• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// This file is generated from a similarly-named Perl script in the BoringSSL
2// source tree. Do not edit by hand.
3
4#if defined(__has_feature)
5#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
6#define OPENSSL_NO_ASM
7#endif
8#endif
9
10#if !defined(OPENSSL_NO_ASM)
11#if defined(BORINGSSL_PREFIX)
12#include <boringssl_prefix_symbols_asm.h>
13#endif
14@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
15@
16@ Licensed under the OpenSSL license (the "License").  You may not use
17@ this file except in compliance with the License.  You can obtain a copy
18@ in the file LICENSE in the source distribution or at
19@ https://www.openssl.org/source/license.html
20
21
22@ ====================================================================
23@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
24@ project. The module is, however, dual licensed under OpenSSL and
25@ CRYPTOGAMS licenses depending on where you obtain it. For further
26@ details see http://www.openssl.org/~appro/cryptogams/.
27@ ====================================================================
28
29@ AES for ARMv4
30
31@ January 2007.
32@
33@ Code uses single 1K S-box and is >2 times faster than code generated
34@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
35@ allows to merge logical or arithmetic operation with shift or rotate
36@ in one instruction and emit combined result every cycle. The module
37@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
38@ key [on single-issue Xscale PXA250 core].
39
40@ May 2007.
41@
42@ AES_set_[en|de]crypt_key is added.
43
44@ July 2010.
45@
46@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
47@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
48
49@ February 2011.
50@
51@ Profiler-assisted and platform-specific optimization resulted in 16%
52@ improvement on Cortex A8 core and ~21.5 cycles per byte.
53
54#ifndef __KERNEL__
55# include <openssl/arm_arch.h>
56#else
57# define __ARM_ARCH__ __LINUX_ARM_ARCH__
58#endif
59
60@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
61@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
62@ instructions are in aesv8-armx.pl.)
63
64
65.text
66#if defined(__thumb2__) && !defined(__APPLE__)
67.syntax	unified
68.thumb
69#else
70.code	32
71#undef __thumb2__
72#endif
73
74
75.align	5
76AES_Te:
77.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
78.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
79.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
80.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
81.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
82.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
83.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
84.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
85.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
86.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
87.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
88.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
89.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
90.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
91.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
92.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
93.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
94.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
95.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
96.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
97.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
98.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
99.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
100.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
101.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
102.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
103.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
104.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
105.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
106.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
107.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
108.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
109.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
110.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
111.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
112.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
113.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
114.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
115.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
116.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
117.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
118.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
119.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
120.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
121.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
122.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
123.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
124.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
125.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
126.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
127.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
128.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
129.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
130.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
131.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
132.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
133.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
134.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
135.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
136.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
137.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
138.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
139.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
140.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
141@ Te4[256]
142.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
143.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
144.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
145.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
146.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
147.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
148.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
149.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
150.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
151.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
152.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
153.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
154.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
155.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
156.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
157.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
158.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
159.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
160.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
161.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
162.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
163.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
164.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
165.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
166.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
167.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
168.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
169.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
170.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
171.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
172.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
173.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
174@ rcon[]
175.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
176.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
177.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
178
179
180@ void aes_nohw_encrypt(const unsigned char *in, unsigned char *out,
181@ 		                  const AES_KEY *key) {
182.globl	_aes_nohw_encrypt
183.private_extern	_aes_nohw_encrypt
184#ifdef __thumb2__
185.thumb_func	_aes_nohw_encrypt
186#endif
187.align	5
188_aes_nohw_encrypt:
189#ifndef	__thumb2__
190	sub	r3,pc,#8		@ _aes_nohw_encrypt
191#else
192	adr	r3,.
193#endif
194	stmdb	sp!,{r1,r4-r12,lr}
195#if defined(__thumb2__) || defined(__APPLE__)
196	adr	r10,AES_Te
197#else
198	sub	r10,r3,#_aes_nohw_encrypt-AES_Te	@ Te
199#endif
200	mov	r12,r0		@ inp
201	mov	r11,r2
202#if __ARM_ARCH__<7
203	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
204	ldrb	r4,[r12,#2]	@ manner...
205	ldrb	r5,[r12,#1]
206	ldrb	r6,[r12,#0]
207	orr	r0,r0,r4,lsl#8
208	ldrb	r1,[r12,#7]
209	orr	r0,r0,r5,lsl#16
210	ldrb	r4,[r12,#6]
211	orr	r0,r0,r6,lsl#24
212	ldrb	r5,[r12,#5]
213	ldrb	r6,[r12,#4]
214	orr	r1,r1,r4,lsl#8
215	ldrb	r2,[r12,#11]
216	orr	r1,r1,r5,lsl#16
217	ldrb	r4,[r12,#10]
218	orr	r1,r1,r6,lsl#24
219	ldrb	r5,[r12,#9]
220	ldrb	r6,[r12,#8]
221	orr	r2,r2,r4,lsl#8
222	ldrb	r3,[r12,#15]
223	orr	r2,r2,r5,lsl#16
224	ldrb	r4,[r12,#14]
225	orr	r2,r2,r6,lsl#24
226	ldrb	r5,[r12,#13]
227	ldrb	r6,[r12,#12]
228	orr	r3,r3,r4,lsl#8
229	orr	r3,r3,r5,lsl#16
230	orr	r3,r3,r6,lsl#24
231#else
232	ldr	r0,[r12,#0]
233	ldr	r1,[r12,#4]
234	ldr	r2,[r12,#8]
235	ldr	r3,[r12,#12]
236#ifdef __ARMEL__
237	rev	r0,r0
238	rev	r1,r1
239	rev	r2,r2
240	rev	r3,r3
241#endif
242#endif
243	bl	_armv4_AES_encrypt
244
245	ldr	r12,[sp],#4		@ pop out
246#if __ARM_ARCH__>=7
247#ifdef __ARMEL__
248	rev	r0,r0
249	rev	r1,r1
250	rev	r2,r2
251	rev	r3,r3
252#endif
253	str	r0,[r12,#0]
254	str	r1,[r12,#4]
255	str	r2,[r12,#8]
256	str	r3,[r12,#12]
257#else
258	mov	r4,r0,lsr#24		@ write output in endian-neutral
259	mov	r5,r0,lsr#16		@ manner...
260	mov	r6,r0,lsr#8
261	strb	r4,[r12,#0]
262	strb	r5,[r12,#1]
263	mov	r4,r1,lsr#24
264	strb	r6,[r12,#2]
265	mov	r5,r1,lsr#16
266	strb	r0,[r12,#3]
267	mov	r6,r1,lsr#8
268	strb	r4,[r12,#4]
269	strb	r5,[r12,#5]
270	mov	r4,r2,lsr#24
271	strb	r6,[r12,#6]
272	mov	r5,r2,lsr#16
273	strb	r1,[r12,#7]
274	mov	r6,r2,lsr#8
275	strb	r4,[r12,#8]
276	strb	r5,[r12,#9]
277	mov	r4,r3,lsr#24
278	strb	r6,[r12,#10]
279	mov	r5,r3,lsr#16
280	strb	r2,[r12,#11]
281	mov	r6,r3,lsr#8
282	strb	r4,[r12,#12]
283	strb	r5,[r12,#13]
284	strb	r6,[r12,#14]
285	strb	r3,[r12,#15]
286#endif
287#if __ARM_ARCH__>=5
288	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
289#else
290	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
291	tst	lr,#1
292	moveq	pc,lr			@ be binary compatible with V4, yet
293.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
294#endif
295
296
297#ifdef __thumb2__
298.thumb_func	_armv4_AES_encrypt
299#endif
300.align	2
301_armv4_AES_encrypt:
302	str	lr,[sp,#-4]!		@ push lr
303	ldmia	r11!,{r4,r5,r6,r7}
304	eor	r0,r0,r4
305	ldr	r12,[r11,#240-16]
306	eor	r1,r1,r5
307	eor	r2,r2,r6
308	eor	r3,r3,r7
309	sub	r12,r12,#1
310	mov	lr,#255
311
312	and	r7,lr,r0
313	and	r8,lr,r0,lsr#8
314	and	r9,lr,r0,lsr#16
315	mov	r0,r0,lsr#24
316Lenc_loop:
317	ldr	r4,[r10,r7,lsl#2]	@ Te3[s0>>0]
318	and	r7,lr,r1,lsr#16	@ i0
319	ldr	r5,[r10,r8,lsl#2]	@ Te2[s0>>8]
320	and	r8,lr,r1
321	ldr	r6,[r10,r9,lsl#2]	@ Te1[s0>>16]
322	and	r9,lr,r1,lsr#8
323	ldr	r0,[r10,r0,lsl#2]	@ Te0[s0>>24]
324	mov	r1,r1,lsr#24
325
326	ldr	r7,[r10,r7,lsl#2]	@ Te1[s1>>16]
327	ldr	r8,[r10,r8,lsl#2]	@ Te3[s1>>0]
328	ldr	r9,[r10,r9,lsl#2]	@ Te2[s1>>8]
329	eor	r0,r0,r7,ror#8
330	ldr	r1,[r10,r1,lsl#2]	@ Te0[s1>>24]
331	and	r7,lr,r2,lsr#8	@ i0
332	eor	r5,r5,r8,ror#8
333	and	r8,lr,r2,lsr#16	@ i1
334	eor	r6,r6,r9,ror#8
335	and	r9,lr,r2
336	ldr	r7,[r10,r7,lsl#2]	@ Te2[s2>>8]
337	eor	r1,r1,r4,ror#24
338	ldr	r8,[r10,r8,lsl#2]	@ Te1[s2>>16]
339	mov	r2,r2,lsr#24
340
341	ldr	r9,[r10,r9,lsl#2]	@ Te3[s2>>0]
342	eor	r0,r0,r7,ror#16
343	ldr	r2,[r10,r2,lsl#2]	@ Te0[s2>>24]
344	and	r7,lr,r3		@ i0
345	eor	r1,r1,r8,ror#8
346	and	r8,lr,r3,lsr#8	@ i1
347	eor	r6,r6,r9,ror#16
348	and	r9,lr,r3,lsr#16	@ i2
349	ldr	r7,[r10,r7,lsl#2]	@ Te3[s3>>0]
350	eor	r2,r2,r5,ror#16
351	ldr	r8,[r10,r8,lsl#2]	@ Te2[s3>>8]
352	mov	r3,r3,lsr#24
353
354	ldr	r9,[r10,r9,lsl#2]	@ Te1[s3>>16]
355	eor	r0,r0,r7,ror#24
356	ldr	r7,[r11],#16
357	eor	r1,r1,r8,ror#16
358	ldr	r3,[r10,r3,lsl#2]	@ Te0[s3>>24]
359	eor	r2,r2,r9,ror#8
360	ldr	r4,[r11,#-12]
361	eor	r3,r3,r6,ror#8
362
363	ldr	r5,[r11,#-8]
364	eor	r0,r0,r7
365	ldr	r6,[r11,#-4]
366	and	r7,lr,r0
367	eor	r1,r1,r4
368	and	r8,lr,r0,lsr#8
369	eor	r2,r2,r5
370	and	r9,lr,r0,lsr#16
371	eor	r3,r3,r6
372	mov	r0,r0,lsr#24
373
374	subs	r12,r12,#1
375	bne	Lenc_loop
376
377	add	r10,r10,#2
378
379	ldrb	r4,[r10,r7,lsl#2]	@ Te4[s0>>0]
380	and	r7,lr,r1,lsr#16	@ i0
381	ldrb	r5,[r10,r8,lsl#2]	@ Te4[s0>>8]
382	and	r8,lr,r1
383	ldrb	r6,[r10,r9,lsl#2]	@ Te4[s0>>16]
384	and	r9,lr,r1,lsr#8
385	ldrb	r0,[r10,r0,lsl#2]	@ Te4[s0>>24]
386	mov	r1,r1,lsr#24
387
388	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s1>>16]
389	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s1>>0]
390	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s1>>8]
391	eor	r0,r7,r0,lsl#8
392	ldrb	r1,[r10,r1,lsl#2]	@ Te4[s1>>24]
393	and	r7,lr,r2,lsr#8	@ i0
394	eor	r5,r8,r5,lsl#8
395	and	r8,lr,r2,lsr#16	@ i1
396	eor	r6,r9,r6,lsl#8
397	and	r9,lr,r2
398	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s2>>8]
399	eor	r1,r4,r1,lsl#24
400	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s2>>16]
401	mov	r2,r2,lsr#24
402
403	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s2>>0]
404	eor	r0,r7,r0,lsl#8
405	ldrb	r2,[r10,r2,lsl#2]	@ Te4[s2>>24]
406	and	r7,lr,r3		@ i0
407	eor	r1,r1,r8,lsl#16
408	and	r8,lr,r3,lsr#8	@ i1
409	eor	r6,r9,r6,lsl#8
410	and	r9,lr,r3,lsr#16	@ i2
411	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s3>>0]
412	eor	r2,r5,r2,lsl#24
413	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s3>>8]
414	mov	r3,r3,lsr#24
415
416	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s3>>16]
417	eor	r0,r7,r0,lsl#8
418	ldr	r7,[r11,#0]
419	ldrb	r3,[r10,r3,lsl#2]	@ Te4[s3>>24]
420	eor	r1,r1,r8,lsl#8
421	ldr	r4,[r11,#4]
422	eor	r2,r2,r9,lsl#16
423	ldr	r5,[r11,#8]
424	eor	r3,r6,r3,lsl#24
425	ldr	r6,[r11,#12]
426
427	eor	r0,r0,r7
428	eor	r1,r1,r4
429	eor	r2,r2,r5
430	eor	r3,r3,r6
431
432	sub	r10,r10,#2
433	ldr	pc,[sp],#4		@ pop and return
434
435
436.globl	_aes_nohw_set_encrypt_key
437.private_extern	_aes_nohw_set_encrypt_key
438#ifdef __thumb2__
439.thumb_func	_aes_nohw_set_encrypt_key
440#endif
441.align	5
442_aes_nohw_set_encrypt_key:
443_armv4_AES_set_encrypt_key:
444#ifndef	__thumb2__
445	sub	r3,pc,#8		@ _aes_nohw_set_encrypt_key
446#else
447	adr	r3,.
448#endif
449	teq	r0,#0
450#ifdef	__thumb2__
451	itt	eq			@ Thumb2 thing, sanity check in ARM
452#endif
453	moveq	r0,#-1
454	beq	Labrt
455	teq	r2,#0
456#ifdef	__thumb2__
457	itt	eq			@ Thumb2 thing, sanity check in ARM
458#endif
459	moveq	r0,#-1
460	beq	Labrt
461
462	teq	r1,#128
463	beq	Lok
464	teq	r1,#192
465	beq	Lok
466	teq	r1,#256
467#ifdef	__thumb2__
468	itt	ne			@ Thumb2 thing, sanity check in ARM
469#endif
470	movne	r0,#-1
471	bne	Labrt
472
473Lok:	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
474	mov	r12,r0		@ inp
475	mov	lr,r1			@ bits
476	mov	r11,r2			@ key
477
478#if defined(__thumb2__) || defined(__APPLE__)
479	adr	r10,AES_Te+1024				@ Te4
480#else
481	sub	r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
482#endif
483
484#if __ARM_ARCH__<7
485	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
486	ldrb	r4,[r12,#2]	@ manner...
487	ldrb	r5,[r12,#1]
488	ldrb	r6,[r12,#0]
489	orr	r0,r0,r4,lsl#8
490	ldrb	r1,[r12,#7]
491	orr	r0,r0,r5,lsl#16
492	ldrb	r4,[r12,#6]
493	orr	r0,r0,r6,lsl#24
494	ldrb	r5,[r12,#5]
495	ldrb	r6,[r12,#4]
496	orr	r1,r1,r4,lsl#8
497	ldrb	r2,[r12,#11]
498	orr	r1,r1,r5,lsl#16
499	ldrb	r4,[r12,#10]
500	orr	r1,r1,r6,lsl#24
501	ldrb	r5,[r12,#9]
502	ldrb	r6,[r12,#8]
503	orr	r2,r2,r4,lsl#8
504	ldrb	r3,[r12,#15]
505	orr	r2,r2,r5,lsl#16
506	ldrb	r4,[r12,#14]
507	orr	r2,r2,r6,lsl#24
508	ldrb	r5,[r12,#13]
509	ldrb	r6,[r12,#12]
510	orr	r3,r3,r4,lsl#8
511	str	r0,[r11],#16
512	orr	r3,r3,r5,lsl#16
513	str	r1,[r11,#-12]
514	orr	r3,r3,r6,lsl#24
515	str	r2,[r11,#-8]
516	str	r3,[r11,#-4]
517#else
518	ldr	r0,[r12,#0]
519	ldr	r1,[r12,#4]
520	ldr	r2,[r12,#8]
521	ldr	r3,[r12,#12]
522#ifdef __ARMEL__
523	rev	r0,r0
524	rev	r1,r1
525	rev	r2,r2
526	rev	r3,r3
527#endif
528	str	r0,[r11],#16
529	str	r1,[r11,#-12]
530	str	r2,[r11,#-8]
531	str	r3,[r11,#-4]
532#endif
533
534	teq	lr,#128
535	bne	Lnot128
536	mov	r12,#10
537	str	r12,[r11,#240-16]
538	add	r6,r10,#256			@ rcon
539	mov	lr,#255
540
541L128_loop:
542	and	r5,lr,r3,lsr#24
543	and	r7,lr,r3,lsr#16
544	ldrb	r5,[r10,r5]
545	and	r8,lr,r3,lsr#8
546	ldrb	r7,[r10,r7]
547	and	r9,lr,r3
548	ldrb	r8,[r10,r8]
549	orr	r5,r5,r7,lsl#24
550	ldrb	r9,[r10,r9]
551	orr	r5,r5,r8,lsl#16
552	ldr	r4,[r6],#4			@ rcon[i++]
553	orr	r5,r5,r9,lsl#8
554	eor	r5,r5,r4
555	eor	r0,r0,r5			@ rk[4]=rk[0]^...
556	eor	r1,r1,r0			@ rk[5]=rk[1]^rk[4]
557	str	r0,[r11],#16
558	eor	r2,r2,r1			@ rk[6]=rk[2]^rk[5]
559	str	r1,[r11,#-12]
560	eor	r3,r3,r2			@ rk[7]=rk[3]^rk[6]
561	str	r2,[r11,#-8]
562	subs	r12,r12,#1
563	str	r3,[r11,#-4]
564	bne	L128_loop
565	sub	r2,r11,#176
566	b	Ldone
567
568Lnot128:
569#if __ARM_ARCH__<7
570	ldrb	r8,[r12,#19]
571	ldrb	r4,[r12,#18]
572	ldrb	r5,[r12,#17]
573	ldrb	r6,[r12,#16]
574	orr	r8,r8,r4,lsl#8
575	ldrb	r9,[r12,#23]
576	orr	r8,r8,r5,lsl#16
577	ldrb	r4,[r12,#22]
578	orr	r8,r8,r6,lsl#24
579	ldrb	r5,[r12,#21]
580	ldrb	r6,[r12,#20]
581	orr	r9,r9,r4,lsl#8
582	orr	r9,r9,r5,lsl#16
583	str	r8,[r11],#8
584	orr	r9,r9,r6,lsl#24
585	str	r9,[r11,#-4]
586#else
587	ldr	r8,[r12,#16]
588	ldr	r9,[r12,#20]
589#ifdef __ARMEL__
590	rev	r8,r8
591	rev	r9,r9
592#endif
593	str	r8,[r11],#8
594	str	r9,[r11,#-4]
595#endif
596
597	teq	lr,#192
598	bne	Lnot192
599	mov	r12,#12
600	str	r12,[r11,#240-24]
601	add	r6,r10,#256			@ rcon
602	mov	lr,#255
603	mov	r12,#8
604
605L192_loop:
606	and	r5,lr,r9,lsr#24
607	and	r7,lr,r9,lsr#16
608	ldrb	r5,[r10,r5]
609	and	r8,lr,r9,lsr#8
610	ldrb	r7,[r10,r7]
611	and	r9,lr,r9
612	ldrb	r8,[r10,r8]
613	orr	r5,r5,r7,lsl#24
614	ldrb	r9,[r10,r9]
615	orr	r5,r5,r8,lsl#16
616	ldr	r4,[r6],#4			@ rcon[i++]
617	orr	r5,r5,r9,lsl#8
618	eor	r9,r5,r4
619	eor	r0,r0,r9			@ rk[6]=rk[0]^...
620	eor	r1,r1,r0			@ rk[7]=rk[1]^rk[6]
621	str	r0,[r11],#24
622	eor	r2,r2,r1			@ rk[8]=rk[2]^rk[7]
623	str	r1,[r11,#-20]
624	eor	r3,r3,r2			@ rk[9]=rk[3]^rk[8]
625	str	r2,[r11,#-16]
626	subs	r12,r12,#1
627	str	r3,[r11,#-12]
628#ifdef	__thumb2__
629	itt	eq				@ Thumb2 thing, sanity check in ARM
630#endif
631	subeq	r2,r11,#216
632	beq	Ldone
633
634	ldr	r7,[r11,#-32]
635	ldr	r8,[r11,#-28]
636	eor	r7,r7,r3			@ rk[10]=rk[4]^rk[9]
637	eor	r9,r8,r7			@ rk[11]=rk[5]^rk[10]
638	str	r7,[r11,#-8]
639	str	r9,[r11,#-4]
640	b	L192_loop
641
642Lnot192:
643#if __ARM_ARCH__<7
644	ldrb	r8,[r12,#27]
645	ldrb	r4,[r12,#26]
646	ldrb	r5,[r12,#25]
647	ldrb	r6,[r12,#24]
648	orr	r8,r8,r4,lsl#8
649	ldrb	r9,[r12,#31]
650	orr	r8,r8,r5,lsl#16
651	ldrb	r4,[r12,#30]
652	orr	r8,r8,r6,lsl#24
653	ldrb	r5,[r12,#29]
654	ldrb	r6,[r12,#28]
655	orr	r9,r9,r4,lsl#8
656	orr	r9,r9,r5,lsl#16
657	str	r8,[r11],#8
658	orr	r9,r9,r6,lsl#24
659	str	r9,[r11,#-4]
660#else
661	ldr	r8,[r12,#24]
662	ldr	r9,[r12,#28]
663#ifdef __ARMEL__
664	rev	r8,r8
665	rev	r9,r9
666#endif
667	str	r8,[r11],#8
668	str	r9,[r11,#-4]
669#endif
670
671	mov	r12,#14
672	str	r12,[r11,#240-32]
673	add	r6,r10,#256			@ rcon
674	mov	lr,#255
675	mov	r12,#7
676
677L256_loop:
678	and	r5,lr,r9,lsr#24
679	and	r7,lr,r9,lsr#16
680	ldrb	r5,[r10,r5]
681	and	r8,lr,r9,lsr#8
682	ldrb	r7,[r10,r7]
683	and	r9,lr,r9
684	ldrb	r8,[r10,r8]
685	orr	r5,r5,r7,lsl#24
686	ldrb	r9,[r10,r9]
687	orr	r5,r5,r8,lsl#16
688	ldr	r4,[r6],#4			@ rcon[i++]
689	orr	r5,r5,r9,lsl#8
690	eor	r9,r5,r4
691	eor	r0,r0,r9			@ rk[8]=rk[0]^...
692	eor	r1,r1,r0			@ rk[9]=rk[1]^rk[8]
693	str	r0,[r11],#32
694	eor	r2,r2,r1			@ rk[10]=rk[2]^rk[9]
695	str	r1,[r11,#-28]
696	eor	r3,r3,r2			@ rk[11]=rk[3]^rk[10]
697	str	r2,[r11,#-24]
698	subs	r12,r12,#1
699	str	r3,[r11,#-20]
700#ifdef	__thumb2__
701	itt	eq				@ Thumb2 thing, sanity check in ARM
702#endif
703	subeq	r2,r11,#256
704	beq	Ldone
705
706	and	r5,lr,r3
707	and	r7,lr,r3,lsr#8
708	ldrb	r5,[r10,r5]
709	and	r8,lr,r3,lsr#16
710	ldrb	r7,[r10,r7]
711	and	r9,lr,r3,lsr#24
712	ldrb	r8,[r10,r8]
713	orr	r5,r5,r7,lsl#8
714	ldrb	r9,[r10,r9]
715	orr	r5,r5,r8,lsl#16
716	ldr	r4,[r11,#-48]
717	orr	r5,r5,r9,lsl#24
718
719	ldr	r7,[r11,#-44]
720	ldr	r8,[r11,#-40]
721	eor	r4,r4,r5			@ rk[12]=rk[4]^...
722	ldr	r9,[r11,#-36]
723	eor	r7,r7,r4			@ rk[13]=rk[5]^rk[12]
724	str	r4,[r11,#-16]
725	eor	r8,r8,r7			@ rk[14]=rk[6]^rk[13]
726	str	r7,[r11,#-12]
727	eor	r9,r9,r8			@ rk[15]=rk[7]^rk[14]
728	str	r8,[r11,#-8]
729	str	r9,[r11,#-4]
730	b	L256_loop
731
732.align	2
733Ldone:	mov	r0,#0
734	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
735Labrt:
736#if __ARM_ARCH__>=5
737	bx	lr				@ .word	0xe12fff1e
738#else
739	tst	lr,#1
740	moveq	pc,lr			@ be binary compatible with V4, yet
741.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
742#endif
743
744
745.globl	_aes_nohw_set_decrypt_key
746.private_extern	_aes_nohw_set_decrypt_key
747#ifdef __thumb2__
748.thumb_func	_aes_nohw_set_decrypt_key
749#endif
750.align	5
751_aes_nohw_set_decrypt_key:
752	str	lr,[sp,#-4]!            @ push lr
753	bl	_armv4_AES_set_encrypt_key
754	teq	r0,#0
755	ldr	lr,[sp],#4              @ pop lr
756	bne	Labrt
757
758	mov	r0,r2			@ _aes_nohw_set_encrypt_key preserves r2,
759	mov	r1,r2			@ which is AES_KEY *key
760	b	_armv4_AES_set_enc2dec_key
761
762
763@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
764.globl	_AES_set_enc2dec_key
765.private_extern	_AES_set_enc2dec_key
766#ifdef __thumb2__
767.thumb_func	_AES_set_enc2dec_key
768#endif
769.align	5
770_AES_set_enc2dec_key:
771_armv4_AES_set_enc2dec_key:
772	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
773
774	ldr	r12,[r0,#240]
775	mov	r7,r0			@ input
776	add	r8,r0,r12,lsl#4
777	mov	r11,r1			@ output
778	add	r10,r1,r12,lsl#4
779	str	r12,[r1,#240]
780
781Linv:	ldr	r0,[r7],#16
782	ldr	r1,[r7,#-12]
783	ldr	r2,[r7,#-8]
784	ldr	r3,[r7,#-4]
785	ldr	r4,[r8],#-16
786	ldr	r5,[r8,#16+4]
787	ldr	r6,[r8,#16+8]
788	ldr	r9,[r8,#16+12]
789	str	r0,[r10],#-16
790	str	r1,[r10,#16+4]
791	str	r2,[r10,#16+8]
792	str	r3,[r10,#16+12]
793	str	r4,[r11],#16
794	str	r5,[r11,#-12]
795	str	r6,[r11,#-8]
796	str	r9,[r11,#-4]
797	teq	r7,r8
798	bne	Linv
799
800	ldr	r0,[r7]
801	ldr	r1,[r7,#4]
802	ldr	r2,[r7,#8]
803	ldr	r3,[r7,#12]
804	str	r0,[r11]
805	str	r1,[r11,#4]
806	str	r2,[r11,#8]
807	str	r3,[r11,#12]
808	sub	r11,r11,r12,lsl#3
809	ldr	r0,[r11,#16]!		@ prefetch tp1
810	mov	r7,#0x80
811	mov	r8,#0x1b
812	orr	r7,r7,#0x8000
813	orr	r8,r8,#0x1b00
814	orr	r7,r7,r7,lsl#16
815	orr	r8,r8,r8,lsl#16
816	sub	r12,r12,#1
817	mvn	r9,r7
818	mov	r12,r12,lsl#2	@ (rounds-1)*4
819
820Lmix:	and	r4,r0,r7
821	and	r1,r0,r9
822	sub	r4,r4,r4,lsr#7
823	and	r4,r4,r8
824	eor	r1,r4,r1,lsl#1	@ tp2
825
826	and	r4,r1,r7
827	and	r2,r1,r9
828	sub	r4,r4,r4,lsr#7
829	and	r4,r4,r8
830	eor	r2,r4,r2,lsl#1	@ tp4
831
832	and	r4,r2,r7
833	and	r3,r2,r9
834	sub	r4,r4,r4,lsr#7
835	and	r4,r4,r8
836	eor	r3,r4,r3,lsl#1	@ tp8
837
838	eor	r4,r1,r2
839	eor	r5,r0,r3		@ tp9
840	eor	r4,r4,r3		@ tpe
841	eor	r4,r4,r1,ror#24
842	eor	r4,r4,r5,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
843	eor	r4,r4,r2,ror#16
844	eor	r4,r4,r5,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
845	eor	r4,r4,r5,ror#8	@ ^= ROTATE(tp9,24)
846
847	ldr	r0,[r11,#4]		@ prefetch tp1
848	str	r4,[r11],#4
849	subs	r12,r12,#1
850	bne	Lmix
851
852	mov	r0,#0
853#if __ARM_ARCH__>=5
854	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
855#else
856	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
857	tst	lr,#1
858	moveq	pc,lr			@ be binary compatible with V4, yet
859.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
860#endif
861
862
863
864.align	5
865AES_Td:
866.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
867.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
868.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
869.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
870.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
871.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
872.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
873.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
874.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
875.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
876.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
877.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
878.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
879.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
880.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
881.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
882.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
883.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
884.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
885.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
886.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
887.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
888.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
889.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
890.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
891.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
892.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
893.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
894.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
895.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
896.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
897.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
898.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
899.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
900.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
901.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
902.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
903.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
904.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
905.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
906.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
907.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
908.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
909.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
910.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
911.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
912.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
913.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
914.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
915.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
916.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
917.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
918.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
919.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
920.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
921.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
922.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
923.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
924.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
925.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
926.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
927.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
928.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
929.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
930@ Td4[256]
931.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
932.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
933.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
934.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
935.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
936.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
937.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
938.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
939.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
940.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
941.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
942.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
943.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
944.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
945.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
946.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
947.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
948.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
949.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
950.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
951.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
952.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
953.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
954.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
955.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
956.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
957.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
958.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
959.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
960.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
961.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
962.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
963
964
965@ void aes_nohw_decrypt(const unsigned char *in, unsigned char *out,
966@ 		                  const AES_KEY *key) {
967.globl	_aes_nohw_decrypt
968.private_extern	_aes_nohw_decrypt
969#ifdef __thumb2__
970.thumb_func	_aes_nohw_decrypt
971#endif
972.align	5
973_aes_nohw_decrypt:
974#ifndef	__thumb2__
975	sub	r3,pc,#8		@ _aes_nohw_decrypt
976#else
977	adr	r3,.
978#endif
979	stmdb	sp!,{r1,r4-r12,lr}
980#if defined(__thumb2__) || defined(__APPLE__)
981	adr	r10,AES_Td
982#else
983	sub	r10,r3,#_aes_nohw_decrypt-AES_Td	@ Td
984#endif
985	mov	r12,r0		@ inp
986	mov	r11,r2
987#if __ARM_ARCH__<7
988	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
989	ldrb	r4,[r12,#2]	@ manner...
990	ldrb	r5,[r12,#1]
991	ldrb	r6,[r12,#0]
992	orr	r0,r0,r4,lsl#8
993	ldrb	r1,[r12,#7]
994	orr	r0,r0,r5,lsl#16
995	ldrb	r4,[r12,#6]
996	orr	r0,r0,r6,lsl#24
997	ldrb	r5,[r12,#5]
998	ldrb	r6,[r12,#4]
999	orr	r1,r1,r4,lsl#8
1000	ldrb	r2,[r12,#11]
1001	orr	r1,r1,r5,lsl#16
1002	ldrb	r4,[r12,#10]
1003	orr	r1,r1,r6,lsl#24
1004	ldrb	r5,[r12,#9]
1005	ldrb	r6,[r12,#8]
1006	orr	r2,r2,r4,lsl#8
1007	ldrb	r3,[r12,#15]
1008	orr	r2,r2,r5,lsl#16
1009	ldrb	r4,[r12,#14]
1010	orr	r2,r2,r6,lsl#24
1011	ldrb	r5,[r12,#13]
1012	ldrb	r6,[r12,#12]
1013	orr	r3,r3,r4,lsl#8
1014	orr	r3,r3,r5,lsl#16
1015	orr	r3,r3,r6,lsl#24
1016#else
1017	ldr	r0,[r12,#0]
1018	ldr	r1,[r12,#4]
1019	ldr	r2,[r12,#8]
1020	ldr	r3,[r12,#12]
1021#ifdef __ARMEL__
1022	rev	r0,r0
1023	rev	r1,r1
1024	rev	r2,r2
1025	rev	r3,r3
1026#endif
1027#endif
1028	bl	_armv4_AES_decrypt
1029
1030	ldr	r12,[sp],#4		@ pop out
1031#if __ARM_ARCH__>=7
1032#ifdef __ARMEL__
1033	rev	r0,r0
1034	rev	r1,r1
1035	rev	r2,r2
1036	rev	r3,r3
1037#endif
1038	str	r0,[r12,#0]
1039	str	r1,[r12,#4]
1040	str	r2,[r12,#8]
1041	str	r3,[r12,#12]
1042#else
1043	mov	r4,r0,lsr#24		@ write output in endian-neutral
1044	mov	r5,r0,lsr#16		@ manner...
1045	mov	r6,r0,lsr#8
1046	strb	r4,[r12,#0]
1047	strb	r5,[r12,#1]
1048	mov	r4,r1,lsr#24
1049	strb	r6,[r12,#2]
1050	mov	r5,r1,lsr#16
1051	strb	r0,[r12,#3]
1052	mov	r6,r1,lsr#8
1053	strb	r4,[r12,#4]
1054	strb	r5,[r12,#5]
1055	mov	r4,r2,lsr#24
1056	strb	r6,[r12,#6]
1057	mov	r5,r2,lsr#16
1058	strb	r1,[r12,#7]
1059	mov	r6,r2,lsr#8
1060	strb	r4,[r12,#8]
1061	strb	r5,[r12,#9]
1062	mov	r4,r3,lsr#24
1063	strb	r6,[r12,#10]
1064	mov	r5,r3,lsr#16
1065	strb	r2,[r12,#11]
1066	mov	r6,r3,lsr#8
1067	strb	r4,[r12,#12]
1068	strb	r5,[r12,#13]
1069	strb	r6,[r12,#14]
1070	strb	r3,[r12,#15]
1071#endif
1072#if __ARM_ARCH__>=5
1073	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
1074#else
1075	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
1076	tst	lr,#1
1077	moveq	pc,lr			@ be binary compatible with V4, yet
1078.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
1079#endif
1080
1081
1082#ifdef __thumb2__
1083.thumb_func	_armv4_AES_decrypt
1084#endif
1085.align	2
1086_armv4_AES_decrypt:
1087	str	lr,[sp,#-4]!		@ push lr
1088	ldmia	r11!,{r4,r5,r6,r7}
1089	eor	r0,r0,r4
1090	ldr	r12,[r11,#240-16]
1091	eor	r1,r1,r5
1092	eor	r2,r2,r6
1093	eor	r3,r3,r7
1094	sub	r12,r12,#1
1095	mov	lr,#255
1096
1097	and	r7,lr,r0,lsr#16
1098	and	r8,lr,r0,lsr#8
1099	and	r9,lr,r0
1100	mov	r0,r0,lsr#24
1101Ldec_loop:
1102	ldr	r4,[r10,r7,lsl#2]	@ Td1[s0>>16]
1103	and	r7,lr,r1		@ i0
1104	ldr	r5,[r10,r8,lsl#2]	@ Td2[s0>>8]
1105	and	r8,lr,r1,lsr#16
1106	ldr	r6,[r10,r9,lsl#2]	@ Td3[s0>>0]
1107	and	r9,lr,r1,lsr#8
1108	ldr	r0,[r10,r0,lsl#2]	@ Td0[s0>>24]
1109	mov	r1,r1,lsr#24
1110
1111	ldr	r7,[r10,r7,lsl#2]	@ Td3[s1>>0]
1112	ldr	r8,[r10,r8,lsl#2]	@ Td1[s1>>16]
1113	ldr	r9,[r10,r9,lsl#2]	@ Td2[s1>>8]
1114	eor	r0,r0,r7,ror#24
1115	ldr	r1,[r10,r1,lsl#2]	@ Td0[s1>>24]
1116	and	r7,lr,r2,lsr#8	@ i0
1117	eor	r5,r8,r5,ror#8
1118	and	r8,lr,r2		@ i1
1119	eor	r6,r9,r6,ror#8
1120	and	r9,lr,r2,lsr#16
1121	ldr	r7,[r10,r7,lsl#2]	@ Td2[s2>>8]
1122	eor	r1,r1,r4,ror#8
1123	ldr	r8,[r10,r8,lsl#2]	@ Td3[s2>>0]
1124	mov	r2,r2,lsr#24
1125
1126	ldr	r9,[r10,r9,lsl#2]	@ Td1[s2>>16]
1127	eor	r0,r0,r7,ror#16
1128	ldr	r2,[r10,r2,lsl#2]	@ Td0[s2>>24]
1129	and	r7,lr,r3,lsr#16	@ i0
1130	eor	r1,r1,r8,ror#24
1131	and	r8,lr,r3,lsr#8	@ i1
1132	eor	r6,r9,r6,ror#8
1133	and	r9,lr,r3		@ i2
1134	ldr	r7,[r10,r7,lsl#2]	@ Td1[s3>>16]
1135	eor	r2,r2,r5,ror#8
1136	ldr	r8,[r10,r8,lsl#2]	@ Td2[s3>>8]
1137	mov	r3,r3,lsr#24
1138
1139	ldr	r9,[r10,r9,lsl#2]	@ Td3[s3>>0]
1140	eor	r0,r0,r7,ror#8
1141	ldr	r7,[r11],#16
1142	eor	r1,r1,r8,ror#16
1143	ldr	r3,[r10,r3,lsl#2]	@ Td0[s3>>24]
1144	eor	r2,r2,r9,ror#24
1145
1146	ldr	r4,[r11,#-12]
1147	eor	r0,r0,r7
1148	ldr	r5,[r11,#-8]
1149	eor	r3,r3,r6,ror#8
1150	ldr	r6,[r11,#-4]
1151	and	r7,lr,r0,lsr#16
1152	eor	r1,r1,r4
1153	and	r8,lr,r0,lsr#8
1154	eor	r2,r2,r5
1155	and	r9,lr,r0
1156	eor	r3,r3,r6
1157	mov	r0,r0,lsr#24
1158
1159	subs	r12,r12,#1
1160	bne	Ldec_loop
1161
1162	add	r10,r10,#1024
1163
1164	ldr	r5,[r10,#0]		@ prefetch Td4
1165	ldr	r6,[r10,#32]
1166	ldr	r4,[r10,#64]
1167	ldr	r5,[r10,#96]
1168	ldr	r6,[r10,#128]
1169	ldr	r4,[r10,#160]
1170	ldr	r5,[r10,#192]
1171	ldr	r6,[r10,#224]
1172
1173	ldrb	r0,[r10,r0]		@ Td4[s0>>24]
1174	ldrb	r4,[r10,r7]		@ Td4[s0>>16]
1175	and	r7,lr,r1		@ i0
1176	ldrb	r5,[r10,r8]		@ Td4[s0>>8]
1177	and	r8,lr,r1,lsr#16
1178	ldrb	r6,[r10,r9]		@ Td4[s0>>0]
1179	and	r9,lr,r1,lsr#8
1180
1181	add	r1,r10,r1,lsr#24
1182	ldrb	r7,[r10,r7]		@ Td4[s1>>0]
1183	ldrb	r1,[r1]		@ Td4[s1>>24]
1184	ldrb	r8,[r10,r8]		@ Td4[s1>>16]
1185	eor	r0,r7,r0,lsl#24
1186	ldrb	r9,[r10,r9]		@ Td4[s1>>8]
1187	eor	r1,r4,r1,lsl#8
1188	and	r7,lr,r2,lsr#8	@ i0
1189	eor	r5,r5,r8,lsl#8
1190	and	r8,lr,r2		@ i1
1191	ldrb	r7,[r10,r7]		@ Td4[s2>>8]
1192	eor	r6,r6,r9,lsl#8
1193	ldrb	r8,[r10,r8]		@ Td4[s2>>0]
1194	and	r9,lr,r2,lsr#16
1195
1196	add	r2,r10,r2,lsr#24
1197	ldrb	r2,[r2]		@ Td4[s2>>24]
1198	eor	r0,r0,r7,lsl#8
1199	ldrb	r9,[r10,r9]		@ Td4[s2>>16]
1200	eor	r1,r8,r1,lsl#16
1201	and	r7,lr,r3,lsr#16	@ i0
1202	eor	r2,r5,r2,lsl#16
1203	and	r8,lr,r3,lsr#8	@ i1
1204	ldrb	r7,[r10,r7]		@ Td4[s3>>16]
1205	eor	r6,r6,r9,lsl#16
1206	ldrb	r8,[r10,r8]		@ Td4[s3>>8]
1207	and	r9,lr,r3		@ i2
1208
1209	add	r3,r10,r3,lsr#24
1210	ldrb	r9,[r10,r9]		@ Td4[s3>>0]
1211	ldrb	r3,[r3]		@ Td4[s3>>24]
1212	eor	r0,r0,r7,lsl#16
1213	ldr	r7,[r11,#0]
1214	eor	r1,r1,r8,lsl#8
1215	ldr	r4,[r11,#4]
1216	eor	r2,r9,r2,lsl#8
1217	ldr	r5,[r11,#8]
1218	eor	r3,r6,r3,lsl#24
1219	ldr	r6,[r11,#12]
1220
1221	eor	r0,r0,r7
1222	eor	r1,r1,r4
1223	eor	r2,r2,r5
1224	eor	r3,r3,r6
1225
1226	sub	r10,r10,#1024
1227	ldr	pc,[sp],#4		@ pop and return
1228
1229.byte	65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1230.align	2
1231.align	2
1232#endif  // !OPENSSL_NO_ASM
1233