aes-x86_64.pl revision a94fe0531b3c196ad078174259af2201b2e3a246
1d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#!/usr/bin/env perl 2d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 3d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# ==================================================================== 4d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL 5d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# project. The module is, however, dual licensed under OpenSSL and 6d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# CRYPTOGAMS licenses depending on where you obtain it. For further 7d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# details see http://www.openssl.org/~appro/cryptogams/. 8d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# ==================================================================== 9d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 10d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Version 2.1. 11d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 12d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on 13d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version 14d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# [you'll notice a lot of resemblance], such as compressed S-boxes 15d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# in little-endian byte order, prefetch of these tables in CBC mode, 16d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# as well as avoiding L1 cache aliasing between stack frame and key 17d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# schedule and already mentioned tables, compressed Td4... 18d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 19d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Performance in number of cycles per processed byte for 128-bit key: 20d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 21d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# ECB encrypt ECB decrypt CBC large chunk 22d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# AMD64 33 43 13.0 23d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# EM64T 38 56 18.6(*) 24d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Core 2 30 42 14.5(*) 25d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# Atom 65 86 32.1(*) 26d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# 27d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# (*) with hyper-threading off 28d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 29d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$flavour = shift; 30d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$output = shift; 31d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyif ($flavour =~ /\./) { $output = $flavour; undef $flavour; } 32d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 33d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); 34d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 35d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 36d9e397b599b13d642138480a28c14db7a136bf0Adam Langley( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or 37d9e397b599b13d642138480a28c14db7a136bf0Adam Langley( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or 38d9e397b599b13d642138480a28c14db7a136bf0Adam Langleydie "can't locate x86_64-xlate.pl"; 39d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 40c895d6b1c580258e72e1ed3fcc86d38970ded9e1David Benjaminopen OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; 41d9e397b599b13d642138480a28c14db7a136bf0Adam Langley*STDOUT=*OUT; 42d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 43d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$verticalspin=1; # unlike 32-bit version $verticalspin performs 44d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # ~15% better on both AMD and Intel cores 45d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$speed_limit=512; # see aes-586.pl for details 46d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 47d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code=".text\n"; 48d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 49d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$s0="%eax"; 50d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$s1="%ebx"; 51d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$s2="%ecx"; 52d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$s3="%edx"; 53d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$acc0="%esi"; $mask80="%rsi"; 54d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$acc1="%edi"; $maskfe="%rdi"; 55d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$acc2="%ebp"; $mask1b="%rbp"; 56d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$inp="%r8"; 57d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$out="%r9"; 58d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$t0="%r10d"; 59d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$t1="%r11d"; 60d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$t2="%r12d"; 61d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$rnds="%r13d"; 62d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$sbox="%r14"; 63d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$key="%r15"; 64d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 65d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } 66d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; 67d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $r =~ s/%[er]([sd]i)/%\1l/; 68d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } 69d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; 70d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $r =~ s/%r([0-9]+)/%r\1d/; $r; } 71d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub _data_word() 72d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $i; 73d9e397b599b13d642138480a28c14db7a136bf0Adam Langley while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } 74d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 75d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub data_word() 76d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $i; 77d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $last=pop(@_); 78d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=".long\t"; 79d9e397b599b13d642138480a28c14db7a136bf0Adam Langley while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } 80d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=sprintf"0x%08x\n",$last; 81d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 82d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 83d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub data_byte() 84d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $i; 85d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $last=pop(@_); 86d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=".byte\t"; 87d9e397b599b13d642138480a28c14db7a136bf0Adam Langley while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } 88d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=sprintf"0x%02x\n",$last&0xff; 89d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 90d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 91d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub encvert() 92d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $t3="%r8d"; # zaps $inp! 93d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 94d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 95d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # favor 3-way issue Opteron pipeline... 96d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc0 97d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc1 98d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc2 99d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc0,8),$t0 100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc1,8),$t1 101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$t2 102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc2 106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc0,8),$t0 107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc1,8),$t1 108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$t3 109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc2 113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc0,8),$t2 114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc2,8),$t3 116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc0 122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc1 123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc2 124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc0,8),$t0 125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc1,8),$t1 126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc2,8),$t2 127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc2 131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc0,8),$t0 132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc1,8),$t1 133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc2,8),$t3 134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12($key),$s3 136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc1 137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc2 138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($key),$s0 139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc1,8),$t2 140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc2,8),$t3 141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4($key),$s1 143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($key),$s2 144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 151d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enclastvert() 152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $t3="%r8d"; # zaps $inp! 153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 155d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc0 156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc1 157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc2 158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb 2($sbox,$acc0,8),$t0 159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb 2($sbox,$acc1,8),$t1 160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb 2($sbox,$acc2,8),$t2 161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc0 163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc1 164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc2 165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb 2($sbox,$acc0,8),$t3 166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc1,8),$acc1 #$t0 167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$acc2 #$t1 168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x0000ff00,$acc1 170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x0000ff00,$acc2 171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t1 174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 175d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc0,8),$acc0 #$t2 180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc1,8),$acc1 #$t3 181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x0000ff00,$acc0 183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x0000ff00,$acc1 184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t2 186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t3 187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 188d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc0 190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc1 191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc2 192d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc0,8),$acc0 #$t0 193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc1,8),$acc1 #$t1 194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$acc2 #$t2 195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x00ff0000,$acc0 197d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x00ff0000,$acc1 198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x00ff0000,$acc2 199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t0 201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t1 202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t2 203d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 204d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc0 205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc1 206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc2 207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc0,8),$acc0 #$t3 208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 2($sbox,$acc1,8),$acc1 #$t0 209d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 2($sbox,$acc2,8),$acc2 #$t1 210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x00ff0000,$acc0 212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xff000000,$acc1 213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xff000000,$acc2 214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t3 216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t1 218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+12($key),$s3 222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 2($sbox,$acc0,8),$acc0 #$t2 223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 2($sbox,$acc1,8),$acc1 #$t3 224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+0($key),$s0 225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xff000000,$acc0 227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xff000000,$acc1 228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t2 230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t3 231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+4($key),$s1 233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+8($key),$s2 234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 241d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub encstep() 242d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($i,@s) = @_; 243d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp0=$acc0; 244d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp1=$acc1; 245d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp2=$acc2; 246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $out=($t0,$t1,$t2,$s[0])[$i]; 247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($i==3) { 249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp0=$s[1]; 250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp1=$s[2]; 251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp2=$s[3]; 252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 253d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&lo($s[0]).",$out\n"; 254d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[2],$tmp1\n" if ($i!=3); 255d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" lea 16($key),$key\n" if ($i==0); 256d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&hi($s[1]).",$tmp0\n"; 258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 0($sbox,$out,8),$out\n"; 259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$16,$tmp1\n"; 261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[3],$tmp2\n" if ($i!=3); 262d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 3($sbox,$tmp0,8),$out\n"; 263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&lo($tmp1).",$tmp1\n"; 265d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$24,$tmp2\n"; 266d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 4*$i($key),$out\n"; 267d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 268d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 2($sbox,$tmp1,8),$out\n"; 269d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 1($sbox,$tmp2,8),$out\n"; 270d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t0,$s[1]\n" if ($i==3); 272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t1,$s[2]\n" if ($i==3); 273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t2,$s[3]\n" if ($i==3); 274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.="\n"; 275d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 276d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 277d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enclast() 278d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($i,@s)=@_; 279d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp0=$acc0; 280d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp1=$acc1; 281d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp2=$acc2; 282d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $out=($t0,$t1,$t2,$s[0])[$i]; 283d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 284d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($i==3) { 285d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp0=$s[1]; 286d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp1=$s[2]; 287d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp2=$s[3]; 288d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 289d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&lo($s[0]).",$out\n"; 290d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[2],$tmp1\n" if ($i!=3); 291d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 292d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 2($sbox,$out,8),$out\n"; 293d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$16,$tmp1\n"; 294d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[3],$tmp2\n" if ($i!=3); 295d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 296d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0x000000ff,$out\n"; 297d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&hi($s[1]).",$tmp0\n"; 298d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&lo($tmp1).",$tmp1\n"; 299d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$24,$tmp2\n"; 300d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 301d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; 302d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; 303d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; 304d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 305d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0x0000ff00,$tmp0\n"; 306d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0x00ff0000,$tmp1\n"; 307d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0xff000000,$tmp2\n"; 308d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 309d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp0,$out\n"; 310d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t0,$s[1]\n" if ($i==3); 311d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp1,$out\n"; 312d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t1,$s[2]\n" if ($i==3); 313d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp2,$out\n"; 314d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t2,$s[3]\n" if ($i==3); 315d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.="\n"; 316d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 317d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 318d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 319d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type _x86_64_AES_encrypt,\@abi-omnipotent 320d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 321d9e397b599b13d642138480a28c14db7a136bf0Adam Langley_x86_64_AES_encrypt: 322d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 # xor with key 323d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 324d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 325d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 326d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 327d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),$rnds # load key->rounds 328d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,$rnds 329d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lenc_loop 330d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 331d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_loop: 332d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 333d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($verticalspin) { &encvert(); } 334d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else { &encstep(0,$s0,$s1,$s2,$s3); 335d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &encstep(1,$s1,$s2,$s3,$s0); 336d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &encstep(2,$s2,$s3,$s0,$s1); 337d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &encstep(3,$s3,$s0,$s1,$s2); 338d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 339d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 340d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,$rnds 341d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lenc_loop 342d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 343d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($verticalspin) { &enclastvert(); } 344d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else { &enclast(0,$s0,$s1,$s2,$s3); 345d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enclast(1,$s1,$s2,$s3,$s0); 346d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enclast(2,$s2,$s3,$s0,$s1); 347d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enclast(3,$s3,$s0,$s1,$s2); 348d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=<<___; 349d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+0($key),$s0 # xor with key 350d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+4($key),$s1 351d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+8($key),$s2 352d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+12($key),$s3 353d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 354d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 355d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 356d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 0xf3,0xc3 # rep ret 357d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt 358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# it's possible to implement this by shifting tN by 8, filling least 361d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# significant byte with byte load and finally bswap-ing at the end, 362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# but such partial register load kills Core 2... 363d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enccompactvert() 364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); 365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$t0 368d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$t1 369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$t2 370d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$t3 371d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 372d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc2 375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t0,1),$t0 376d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t1,1),$t1 377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t2,1),$t2 378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t3,1),$t3 379d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 380d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$t4 #$t0 381d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc0 382d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$t5 #$t1 383d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc1 384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t2 385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t3 386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$t4 388d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$t5 390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t4,$t0 391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 392d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$t4 393d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t5,$t1 395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc2 396d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$t5 397d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t0 398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t2 399d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 400d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc0 401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc2 402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc1 403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t3 404d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t4,1),$t4 #$t1 405d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t5,1),$t5 #$t2 407d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 408d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$8,$s2 410d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$t4 412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$8,$s1 413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$t5 414d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t4,$t1 415d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t3 416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t0 417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t1 418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$s2,1),$s3 #$t3 419d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$s1,1),$s2 #$t2 420d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc2 422d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t5,$t2 423d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc0 424d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t3 425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc1 426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t0 427d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$s3 428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t1 429d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$s2 430d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t0,$s0 431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t1,$s1 432d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 437d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enctransform_ref() 438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $sn = shift; 439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); 440d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 441d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 442d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $sn,$acc 443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x80808080,$acc 444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tmp 445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tmp 446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($sn,$sn),$r2 447d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tmp,$acc 448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$r2 449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc 450d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $sn,$tmp 451d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc,$r2 452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r2,$sn 454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$sn 455d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r2,$sn 456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$16,$tmp 457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tmp,$sn 458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$8,$tmp 459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tmp,$sn 460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 461d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 462d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# unlike decrypt case it does not pay off to parallelize enctransform 464d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enctransform() 465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); 466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$0x80808080,$t0 469d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$0x80808080,$t1 470d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $s0,$t0 471d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $s1,$t1 472d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t0,$acc0 473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t1,$acc1 474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$t0 475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($s0,$s0),$r20 476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$t1 477d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($s1,$s1),$r21 478d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $t0,$acc0 479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $t1,$acc1 480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$r20 481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$r21 482d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc0 483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc1 484d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,$t0 485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,$t1 486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$r20 487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$r21 488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r20,$s0 490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r21,$s1 491d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$0x80808080,$t2 492d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$s0 493d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$0x80808080,$t3 494d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$s1 495d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $s2,$t2 496d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $s3,$t3 497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r20,$s0 498d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r21,$s1 499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t2,$acc0 500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$16,$t0 501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t3,$acc1 502d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$16,$t1 503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($s2,$s2),$r20 504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$t2 505d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 506d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$t3 507d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 508d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$8,$t0 509d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($s3,$s3),$r21 510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$8,$t1 511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $t2,$acc0 512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $t3,$acc1 513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$r20 517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$r21 518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc0 519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc1 520d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,$t2 521d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,$t3 522d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$r20 523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$r21 524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$16,$t2 526d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r20,$s2 527d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$16,$t3 528d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r21,$s3 529d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$s2 530d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox),$acc0 # prefetch Te4 531d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$s3 532d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r20,$s2 533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 64($sbox),$acc1 534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $r21,$s3 535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 128($sbox),$r20 536d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$8,$t2 538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ror \$8,$t3 540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 192($sbox),$r21 542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type _x86_64_AES_encrypt_compact,\@abi-omnipotent 548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley_x86_64_AES_encrypt_compact: 550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 128($sbox),$inp # size optimization 551d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0-128($inp),$acc1 # prefetch Te4 552d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32-128($inp),$acc2 553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 64-128($inp),$t0 554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 96-128($inp),$t1 555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 128-128($inp),$acc1 556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 160-128($inp),$acc2 557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 192-128($inp),$t0 558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 224-128($inp),$t1 559d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lenc_loop_compact 560d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_loop_compact: 562d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 # xor with key 563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enccompactvert(); 569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp 16(%rsp),$key 571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .Lenc_compact_done 572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 573d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enctransform(); 574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lenc_loop_compact 576d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 577d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_compact_done: 578d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 579d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 580d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 581d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 582d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 0xf3,0xc3 # rep ret 583d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact 584d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 585d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 586d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# void asm_AES_encrypt (const void *inp,void *out,const AES_KEY *key); 587d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 588d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 589d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.globl asm_AES_encrypt 590d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type asm_AES_encrypt,\@function,3 591d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.hidden asm_AES_encrypt 592d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyasm_AES_encrypt: 593a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov %rsp,%rax 594d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 595d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 596d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 597d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 598d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 599d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 600d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 601d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # allocate frame "above" key schedule 602d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -63(%rdx),%rcx # %rdx is key argument 603d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$-64,%rsp 604d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %rsp,%rcx 605d9e397b599b13d642138480a28c14db7a136bf0Adam Langley neg %rcx 606d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x3c0,%rcx 607d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %rcx,%rsp 608d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$32,%rsp 609d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 610d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,16(%rsp) # save out 611a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov %rax,24(%rsp) # save original stack pointer 612d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_prologue: 613d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 614d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,$key 615d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),$rnds # load rounds 616d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 617d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),$s0 # load input vector 618d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%rdi),$s1 619d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rdi),$s2 620d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12(%rdi),$s3 621d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 622d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$4,$rnds 623d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($key,$rnds),%rbp 624d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,(%rsp) # key schedule 625d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,8(%rsp) # end of key schedule 626d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 627d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # pick Te4 copy which can't "overlap" with stack frame or key schedule 628d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .LAES_Te+2048(%rip),$sbox 629d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 768(%rsp),%rbp 630d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $sbox,%rbp 631d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x300,%rbp 632d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($sbox,%rbp),$sbox 633d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 634d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_encrypt_compact 635d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 636d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsp),$out # restore out 637d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rsp),%rsi # restore saved stack pointer 638d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # write output vector 639d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 640d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 641d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 642d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 643a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -48(%rsi),%r15 644a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -40(%rsi),%r14 645a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -32(%rsi),%r13 646a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -24(%rsi),%r12 647a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -16(%rsi),%rbp 648a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -8(%rsi),%rbx 649a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan lea (%rsi),%rsp 650d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_epilogue: 651d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 652d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size asm_AES_encrypt,.-asm_AES_encrypt 653d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 654d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 655d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#------------------------------------------------------------------# 656d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 657d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub decvert() 658d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $t3="%r8d"; # zaps $inp! 659d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 660d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 661d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # favor 3-way issue Opteron pipeline... 662d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc0 663d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc1 664d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc2 665d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc0,8),$t0 666d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc1,8),$t1 667d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$t2 668d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 669d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 670d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 671d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc2 672d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc0,8),$t0 673d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc1,8),$t1 674d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox,$acc2,8),$t3 675d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 676d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 677d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 678d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc2 679d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc0,8),$t2 680d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 681d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 3($sbox,$acc2,8),$t3 682d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 683d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 684d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 685d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 686d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 687d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc0 688d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc1 689d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc2 690d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc0,8),$t0 691d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc1,8),$t1 692d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc2,8),$t2 693d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 694d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 695d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 696d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc2 697d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc0,8),$t0 698d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc1,8),$t1 699d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 2($sbox,$acc2,8),$t3 700d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 701d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 702d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12($key),$s3 703d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc2 704d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc0,8),$t2 705d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($key),$s0 706d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1($sbox,$acc2,8),$t3 707d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 708d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 709d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4($key),$s1 710d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($key),$s2 711d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 712d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 713d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 714d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 715d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 716d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 717d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub declastvert() 718d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my $t3="%r8d"; # zaps $inp! 719d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 720d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 721d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 2048($sbox),$sbox # size optimization 722d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc0 723d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc1 724d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc2 725d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$t0 726d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$t1 727d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$t2 728d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 729d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc0 730d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc1 731d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc2 732d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$t3 733d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t0 734d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t1 735d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 736d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc1 737d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc2 738d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 739d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 740d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t1 741d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 742d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 743d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 744d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 745d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 746d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t2 747d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t3 748d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 749d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc0 750d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc1 751d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 752d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t2 753d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t3 754d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 755d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 756d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc0 757d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$acc1 758d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$acc2 759d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t0 760d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t1 761d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t2 762d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 763d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc0 764d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc1 765d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc2 766d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 767d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t0 768d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t1 769d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t2 770d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 771d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc0 772d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc1 773d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc2 774d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t3 775d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t0 776d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t1 777d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 778d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc0 779d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc1 780d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc2 781d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 782d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t3 783d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 784d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t1 785d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 786d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 787d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 788d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+12($key),$s3 789d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t2 790d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t3 791d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+0($key),$s0 792d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 793d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc0 794d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc1 795d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 796d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t2 797d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t3 798d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 799d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+4($key),$s1 800d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16+8($key),$s2 801d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -2048($sbox),$sbox 802d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t0,$s0 803d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 804d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 805d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 806d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 807d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 808d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 809d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub decstep() 810d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($i,@s) = @_; 811d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp0=$acc0; 812d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp1=$acc1; 813d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp2=$acc2; 814d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $out=($t0,$t1,$t2,$s[0])[$i]; 815d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 816d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[0],$out\n" if ($i!=3); 817d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp1=$s[2] if ($i==3); 818d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[2],$tmp1\n" if ($i!=3); 819d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0xFF,$out\n"; 820d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 821d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov 0($sbox,$out,8),$out\n"; 822d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$16,$tmp1\n"; 823d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp2=$s[3] if ($i==3); 824d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[3],$tmp2\n" if ($i!=3); 825d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 826d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp0=$s[1] if ($i==3); 827d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&hi($s[1]).",$tmp0\n"; 828d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0xFF,$tmp1\n"; 829d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$24,$tmp2\n"; 830d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 831d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 3($sbox,$tmp0,8),$out\n"; 832d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 2($sbox,$tmp1,8),$out\n"; 833d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor 1($sbox,$tmp2,8),$out\n"; 834d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 835d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t2,$s[1]\n" if ($i==3); 836d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t1,$s[2]\n" if ($i==3); 837d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t0,$s[3]\n" if ($i==3); 838d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.="\n"; 839d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 840d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 841d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub declast() 842d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($i,@s)=@_; 843d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp0=$acc0; 844d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp1=$acc1; 845d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $tmp2=$acc2; 846d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $out=($t0,$t1,$t2,$s[0])[$i]; 847d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 848d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[0],$out\n" if ($i!=3); 849d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp1=$s[2] if ($i==3); 850d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[2],$tmp1\n" if ($i!=3); 851d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0xFF,$out\n"; 852d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 853d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb 2048($sbox,$out,1),$out\n"; 854d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$16,$tmp1\n"; 855d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp2=$s[3] if ($i==3); 856d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $s[3],$tmp2\n" if ($i!=3); 857d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 858d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $tmp0=$s[1] if ($i==3); 859d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb ".&hi($s[1]).",$tmp0\n"; 860d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" and \$0xFF,$tmp1\n"; 861d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shr \$24,$tmp2\n"; 862d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 863d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; 864d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; 865d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; 866d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 867d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shl \$8,$tmp0\n"; 868d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shl \$16,$tmp1\n"; 869d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" shl \$24,$tmp2\n"; 870d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 871d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp0,$out\n"; 872d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t2,$s[1]\n" if ($i==3); 873d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp1,$out\n"; 874d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t1,$s[2]\n" if ($i==3); 875d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" xor $tmp2,$out\n"; 876d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=" mov $t0,$s[3]\n" if ($i==3); 877d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.="\n"; 878d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 879d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 880d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 881d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type _x86_64_AES_decrypt,\@abi-omnipotent 882d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 883d9e397b599b13d642138480a28c14db7a136bf0Adam Langley_x86_64_AES_decrypt: 884d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 # xor with key 885d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 886d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 887d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 888d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 889d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),$rnds # load key->rounds 890d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,$rnds 891d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Ldec_loop 892d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 893d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_loop: 894d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 895d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($verticalspin) { &decvert(); } 896d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else { &decstep(0,$s0,$s3,$s2,$s1); 897d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &decstep(1,$s1,$s0,$s3,$s2); 898d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &decstep(2,$s2,$s1,$s0,$s3); 899d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &decstep(3,$s3,$s2,$s1,$s0); 900d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=<<___; 901d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 902d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 # xor with key 903d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 904d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 905d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 906d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 907d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 908d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 909d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,$rnds 910d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Ldec_loop 911d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 912d9e397b599b13d642138480a28c14db7a136bf0Adam Langley if ($verticalspin) { &declastvert(); } 913d9e397b599b13d642138480a28c14db7a136bf0Adam Langley else { &declast(0,$s0,$s3,$s2,$s1); 914d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &declast(1,$s1,$s0,$s3,$s2); 915d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &declast(2,$s2,$s1,$s0,$s3); 916d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &declast(3,$s3,$s2,$s1,$s0); 917d9e397b599b13d642138480a28c14db7a136bf0Adam Langley $code.=<<___; 918d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+0($key),$s0 # xor with key 919d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+4($key),$s1 920d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+8($key),$s2 921d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16+12($key),$s3 922d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 923d9e397b599b13d642138480a28c14db7a136bf0Adam Langley } 924d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 925d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 0xf3,0xc3 # rep ret 926d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt 927d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 928d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 929d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub deccompactvert() 930d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); 931d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 932d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 933d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$t0 934d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$t1 935d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$t2 936d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$t3 937d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc0 938d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s0")`,$acc1 939d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s3 940d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc2 941d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t0,1),$t0 942d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t1,1),$t1 943d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t2,1),$t2 944d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t3,1),$t3 945d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 946d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$t4 #$t0 947d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc0 948d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$t5 #$t1 949d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t2 950d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t3 951d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 952d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s2 953d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$t5 954d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$t4 955d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s2")`,$acc1 956d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s0 957d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t4,$t0 958d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,$s1 959d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s3")`,$t4 960d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 961d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc2 962d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t5,$t1 963d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,$acc0 964d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s0")`,$t5 965d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$acc1 #$t0 966d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t2 967d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&lo("$s1")`,$acc2 968d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 969d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc1 970d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$t3 971d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t4,1),$t4 #$t1 972d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s1")`,$acc0 973d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$acc2 #$t3 974d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc1,$t0 975d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$t5,1),$t5 #$t2 976d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s2")`,$acc1 977d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 978d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$acc2 979d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$t4 980d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,$t5 981d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc2,$t3 982d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb `&hi("$s3")`,$acc2 983d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t4,$t1 984d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$8,$s0 985d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t5,$t2 986d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 987d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc0,1),$acc0 #$t0 988d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc1,1),$s1 #$t1 989d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$acc2,1),$s2 #$t2 990d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb ($sbox,$s0,1),$s3 #$t3 991d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 992d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $t0,$s0 993d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$acc0 994d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$s1 995d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$s2 996d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$s0 997d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,$s3 998d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t1,$s1 999d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t2,$s2 1000d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $t3,$s3 1001d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1002d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 1003d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1004d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# parallelized version! input is pair of 64-bit values: %rax=s1.s0 1005d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, 1006d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# %ecx=s2 and %edx=s3. 1007d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub dectransform() 1008d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); 1009d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); 1010d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my $prefetch = shift; 1011d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1012d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1013d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp40 1014d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp48 1015d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp10,$tp40 1016d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp18,$tp48 1017d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp40,$acc0 1018d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp48,$acc8 1019d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp40 1020d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp10,$tp10),$tp20 1021d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp48 1022d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp18,$tp18),$tp28 1023d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp40,$acc0 1024d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp48,$acc8 1025d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp20 1026d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp28 1027d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc0 1028d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc8 1029d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$tp20 1030d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc8,$tp28 1031d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp80 1032d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp88 1033d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1034d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp20,$tp80 1035d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp28,$tp88 1036d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp80,$acc0 1037d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp88,$acc8 1038d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp80 1039d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp20,$tp20),$tp40 1040d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp88 1041d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp28,$tp28),$tp48 1042d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp80,$acc0 1043d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp88,$acc8 1044d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp40 1045d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp48 1046d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc0 1047d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc8 1048d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$tp40 1049d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc8,$tp48 1050d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp80 1051d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $mask80,$tp88 1052d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1053d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp40,$tp80 1054d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $tp48,$tp88 1055d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp80,$acc0 1056d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp88,$acc8 1057d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp80 1058d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp10,$tp20 # tp2^=tp1 1059d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp88 1060d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp18,$tp28 # tp2^=tp1 1061d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp80,$acc0 1062d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp88,$acc8 1063d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp40,$tp40),$tp80 1064d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($tp48,$tp48),$tp88 1065d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp10,$tp40 # tp4^=tp1 1066d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp18,$tp48 # tp4^=tp1 1067d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp80 1068d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $maskfe,$tp88 1069d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc0 1070d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and $mask1b,$acc8 1071d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc0,$tp80 1072d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc8,$tp88 1073d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1074d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp80,$tp10 # tp1^=tp8 1075d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp88,$tp18 # tp1^=tp8 1076d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp80,$tp20 # tp2^tp1^=tp8 1077d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp88,$tp28 # tp2^tp1^=tp8 1078d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp10,$acc0 1079d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp18,$acc8 1080d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp80,$tp40 # tp4^tp1^=tp8 1081d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$acc0 1082d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp88,$tp48 # tp4^tp1^=tp8 1083d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$acc8 1084d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 1085d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) 1086d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 1087d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) 1088d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 1089d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) 1090d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 1091d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1092d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) 1093d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp80")`,`&LO("$tp10")` 1094d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp80 1095d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp88")`,`&LO("$tp18")` 1096d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp88 1097d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp80")`,`&LO("$acc0")` 1098d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp88")`,`&LO("$acc8")` 1099d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp20,$tp80 1101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) 1102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp28,$tp88 1103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) 1104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp80 1105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp20")`,`&LO("$tp10")` 1106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp88 1107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp28")`,`&LO("$tp18")` 1108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) 1109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp40,$tp20 1110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) 1111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp48,$tp28 1112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp20 1113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp80")`,`&LO("$acc0")` 1114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,$tp28 1115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp88")`,`&LO("$acc8")` 1116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley `"mov 0($sbox),$mask80" if ($prefetch)` 1118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) 1119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley `"mov 64($sbox),$maskfe" if ($prefetch)` 1120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) 1121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley `"mov 128($sbox),$mask1b" if ($prefetch)` 1122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) 1123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley `"mov 192($sbox),$tp80" if ($prefetch)` 1124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp40")`,`&LO("$tp10")` 1125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) 1126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp48")`,`&LO("$tp18")` 1127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley `"mov 256($sbox),$tp88" if ($prefetch)` 1128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp20")`,`&LO("$acc0")` 1129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor `&LO("$tp28")`,`&LO("$acc8")` 1130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 1132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type _x86_64_AES_decrypt_compact,\@abi-omnipotent 1135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley_x86_64_AES_decrypt_compact: 1137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 128($sbox),$inp # size optimization 1138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0-128($inp),$acc1 # prefetch Td4 1139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32-128($inp),$acc2 1140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 64-128($inp),$t0 1141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 96-128($inp),$t1 1142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 128-128($inp),$acc1 1143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 160-128($inp),$acc2 1144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 192-128($inp),$t0 1145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 224-128($inp),$t1 1146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Ldec_loop_compact 1147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_loop_compact: 1150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 # xor with key 1151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 1152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 1153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 1154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 1155d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &deccompactvert(); 1157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp 16(%rsp),$key 1159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .Ldec_compact_done 1160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 256+0($sbox),$mask80 1162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$32,%rbx 1163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$32,%rdx 1164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 256+8($sbox),$maskfe 1165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley or %rbx,%rax 1166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley or %rdx,%rcx 1167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 256+16($sbox),$mask1b 1168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &dectransform(1); 1170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Ldec_loop_compact 1172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_compact_done: 1174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($key),$s0 1175d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($key),$s1 1176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($key),$s2 1177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($key),$s3 1178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 0xf3,0xc3 # rep ret 1179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact 1180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# void asm_AES_decrypt (const void *inp,void *out,const AES_KEY *key); 1183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.globl asm_AES_decrypt 1186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type asm_AES_decrypt,\@function,3 1187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.hidden asm_AES_decrypt 1188d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyasm_AES_decrypt: 1189a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov %rsp,%rax 1190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 1191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 1192d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 1193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 1194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 1195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 1196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1197d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # allocate frame "above" key schedule 1198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -63(%rdx),%rcx # %rdx is key argument 1199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$-64,%rsp 1200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %rsp,%rcx 1201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley neg %rcx 1202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x3c0,%rcx 1203d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %rcx,%rsp 1204d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$32,%rsp 1205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,16(%rsp) # save out 1207a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov %rax,24(%rsp) # save original stack pointer 1208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_prologue: 1209d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,$key 1211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),$rnds # load rounds 1212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),$s0 # load input vector 1214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%rdi),$s1 1215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rdi),$s2 1216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12(%rdi),$s3 1217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$4,$rnds 1219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($key,$rnds),%rbp 1220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,(%rsp) # key schedule 1221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,8(%rsp) # end of key schedule 1222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # pick Td4 copy which can't "overlap" with stack frame or key schedule 1224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .LAES_Td+2048(%rip),$sbox 1225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 768(%rsp),%rbp 1226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $sbox,%rbp 1227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x300,%rbp 1228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($sbox,%rbp),$sbox 1229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$3,%rbp # recall "magic" constants! 1230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add %rbp,$sbox 1231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_decrypt_compact 1233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsp),$out # restore out 1235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rsp),%rsi # restore saved stack pointer 1236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # write output vector 1237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1241a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -48(%rsi),%r15 1242a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -40(%rsi),%r14 1243a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -32(%rsi),%r13 1244a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -24(%rsi),%r12 1245a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -16(%rsi),%rbp 1246a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan mov -8(%rsi),%rbx 1247a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan lea (%rsi),%rsp 1248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_epilogue: 1249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 1250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size asm_AES_decrypt,.-asm_AES_decrypt 1251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#------------------------------------------------------------------# 1253d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1254d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub enckey() 1255d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1256d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dl,%esi # rk[i]>>0 1258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dh,%esi # rk[i]>>8 1260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,%ebx 1261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1262d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,%edx 1265d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dl,%esi # rk[i]>>16 1266d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1267d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1268d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1269d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dh,%esi # rk[i]>>24 1270d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,%ebx 1271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,%ebx 1275d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1276d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1277d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 1024-128(%rbp,%rcx,4),%eax # rcon 1278d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1279d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 1280d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1281d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# int asm_AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) 1282d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1283d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1284d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.globl asm_AES_set_encrypt_key 1285d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type asm_AES_set_encrypt_key,\@function,3 1286d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyasm_AES_set_encrypt_key: 1287d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 1288d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 1289a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan push %r12 # redundant, but allows to share 1290d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 # exception handler... 1291d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 1292d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 1293d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$8,%rsp 1294d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_key_prologue: 1295d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1296d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_set_encrypt_key 1297d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1298d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40(%rsp),%rbp 1299d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 48(%rsp),%rbx 1300d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$56,%rsp 1301d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lenc_key_epilogue: 1302d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 1303d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size asm_AES_set_encrypt_key,.-asm_AES_set_encrypt_key 1304d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1305d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent 1306d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1307d9e397b599b13d642138480a28c14db7a136bf0Adam Langley_x86_64_AES_set_encrypt_key: 1308d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %esi,%ecx # %ecx=bits 1309d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,%rsi # %rsi=userKey 1310d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,%rdi # %rdi=key 1311d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1312d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$-1,%rsi 1313d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jz .Lbadpointer 1314d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$-1,%rdi 1315d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jz .Lbadpointer 1316d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1317d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .LAES_Te(%rip),%rbp 1318d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 2048+128(%rbp),%rbp 1319d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1320d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # prefetch Te4 1321d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0-128(%rbp),%eax 1322d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32-128(%rbp),%ebx 1323d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 64-128(%rbp),%r8d 1324d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 96-128(%rbp),%edx 1325d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 128-128(%rbp),%eax 1326d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 160-128(%rbp),%ebx 1327d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 192-128(%rbp),%r8d 1328d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 224-128(%rbp),%edx 1329d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1330d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$128,%ecx 1331d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .L10rounds 1332d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$192,%ecx 1333d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .L12rounds 1334d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$256,%ecx 1335d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .L14rounds 1336d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$-2,%rax # invalid number of bits 1337d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lexit 1338d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1339d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L10rounds: 1340d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rsi),%rax # copy first 4 dwords 1341d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%rdx 1342d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,0(%rdi) 1343d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,8(%rdi) 1344d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1345d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,%rdx 1346d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ecx,%ecx 1347d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .L10shortcut 1348d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1349d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L10loop: 1350d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),%eax # rk[0] 1351d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12(%rdi),%edx # rk[3] 1352d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L10shortcut: 1353d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1354d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enckey (); 1355d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1356d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,16(%rdi) # rk[4] 1357d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4(%rdi),%eax 1358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,20(%rdi) # rk[5] 1359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8(%rdi),%eax 1360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,24(%rdi) # rk[6] 1361d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12(%rdi),%eax 1362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,28(%rdi) # rk[7] 1363d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$1,%ecx 1364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16(%rdi),%rdi 1365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$10,%ecx 1366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jl .L10loop 1367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1368d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movl \$10,80(%rdi) # setup number of rounds 1369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1370d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lexit 1371d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1372d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L12rounds: 1373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rsi),%rax # copy first 6 dwords 1374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%rbx 1375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsi),%rdx 1376d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,0(%rdi) 1377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,8(%rdi) 1378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,16(%rdi) 1379d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1380d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,%rdx 1381d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ecx,%ecx 1382d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .L12shortcut 1383d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L12loop: 1385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),%eax # rk[0] 1386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 20(%rdi),%edx # rk[5] 1387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L12shortcut: 1388d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enckey (); 1390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,24(%rdi) # rk[6] 1392d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4(%rdi),%eax 1393d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,28(%rdi) # rk[7] 1394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8(%rdi),%eax 1395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,32(%rdi) # rk[8] 1396d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12(%rdi),%eax 1397d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,36(%rdi) # rk[9] 1398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1399d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$7,%ecx 1400d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .L12break 1401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$1,%ecx 1402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 16(%rdi),%eax 1404d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,40(%rdi) # rk[10] 1405d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 20(%rdi),%eax 1406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,44(%rdi) # rk[11] 1407d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1408d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 24(%rdi),%rdi 1409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .L12loop 1410d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L12break: 1411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movl \$12,72(%rdi) # setup number of rounds 1412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lexit 1414d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1415a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan.L14rounds: 1416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rsi),%rax # copy first 8 dwords 1417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%rbx 1418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsi),%rcx 1419d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rsi),%rdx 1420d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,0(%rdi) 1421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,8(%rdi) 1422d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,16(%rdi) 1423d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,24(%rdi) 1424d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$32,%rdx 1426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ecx,%ecx 1427d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .L14shortcut 1428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1429d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L14loop: 1430d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),%eax # rk[0] 1431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 28(%rdi),%edx # rk[4] 1432d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L14shortcut: 1433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &enckey (); 1435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,32(%rdi) # rk[8] 1437d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4(%rdi),%eax 1438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,36(%rdi) # rk[9] 1439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8(%rdi),%eax 1440d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,40(%rdi) # rk[10] 1441d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12(%rdi),%eax 1442d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,44(%rdi) # rk[11] 1443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$6,%ecx 1445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .L14break 1446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$1,%ecx 1447d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,%edx 1449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rdi),%eax # rk[4] 1450d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dl,%esi # rk[11]>>0 1451d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dh,%esi # rk[11]>>8 1453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1455d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$16,%edx 1457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$8,%ebx 1458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dl,%esi # rk[11]>>16 1459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1461d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1462d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movz %dh,%esi # rk[11]>>24 1463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$16,%ebx 1464d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movzb -128(%rbp,%rsi),%ebx 1467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$24,%ebx 1468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %ebx,%eax 1469d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1470d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,48(%rdi) # rk[12] 1471d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 20(%rdi),%eax 1472d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,52(%rdi) # rk[13] 1473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 24(%rdi),%eax 1474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,56(%rdi) # rk[14] 1475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 28(%rdi),%eax 1476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,60(%rdi) # rk[15] 1477d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1478d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 32(%rdi),%rdi 1479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .L14loop 1480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.L14break: 1481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movl \$14,48(%rdi) # setup number of rounds 1482d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lexit 1484d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lbadpointer: 1486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$-1,%rax 1487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lexit: 1488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 0xf3,0xc3 # rep ret 1489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key 1490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1491d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1492d9e397b599b13d642138480a28c14db7a136bf0Adam Langleysub deckey_ref() 1493d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ my ($i,$ptr,$te,$td) = @_; 1494d9e397b599b13d642138480a28c14db7a136bf0Adam Langley my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); 1495d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1496d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $i($ptr),$tp1 1497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp1,$acc 1498d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x80808080,$acc 1499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tp4 1500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp4 1501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 0($tp1,$tp1),$tp2 1502d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp4,$acc 1503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$tp2 1504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc 1505d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp2,$acc 1506d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tp2 1507d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1508d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x80808080,$acc 1509d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tp8 1510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp8 1511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 0($tp2,$tp2),$tp4 1512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp8,$acc 1513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$tp4 1514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc 1515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp1,$tp2 # tp2^tp1 1516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp4,$acc 1517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tp4 1518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x80808080,$acc 1520d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $acc,$tp8 1521d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$7,$tp8 1522d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $tp8,$acc 1523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 0($tp4,$tp4),$tp8 1524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp1,$tp4 # tp4^tp1 1525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfefefefe,$tp8 1526d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x1b1b1b1b,$acc 1527d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $acc,$tp8 1528d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1529d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp8,$tp1 # tp1^tp8 1530d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$8,$tp1 # ROTATE(tp1^tp8,8) 1531d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp8,$tp2 # tp2^tp1^tp8 1532d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp8,$tp4 # tp4^tp1^tp8 1533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp2,$tp8 1534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 1535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1536d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp8,$tp1 1537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) 1538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp2,$tp1 1539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) 1540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor $tp4,$tp1 1541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $tp1,$i($ptr) 1543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 1545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# int asm_AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) 1547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.globl asm_AES_set_decrypt_key 1550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type asm_AES_set_decrypt_key,\@function,3 1551d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyasm_AES_set_decrypt_key: 1552d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 1553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 1554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 1555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 1556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 1557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 1558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rdx # save key schedule 1559d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_key_prologue: 1560d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_set_encrypt_key 1562d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov (%rsp),%r8 # restore key schedule 1563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$0,%eax 1564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jne .Labort 1565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240(%r8),%r14d # pull number of rounds 1567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rdi,%rdi 1568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%rdi,%r14d,4),%rcx 1569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,%rsi 1570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%r8,%rcx,4),%rdi # pointer to last chunk 1571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Linvert: 1573d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rsi),%rax 1574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%rbx 1575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rdi),%rcx 1576d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rdi),%rdx 1577d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,0(%rdi) 1578d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,8(%rdi) 1579d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,0(%rsi) 1580d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,8(%rsi) 1581d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16(%rsi),%rsi 1582d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -16(%rdi),%rdi 1583d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %rsi,%rdi 1584d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jne .Linvert 1585d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1586d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .LAES_Te+2048+1024(%rip),%rax # rcon 1587d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1588d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40(%rax),$mask80 1589d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 48(%rax),$maskfe 1590d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 56(%rax),$mask1b 1591d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1592d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,$key 1593d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,%r14d 1594d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1595d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lpermute: 1596d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($key),$key 1597d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($key),%rax 1598d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($key),%rcx 1599d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1600d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &dectransform (); 1601d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1602d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,0($key) 1603d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %ebx,4($key) 1604d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %ecx,8($key) 1605d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %edx,12($key) 1606d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,%r14d 1607d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lpermute 1608d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1609d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1610d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Labort: 1611d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsp),%r15 1612d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsp),%r14 1613d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rsp),%r13 1614d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32(%rsp),%r12 1615d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40(%rsp),%rbp 1616d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 48(%rsp),%rbx 1617d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$56,%rsp 1618d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Ldec_key_epilogue: 1619d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 1620d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size asm_AES_set_decrypt_key,.-asm_AES_set_decrypt_key 1621d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 1622d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1623d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# void asm_AES_cbc_encrypt (const void char *inp, unsigned char *out, 1624d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# size_t length, const AES_KEY *key, 1625d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# unsigned char *ivp,const int enc); 1626d9e397b599b13d642138480a28c14db7a136bf0Adam Langley{ 1627d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# stack frame layout 1628d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# -8(%rsp) return address 1629d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $keyp="0(%rsp)"; # one to pass as $key 1630d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) 1631d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_rsp="16(%rsp)"; # saved %rsp 1632d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_inp="24(%rsp)"; # copy of 1st parameter, inp 1633d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_out="32(%rsp)"; # copy of 2nd parameter, out 1634d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_len="40(%rsp)"; # copy of 3rd parameter, length 1635d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_key="48(%rsp)"; # copy of 4th parameter, key 1636d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $_ivp="56(%rsp)"; # copy of 5th parameter, ivp 1637d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $ivec="64(%rsp)"; # ivec[16] 1638d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $aes_key="80(%rsp)"; # copy of aes_key 1639d9e397b599b13d642138480a28c14db7a136bf0Adam Langleymy $mark="80+240(%rsp)"; # copy of aes_key->rounds 1640d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1641d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 1642d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1643d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.globl asm_AES_cbc_encrypt 1644d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type asm_AES_cbc_encrypt,\@function,6 1645d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.extern OPENSSL_ia32cap_P 1646d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.hidden asm_AES_cbc_encrypt 1647d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyasm_AES_cbc_encrypt: 1648d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$0,%rdx # check length 1649d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .Lcbc_epilogue 1650d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pushfq 1651d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 1652d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 1653d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 1654d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 1655d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 1656d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 1657d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_prologue: 1658d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1659d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cld 1660d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r9d,%r9d # clear upper half of enc 1661d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1662d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .LAES_Te(%rip),$sbox 1663a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan lea .LAES_Td(%rip),%r10 1664d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$0,%r9 1665a94fe0531b3c196ad078174259af2201b2e3a246Robert Sloan cmoveq %r10,$sbox 1666d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1667d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov OPENSSL_ia32cap_P(%rip),%r10d 1668d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$$speed_limit,%rdx 1669d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lcbc_slow_prologue 1670d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$15,%rdx 1671d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_slow_prologue 1672d9e397b599b13d642138480a28c14db7a136bf0Adam Langley bt \$28,%r10d 1673d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jc .Lcbc_slow_prologue 1674d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1675d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # allocate aligned stack frame... 1676d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -88-248(%rsp),$key 1677d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$-64,$key 1678d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1679d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 1680d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $sbox,%r10 1681d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 2304($sbox),%r11 1682d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,%r12 1683d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xFFF,%r10 # s = $sbox&0xfff 1684d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff 1685d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xFFF,%r12 # p = %rsp&0xfff 1686d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1687d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); 1688d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lcbc_te_break_out 1689d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r11,%r12 1690d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r12,$key 1691d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_te_ok 1692d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz 1693d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r10,%r12 1694d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xFFF,%r12 1695d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$320,%r12 1696d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r12,$key 1697d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1698d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_te_ok: 1699d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1700d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xchg %rsp,$key 1701d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #add \$8,%rsp # reserve for return address! 1702d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,$_rsp # save %rsp 1703d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_body: 1704d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,$_inp # save copy of inp 1705d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,$_out # save copy of out 1706d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,$_len # save copy of len 1707d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,$_key # save copy of key 1708d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,$_ivp # save copy of ivp 1709d9e397b599b13d642138480a28c14db7a136bf0Adam Langley movl \$0,$mark # copy of aes_key->rounds = 0; 1710d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,%rbp # rearrange input arguments 1711d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r9,%rbx 1712d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,$out 1713d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,$inp 1714d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,$key 1715d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1716d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),%eax # key->rounds 1717d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # do we copy key schedule to stack? 1718d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,%r10 1719d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $sbox,%r10 1720d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0xfff,%r10 1721d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$2304,%r10 1722d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lcbc_do_ecopy 1723d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$4096-248,%r10 1724d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lcbc_skip_ecopy 1725d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1726d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_do_ecopy: 1727d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,%rsi 1728d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea $aes_key,%rdi 1729d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea $aes_key,$key 1730d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$240/8,%ecx 1731d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x90A548F3 # rep movsq 1732d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %eax,(%rdi) # copy aes_key->rounds 1733d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_skip_ecopy: 1734d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,$keyp # save key pointer 1735d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1736d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$18,%ecx 1737d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1738d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_prefetch_te: 1739d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($sbox),%r10 1740d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32($sbox),%r11 1741d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 64($sbox),%r12 1742d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 96($sbox),%r13 1743d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 128($sbox),$sbox 1744d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$1,%ecx 1745d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_prefetch_te 1746d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -2304($sbox),$sbox 1747d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1748d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$0,%rbx 1749d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .LFAST_DECRYPT 1750d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1751d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#----------------------------- ENCRYPT -----------------------------# 1752d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rbp),$s0 # load iv 1753d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%rbp),$s1 1754d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rbp),$s2 1755d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12(%rbp),$s3 1756d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1757d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1758d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_enc_loop: 1759d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($inp),$s0 1760d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($inp),$s1 1761d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($inp),$s2 1762d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($inp),$s3 1763d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $keyp,$key # restore key 1764d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,$_inp # if ($verticalspin) save inp 1765d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1766d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_encrypt 1767d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1768d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_inp,$inp # if ($verticalspin) restore inp 1769d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_len,%r10 1770d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) 1771d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1772d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1773d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1774d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1775d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($inp),$inp 1776d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($out),$out 1777d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$16,%r10 1778d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$-16,%r10 1779d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,$_len 1780d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_fast_enc_loop 1781d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%rbp # restore ivp 1782d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0(%rbp) # save ivec 1783d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4(%rbp) 1784d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8(%rbp) 1785d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12(%rbp) 1786d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1787d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_fast_cleanup 1788d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1789d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#----------------------------- DECRYPT -----------------------------# 1790d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1791d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LFAST_DECRYPT: 1792d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp $inp,$out 1793d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .Lcbc_fast_dec_in_place 1794d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1795d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,$ivec 1796d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1797d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_dec_loop: 1798d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($inp),$s0 # read input 1799d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4($inp),$s1 1800d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($inp),$s2 1801d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12($inp),$s3 1802d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $keyp,$key # restore key 1803d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,$_inp # if ($verticalspin) save inp 1804d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1805d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_decrypt 1806d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1807d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $ivec,%rbp # load ivp 1808d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_inp,$inp # if ($verticalspin) restore inp 1809d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_len,%r10 # load len 1810d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0(%rbp),$s0 # xor iv 1811d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4(%rbp),$s1 1812d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8(%rbp),$s2 1813d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12(%rbp),$s3 1814d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,%rbp # current input, next iv 1815d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1816d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$16,%r10 1817d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,$_len # update len 1818d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,$ivec # update ivp 1819d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1820d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # write output 1821d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1822d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1823d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1824d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1825d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($inp),$inp 1826d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($out),$out 1827d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_fast_dec_loop 1828d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%r12 # load user ivp 1829d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rbp),%r10 # load iv 1830d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rbp),%r11 1831d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,0(%r12) # copy back to user 1832d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,8(%r12) 1833d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_fast_cleanup 1834d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1835d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1836d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_dec_in_place: 1837d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rbp),%r10 # copy iv to stack 1838d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rbp),%r11 1839d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,0+$ivec 1840d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,8+$ivec 1841d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1842d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_dec_in_place_loop: 1843d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($inp),$s0 # load input 1844d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4($inp),$s1 1845d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($inp),$s2 1846d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12($inp),$s3 1847d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $keyp,$key # restore key 1848d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,$_inp # if ($verticalspin) save inp 1849d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1850d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_decrypt 1851d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1852d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_inp,$inp # if ($verticalspin) restore inp 1853d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_len,%r10 1854d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0+$ivec,$s0 1855d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4+$ivec,$s1 1856d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8+$ivec,$s2 1857d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12+$ivec,$s3 1858d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1859d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($inp),%r11 # load input 1860d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($inp),%r12 1861d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$16,%r10 1862d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jz .Lcbc_fast_dec_in_place_done 1863d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1864d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0+$ivec # copy input to iv 1865d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8+$ivec 1866d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1867d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # save output [zaps input] 1868d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1869d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1870d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1871d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1872d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($inp),$inp 1873d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($out),$out 1874d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,$_len 1875d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_fast_dec_in_place_loop 1876d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_dec_in_place_done: 1877d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%rdi 1878d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0(%rdi) # copy iv back to user 1879d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8(%rdi) 1880d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1881d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # save output [zaps input] 1882d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1883d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1884d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1885d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1886d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1887d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_fast_cleanup: 1888d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmpl \$0,$mark # was the key schedule copied? 1889d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea $aes_key,%rdi 1890d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .Lcbc_exit 1891d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$240/8,%ecx 1892d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1893d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x90AB48F3 # rep stosq 1894d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1895d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_exit 1896d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1897d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#--------------------------- SLOW ROUTINE ---------------------------# 1898d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 1899d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_prologue: 1900d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # allocate aligned stack frame... 1901d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -88(%rsp),%rbp 1902d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$-64,%rbp 1903d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # ... just "above" key schedule 1904d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea -88-63(%rcx),%r10 1905d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %rbp,%r10 1906d9e397b599b13d642138480a28c14db7a136bf0Adam Langley neg %r10 1907d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x3c0,%r10 1908d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r10,%rbp 1909d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1910d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xchg %rsp,%rbp 1911d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #add \$8,%rsp # reserve for return address! 1912d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,$_rsp # save %rsp 1913d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_body: 1914d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #mov %rdi,$_inp # save copy of inp 1915d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #mov %rsi,$_out # save copy of out 1916d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #mov %rdx,$_len # save copy of len 1917d9e397b599b13d642138480a28c14db7a136bf0Adam Langley #mov %rcx,$_key # save copy of key 1918d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,$_ivp # save copy of ivp 1919d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r8,%rbp # rearrange input arguments 1920d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r9,%rbx 1921d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,$out 1922d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,$inp 1923d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,$key 1924d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdx,%r10 1925d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1926d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 240($key),%eax 1927d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $key,$keyp # save key pointer 1928d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shl \$4,%eax 1929d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($key,%rax),%rax 1930d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,$keyend 1931d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1932d9e397b599b13d642138480a28c14db7a136bf0Adam Langley # pick Te4 copy which can't "overlap" with stack frame or key scdedule 1933d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 2048($sbox),$sbox 1934d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 768-8(%rsp),%rax 1935d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub $sbox,%rax 1936d9e397b599b13d642138480a28c14db7a136bf0Adam Langley and \$0x300,%rax 1937d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea ($sbox,%rax),$sbox 1938d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1939d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp \$0,%rbx 1940d9e397b599b13d642138480a28c14db7a136bf0Adam Langley je .LSLOW_DECRYPT 1941d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1942d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#--------------------------- SLOW ENCRYPT ---------------------------# 1943d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$-16,%r10 # check upon length 1944d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rbp),$s0 # load iv 1945d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%rbp),$s1 1946d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rbp),$s2 1947d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12(%rbp),$s3 1948d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jz .Lcbc_slow_enc_tail # short input... 1949d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1950d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1951d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_enc_loop: 1952d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0($inp),$s0 1953d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4($inp),$s1 1954d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8($inp),$s2 1955d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12($inp),$s3 1956d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $keyp,$key # restore key 1957d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,$_inp # save inp 1958d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $out,$_out # save out 1959d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,$_len # save len 1960d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1961d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_encrypt_compact 1962d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1963d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_inp,$inp # restore inp 1964d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_out,$out # restore out 1965d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_len,%r10 # restore len 1966d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) 1967d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 1968d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 1969d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 1970d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1971d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($inp),$inp 1972d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($out),$out 1973d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$16,%r10 1974d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$-16,%r10 1975d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_slow_enc_loop 1976d9e397b599b13d642138480a28c14db7a136bf0Adam Langley test \$15,%r10 1977d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jnz .Lcbc_slow_enc_tail 1978d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%rbp # restore ivp 1979d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0(%rbp) # save ivec 1980d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4(%rbp) 1981d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8(%rbp) 1982d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12(%rbp) 1983d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1984d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_exit 1985d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 1986d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 1987d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_enc_tail: 1988d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,%r11 1989d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,%r12 1990d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,%rcx 1991d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,%rsi 1992d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $out,%rdi 1993d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x9066A4F3 # rep movsb 1994d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$16,%rcx # zero tail 1995d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub %r10,%rcx 1996d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rax,%rax 1997d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x9066AAF3 # rep stosb 1998d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $out,$inp # this is not a mistake! 1999d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$16,%r10 # len=16 2000d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,%rax 2001d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,%rcx 2002d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_slow_enc_loop # one more spin... 2003d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#--------------------------- SLOW DECRYPT ---------------------------# 2004d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 2005d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSLOW_DECRYPT: 2006d9e397b599b13d642138480a28c14db7a136bf0Adam Langley shr \$3,%rax 2007d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add %rax,$sbox # recall "magic" constants! 2008d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2009d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rbp),%r11 # copy iv to stack 2010d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rbp),%r12 2011d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0+$ivec 2012d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8+$ivec 2013d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2014d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 2015d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_dec_loop: 2016d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($inp),$s0 # load input 2017d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4($inp),$s1 2018d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($inp),$s2 2019d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 12($inp),$s3 2020d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $keyp,$key # restore key 2021d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $inp,$_inp # save inp 2022d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $out,$_out # save out 2023d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,$_len # save len 2024d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2025d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call _x86_64_AES_decrypt_compact 2026d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2027d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_inp,$inp # restore inp 2028d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_out,$out # restore out 2029d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_len,%r10 2030d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 0+$ivec,$s0 2031d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 4+$ivec,$s1 2032d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 8+$ivec,$s2 2033d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor 12+$ivec,$s3 2034d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2035d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0($inp),%r11 # load input 2036d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($inp),%r12 2037d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$16,%r10 2038d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jc .Lcbc_slow_dec_partial 2039d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jz .Lcbc_slow_dec_done 2040d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2041d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0+$ivec # copy input to iv 2042d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8+$ivec 2043d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2044d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # save output [can zap input] 2045d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 2046d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 2047d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 2048d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2049d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($inp),$inp 2050d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16($out),$out 2051d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_slow_dec_loop 2052d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_dec_done: 2053d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%rdi 2054d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0(%rdi) # copy iv back to user 2055d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8(%rdi) 2056d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2057d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0($out) # save output [can zap input] 2058d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4($out) 2059d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8($out) 2060d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12($out) 2061d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2062d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_exit 2063d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2064d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 2065d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_slow_dec_partial: 2066d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_ivp,%rdi 2067d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,0(%rdi) # copy iv back to user 2068d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,8(%rdi) 2069d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2070d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s0,0+$ivec # save output to stack 2071d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s1,4+$ivec 2072d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s2,8+$ivec 2073d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $s3,12+$ivec 2074d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2075d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $out,%rdi 2076d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea $ivec,%rsi 2077d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 16(%r10),%rcx 2078d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x9066A4F3 # rep movsb 2079d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcbc_exit 2080d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2081d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 2082d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_exit: 2083d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $_rsp,%rsi 2084d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov (%rsi),%r15 2085d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%r14 2086d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsi),%r13 2087d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rsi),%r12 2088d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 32(%rsi),%rbp 2089d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40(%rsi),%rbx 2090d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 48(%rsi),%rsp 2091d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_popfq: 2092d9e397b599b13d642138480a28c14db7a136bf0Adam Langley popfq 2093d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcbc_epilogue: 2094d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 2095d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size asm_AES_cbc_encrypt,.-asm_AES_cbc_encrypt 2096d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2097d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 2098d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2099d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2100d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 64 2101d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LAES_Te: 2102d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2103d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); 2104d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); 2105d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); 2106d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); 2107d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); 2108d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); 2109d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); 2110d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); 2111d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); 2112d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); 2113d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); 2114d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); 2115d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); 2116d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); 2117d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); 2118d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); 2119d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); 2120d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); 2121d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); 2122d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); 2123d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); 2124d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); 2125d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); 2126d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); 2127d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); 2128d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); 2129d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); 2130d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); 2131d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); 2132d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); 2133d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); 2134d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); 2135d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); 2136d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); 2137d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); 2138d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); 2139d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); 2140d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); 2141d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); 2142d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); 2143d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); 2144d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); 2145d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); 2146d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); 2147d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); 2148d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); 2149d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); 2150d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); 2151d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); 2152d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); 2153d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); 2154d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); 2155d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); 2156d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); 2157d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); 2158d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); 2159d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); 2160d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); 2161d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); 2162d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); 2163d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); 2164d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); 2165d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); 2166d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); 2167d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2168d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#Te4 # four copies of Te4 to choose from to avoid L1 aliasing 2169d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); 2170d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); 2171d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); 2172d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); 2173d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); 2174d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); 2175d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); 2176d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); 2177d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); 2178d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); 2179d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); 2180d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); 2181d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); 2182d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); 2183d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); 2184d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); 2185d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); 2186d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); 2187d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); 2188d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); 2189d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); 2190d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); 2191d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); 2192d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); 2193d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); 2194d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); 2195d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); 2196d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); 2197d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); 2198d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); 2199d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); 2200d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); 2201d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2202d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); 2203d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); 2204d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); 2205d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); 2206d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); 2207d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); 2208d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); 2209d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); 2210d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); 2211d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); 2212d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); 2213d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); 2214d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); 2215d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); 2216d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); 2217d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); 2218d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); 2219d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); 2220d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); 2221d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); 2222d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); 2223d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); 2224d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); 2225d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); 2226d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); 2227d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); 2228d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); 2229d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); 2230d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); 2231d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); 2232d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); 2233d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); 2234d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2235d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); 2236d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); 2237d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); 2238d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); 2239d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); 2240d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); 2241d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); 2242d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); 2243d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); 2244d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); 2245d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); 2246d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); 2247d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); 2248d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); 2249d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); 2250d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); 2251d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); 2252d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); 2253d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); 2254d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); 2255d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); 2256d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); 2257d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); 2258d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); 2259d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); 2260d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); 2261d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); 2262d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); 2263d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); 2264d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); 2265d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); 2266d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); 2267d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2268d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); 2269d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); 2270d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); 2271d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); 2272d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); 2273d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); 2274d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); 2275d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); 2276d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); 2277d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); 2278d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); 2279d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); 2280d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); 2281d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); 2282d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); 2283d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); 2284d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); 2285d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); 2286d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); 2287d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); 2288d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); 2289d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); 2290d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); 2291d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); 2292d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); 2293d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); 2294d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); 2295d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); 2296d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); 2297d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); 2298d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); 2299d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); 2300d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#rcon: 2301d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2302d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 2303d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 2304d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 2305d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b 2306d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2307d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2308d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 64 2309d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LAES_Td: 2310d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2311d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); 2312d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); 2313d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); 2314d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); 2315d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); 2316d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); 2317d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); 2318d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); 2319d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); 2320d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); 2321d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); 2322d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); 2323d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); 2324d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); 2325d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); 2326d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); 2327d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); 2328d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); 2329d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); 2330d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); 2331d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); 2332d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); 2333d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); 2334d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); 2335d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); 2336d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); 2337d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); 2338d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); 2339d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); 2340d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); 2341d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); 2342d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); 2343d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); 2344d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); 2345d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); 2346d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); 2347d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); 2348d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); 2349d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); 2350d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); 2351d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); 2352d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); 2353d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); 2354d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); 2355d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); 2356d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); 2357d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); 2358d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); 2359d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); 2360d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); 2361d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); 2362d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); 2363d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); 2364d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); 2365d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); 2366d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); 2367d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); 2368d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); 2369d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); 2370d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); 2371d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); 2372d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); 2373d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); 2374d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); 2375d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2376d9e397b599b13d642138480a28c14db7a136bf0Adam Langley#Td4: # four copies of Td4 to choose from to avoid L1 aliasing 2377d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); 2378d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); 2379d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); 2380d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); 2381d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); 2382d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); 2383d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); 2384d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); 2385d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); 2386d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); 2387d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); 2388d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); 2389d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); 2390d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); 2391d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); 2392d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); 2393d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); 2394d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); 2395d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); 2396d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); 2397d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); 2398d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); 2399d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); 2400d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); 2401d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); 2402d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); 2403d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); 2404d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); 2405d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); 2406d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); 2407d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); 2408d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); 2409d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2410d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe 2411d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 2412d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2413d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); 2414d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); 2415d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); 2416d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); 2417d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); 2418d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); 2419d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); 2420d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); 2421d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); 2422d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); 2423d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); 2424d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); 2425d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); 2426d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); 2427d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); 2428d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); 2429d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); 2430d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); 2431d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); 2432d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); 2433d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); 2434d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); 2435d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); 2436d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); 2437d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); 2438d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); 2439d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); 2440d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); 2441d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); 2442d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); 2443d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); 2444d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); 2445d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2446d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe 2447d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 2448d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2449d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); 2450d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); 2451d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); 2452d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); 2453d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); 2454d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); 2455d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); 2456d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); 2457d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); 2458d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); 2459d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); 2460d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); 2461d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); 2462d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); 2463d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); 2464d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); 2465d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); 2466d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); 2467d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); 2468d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); 2469d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); 2470d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); 2471d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); 2472d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); 2473d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); 2474d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); 2475d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); 2476d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); 2477d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); 2478d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); 2479d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); 2480d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); 2481d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2482d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe 2483d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 2484d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2485d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); 2486d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); 2487d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); 2488d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); 2489d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); 2490d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); 2491d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); 2492d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); 2493d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); 2494d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); 2495d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); 2496d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); 2497d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); 2498d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); 2499d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); 2500d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); 2501d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); 2502d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); 2503d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); 2504d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); 2505d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); 2506d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); 2507d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); 2508d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); 2509d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); 2510d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); 2511d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); 2512d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); 2513d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); 2514d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); 2515d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); 2516d9e397b599b13d642138480a28c14db7a136bf0Adam Langley &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); 2517d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2518d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe 2519d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 2520d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>" 2521d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 64 2522d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2523d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2524d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, 2525d9e397b599b13d642138480a28c14db7a136bf0Adam Langley# CONTEXT *context,DISPATCHER_CONTEXT *disp) 2526d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyif ($win64) { 2527d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$rec="%rcx"; 2528d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$frame="%rdx"; 2529d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$context="%r8"; 2530d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$disp="%r9"; 2531d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2532d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code.=<<___; 2533d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.extern __imp_RtlVirtualUnwind 2534d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type block_se_handler,\@abi-omnipotent 2535d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 2536d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyblock_se_handler: 2537d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rsi 2538d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rdi 2539d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 2540d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 2541d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 2542d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 2543d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 2544d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 2545d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pushfq 2546d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$64,%rsp 2547d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2548d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 120($context),%rax # pull context->Rax 2549d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 248($context),%rbx # pull context->Rip 2550d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2551d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($disp),%rsi # disp->ImageBase 2552d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 56($disp),%r11 # disp->HandlerData 2553d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2554d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%r11),%r10d # HandlerData[0] 2555d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%rsi,%r10),%r10 # prologue label 2556d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<prologue label 2557d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_block_prologue 2558d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2559d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 152($context),%rax # pull context->Rsp 2560d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2561d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%r11),%r10d # HandlerData[1] 2562d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%rsi,%r10),%r10 # epilogue label 2563d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip>=epilogue label 2564d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jae .Lin_block_prologue 2565d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2566d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 24(%rax),%rax # pull saved real stack pointer 2567d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2568d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -8(%rax),%rbx 2569d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -16(%rax),%rbp 2570d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -24(%rax),%r12 2571d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -32(%rax),%r13 2572d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -40(%rax),%r14 2573d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -48(%rax),%r15 2574d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,144($context) # restore context->Rbx 2575d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,160($context) # restore context->Rbp 2576d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,216($context) # restore context->R12 2577d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r13,224($context) # restore context->R13 2578d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r14,232($context) # restore context->R14 2579d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r15,240($context) # restore context->R15 2580d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2581d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lin_block_prologue: 2582d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rax),%rdi 2583d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rax),%rsi 2584d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,152($context) # restore context->Rsp 2585d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,168($context) # restore context->Rsi 2586d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,176($context) # restore context->Rdi 2587d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2588d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcommon_seh_exit 2589d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size block_se_handler,.-block_se_handler 2590d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2591d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type key_se_handler,\@abi-omnipotent 2592d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 2593d9e397b599b13d642138480a28c14db7a136bf0Adam Langleykey_se_handler: 2594d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rsi 2595d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rdi 2596d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 2597d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 2598d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 2599d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 2600d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 2601d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 2602d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pushfq 2603d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$64,%rsp 2604d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2605d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 120($context),%rax # pull context->Rax 2606d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 248($context),%rbx # pull context->Rip 2607d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2608d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8($disp),%rsi # disp->ImageBase 2609d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 56($disp),%r11 # disp->HandlerData 2610d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2611d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%r11),%r10d # HandlerData[0] 2612d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%rsi,%r10),%r10 # prologue label 2613d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<prologue label 2614d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_key_prologue 2615d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2616d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 152($context),%rax # pull context->Rsp 2617d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2618d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 4(%r11),%r10d # HandlerData[1] 2619d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea (%rsi,%r10),%r10 # epilogue label 2620d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip>=epilogue label 2621d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jae .Lin_key_prologue 2622d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2623d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 56(%rax),%rax 2624d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2625d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -8(%rax),%rbx 2626d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -16(%rax),%rbp 2627d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -24(%rax),%r12 2628d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -32(%rax),%r13 2629d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -40(%rax),%r14 2630d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -48(%rax),%r15 2631d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,144($context) # restore context->Rbx 2632d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,160($context) # restore context->Rbp 2633d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,216($context) # restore context->R12 2634d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r13,224($context) # restore context->R13 2635d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r14,232($context) # restore context->R14 2636d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r15,240($context) # restore context->R15 2637d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2638d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lin_key_prologue: 2639d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rax),%rdi 2640d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rax),%rsi 2641d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,152($context) # restore context->Rsp 2642d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,168($context) # restore context->Rsi 2643d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,176($context) # restore context->Rdi 2644d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2645d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jmp .Lcommon_seh_exit 2646d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size key_se_handler,.-key_se_handler 2647d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2648d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.type cbc_se_handler,\@abi-omnipotent 2649d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 16 2650d9e397b599b13d642138480a28c14db7a136bf0Adam Langleycbc_se_handler: 2651d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rsi 2652d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rdi 2653d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbx 2654d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %rbp 2655d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r12 2656d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r13 2657d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r14 2658d9e397b599b13d642138480a28c14db7a136bf0Adam Langley push %r15 2659d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pushfq 2660d9e397b599b13d642138480a28c14db7a136bf0Adam Langley sub \$64,%rsp 2661d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2662d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 120($context),%rax # pull context->Rax 2663d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 248($context),%rbx # pull context->Rip 2664d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2665d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_prologue(%rip),%r10 2666d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<.Lcbc_prologue 2667d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_cbc_prologue 2668d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2669d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_fast_body(%rip),%r10 2670d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<.Lcbc_fast_body 2671d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_cbc_frame_setup 2672d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2673d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_slow_prologue(%rip),%r10 2674d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue 2675d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_cbc_body 2676d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2677d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_slow_body(%rip),%r10 2678d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip<.Lcbc_slow_body 2679d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jb .Lin_cbc_frame_setup 2680d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2681d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lin_cbc_body: 2682d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 152($context),%rax # pull context->Rsp 2683d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2684d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_epilogue(%rip),%r10 2685d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue 2686d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jae .Lin_cbc_prologue 2687d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2688d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 8(%rax),%rax 2689d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2690d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea .Lcbc_popfq(%rip),%r10 2691d9e397b599b13d642138480a28c14db7a136bf0Adam Langley cmp %r10,%rbx # context->Rip>=.Lcbc_popfq 2692d9e397b599b13d642138480a28c14db7a136bf0Adam Langley jae .Lin_cbc_prologue 2693d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2694d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov `16-8`(%rax),%rax # biased $_rsp 2695d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 56(%rax),%rax 2696d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2697d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lin_cbc_frame_setup: 2698d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -16(%rax),%rbx 2699d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -24(%rax),%rbp 2700d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -32(%rax),%r12 2701d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -40(%rax),%r13 2702d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -48(%rax),%r14 2703d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov -56(%rax),%r15 2704d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbx,144($context) # restore context->Rbx 2705d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rbp,160($context) # restore context->Rbp 2706d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,216($context) # restore context->R12 2707d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r13,224($context) # restore context->R13 2708d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r14,232($context) # restore context->R14 2709d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r15,240($context) # restore context->R15 2710d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2711d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lin_cbc_prologue: 2712d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rax),%rdi 2713d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rax),%rsi 2714d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rax,152($context) # restore context->Rsp 2715d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rsi,168($context) # restore context->Rsi 2716d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rdi,176($context) # restore context->Rdi 2717d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2718d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.Lcommon_seh_exit: 2719d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2720d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40($disp),%rdi # disp->ContextRecord 2721d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $context,%rsi # context 2722d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$`1232/8`,%ecx # sizeof(CONTEXT) 2723d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .long 0xa548f3fc # cld; rep movsq 2724d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2725d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov $disp,%rsi 2726d9e397b599b13d642138480a28c14db7a136bf0Adam Langley xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER 2727d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 8(%rsi),%rdx # arg2, disp->ImageBase 2728d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 0(%rsi),%r8 # arg3, disp->ControlPc 2729d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 16(%rsi),%r9 # arg4, disp->FunctionEntry 2730d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov 40(%rsi),%r10 # disp->ContextRecord 2731d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 56(%rsi),%r11 # &disp->HandlerData 2732d9e397b599b13d642138480a28c14db7a136bf0Adam Langley lea 24(%rsi),%r12 # &disp->EstablisherFrame 2733d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r10,32(%rsp) # arg5 2734d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r11,40(%rsp) # arg6 2735d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %r12,48(%rsp) # arg7 2736d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov %rcx,56(%rsp) # arg8, (NULL) 2737d9e397b599b13d642138480a28c14db7a136bf0Adam Langley call *__imp_RtlVirtualUnwind(%rip) 2738d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2739d9e397b599b13d642138480a28c14db7a136bf0Adam Langley mov \$1,%eax # ExceptionContinueSearch 2740d9e397b599b13d642138480a28c14db7a136bf0Adam Langley add \$64,%rsp 2741d9e397b599b13d642138480a28c14db7a136bf0Adam Langley popfq 2742d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %r15 2743d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %r14 2744d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %r13 2745d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %r12 2746d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %rbp 2747d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %rbx 2748d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %rdi 2749d9e397b599b13d642138480a28c14db7a136bf0Adam Langley pop %rsi 2750d9e397b599b13d642138480a28c14db7a136bf0Adam Langley ret 2751d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.size cbc_se_handler,.-cbc_se_handler 2752d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2753d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.section .pdata 2754d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 4 2755d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_begin_asm_AES_encrypt 2756d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_end_asm_AES_encrypt 2757d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_info_asm_AES_encrypt 2758d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2759d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_begin_asm_AES_decrypt 2760d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_end_asm_AES_decrypt 2761d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_info_asm_AES_decrypt 2762d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2763d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_begin_asm_AES_set_encrypt_key 2764d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_end_asm_AES_set_encrypt_key 2765d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_info_asm_AES_set_encrypt_key 2766d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2767d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_begin_asm_AES_set_decrypt_key 2768d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_end_asm_AES_set_decrypt_key 2769d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_info_asm_AES_set_decrypt_key 2770d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2771d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_begin_asm_AES_cbc_encrypt 2772d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_end_asm_AES_cbc_encrypt 2773d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .LSEH_info_asm_AES_cbc_encrypt 2774d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2775d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.section .xdata 2776d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.align 8 2777d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSEH_info_asm_AES_encrypt: 2778d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 9,0,0,0 2779d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva block_se_handler 2780d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] 2781d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSEH_info_asm_AES_decrypt: 2782d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 9,0,0,0 2783d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva block_se_handler 2784d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] 2785d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSEH_info_asm_AES_set_encrypt_key: 2786d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 9,0,0,0 2787d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva key_se_handler 2788d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] 2789d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSEH_info_asm_AES_set_decrypt_key: 2790d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 9,0,0,0 2791d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva key_se_handler 2792d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] 2793d9e397b599b13d642138480a28c14db7a136bf0Adam Langley.LSEH_info_asm_AES_cbc_encrypt: 2794d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .byte 9,0,0,0 2795d9e397b599b13d642138480a28c14db7a136bf0Adam Langley .rva cbc_se_handler 2796d9e397b599b13d642138480a28c14db7a136bf0Adam Langley___ 2797d9e397b599b13d642138480a28c14db7a136bf0Adam Langley} 2798d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2799d9e397b599b13d642138480a28c14db7a136bf0Adam Langley$code =~ s/\`([^\`]*)\`/eval($1)/gem; 2800d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2801d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyprint $code; 2802d9e397b599b13d642138480a28c14db7a136bf0Adam Langley 2803d9e397b599b13d642138480a28c14db7a136bf0Adam Langleyclose STDOUT; 2804