• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// This file is generated from a similarly-named Perl script in the BoringSSL
2// source tree. Do not edit by hand.
3
4#if defined(__has_feature)
5#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
6#define OPENSSL_NO_ASM
7#endif
8#endif
9
10#if !defined(OPENSSL_NO_ASM)
11#if defined(__arm__)
12#if defined(BORINGSSL_PREFIX)
13#include <boringssl_prefix_symbols_asm.h>
14#endif
15@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
16@
17@ Licensed under the OpenSSL license (the "License").  You may not use
18@ this file except in compliance with the License.  You can obtain a copy
19@ in the file LICENSE in the source distribution or at
20@ https://www.openssl.org/source/license.html
21
22
23@ ====================================================================
24@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
25@ project. The module is, however, dual licensed under OpenSSL and
26@ CRYPTOGAMS licenses depending on where you obtain it. For further
27@ details see http://www.openssl.org/~appro/cryptogams/.
28@ ====================================================================
29
30@ AES for ARMv4
31
32@ January 2007.
33@
34@ Code uses single 1K S-box and is >2 times faster than code generated
35@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
36@ allows to merge logical or arithmetic operation with shift or rotate
37@ in one instruction and emit combined result every cycle. The module
38@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
39@ key [on single-issue Xscale PXA250 core].
40
41@ May 2007.
42@
43@ AES_set_[en|de]crypt_key is added.
44
45@ July 2010.
46@
47@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
48@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
49
50@ February 2011.
51@
52@ Profiler-assisted and platform-specific optimization resulted in 16%
53@ improvement on Cortex A8 core and ~21.5 cycles per byte.
54
55#ifndef __KERNEL__
56# include <openssl/arm_arch.h>
57#else
58# define __ARM_ARCH__ __LINUX_ARM_ARCH__
59#endif
60
61@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
62@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
63@ instructions are in aesv8-armx.pl.)
64.arch	armv7-a
65
66.text
67#if defined(__thumb2__) && !defined(__APPLE__)
68.syntax	unified
69.thumb
70#else
71.code	32
72#undef __thumb2__
73#endif
74
75.type	AES_Te,%object
76.align	5
77AES_Te:
78.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
79.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
80.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
81.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
82.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
83.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
84.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
85.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
86.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
87.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
88.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
89.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
90.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
91.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
92.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
93.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
94.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
95.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
96.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
97.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
98.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
99.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
100.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
101.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
102.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
103.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
104.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
105.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
106.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
107.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
108.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
109.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
110.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
111.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
112.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
113.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
114.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
115.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
116.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
117.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
118.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
119.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
120.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
121.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
122.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
123.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
124.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
125.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
126.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
127.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
128.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
129.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
130.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
131.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
132.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
133.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
134.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
135.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
136.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
137.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
138.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
139.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
140.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
141.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
142@ Te4[256]
143.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
144.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
145.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
146.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
147.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
148.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
149.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
150.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
151.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
152.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
153.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
154.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
155.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
156.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
157.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
158.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
159.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
160.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
161.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
162.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
163.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
164.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
165.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
166.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
167.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
168.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
169.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
170.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
171.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
172.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
173.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
174.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
175@ rcon[]
176.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
177.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
178.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
179.size	AES_Te,.-AES_Te
180
181@ void aes_nohw_encrypt(const unsigned char *in, unsigned char *out,
182@ 		                  const AES_KEY *key) {
183.globl	aes_nohw_encrypt
184.hidden	aes_nohw_encrypt
185.type	aes_nohw_encrypt,%function
186.align	5
187aes_nohw_encrypt:
188#ifndef	__thumb2__
189	sub	r3,pc,#8		@ aes_nohw_encrypt
190#else
191	adr	r3,.
192#endif
193	stmdb	sp!,{r1,r4-r12,lr}
194#if defined(__thumb2__) || defined(__APPLE__)
195	adr	r10,AES_Te
196#else
197	sub	r10,r3,#aes_nohw_encrypt-AES_Te	@ Te
198#endif
199	mov	r12,r0		@ inp
200	mov	r11,r2
201#if __ARM_ARCH__<7
202	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
203	ldrb	r4,[r12,#2]	@ manner...
204	ldrb	r5,[r12,#1]
205	ldrb	r6,[r12,#0]
206	orr	r0,r0,r4,lsl#8
207	ldrb	r1,[r12,#7]
208	orr	r0,r0,r5,lsl#16
209	ldrb	r4,[r12,#6]
210	orr	r0,r0,r6,lsl#24
211	ldrb	r5,[r12,#5]
212	ldrb	r6,[r12,#4]
213	orr	r1,r1,r4,lsl#8
214	ldrb	r2,[r12,#11]
215	orr	r1,r1,r5,lsl#16
216	ldrb	r4,[r12,#10]
217	orr	r1,r1,r6,lsl#24
218	ldrb	r5,[r12,#9]
219	ldrb	r6,[r12,#8]
220	orr	r2,r2,r4,lsl#8
221	ldrb	r3,[r12,#15]
222	orr	r2,r2,r5,lsl#16
223	ldrb	r4,[r12,#14]
224	orr	r2,r2,r6,lsl#24
225	ldrb	r5,[r12,#13]
226	ldrb	r6,[r12,#12]
227	orr	r3,r3,r4,lsl#8
228	orr	r3,r3,r5,lsl#16
229	orr	r3,r3,r6,lsl#24
230#else
231	ldr	r0,[r12,#0]
232	ldr	r1,[r12,#4]
233	ldr	r2,[r12,#8]
234	ldr	r3,[r12,#12]
235#ifdef __ARMEL__
236	rev	r0,r0
237	rev	r1,r1
238	rev	r2,r2
239	rev	r3,r3
240#endif
241#endif
242	bl	_armv4_AES_encrypt
243
244	ldr	r12,[sp],#4		@ pop out
245#if __ARM_ARCH__>=7
246#ifdef __ARMEL__
247	rev	r0,r0
248	rev	r1,r1
249	rev	r2,r2
250	rev	r3,r3
251#endif
252	str	r0,[r12,#0]
253	str	r1,[r12,#4]
254	str	r2,[r12,#8]
255	str	r3,[r12,#12]
256#else
257	mov	r4,r0,lsr#24		@ write output in endian-neutral
258	mov	r5,r0,lsr#16		@ manner...
259	mov	r6,r0,lsr#8
260	strb	r4,[r12,#0]
261	strb	r5,[r12,#1]
262	mov	r4,r1,lsr#24
263	strb	r6,[r12,#2]
264	mov	r5,r1,lsr#16
265	strb	r0,[r12,#3]
266	mov	r6,r1,lsr#8
267	strb	r4,[r12,#4]
268	strb	r5,[r12,#5]
269	mov	r4,r2,lsr#24
270	strb	r6,[r12,#6]
271	mov	r5,r2,lsr#16
272	strb	r1,[r12,#7]
273	mov	r6,r2,lsr#8
274	strb	r4,[r12,#8]
275	strb	r5,[r12,#9]
276	mov	r4,r3,lsr#24
277	strb	r6,[r12,#10]
278	mov	r5,r3,lsr#16
279	strb	r2,[r12,#11]
280	mov	r6,r3,lsr#8
281	strb	r4,[r12,#12]
282	strb	r5,[r12,#13]
283	strb	r6,[r12,#14]
284	strb	r3,[r12,#15]
285#endif
286#if __ARM_ARCH__>=5
287	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
288#else
289	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
290	tst	lr,#1
291	moveq	pc,lr			@ be binary compatible with V4, yet
292.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
293#endif
294.size	aes_nohw_encrypt,.-aes_nohw_encrypt
295
296.type	_armv4_AES_encrypt,%function
297.align	2
298_armv4_AES_encrypt:
299	str	lr,[sp,#-4]!		@ push lr
300	ldmia	r11!,{r4,r5,r6,r7}
301	eor	r0,r0,r4
302	ldr	r12,[r11,#240-16]
303	eor	r1,r1,r5
304	eor	r2,r2,r6
305	eor	r3,r3,r7
306	sub	r12,r12,#1
307	mov	lr,#255
308
309	and	r7,lr,r0
310	and	r8,lr,r0,lsr#8
311	and	r9,lr,r0,lsr#16
312	mov	r0,r0,lsr#24
313.Lenc_loop:
314	ldr	r4,[r10,r7,lsl#2]	@ Te3[s0>>0]
315	and	r7,lr,r1,lsr#16	@ i0
316	ldr	r5,[r10,r8,lsl#2]	@ Te2[s0>>8]
317	and	r8,lr,r1
318	ldr	r6,[r10,r9,lsl#2]	@ Te1[s0>>16]
319	and	r9,lr,r1,lsr#8
320	ldr	r0,[r10,r0,lsl#2]	@ Te0[s0>>24]
321	mov	r1,r1,lsr#24
322
323	ldr	r7,[r10,r7,lsl#2]	@ Te1[s1>>16]
324	ldr	r8,[r10,r8,lsl#2]	@ Te3[s1>>0]
325	ldr	r9,[r10,r9,lsl#2]	@ Te2[s1>>8]
326	eor	r0,r0,r7,ror#8
327	ldr	r1,[r10,r1,lsl#2]	@ Te0[s1>>24]
328	and	r7,lr,r2,lsr#8	@ i0
329	eor	r5,r5,r8,ror#8
330	and	r8,lr,r2,lsr#16	@ i1
331	eor	r6,r6,r9,ror#8
332	and	r9,lr,r2
333	ldr	r7,[r10,r7,lsl#2]	@ Te2[s2>>8]
334	eor	r1,r1,r4,ror#24
335	ldr	r8,[r10,r8,lsl#2]	@ Te1[s2>>16]
336	mov	r2,r2,lsr#24
337
338	ldr	r9,[r10,r9,lsl#2]	@ Te3[s2>>0]
339	eor	r0,r0,r7,ror#16
340	ldr	r2,[r10,r2,lsl#2]	@ Te0[s2>>24]
341	and	r7,lr,r3		@ i0
342	eor	r1,r1,r8,ror#8
343	and	r8,lr,r3,lsr#8	@ i1
344	eor	r6,r6,r9,ror#16
345	and	r9,lr,r3,lsr#16	@ i2
346	ldr	r7,[r10,r7,lsl#2]	@ Te3[s3>>0]
347	eor	r2,r2,r5,ror#16
348	ldr	r8,[r10,r8,lsl#2]	@ Te2[s3>>8]
349	mov	r3,r3,lsr#24
350
351	ldr	r9,[r10,r9,lsl#2]	@ Te1[s3>>16]
352	eor	r0,r0,r7,ror#24
353	ldr	r7,[r11],#16
354	eor	r1,r1,r8,ror#16
355	ldr	r3,[r10,r3,lsl#2]	@ Te0[s3>>24]
356	eor	r2,r2,r9,ror#8
357	ldr	r4,[r11,#-12]
358	eor	r3,r3,r6,ror#8
359
360	ldr	r5,[r11,#-8]
361	eor	r0,r0,r7
362	ldr	r6,[r11,#-4]
363	and	r7,lr,r0
364	eor	r1,r1,r4
365	and	r8,lr,r0,lsr#8
366	eor	r2,r2,r5
367	and	r9,lr,r0,lsr#16
368	eor	r3,r3,r6
369	mov	r0,r0,lsr#24
370
371	subs	r12,r12,#1
372	bne	.Lenc_loop
373
374	add	r10,r10,#2
375
376	ldrb	r4,[r10,r7,lsl#2]	@ Te4[s0>>0]
377	and	r7,lr,r1,lsr#16	@ i0
378	ldrb	r5,[r10,r8,lsl#2]	@ Te4[s0>>8]
379	and	r8,lr,r1
380	ldrb	r6,[r10,r9,lsl#2]	@ Te4[s0>>16]
381	and	r9,lr,r1,lsr#8
382	ldrb	r0,[r10,r0,lsl#2]	@ Te4[s0>>24]
383	mov	r1,r1,lsr#24
384
385	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s1>>16]
386	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s1>>0]
387	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s1>>8]
388	eor	r0,r7,r0,lsl#8
389	ldrb	r1,[r10,r1,lsl#2]	@ Te4[s1>>24]
390	and	r7,lr,r2,lsr#8	@ i0
391	eor	r5,r8,r5,lsl#8
392	and	r8,lr,r2,lsr#16	@ i1
393	eor	r6,r9,r6,lsl#8
394	and	r9,lr,r2
395	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s2>>8]
396	eor	r1,r4,r1,lsl#24
397	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s2>>16]
398	mov	r2,r2,lsr#24
399
400	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s2>>0]
401	eor	r0,r7,r0,lsl#8
402	ldrb	r2,[r10,r2,lsl#2]	@ Te4[s2>>24]
403	and	r7,lr,r3		@ i0
404	eor	r1,r1,r8,lsl#16
405	and	r8,lr,r3,lsr#8	@ i1
406	eor	r6,r9,r6,lsl#8
407	and	r9,lr,r3,lsr#16	@ i2
408	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s3>>0]
409	eor	r2,r5,r2,lsl#24
410	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s3>>8]
411	mov	r3,r3,lsr#24
412
413	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s3>>16]
414	eor	r0,r7,r0,lsl#8
415	ldr	r7,[r11,#0]
416	ldrb	r3,[r10,r3,lsl#2]	@ Te4[s3>>24]
417	eor	r1,r1,r8,lsl#8
418	ldr	r4,[r11,#4]
419	eor	r2,r2,r9,lsl#16
420	ldr	r5,[r11,#8]
421	eor	r3,r6,r3,lsl#24
422	ldr	r6,[r11,#12]
423
424	eor	r0,r0,r7
425	eor	r1,r1,r4
426	eor	r2,r2,r5
427	eor	r3,r3,r6
428
429	sub	r10,r10,#2
430	ldr	pc,[sp],#4		@ pop and return
431.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
432
433.globl	aes_nohw_set_encrypt_key
434.hidden	aes_nohw_set_encrypt_key
435.type	aes_nohw_set_encrypt_key,%function
436.align	5
437aes_nohw_set_encrypt_key:
438_armv4_AES_set_encrypt_key:
439#ifndef	__thumb2__
440	sub	r3,pc,#8		@ aes_nohw_set_encrypt_key
441#else
442	adr	r3,.
443#endif
444	teq	r0,#0
445#ifdef	__thumb2__
446	itt	eq			@ Thumb2 thing, sanity check in ARM
447#endif
448	moveq	r0,#-1
449	beq	.Labrt
450	teq	r2,#0
451#ifdef	__thumb2__
452	itt	eq			@ Thumb2 thing, sanity check in ARM
453#endif
454	moveq	r0,#-1
455	beq	.Labrt
456
457	teq	r1,#128
458	beq	.Lok
459	teq	r1,#192
460	beq	.Lok
461	teq	r1,#256
462#ifdef	__thumb2__
463	itt	ne			@ Thumb2 thing, sanity check in ARM
464#endif
465	movne	r0,#-1
466	bne	.Labrt
467
468.Lok:	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
469	mov	r12,r0		@ inp
470	mov	lr,r1			@ bits
471	mov	r11,r2			@ key
472
473#if defined(__thumb2__) || defined(__APPLE__)
474	adr	r10,AES_Te+1024				@ Te4
475#else
476	sub	r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
477#endif
478
479#if __ARM_ARCH__<7
480	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
481	ldrb	r4,[r12,#2]	@ manner...
482	ldrb	r5,[r12,#1]
483	ldrb	r6,[r12,#0]
484	orr	r0,r0,r4,lsl#8
485	ldrb	r1,[r12,#7]
486	orr	r0,r0,r5,lsl#16
487	ldrb	r4,[r12,#6]
488	orr	r0,r0,r6,lsl#24
489	ldrb	r5,[r12,#5]
490	ldrb	r6,[r12,#4]
491	orr	r1,r1,r4,lsl#8
492	ldrb	r2,[r12,#11]
493	orr	r1,r1,r5,lsl#16
494	ldrb	r4,[r12,#10]
495	orr	r1,r1,r6,lsl#24
496	ldrb	r5,[r12,#9]
497	ldrb	r6,[r12,#8]
498	orr	r2,r2,r4,lsl#8
499	ldrb	r3,[r12,#15]
500	orr	r2,r2,r5,lsl#16
501	ldrb	r4,[r12,#14]
502	orr	r2,r2,r6,lsl#24
503	ldrb	r5,[r12,#13]
504	ldrb	r6,[r12,#12]
505	orr	r3,r3,r4,lsl#8
506	str	r0,[r11],#16
507	orr	r3,r3,r5,lsl#16
508	str	r1,[r11,#-12]
509	orr	r3,r3,r6,lsl#24
510	str	r2,[r11,#-8]
511	str	r3,[r11,#-4]
512#else
513	ldr	r0,[r12,#0]
514	ldr	r1,[r12,#4]
515	ldr	r2,[r12,#8]
516	ldr	r3,[r12,#12]
517#ifdef __ARMEL__
518	rev	r0,r0
519	rev	r1,r1
520	rev	r2,r2
521	rev	r3,r3
522#endif
523	str	r0,[r11],#16
524	str	r1,[r11,#-12]
525	str	r2,[r11,#-8]
526	str	r3,[r11,#-4]
527#endif
528
529	teq	lr,#128
530	bne	.Lnot128
531	mov	r12,#10
532	str	r12,[r11,#240-16]
533	add	r6,r10,#256			@ rcon
534	mov	lr,#255
535
536.L128_loop:
537	and	r5,lr,r3,lsr#24
538	and	r7,lr,r3,lsr#16
539	ldrb	r5,[r10,r5]
540	and	r8,lr,r3,lsr#8
541	ldrb	r7,[r10,r7]
542	and	r9,lr,r3
543	ldrb	r8,[r10,r8]
544	orr	r5,r5,r7,lsl#24
545	ldrb	r9,[r10,r9]
546	orr	r5,r5,r8,lsl#16
547	ldr	r4,[r6],#4			@ rcon[i++]
548	orr	r5,r5,r9,lsl#8
549	eor	r5,r5,r4
550	eor	r0,r0,r5			@ rk[4]=rk[0]^...
551	eor	r1,r1,r0			@ rk[5]=rk[1]^rk[4]
552	str	r0,[r11],#16
553	eor	r2,r2,r1			@ rk[6]=rk[2]^rk[5]
554	str	r1,[r11,#-12]
555	eor	r3,r3,r2			@ rk[7]=rk[3]^rk[6]
556	str	r2,[r11,#-8]
557	subs	r12,r12,#1
558	str	r3,[r11,#-4]
559	bne	.L128_loop
560	sub	r2,r11,#176
561	b	.Ldone
562
563.Lnot128:
564#if __ARM_ARCH__<7
565	ldrb	r8,[r12,#19]
566	ldrb	r4,[r12,#18]
567	ldrb	r5,[r12,#17]
568	ldrb	r6,[r12,#16]
569	orr	r8,r8,r4,lsl#8
570	ldrb	r9,[r12,#23]
571	orr	r8,r8,r5,lsl#16
572	ldrb	r4,[r12,#22]
573	orr	r8,r8,r6,lsl#24
574	ldrb	r5,[r12,#21]
575	ldrb	r6,[r12,#20]
576	orr	r9,r9,r4,lsl#8
577	orr	r9,r9,r5,lsl#16
578	str	r8,[r11],#8
579	orr	r9,r9,r6,lsl#24
580	str	r9,[r11,#-4]
581#else
582	ldr	r8,[r12,#16]
583	ldr	r9,[r12,#20]
584#ifdef __ARMEL__
585	rev	r8,r8
586	rev	r9,r9
587#endif
588	str	r8,[r11],#8
589	str	r9,[r11,#-4]
590#endif
591
592	teq	lr,#192
593	bne	.Lnot192
594	mov	r12,#12
595	str	r12,[r11,#240-24]
596	add	r6,r10,#256			@ rcon
597	mov	lr,#255
598	mov	r12,#8
599
600.L192_loop:
601	and	r5,lr,r9,lsr#24
602	and	r7,lr,r9,lsr#16
603	ldrb	r5,[r10,r5]
604	and	r8,lr,r9,lsr#8
605	ldrb	r7,[r10,r7]
606	and	r9,lr,r9
607	ldrb	r8,[r10,r8]
608	orr	r5,r5,r7,lsl#24
609	ldrb	r9,[r10,r9]
610	orr	r5,r5,r8,lsl#16
611	ldr	r4,[r6],#4			@ rcon[i++]
612	orr	r5,r5,r9,lsl#8
613	eor	r9,r5,r4
614	eor	r0,r0,r9			@ rk[6]=rk[0]^...
615	eor	r1,r1,r0			@ rk[7]=rk[1]^rk[6]
616	str	r0,[r11],#24
617	eor	r2,r2,r1			@ rk[8]=rk[2]^rk[7]
618	str	r1,[r11,#-20]
619	eor	r3,r3,r2			@ rk[9]=rk[3]^rk[8]
620	str	r2,[r11,#-16]
621	subs	r12,r12,#1
622	str	r3,[r11,#-12]
623#ifdef	__thumb2__
624	itt	eq				@ Thumb2 thing, sanity check in ARM
625#endif
626	subeq	r2,r11,#216
627	beq	.Ldone
628
629	ldr	r7,[r11,#-32]
630	ldr	r8,[r11,#-28]
631	eor	r7,r7,r3			@ rk[10]=rk[4]^rk[9]
632	eor	r9,r8,r7			@ rk[11]=rk[5]^rk[10]
633	str	r7,[r11,#-8]
634	str	r9,[r11,#-4]
635	b	.L192_loop
636
637.Lnot192:
638#if __ARM_ARCH__<7
639	ldrb	r8,[r12,#27]
640	ldrb	r4,[r12,#26]
641	ldrb	r5,[r12,#25]
642	ldrb	r6,[r12,#24]
643	orr	r8,r8,r4,lsl#8
644	ldrb	r9,[r12,#31]
645	orr	r8,r8,r5,lsl#16
646	ldrb	r4,[r12,#30]
647	orr	r8,r8,r6,lsl#24
648	ldrb	r5,[r12,#29]
649	ldrb	r6,[r12,#28]
650	orr	r9,r9,r4,lsl#8
651	orr	r9,r9,r5,lsl#16
652	str	r8,[r11],#8
653	orr	r9,r9,r6,lsl#24
654	str	r9,[r11,#-4]
655#else
656	ldr	r8,[r12,#24]
657	ldr	r9,[r12,#28]
658#ifdef __ARMEL__
659	rev	r8,r8
660	rev	r9,r9
661#endif
662	str	r8,[r11],#8
663	str	r9,[r11,#-4]
664#endif
665
666	mov	r12,#14
667	str	r12,[r11,#240-32]
668	add	r6,r10,#256			@ rcon
669	mov	lr,#255
670	mov	r12,#7
671
672.L256_loop:
673	and	r5,lr,r9,lsr#24
674	and	r7,lr,r9,lsr#16
675	ldrb	r5,[r10,r5]
676	and	r8,lr,r9,lsr#8
677	ldrb	r7,[r10,r7]
678	and	r9,lr,r9
679	ldrb	r8,[r10,r8]
680	orr	r5,r5,r7,lsl#24
681	ldrb	r9,[r10,r9]
682	orr	r5,r5,r8,lsl#16
683	ldr	r4,[r6],#4			@ rcon[i++]
684	orr	r5,r5,r9,lsl#8
685	eor	r9,r5,r4
686	eor	r0,r0,r9			@ rk[8]=rk[0]^...
687	eor	r1,r1,r0			@ rk[9]=rk[1]^rk[8]
688	str	r0,[r11],#32
689	eor	r2,r2,r1			@ rk[10]=rk[2]^rk[9]
690	str	r1,[r11,#-28]
691	eor	r3,r3,r2			@ rk[11]=rk[3]^rk[10]
692	str	r2,[r11,#-24]
693	subs	r12,r12,#1
694	str	r3,[r11,#-20]
695#ifdef	__thumb2__
696	itt	eq				@ Thumb2 thing, sanity check in ARM
697#endif
698	subeq	r2,r11,#256
699	beq	.Ldone
700
701	and	r5,lr,r3
702	and	r7,lr,r3,lsr#8
703	ldrb	r5,[r10,r5]
704	and	r8,lr,r3,lsr#16
705	ldrb	r7,[r10,r7]
706	and	r9,lr,r3,lsr#24
707	ldrb	r8,[r10,r8]
708	orr	r5,r5,r7,lsl#8
709	ldrb	r9,[r10,r9]
710	orr	r5,r5,r8,lsl#16
711	ldr	r4,[r11,#-48]
712	orr	r5,r5,r9,lsl#24
713
714	ldr	r7,[r11,#-44]
715	ldr	r8,[r11,#-40]
716	eor	r4,r4,r5			@ rk[12]=rk[4]^...
717	ldr	r9,[r11,#-36]
718	eor	r7,r7,r4			@ rk[13]=rk[5]^rk[12]
719	str	r4,[r11,#-16]
720	eor	r8,r8,r7			@ rk[14]=rk[6]^rk[13]
721	str	r7,[r11,#-12]
722	eor	r9,r9,r8			@ rk[15]=rk[7]^rk[14]
723	str	r8,[r11,#-8]
724	str	r9,[r11,#-4]
725	b	.L256_loop
726
727.align	2
728.Ldone:	mov	r0,#0
729	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
730.Labrt:
731#if __ARM_ARCH__>=5
732	bx	lr				@ .word	0xe12fff1e
733#else
734	tst	lr,#1
735	moveq	pc,lr			@ be binary compatible with V4, yet
736.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
737#endif
738.size	aes_nohw_set_encrypt_key,.-aes_nohw_set_encrypt_key
739
740.globl	aes_nohw_set_decrypt_key
741.hidden	aes_nohw_set_decrypt_key
742.type	aes_nohw_set_decrypt_key,%function
743.align	5
744aes_nohw_set_decrypt_key:
745	str	lr,[sp,#-4]!            @ push lr
746	bl	_armv4_AES_set_encrypt_key
747	teq	r0,#0
748	ldr	lr,[sp],#4              @ pop lr
749	bne	.Labrt
750
751	mov	r0,r2			@ aes_nohw_set_encrypt_key preserves r2,
752	mov	r1,r2			@ which is AES_KEY *key
753	b	_armv4_AES_set_enc2dec_key
754.size	aes_nohw_set_decrypt_key,.-aes_nohw_set_decrypt_key
755
756@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
757.globl	AES_set_enc2dec_key
758.hidden	AES_set_enc2dec_key
759.type	AES_set_enc2dec_key,%function
760.align	5
761AES_set_enc2dec_key:
762_armv4_AES_set_enc2dec_key:
763	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
764
765	ldr	r12,[r0,#240]
766	mov	r7,r0			@ input
767	add	r8,r0,r12,lsl#4
768	mov	r11,r1			@ output
769	add	r10,r1,r12,lsl#4
770	str	r12,[r1,#240]
771
772.Linv:	ldr	r0,[r7],#16
773	ldr	r1,[r7,#-12]
774	ldr	r2,[r7,#-8]
775	ldr	r3,[r7,#-4]
776	ldr	r4,[r8],#-16
777	ldr	r5,[r8,#16+4]
778	ldr	r6,[r8,#16+8]
779	ldr	r9,[r8,#16+12]
780	str	r0,[r10],#-16
781	str	r1,[r10,#16+4]
782	str	r2,[r10,#16+8]
783	str	r3,[r10,#16+12]
784	str	r4,[r11],#16
785	str	r5,[r11,#-12]
786	str	r6,[r11,#-8]
787	str	r9,[r11,#-4]
788	teq	r7,r8
789	bne	.Linv
790
791	ldr	r0,[r7]
792	ldr	r1,[r7,#4]
793	ldr	r2,[r7,#8]
794	ldr	r3,[r7,#12]
795	str	r0,[r11]
796	str	r1,[r11,#4]
797	str	r2,[r11,#8]
798	str	r3,[r11,#12]
799	sub	r11,r11,r12,lsl#3
800	ldr	r0,[r11,#16]!		@ prefetch tp1
801	mov	r7,#0x80
802	mov	r8,#0x1b
803	orr	r7,r7,#0x8000
804	orr	r8,r8,#0x1b00
805	orr	r7,r7,r7,lsl#16
806	orr	r8,r8,r8,lsl#16
807	sub	r12,r12,#1
808	mvn	r9,r7
809	mov	r12,r12,lsl#2	@ (rounds-1)*4
810
811.Lmix:	and	r4,r0,r7
812	and	r1,r0,r9
813	sub	r4,r4,r4,lsr#7
814	and	r4,r4,r8
815	eor	r1,r4,r1,lsl#1	@ tp2
816
817	and	r4,r1,r7
818	and	r2,r1,r9
819	sub	r4,r4,r4,lsr#7
820	and	r4,r4,r8
821	eor	r2,r4,r2,lsl#1	@ tp4
822
823	and	r4,r2,r7
824	and	r3,r2,r9
825	sub	r4,r4,r4,lsr#7
826	and	r4,r4,r8
827	eor	r3,r4,r3,lsl#1	@ tp8
828
829	eor	r4,r1,r2
830	eor	r5,r0,r3		@ tp9
831	eor	r4,r4,r3		@ tpe
832	eor	r4,r4,r1,ror#24
833	eor	r4,r4,r5,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
834	eor	r4,r4,r2,ror#16
835	eor	r4,r4,r5,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
836	eor	r4,r4,r5,ror#8	@ ^= ROTATE(tp9,24)
837
838	ldr	r0,[r11,#4]		@ prefetch tp1
839	str	r4,[r11],#4
840	subs	r12,r12,#1
841	bne	.Lmix
842
843	mov	r0,#0
844#if __ARM_ARCH__>=5
845	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
846#else
847	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
848	tst	lr,#1
849	moveq	pc,lr			@ be binary compatible with V4, yet
850.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
851#endif
852.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
853
854.type	AES_Td,%object
855.align	5
856AES_Td:
857.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
858.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
859.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
860.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
861.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
862.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
863.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
864.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
865.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
866.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
867.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
868.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
869.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
870.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
871.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
872.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
873.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
874.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
875.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
876.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
877.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
878.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
879.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
880.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
881.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
882.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
883.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
884.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
885.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
886.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
887.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
888.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
889.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
890.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
891.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
892.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
893.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
894.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
895.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
896.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
897.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
898.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
899.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
900.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
901.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
902.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
903.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
904.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
905.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
906.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
907.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
908.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
909.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
910.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
911.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
912.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
913.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
914.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
915.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
916.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
917.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
918.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
919.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
920.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
921@ Td4[256]
922.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
923.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
924.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
925.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
926.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
927.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
928.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
929.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
930.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
931.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
932.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
933.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
934.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
935.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
936.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
937.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
938.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
939.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
940.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
941.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
942.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
943.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
944.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
945.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
946.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
947.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
948.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
949.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
950.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
951.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
952.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
953.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
954.size	AES_Td,.-AES_Td
955
956@ void aes_nohw_decrypt(const unsigned char *in, unsigned char *out,
957@ 		                  const AES_KEY *key) {
958.globl	aes_nohw_decrypt
959.hidden	aes_nohw_decrypt
960.type	aes_nohw_decrypt,%function
961.align	5
962aes_nohw_decrypt:
963#ifndef	__thumb2__
964	sub	r3,pc,#8		@ aes_nohw_decrypt
965#else
966	adr	r3,.
967#endif
968	stmdb	sp!,{r1,r4-r12,lr}
969#if defined(__thumb2__) || defined(__APPLE__)
970	adr	r10,AES_Td
971#else
972	sub	r10,r3,#aes_nohw_decrypt-AES_Td	@ Td
973#endif
974	mov	r12,r0		@ inp
975	mov	r11,r2
976#if __ARM_ARCH__<7
977	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
978	ldrb	r4,[r12,#2]	@ manner...
979	ldrb	r5,[r12,#1]
980	ldrb	r6,[r12,#0]
981	orr	r0,r0,r4,lsl#8
982	ldrb	r1,[r12,#7]
983	orr	r0,r0,r5,lsl#16
984	ldrb	r4,[r12,#6]
985	orr	r0,r0,r6,lsl#24
986	ldrb	r5,[r12,#5]
987	ldrb	r6,[r12,#4]
988	orr	r1,r1,r4,lsl#8
989	ldrb	r2,[r12,#11]
990	orr	r1,r1,r5,lsl#16
991	ldrb	r4,[r12,#10]
992	orr	r1,r1,r6,lsl#24
993	ldrb	r5,[r12,#9]
994	ldrb	r6,[r12,#8]
995	orr	r2,r2,r4,lsl#8
996	ldrb	r3,[r12,#15]
997	orr	r2,r2,r5,lsl#16
998	ldrb	r4,[r12,#14]
999	orr	r2,r2,r6,lsl#24
1000	ldrb	r5,[r12,#13]
1001	ldrb	r6,[r12,#12]
1002	orr	r3,r3,r4,lsl#8
1003	orr	r3,r3,r5,lsl#16
1004	orr	r3,r3,r6,lsl#24
1005#else
1006	ldr	r0,[r12,#0]
1007	ldr	r1,[r12,#4]
1008	ldr	r2,[r12,#8]
1009	ldr	r3,[r12,#12]
1010#ifdef __ARMEL__
1011	rev	r0,r0
1012	rev	r1,r1
1013	rev	r2,r2
1014	rev	r3,r3
1015#endif
1016#endif
1017	bl	_armv4_AES_decrypt
1018
1019	ldr	r12,[sp],#4		@ pop out
1020#if __ARM_ARCH__>=7
1021#ifdef __ARMEL__
1022	rev	r0,r0
1023	rev	r1,r1
1024	rev	r2,r2
1025	rev	r3,r3
1026#endif
1027	str	r0,[r12,#0]
1028	str	r1,[r12,#4]
1029	str	r2,[r12,#8]
1030	str	r3,[r12,#12]
1031#else
1032	mov	r4,r0,lsr#24		@ write output in endian-neutral
1033	mov	r5,r0,lsr#16		@ manner...
1034	mov	r6,r0,lsr#8
1035	strb	r4,[r12,#0]
1036	strb	r5,[r12,#1]
1037	mov	r4,r1,lsr#24
1038	strb	r6,[r12,#2]
1039	mov	r5,r1,lsr#16
1040	strb	r0,[r12,#3]
1041	mov	r6,r1,lsr#8
1042	strb	r4,[r12,#4]
1043	strb	r5,[r12,#5]
1044	mov	r4,r2,lsr#24
1045	strb	r6,[r12,#6]
1046	mov	r5,r2,lsr#16
1047	strb	r1,[r12,#7]
1048	mov	r6,r2,lsr#8
1049	strb	r4,[r12,#8]
1050	strb	r5,[r12,#9]
1051	mov	r4,r3,lsr#24
1052	strb	r6,[r12,#10]
1053	mov	r5,r3,lsr#16
1054	strb	r2,[r12,#11]
1055	mov	r6,r3,lsr#8
1056	strb	r4,[r12,#12]
1057	strb	r5,[r12,#13]
1058	strb	r6,[r12,#14]
1059	strb	r3,[r12,#15]
1060#endif
1061#if __ARM_ARCH__>=5
1062	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
1063#else
1064	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
1065	tst	lr,#1
1066	moveq	pc,lr			@ be binary compatible with V4, yet
1067.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
1068#endif
1069.size	aes_nohw_decrypt,.-aes_nohw_decrypt
1070
1071.type	_armv4_AES_decrypt,%function
1072.align	2
1073_armv4_AES_decrypt:
1074	str	lr,[sp,#-4]!		@ push lr
1075	ldmia	r11!,{r4,r5,r6,r7}
1076	eor	r0,r0,r4
1077	ldr	r12,[r11,#240-16]
1078	eor	r1,r1,r5
1079	eor	r2,r2,r6
1080	eor	r3,r3,r7
1081	sub	r12,r12,#1
1082	mov	lr,#255
1083
1084	and	r7,lr,r0,lsr#16
1085	and	r8,lr,r0,lsr#8
1086	and	r9,lr,r0
1087	mov	r0,r0,lsr#24
1088.Ldec_loop:
1089	ldr	r4,[r10,r7,lsl#2]	@ Td1[s0>>16]
1090	and	r7,lr,r1		@ i0
1091	ldr	r5,[r10,r8,lsl#2]	@ Td2[s0>>8]
1092	and	r8,lr,r1,lsr#16
1093	ldr	r6,[r10,r9,lsl#2]	@ Td3[s0>>0]
1094	and	r9,lr,r1,lsr#8
1095	ldr	r0,[r10,r0,lsl#2]	@ Td0[s0>>24]
1096	mov	r1,r1,lsr#24
1097
1098	ldr	r7,[r10,r7,lsl#2]	@ Td3[s1>>0]
1099	ldr	r8,[r10,r8,lsl#2]	@ Td1[s1>>16]
1100	ldr	r9,[r10,r9,lsl#2]	@ Td2[s1>>8]
1101	eor	r0,r0,r7,ror#24
1102	ldr	r1,[r10,r1,lsl#2]	@ Td0[s1>>24]
1103	and	r7,lr,r2,lsr#8	@ i0
1104	eor	r5,r8,r5,ror#8
1105	and	r8,lr,r2		@ i1
1106	eor	r6,r9,r6,ror#8
1107	and	r9,lr,r2,lsr#16
1108	ldr	r7,[r10,r7,lsl#2]	@ Td2[s2>>8]
1109	eor	r1,r1,r4,ror#8
1110	ldr	r8,[r10,r8,lsl#2]	@ Td3[s2>>0]
1111	mov	r2,r2,lsr#24
1112
1113	ldr	r9,[r10,r9,lsl#2]	@ Td1[s2>>16]
1114	eor	r0,r0,r7,ror#16
1115	ldr	r2,[r10,r2,lsl#2]	@ Td0[s2>>24]
1116	and	r7,lr,r3,lsr#16	@ i0
1117	eor	r1,r1,r8,ror#24
1118	and	r8,lr,r3,lsr#8	@ i1
1119	eor	r6,r9,r6,ror#8
1120	and	r9,lr,r3		@ i2
1121	ldr	r7,[r10,r7,lsl#2]	@ Td1[s3>>16]
1122	eor	r2,r2,r5,ror#8
1123	ldr	r8,[r10,r8,lsl#2]	@ Td2[s3>>8]
1124	mov	r3,r3,lsr#24
1125
1126	ldr	r9,[r10,r9,lsl#2]	@ Td3[s3>>0]
1127	eor	r0,r0,r7,ror#8
1128	ldr	r7,[r11],#16
1129	eor	r1,r1,r8,ror#16
1130	ldr	r3,[r10,r3,lsl#2]	@ Td0[s3>>24]
1131	eor	r2,r2,r9,ror#24
1132
1133	ldr	r4,[r11,#-12]
1134	eor	r0,r0,r7
1135	ldr	r5,[r11,#-8]
1136	eor	r3,r3,r6,ror#8
1137	ldr	r6,[r11,#-4]
1138	and	r7,lr,r0,lsr#16
1139	eor	r1,r1,r4
1140	and	r8,lr,r0,lsr#8
1141	eor	r2,r2,r5
1142	and	r9,lr,r0
1143	eor	r3,r3,r6
1144	mov	r0,r0,lsr#24
1145
1146	subs	r12,r12,#1
1147	bne	.Ldec_loop
1148
1149	add	r10,r10,#1024
1150
1151	ldr	r5,[r10,#0]		@ prefetch Td4
1152	ldr	r6,[r10,#32]
1153	ldr	r4,[r10,#64]
1154	ldr	r5,[r10,#96]
1155	ldr	r6,[r10,#128]
1156	ldr	r4,[r10,#160]
1157	ldr	r5,[r10,#192]
1158	ldr	r6,[r10,#224]
1159
1160	ldrb	r0,[r10,r0]		@ Td4[s0>>24]
1161	ldrb	r4,[r10,r7]		@ Td4[s0>>16]
1162	and	r7,lr,r1		@ i0
1163	ldrb	r5,[r10,r8]		@ Td4[s0>>8]
1164	and	r8,lr,r1,lsr#16
1165	ldrb	r6,[r10,r9]		@ Td4[s0>>0]
1166	and	r9,lr,r1,lsr#8
1167
1168	add	r1,r10,r1,lsr#24
1169	ldrb	r7,[r10,r7]		@ Td4[s1>>0]
1170	ldrb	r1,[r1]		@ Td4[s1>>24]
1171	ldrb	r8,[r10,r8]		@ Td4[s1>>16]
1172	eor	r0,r7,r0,lsl#24
1173	ldrb	r9,[r10,r9]		@ Td4[s1>>8]
1174	eor	r1,r4,r1,lsl#8
1175	and	r7,lr,r2,lsr#8	@ i0
1176	eor	r5,r5,r8,lsl#8
1177	and	r8,lr,r2		@ i1
1178	ldrb	r7,[r10,r7]		@ Td4[s2>>8]
1179	eor	r6,r6,r9,lsl#8
1180	ldrb	r8,[r10,r8]		@ Td4[s2>>0]
1181	and	r9,lr,r2,lsr#16
1182
1183	add	r2,r10,r2,lsr#24
1184	ldrb	r2,[r2]		@ Td4[s2>>24]
1185	eor	r0,r0,r7,lsl#8
1186	ldrb	r9,[r10,r9]		@ Td4[s2>>16]
1187	eor	r1,r8,r1,lsl#16
1188	and	r7,lr,r3,lsr#16	@ i0
1189	eor	r2,r5,r2,lsl#16
1190	and	r8,lr,r3,lsr#8	@ i1
1191	ldrb	r7,[r10,r7]		@ Td4[s3>>16]
1192	eor	r6,r6,r9,lsl#16
1193	ldrb	r8,[r10,r8]		@ Td4[s3>>8]
1194	and	r9,lr,r3		@ i2
1195
1196	add	r3,r10,r3,lsr#24
1197	ldrb	r9,[r10,r9]		@ Td4[s3>>0]
1198	ldrb	r3,[r3]		@ Td4[s3>>24]
1199	eor	r0,r0,r7,lsl#16
1200	ldr	r7,[r11,#0]
1201	eor	r1,r1,r8,lsl#8
1202	ldr	r4,[r11,#4]
1203	eor	r2,r9,r2,lsl#8
1204	ldr	r5,[r11,#8]
1205	eor	r3,r6,r3,lsl#24
1206	ldr	r6,[r11,#12]
1207
1208	eor	r0,r0,r7
1209	eor	r1,r1,r4
1210	eor	r2,r2,r5
1211	eor	r3,r3,r6
1212
1213	sub	r10,r10,#1024
1214	ldr	pc,[sp],#4		@ pop and return
1215.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
1216.byte	65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1217.align	2
1218.align	2
1219#endif
1220#endif  // !OPENSSL_NO_ASM
1221