• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// This file is generated from a similarly-named Perl script in the BoringSSL
2// source tree. Do not edit by hand.
3
4#if !defined(__has_feature)
5#define __has_feature(x) 0
6#endif
7#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
8#define OPENSSL_NO_ASM
9#endif
10
11#if !defined(OPENSSL_NO_ASM)
12#if defined(__arm__)
13#include "ring_core_generated/prefix_symbols_asm.h"
14#include <ring-core/arm_arch.h>
15
16#if __ARM_MAX_ARCH__>=7
17.text
18.arch	armv7-a	@ don't confuse not-so-latest binutils with argv8 :-)
19.fpu	neon
20.code	32
21#undef	__thumb2__
22.align	5
23.Lrcon:
24.long	0x01,0x01,0x01,0x01
25.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	@ rotate-n-splat
26.long	0x1b,0x1b,0x1b,0x1b
27
28.text
29
30.globl	aes_hw_set_encrypt_key
31.hidden	aes_hw_set_encrypt_key
32.type	aes_hw_set_encrypt_key,%function
33.align	5
34aes_hw_set_encrypt_key:
35.Lenc_key:
36	mov	r3,#-1
37	cmp	r0,#0
38	beq	.Lenc_key_abort
39	cmp	r2,#0
40	beq	.Lenc_key_abort
41	mov	r3,#-2
42	cmp	r1,#128
43	blt	.Lenc_key_abort
44	cmp	r1,#256
45	bgt	.Lenc_key_abort
46	tst	r1,#0x3f
47	bne	.Lenc_key_abort
48
49	adr	r3,.Lrcon
50	cmp	r1,#192
51
52	veor	q0,q0,q0
53	vld1.8	{q3},[r0]!
54	mov	r1,#8		@ reuse r1
55	vld1.32	{q1,q2},[r3]!
56
57	blt	.Loop128
58	@ 192-bit key support was removed.
59	b	.L256
60
61.align	4
62.Loop128:
63	vtbl.8	d20,{q3},d4
64	vtbl.8	d21,{q3},d5
65	vext.8	q9,q0,q3,#12
66	vst1.32	{q3},[r2]!
67.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
68	subs	r1,r1,#1
69
70	veor	q3,q3,q9
71	vext.8	q9,q0,q9,#12
72	veor	q3,q3,q9
73	vext.8	q9,q0,q9,#12
74	veor	q10,q10,q1
75	veor	q3,q3,q9
76	vshl.u8	q1,q1,#1
77	veor	q3,q3,q10
78	bne	.Loop128
79
80	vld1.32	{q1},[r3]
81
82	vtbl.8	d20,{q3},d4
83	vtbl.8	d21,{q3},d5
84	vext.8	q9,q0,q3,#12
85	vst1.32	{q3},[r2]!
86.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
87
88	veor	q3,q3,q9
89	vext.8	q9,q0,q9,#12
90	veor	q3,q3,q9
91	vext.8	q9,q0,q9,#12
92	veor	q10,q10,q1
93	veor	q3,q3,q9
94	vshl.u8	q1,q1,#1
95	veor	q3,q3,q10
96
97	vtbl.8	d20,{q3},d4
98	vtbl.8	d21,{q3},d5
99	vext.8	q9,q0,q3,#12
100	vst1.32	{q3},[r2]!
101.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
102
103	veor	q3,q3,q9
104	vext.8	q9,q0,q9,#12
105	veor	q3,q3,q9
106	vext.8	q9,q0,q9,#12
107	veor	q10,q10,q1
108	veor	q3,q3,q9
109	veor	q3,q3,q10
110	vst1.32	{q3},[r2]
111	add	r2,r2,#0x50
112
113	mov	r12,#10
114	b	.Ldone
115
116@ 192-bit key support was removed.
117
118.align	4
119.L256:
120	vld1.8	{q8},[r0]
121	mov	r1,#7
122	mov	r12,#14
123	vst1.32	{q3},[r2]!
124
125.Loop256:
126	vtbl.8	d20,{q8},d4
127	vtbl.8	d21,{q8},d5
128	vext.8	q9,q0,q3,#12
129	vst1.32	{q8},[r2]!
130.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
131	subs	r1,r1,#1
132
133	veor	q3,q3,q9
134	vext.8	q9,q0,q9,#12
135	veor	q3,q3,q9
136	vext.8	q9,q0,q9,#12
137	veor	q10,q10,q1
138	veor	q3,q3,q9
139	vshl.u8	q1,q1,#1
140	veor	q3,q3,q10
141	vst1.32	{q3},[r2]!
142	beq	.Ldone
143
144	vdup.32	q10,d7[1]
145	vext.8	q9,q0,q8,#12
146.byte	0x00,0x43,0xf0,0xf3	@ aese q10,q0
147
148	veor	q8,q8,q9
149	vext.8	q9,q0,q9,#12
150	veor	q8,q8,q9
151	vext.8	q9,q0,q9,#12
152	veor	q8,q8,q9
153
154	veor	q8,q8,q10
155	b	.Loop256
156
157.Ldone:
158	str	r12,[r2]
159	mov	r3,#0
160
161.Lenc_key_abort:
162	mov	r0,r3			@ return value
163
164	bx	lr
165.size	aes_hw_set_encrypt_key,.-aes_hw_set_encrypt_key
166.globl	aes_hw_encrypt
167.hidden	aes_hw_encrypt
168.type	aes_hw_encrypt,%function
169.align	5
170aes_hw_encrypt:
171	AARCH64_VALID_CALL_TARGET
172	ldr	r3,[r2,#240]
173	vld1.32	{q0},[r2]!
174	vld1.8	{q2},[r0]
175	sub	r3,r3,#2
176	vld1.32	{q1},[r2]!
177
178.Loop_enc:
179.byte	0x00,0x43,0xb0,0xf3	@ aese q2,q0
180.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
181	vld1.32	{q0},[r2]!
182	subs	r3,r3,#2
183.byte	0x02,0x43,0xb0,0xf3	@ aese q2,q1
184.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
185	vld1.32	{q1},[r2]!
186	bgt	.Loop_enc
187
188.byte	0x00,0x43,0xb0,0xf3	@ aese q2,q0
189.byte	0x84,0x43,0xb0,0xf3	@ aesmc q2,q2
190	vld1.32	{q0},[r2]
191.byte	0x02,0x43,0xb0,0xf3	@ aese q2,q1
192	veor	q2,q2,q0
193
194	vst1.8	{q2},[r1]
195	bx	lr
196.size	aes_hw_encrypt,.-aes_hw_encrypt
197.globl	aes_hw_ctr32_encrypt_blocks
198.hidden	aes_hw_ctr32_encrypt_blocks
199.type	aes_hw_ctr32_encrypt_blocks,%function
200.align	5
201aes_hw_ctr32_encrypt_blocks:
202	mov	ip,sp
203	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,lr}
204	vstmdb	sp!,{d8,d9,d10,d11,d12,d13,d14,d15}            @ ABI specification says so
205	ldr	r4, [ip]		@ load remaining arg
206	ldr	r5,[r3,#240]
207
208	ldr	r8, [r4, #12]
209	vld1.32	{q0},[r4]
210
211	vld1.32	{q8,q9},[r3]		@ load key schedule...
212	sub	r5,r5,#4
213	mov	r12,#16
214	cmp	r2,#2
215	add	r7,r3,r5,lsl#4	@ pointer to last 5 round keys
216	sub	r5,r5,#2
217	vld1.32	{q12,q13},[r7]!
218	vld1.32	{q14,q15},[r7]!
219	vld1.32	{q7},[r7]
220	add	r7,r3,#32
221	mov	r6,r5
222	movlo	r12,#0
223
224	@ ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are
225	@ affected by silicon errata #1742098 [0] and #1655431 [1],
226	@ respectively, where the second instruction of an aese/aesmc
227	@ instruction pair may execute twice if an interrupt is taken right
228	@ after the first instruction consumes an input register of which a
229	@ single 32-bit lane has been updated the last time it was modified.
230	@
231	@ This function uses a counter in one 32-bit lane. The
232	@ could write to q1 and q10 directly, but that trips this bugs.
233	@ We write to q6 and copy to the final register as a workaround.
234	@
235	@ [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
236	@ [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
237#ifndef __ARMEB__
238	rev	r8, r8
239#endif
240	add	r10, r8, #1
241	vorr	q6,q0,q0
242	rev	r10, r10
243	vmov.32	d13[1],r10
244	add	r8, r8, #2
245	vorr	q1,q6,q6
246	bls	.Lctr32_tail
247	rev	r12, r8
248	vmov.32	d13[1],r12
249	sub	r2,r2,#3		@ bias
250	vorr	q10,q6,q6
251	b	.Loop3x_ctr32
252
253.align	4
254.Loop3x_ctr32:
255.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
256.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
257.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
258.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
259.byte	0x20,0x43,0xf0,0xf3	@ aese q10,q8
260.byte	0xa4,0x43,0xf0,0xf3	@ aesmc q10,q10
261	vld1.32	{q8},[r7]!
262	subs	r6,r6,#2
263.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
264.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
265.byte	0x22,0x23,0xb0,0xf3	@ aese q1,q9
266.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
267.byte	0x22,0x43,0xf0,0xf3	@ aese q10,q9
268.byte	0xa4,0x43,0xf0,0xf3	@ aesmc q10,q10
269	vld1.32	{q9},[r7]!
270	bgt	.Loop3x_ctr32
271
272.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
273.byte	0x80,0x83,0xb0,0xf3	@ aesmc q4,q0
274.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
275.byte	0x82,0xa3,0xb0,0xf3	@ aesmc q5,q1
276	vld1.8	{q2},[r0]!
277	add	r9,r8,#1
278.byte	0x20,0x43,0xf0,0xf3	@ aese q10,q8
279.byte	0xa4,0x43,0xf0,0xf3	@ aesmc q10,q10
280	vld1.8	{q3},[r0]!
281	rev	r9,r9
282.byte	0x22,0x83,0xb0,0xf3	@ aese q4,q9
283.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
284.byte	0x22,0xa3,0xb0,0xf3	@ aese q5,q9
285.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
286	vld1.8	{q11},[r0]!
287	mov	r7,r3
288.byte	0x22,0x43,0xf0,0xf3	@ aese q10,q9
289.byte	0xa4,0x23,0xf0,0xf3	@ aesmc q9,q10
290.byte	0x28,0x83,0xb0,0xf3	@ aese q4,q12
291.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
292.byte	0x28,0xa3,0xb0,0xf3	@ aese q5,q12
293.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
294	veor	q2,q2,q7
295	add	r10,r8,#2
296.byte	0x28,0x23,0xf0,0xf3	@ aese q9,q12
297.byte	0xa2,0x23,0xf0,0xf3	@ aesmc q9,q9
298	veor	q3,q3,q7
299	add	r8,r8,#3
300.byte	0x2a,0x83,0xb0,0xf3	@ aese q4,q13
301.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
302.byte	0x2a,0xa3,0xb0,0xf3	@ aese q5,q13
303.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
304	 @ Note the logic to update q0, q1, and q1 is written to work
305	 @ around a bug in ARM Cortex-A57 and Cortex-A72 cores running in
306	 @ 32-bit mode. See the comment above.
307	veor	q11,q11,q7
308	vmov.32	d13[1], r9
309.byte	0x2a,0x23,0xf0,0xf3	@ aese q9,q13
310.byte	0xa2,0x23,0xf0,0xf3	@ aesmc q9,q9
311	vorr	q0,q6,q6
312	rev	r10,r10
313.byte	0x2c,0x83,0xb0,0xf3	@ aese q4,q14
314.byte	0x88,0x83,0xb0,0xf3	@ aesmc q4,q4
315	vmov.32	d13[1], r10
316	rev	r12,r8
317.byte	0x2c,0xa3,0xb0,0xf3	@ aese q5,q14
318.byte	0x8a,0xa3,0xb0,0xf3	@ aesmc q5,q5
319	vorr	q1,q6,q6
320	vmov.32	d13[1], r12
321.byte	0x2c,0x23,0xf0,0xf3	@ aese q9,q14
322.byte	0xa2,0x23,0xf0,0xf3	@ aesmc q9,q9
323	vorr	q10,q6,q6
324	subs	r2,r2,#3
325.byte	0x2e,0x83,0xb0,0xf3	@ aese q4,q15
326.byte	0x2e,0xa3,0xb0,0xf3	@ aese q5,q15
327.byte	0x2e,0x23,0xf0,0xf3	@ aese q9,q15
328
329	veor	q2,q2,q4
330	vld1.32	{q8},[r7]!	@ re-pre-load rndkey[0]
331	vst1.8	{q2},[r1]!
332	veor	q3,q3,q5
333	mov	r6,r5
334	vst1.8	{q3},[r1]!
335	veor	q11,q11,q9
336	vld1.32	{q9},[r7]!	@ re-pre-load rndkey[1]
337	vst1.8	{q11},[r1]!
338	bhs	.Loop3x_ctr32
339
340	adds	r2,r2,#3
341	beq	.Lctr32_done
342	cmp	r2,#1
343	mov	r12,#16
344	moveq	r12,#0
345
346.Lctr32_tail:
347.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
348.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
349.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
350.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
351	vld1.32	{q8},[r7]!
352	subs	r6,r6,#2
353.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
354.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
355.byte	0x22,0x23,0xb0,0xf3	@ aese q1,q9
356.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
357	vld1.32	{q9},[r7]!
358	bgt	.Lctr32_tail
359
360.byte	0x20,0x03,0xb0,0xf3	@ aese q0,q8
361.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
362.byte	0x20,0x23,0xb0,0xf3	@ aese q1,q8
363.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
364.byte	0x22,0x03,0xb0,0xf3	@ aese q0,q9
365.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
366.byte	0x22,0x23,0xb0,0xf3	@ aese q1,q9
367.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
368	vld1.8	{q2},[r0],r12
369.byte	0x28,0x03,0xb0,0xf3	@ aese q0,q12
370.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
371.byte	0x28,0x23,0xb0,0xf3	@ aese q1,q12
372.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
373	vld1.8	{q3},[r0]
374.byte	0x2a,0x03,0xb0,0xf3	@ aese q0,q13
375.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
376.byte	0x2a,0x23,0xb0,0xf3	@ aese q1,q13
377.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
378	veor	q2,q2,q7
379.byte	0x2c,0x03,0xb0,0xf3	@ aese q0,q14
380.byte	0x80,0x03,0xb0,0xf3	@ aesmc q0,q0
381.byte	0x2c,0x23,0xb0,0xf3	@ aese q1,q14
382.byte	0x82,0x23,0xb0,0xf3	@ aesmc q1,q1
383	veor	q3,q3,q7
384.byte	0x2e,0x03,0xb0,0xf3	@ aese q0,q15
385.byte	0x2e,0x23,0xb0,0xf3	@ aese q1,q15
386
387	cmp	r2,#1
388	veor	q2,q2,q0
389	veor	q3,q3,q1
390	vst1.8	{q2},[r1]!
391	beq	.Lctr32_done
392	vst1.8	{q3},[r1]
393
394.Lctr32_done:
395	vldmia	sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
396	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
397.size	aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks
398#endif
399#endif
400#endif  // !OPENSSL_NO_ASM
401.section	.note.GNU-stack,"",%progbits
402