0x00000020, 0x00010420, 0x08010000, 0x08000020
	! nibble 5
	.word	0x80000040, 0x00200040, 0x00000000, 0x80202000
	.word	0x00200040, 0x00002000, 0x80002040, 0x00200000
	.word	0x00002040, 0x80202040, 0x00202000, 0x80000000
	.word	0x80002000, 0x80000040, 0x80200000, 0x00202040
	.word	0x00200000, 0x80002040, 0x80200040, 0x00000000
	.word	0x00002000, 0x00000040, 0x80202000, 0x80200040
	.word	0x80202040, 0x80200000, 0x80000000, 0x00002040
	.word	0x00000040, 0x00202000, 0x00202040, 0x80002000
	.word	0x00002040, 0x80000000, 0x80002000, 0x00202040
	.word	0x80202000, 0x00200040, 0x00000000, 0x80002000
	.word	0x80000000, 0x00002000, 0x80200040, 0x00200000
	.word	0x00200040, 0x80202040, 0x00202000, 0x00000040
	.word	0x80202040, 0x00202000, 0x00200000, 0x80002040
	.word	0x80000040, 0x80200000, 0x00202040, 0x00000000
	.word	0x00002000, 0x80000040, 0x80002040, 0x80202000
	.word	0x80200000, 0x00002040, 0x00000040, 0x80200040
	! nibble 6
	.word	0x00004000, 0x00000200, 0x01000200, 0x01000004
	.word	0x01004204, 0x00004004, 0x00004200, 0x00000000
	.word	0x01000000, 0x01000204, 0x00000204, 0x01004000
	.word	0x00000004, 0x01004200, 0x01004000, 0x00000204
	.word	0x01000204, 0x00004000, 0x00004004, 0x01004204
	.word	0x00000000, 0x01000200, 0x01000004, 0x00004200
	.word	0x01004004, 0x00004204, 0x01004200, 0x00000004
	.word	0x00004204, 0x01004004, 0x00000200, 0x01000000
	.word	0x00004204, 0x01004000, 0x01004004, 0x00000204
	.word	0x00004000, 0x00000200, 0x01000000, 0x01004004
	.word	0x01000204, 0x00004204, 0x00004200, 0x00000000
	.word	0x00000200, 0x01000004, 0x00000004, 0x01000200
	.word	0x00000000, 0x01000204, 0x01000200, 0x00004200
	.word	0x00000204, 0x00004000, 0x01004204, 0x01000000
	.word	0x01004200, 0x00000004, 0x00004004, 0x01004204
	.word	0x01000004, 0x01004200, 0x01004000, 0x00004004
	! nibble 7
	.word	0x20800080, 0x20820000, 0x00020080, 0x00000000
	.word	0x20020000, 0x00800080, 0x20800000, 0x20820080
	.word	0x00000080, 0x20000000, 0x00820000, 0x00020080
	.word	0x00820080, 0x20020080, 0x20000080, 0x20800000
	.word	0x00020000, 0x00820080, 0x00800080, 0x20020000
	.word	0x20820080, 0x20000080, 0x00000000, 0x00820000
	.word	0x20000000, 0x00800000, 0x20020080, 0x20800080
	.word	0x00800000, 0x00020000, 0x20820000, 0x00000080
	.word	0x00800000, 0x00020000, 0x20000080, 0x20820080
	.word	0x00020080, 0x20000000, 0x00000000, 0x00820000
	.word	0x20800080, 0x20020080, 0x20020000, 0x00800080
	.word	0x20820000, 0x00000080, 0x00800080, 0x20020000
	.word	0x20820080, 0x00800000, 0x20800000, 0x20000080
	.word	0x00820000, 0x00020080, 0x20020080, 0x20800000
	.word	0x00000080, 0x20820000, 0x00820080, 0x00000000
	.word	0x20000000, 0x20800080, 0x00020000, 0x00820080