1#!/usr/bin/env perl 2 3# ==================================================================== 4# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL 5# project. The module is, however, dual licensed under OpenSSL and 6# CRYPTOGAMS licenses depending on where you obtain it. For further 7# details see http://www.openssl.org/~appro/cryptogams/. 8# ==================================================================== 9 10# AES for ARMv4 11 12# January 2007. 13# 14# Code uses single 1K S-box and is >2 times faster than code generated 15# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which 16# allows to merge logical or arithmetic operation with shift or rotate 17# in one instruction and emit combined result every cycle. The module 18# is endian-neutral. The performance is ~42 cycles/byte for 128-bit 19# key [on single-issue Xscale PXA250 core]. 20 21# May 2007. 22# 23# AES_set_[en|de]crypt_key is added. 24 25# July 2010. 26# 27# Rescheduling for dual-issue pipeline resulted in 12% improvement on 28# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. 29 30# February 2011. 31# 32# Profiler-assisted and platform-specific optimization resulted in 16% 33# improvement on Cortex A8 core and ~21.5 cycles per byte. 34 35$flavour = shift; 36if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } 37else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } 38 39if ($flavour && $flavour ne "void") { 40 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 41 ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or 42 ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or 43 die "can't locate arm-xlate.pl"; 44 45 open STDOUT,"| \"$^X\" $xlate $flavour $output"; 46} else { 47 open STDOUT,">$output"; 48} 49 50$s0="r0"; 51$s1="r1"; 52$s2="r2"; 53$s3="r3"; 54$t1="r4"; 55$t2="r5"; 56$t3="r6"; 57$i1="r7"; 58$i2="r8"; 59$i3="r9"; 60 61$tbl="r10"; 62$key="r11"; 63$rounds="r12"; 64 65$code=<<___; 66#if defined(__arm__) 67#ifndef __KERNEL__ 68# include <openssl/arm_arch.h> 69#else 70# define __ARM_ARCH__ __LINUX_ARM_ARCH__ 71#endif 72 73.text 74#if __ARM_ARCH__<7 75.code 32 76#else 77.syntax unified 78# if defined(__thumb2__) && !defined(__APPLE__) 79.thumb 80# else 81.code 32 82# endif 83#endif 84 85.type AES_Te,%object 86.align 5 87AES_Te: 88.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d 89.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 90.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d 91.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a 92.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 93.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b 94.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea 95.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b 96.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a 97.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f 98.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 99.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f 100.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e 101.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 102.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d 103.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f 104.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e 105.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb 106.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce 107.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 108.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c 109.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed 110.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b 111.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a 112.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 113.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 114.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 115.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 116.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a 117.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 118.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 119.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d 120.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f 121.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 122.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 123.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 124.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f 125.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 126.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c 127.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 128.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e 129.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 130.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 131.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b 132.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 133.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 134.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 135.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 136.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 137.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 138.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 139.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 140.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa 141.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 142.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 143.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 144.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 145.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 146.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 147.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a 148.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 149.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 150.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 151.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a 152@ Te4[256] 153.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 154.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 155.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 156.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 157.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc 158.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 159.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a 160.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 161.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 162.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 163.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b 164.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf 165.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 166.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 167.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 168.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 169.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 170.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 171.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 172.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb 173.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c 174.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 175.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 176.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 177.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 178.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a 179.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e 180.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e 181.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 182.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf 183.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 184.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 185@ rcon[] 186.word 0x01000000, 0x02000000, 0x04000000, 0x08000000 187.word 0x10000000, 0x20000000, 0x40000000, 0x80000000 188.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 189.size AES_Te,.-AES_Te 190 191@ void asm_AES_encrypt(const unsigned char *in, unsigned char *out, 192@ const AES_KEY *key) { 193.global asm_AES_encrypt 194.hidden asm_AES_encrypt 195.type asm_AES_encrypt,%function 196.align 5 197asm_AES_encrypt: 198#if __ARM_ARCH__<7 199 sub r3,pc,#8 @ asm_AES_encrypt 200#else 201 adr r3,asm_AES_encrypt 202#endif 203 stmdb sp!,{r1,r4-r12,lr} 204#ifdef __APPLE__ 205 adr $tbl,AES_Te 206#else 207 sub $tbl,r3,#asm_AES_encrypt-AES_Te @ Te 208#endif 209 mov $rounds,r0 @ inp 210 mov $key,r2 211#if __ARM_ARCH__<7 212 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 213 ldrb $t1,[$rounds,#2] @ manner... 214 ldrb $t2,[$rounds,#1] 215 ldrb $t3,[$rounds,#0] 216 orr $s0,$s0,$t1,lsl#8 217 ldrb $s1,[$rounds,#7] 218 orr $s0,$s0,$t2,lsl#16 219 ldrb $t1,[$rounds,#6] 220 orr $s0,$s0,$t3,lsl#24 221 ldrb $t2,[$rounds,#5] 222 ldrb $t3,[$rounds,#4] 223 orr $s1,$s1,$t1,lsl#8 224 ldrb $s2,[$rounds,#11] 225 orr $s1,$s1,$t2,lsl#16 226 ldrb $t1,[$rounds,#10] 227 orr $s1,$s1,$t3,lsl#24 228 ldrb $t2,[$rounds,#9] 229 ldrb $t3,[$rounds,#8] 230 orr $s2,$s2,$t1,lsl#8 231 ldrb $s3,[$rounds,#15] 232 orr $s2,$s2,$t2,lsl#16 233 ldrb $t1,[$rounds,#14] 234 orr $s2,$s2,$t3,lsl#24 235 ldrb $t2,[$rounds,#13] 236 ldrb $t3,[$rounds,#12] 237 orr $s3,$s3,$t1,lsl#8 238 orr $s3,$s3,$t2,lsl#16 239 orr $s3,$s3,$t3,lsl#24 240#else 241 ldr $s0,[$rounds,#0] 242 ldr $s1,[$rounds,#4] 243 ldr $s2,[$rounds,#8] 244 ldr $s3,[$rounds,#12] 245#ifdef __ARMEL__ 246 rev $s0,$s0 247 rev $s1,$s1 248 rev $s2,$s2 249 rev $s3,$s3 250#endif 251#endif 252 bl _armv4_AES_encrypt 253 254 ldr $rounds,[sp],#4 @ pop out 255#if __ARM_ARCH__>=7 256#ifdef __ARMEL__ 257 rev $s0,$s0 258 rev $s1,$s1 259 rev $s2,$s2 260 rev $s3,$s3 261#endif 262 str $s0,[$rounds,#0] 263 str $s1,[$rounds,#4] 264 str $s2,[$rounds,#8] 265 str $s3,[$rounds,#12] 266#else 267 mov $t1,$s0,lsr#24 @ write output in endian-neutral 268 mov $t2,$s0,lsr#16 @ manner... 269 mov $t3,$s0,lsr#8 270 strb $t1,[$rounds,#0] 271 strb $t2,[$rounds,#1] 272 mov $t1,$s1,lsr#24 273 strb $t3,[$rounds,#2] 274 mov $t2,$s1,lsr#16 275 strb $s0,[$rounds,#3] 276 mov $t3,$s1,lsr#8 277 strb $t1,[$rounds,#4] 278 strb $t2,[$rounds,#5] 279 mov $t1,$s2,lsr#24 280 strb $t3,[$rounds,#6] 281 mov $t2,$s2,lsr#16 282 strb $s1,[$rounds,#7] 283 mov $t3,$s2,lsr#8 284 strb $t1,[$rounds,#8] 285 strb $t2,[$rounds,#9] 286 mov $t1,$s3,lsr#24 287 strb $t3,[$rounds,#10] 288 mov $t2,$s3,lsr#16 289 strb $s2,[$rounds,#11] 290 mov $t3,$s3,lsr#8 291 strb $t1,[$rounds,#12] 292 strb $t2,[$rounds,#13] 293 strb $t3,[$rounds,#14] 294 strb $s3,[$rounds,#15] 295#endif 296#if __ARM_ARCH__>=5 297 ldmia sp!,{r4-r12,pc} 298#else 299 ldmia sp!,{r4-r12,lr} 300 tst lr,#1 301 moveq pc,lr @ be binary compatible with V4, yet 302 bx lr @ interoperable with Thumb ISA:-) 303#endif 304.size asm_AES_encrypt,.-asm_AES_encrypt 305 306.type _armv4_AES_encrypt,%function 307.align 2 308_armv4_AES_encrypt: 309 str lr,[sp,#-4]! @ push lr 310 ldmia $key!,{$t1-$i1} 311 eor $s0,$s0,$t1 312 ldr $rounds,[$key,#240-16] 313 eor $s1,$s1,$t2 314 eor $s2,$s2,$t3 315 eor $s3,$s3,$i1 316 sub $rounds,$rounds,#1 317 mov lr,#255 318 319 and $i1,lr,$s0 320 and $i2,lr,$s0,lsr#8 321 and $i3,lr,$s0,lsr#16 322 mov $s0,$s0,lsr#24 323.Lenc_loop: 324 ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] 325 and $i1,lr,$s1,lsr#16 @ i0 326 ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] 327 and $i2,lr,$s1 328 ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] 329 and $i3,lr,$s1,lsr#8 330 ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] 331 mov $s1,$s1,lsr#24 332 333 ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] 334 ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] 335 ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] 336 eor $s0,$s0,$i1,ror#8 337 ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] 338 and $i1,lr,$s2,lsr#8 @ i0 339 eor $t2,$t2,$i2,ror#8 340 and $i2,lr,$s2,lsr#16 @ i1 341 eor $t3,$t3,$i3,ror#8 342 and $i3,lr,$s2 343 ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] 344 eor $s1,$s1,$t1,ror#24 345 ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] 346 mov $s2,$s2,lsr#24 347 348 ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] 349 eor $s0,$s0,$i1,ror#16 350 ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] 351 and $i1,lr,$s3 @ i0 352 eor $s1,$s1,$i2,ror#8 353 and $i2,lr,$s3,lsr#8 @ i1 354 eor $t3,$t3,$i3,ror#16 355 and $i3,lr,$s3,lsr#16 @ i2 356 ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] 357 eor $s2,$s2,$t2,ror#16 358 ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] 359 mov $s3,$s3,lsr#24 360 361 ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] 362 eor $s0,$s0,$i1,ror#24 363 ldr $i1,[$key],#16 364 eor $s1,$s1,$i2,ror#16 365 ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] 366 eor $s2,$s2,$i3,ror#8 367 ldr $t1,[$key,#-12] 368 eor $s3,$s3,$t3,ror#8 369 370 ldr $t2,[$key,#-8] 371 eor $s0,$s0,$i1 372 ldr $t3,[$key,#-4] 373 and $i1,lr,$s0 374 eor $s1,$s1,$t1 375 and $i2,lr,$s0,lsr#8 376 eor $s2,$s2,$t2 377 and $i3,lr,$s0,lsr#16 378 eor $s3,$s3,$t3 379 mov $s0,$s0,lsr#24 380 381 subs $rounds,$rounds,#1 382 bne .Lenc_loop 383 384 add $tbl,$tbl,#2 385 386 ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] 387 and $i1,lr,$s1,lsr#16 @ i0 388 ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] 389 and $i2,lr,$s1 390 ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] 391 and $i3,lr,$s1,lsr#8 392 ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] 393 mov $s1,$s1,lsr#24 394 395 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] 396 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] 397 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] 398 eor $s0,$i1,$s0,lsl#8 399 ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] 400 and $i1,lr,$s2,lsr#8 @ i0 401 eor $t2,$i2,$t2,lsl#8 402 and $i2,lr,$s2,lsr#16 @ i1 403 eor $t3,$i3,$t3,lsl#8 404 and $i3,lr,$s2 405 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] 406 eor $s1,$t1,$s1,lsl#24 407 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] 408 mov $s2,$s2,lsr#24 409 410 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] 411 eor $s0,$i1,$s0,lsl#8 412 ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] 413 and $i1,lr,$s3 @ i0 414 eor $s1,$s1,$i2,lsl#16 415 and $i2,lr,$s3,lsr#8 @ i1 416 eor $t3,$i3,$t3,lsl#8 417 and $i3,lr,$s3,lsr#16 @ i2 418 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] 419 eor $s2,$t2,$s2,lsl#24 420 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] 421 mov $s3,$s3,lsr#24 422 423 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] 424 eor $s0,$i1,$s0,lsl#8 425 ldr $i1,[$key,#0] 426 ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] 427 eor $s1,$s1,$i2,lsl#8 428 ldr $t1,[$key,#4] 429 eor $s2,$s2,$i3,lsl#16 430 ldr $t2,[$key,#8] 431 eor $s3,$t3,$s3,lsl#24 432 ldr $t3,[$key,#12] 433 434 eor $s0,$s0,$i1 435 eor $s1,$s1,$t1 436 eor $s2,$s2,$t2 437 eor $s3,$s3,$t3 438 439 sub $tbl,$tbl,#2 440 ldr pc,[sp],#4 @ pop and return 441.size _armv4_AES_encrypt,.-_armv4_AES_encrypt 442 443.global asm_AES_set_encrypt_key 444.hidden asm_AES_set_encrypt_key 445.type asm_AES_set_encrypt_key,%function 446.align 5 447asm_AES_set_encrypt_key: 448_armv4_AES_set_encrypt_key: 449#if __ARM_ARCH__<7 450 sub r3,pc,#8 @ asm_AES_set_encrypt_key 451#else 452 adr r3,asm_AES_set_encrypt_key 453#endif 454 teq r0,#0 455#if __ARM_ARCH__>=7 456 itt eq @ Thumb2 thing, sanity check in ARM 457#endif 458 moveq r0,#-1 459 beq .Labrt 460 teq r2,#0 461#if __ARM_ARCH__>=7 462 itt eq @ Thumb2 thing, sanity check in ARM 463#endif 464 moveq r0,#-1 465 beq .Labrt 466 467 teq r1,#128 468 beq .Lok 469 teq r1,#192 470 beq .Lok 471 teq r1,#256 472#if __ARM_ARCH__>=7 473 itt ne @ Thumb2 thing, sanity check in ARM 474#endif 475 movne r0,#-1 476 bne .Labrt 477 478.Lok: stmdb sp!,{r4-r12,lr} 479 mov $rounds,r0 @ inp 480 mov lr,r1 @ bits 481 mov $key,r2 @ key 482 483#ifdef __APPLE__ 484 adr $tbl,AES_Te+1024 @ Te4 485#else 486 sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 487#endif 488 489#if __ARM_ARCH__<7 490 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 491 ldrb $t1,[$rounds,#2] @ manner... 492 ldrb $t2,[$rounds,#1] 493 ldrb $t3,[$rounds,#0] 494 orr $s0,$s0,$t1,lsl#8 495 ldrb $s1,[$rounds,#7] 496 orr $s0,$s0,$t2,lsl#16 497 ldrb $t1,[$rounds,#6] 498 orr $s0,$s0,$t3,lsl#24 499 ldrb $t2,[$rounds,#5] 500 ldrb $t3,[$rounds,#4] 501 orr $s1,$s1,$t1,lsl#8 502 ldrb $s2,[$rounds,#11] 503 orr $s1,$s1,$t2,lsl#16 504 ldrb $t1,[$rounds,#10] 505 orr $s1,$s1,$t3,lsl#24 506 ldrb $t2,[$rounds,#9] 507 ldrb $t3,[$rounds,#8] 508 orr $s2,$s2,$t1,lsl#8 509 ldrb $s3,[$rounds,#15] 510 orr $s2,$s2,$t2,lsl#16 511 ldrb $t1,[$rounds,#14] 512 orr $s2,$s2,$t3,lsl#24 513 ldrb $t2,[$rounds,#13] 514 ldrb $t3,[$rounds,#12] 515 orr $s3,$s3,$t1,lsl#8 516 str $s0,[$key],#16 517 orr $s3,$s3,$t2,lsl#16 518 str $s1,[$key,#-12] 519 orr $s3,$s3,$t3,lsl#24 520 str $s2,[$key,#-8] 521 str $s3,[$key,#-4] 522#else 523 ldr $s0,[$rounds,#0] 524 ldr $s1,[$rounds,#4] 525 ldr $s2,[$rounds,#8] 526 ldr $s3,[$rounds,#12] 527#ifdef __ARMEL__ 528 rev $s0,$s0 529 rev $s1,$s1 530 rev $s2,$s2 531 rev $s3,$s3 532#endif 533 str $s0,[$key],#16 534 str $s1,[$key,#-12] 535 str $s2,[$key,#-8] 536 str $s3,[$key,#-4] 537#endif 538 539 teq lr,#128 540 bne .Lnot128 541 mov $rounds,#10 542 str $rounds,[$key,#240-16] 543 add $t3,$tbl,#256 @ rcon 544 mov lr,#255 545 546.L128_loop: 547 and $t2,lr,$s3,lsr#24 548 and $i1,lr,$s3,lsr#16 549 ldrb $t2,[$tbl,$t2] 550 and $i2,lr,$s3,lsr#8 551 ldrb $i1,[$tbl,$i1] 552 and $i3,lr,$s3 553 ldrb $i2,[$tbl,$i2] 554 orr $t2,$t2,$i1,lsl#24 555 ldrb $i3,[$tbl,$i3] 556 orr $t2,$t2,$i2,lsl#16 557 ldr $t1,[$t3],#4 @ rcon[i++] 558 orr $t2,$t2,$i3,lsl#8 559 eor $t2,$t2,$t1 560 eor $s0,$s0,$t2 @ rk[4]=rk[0]^... 561 eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] 562 str $s0,[$key],#16 563 eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] 564 str $s1,[$key,#-12] 565 eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] 566 str $s2,[$key,#-8] 567 subs $rounds,$rounds,#1 568 str $s3,[$key,#-4] 569 bne .L128_loop 570 sub r2,$key,#176 571 b .Ldone 572 573.Lnot128: 574#if __ARM_ARCH__<7 575 ldrb $i2,[$rounds,#19] 576 ldrb $t1,[$rounds,#18] 577 ldrb $t2,[$rounds,#17] 578 ldrb $t3,[$rounds,#16] 579 orr $i2,$i2,$t1,lsl#8 580 ldrb $i3,[$rounds,#23] 581 orr $i2,$i2,$t2,lsl#16 582 ldrb $t1,[$rounds,#22] 583 orr $i2,$i2,$t3,lsl#24 584 ldrb $t2,[$rounds,#21] 585 ldrb $t3,[$rounds,#20] 586 orr $i3,$i3,$t1,lsl#8 587 orr $i3,$i3,$t2,lsl#16 588 str $i2,[$key],#8 589 orr $i3,$i3,$t3,lsl#24 590 str $i3,[$key,#-4] 591#else 592 ldr $i2,[$rounds,#16] 593 ldr $i3,[$rounds,#20] 594#ifdef __ARMEL__ 595 rev $i2,$i2 596 rev $i3,$i3 597#endif 598 str $i2,[$key],#8 599 str $i3,[$key,#-4] 600#endif 601 602 teq lr,#192 603 bne .Lnot192 604 mov $rounds,#12 605 str $rounds,[$key,#240-24] 606 add $t3,$tbl,#256 @ rcon 607 mov lr,#255 608 mov $rounds,#8 609 610.L192_loop: 611 and $t2,lr,$i3,lsr#24 612 and $i1,lr,$i3,lsr#16 613 ldrb $t2,[$tbl,$t2] 614 and $i2,lr,$i3,lsr#8 615 ldrb $i1,[$tbl,$i1] 616 and $i3,lr,$i3 617 ldrb $i2,[$tbl,$i2] 618 orr $t2,$t2,$i1,lsl#24 619 ldrb $i3,[$tbl,$i3] 620 orr $t2,$t2,$i2,lsl#16 621 ldr $t1,[$t3],#4 @ rcon[i++] 622 orr $t2,$t2,$i3,lsl#8 623 eor $i3,$t2,$t1 624 eor $s0,$s0,$i3 @ rk[6]=rk[0]^... 625 eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] 626 str $s0,[$key],#24 627 eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] 628 str $s1,[$key,#-20] 629 eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] 630 str $s2,[$key,#-16] 631 subs $rounds,$rounds,#1 632 str $s3,[$key,#-12] 633#if __ARM_ARCH__>=7 634 itt eq @ Thumb2 thing, sanity check in ARM 635#endif 636 subeq r2,$key,#216 637 beq .Ldone 638 639 ldr $i1,[$key,#-32] 640 ldr $i2,[$key,#-28] 641 eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9] 642 eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10] 643 str $i1,[$key,#-8] 644 str $i3,[$key,#-4] 645 b .L192_loop 646 647.Lnot192: 648#if __ARM_ARCH__<7 649 ldrb $i2,[$rounds,#27] 650 ldrb $t1,[$rounds,#26] 651 ldrb $t2,[$rounds,#25] 652 ldrb $t3,[$rounds,#24] 653 orr $i2,$i2,$t1,lsl#8 654 ldrb $i3,[$rounds,#31] 655 orr $i2,$i2,$t2,lsl#16 656 ldrb $t1,[$rounds,#30] 657 orr $i2,$i2,$t3,lsl#24 658 ldrb $t2,[$rounds,#29] 659 ldrb $t3,[$rounds,#28] 660 orr $i3,$i3,$t1,lsl#8 661 orr $i3,$i3,$t2,lsl#16 662 str $i2,[$key],#8 663 orr $i3,$i3,$t3,lsl#24 664 str $i3,[$key,#-4] 665#else 666 ldr $i2,[$rounds,#24] 667 ldr $i3,[$rounds,#28] 668#ifdef __ARMEL__ 669 rev $i2,$i2 670 rev $i3,$i3 671#endif 672 str $i2,[$key],#8 673 str $i3,[$key,#-4] 674#endif 675 676 mov $rounds,#14 677 str $rounds,[$key,#240-32] 678 add $t3,$tbl,#256 @ rcon 679 mov lr,#255 680 mov $rounds,#7 681 682.L256_loop: 683 and $t2,lr,$i3,lsr#24 684 and $i1,lr,$i3,lsr#16 685 ldrb $t2,[$tbl,$t2] 686 and $i2,lr,$i3,lsr#8 687 ldrb $i1,[$tbl,$i1] 688 and $i3,lr,$i3 689 ldrb $i2,[$tbl,$i2] 690 orr $t2,$t2,$i1,lsl#24 691 ldrb $i3,[$tbl,$i3] 692 orr $t2,$t2,$i2,lsl#16 693 ldr $t1,[$t3],#4 @ rcon[i++] 694 orr $t2,$t2,$i3,lsl#8 695 eor $i3,$t2,$t1 696 eor $s0,$s0,$i3 @ rk[8]=rk[0]^... 697 eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] 698 str $s0,[$key],#32 699 eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] 700 str $s1,[$key,#-28] 701 eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] 702 str $s2,[$key,#-24] 703 subs $rounds,$rounds,#1 704 str $s3,[$key,#-20] 705#if __ARM_ARCH__>=7 706 itt eq @ Thumb2 thing, sanity check in ARM 707#endif 708 subeq r2,$key,#256 709 beq .Ldone 710 711 and $t2,lr,$s3 712 and $i1,lr,$s3,lsr#8 713 ldrb $t2,[$tbl,$t2] 714 and $i2,lr,$s3,lsr#16 715 ldrb $i1,[$tbl,$i1] 716 and $i3,lr,$s3,lsr#24 717 ldrb $i2,[$tbl,$i2] 718 orr $t2,$t2,$i1,lsl#8 719 ldrb $i3,[$tbl,$i3] 720 orr $t2,$t2,$i2,lsl#16 721 ldr $t1,[$key,#-48] 722 orr $t2,$t2,$i3,lsl#24 723 724 ldr $i1,[$key,#-44] 725 ldr $i2,[$key,#-40] 726 eor $t1,$t1,$t2 @ rk[12]=rk[4]^... 727 ldr $i3,[$key,#-36] 728 eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] 729 str $t1,[$key,#-16] 730 eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] 731 str $i1,[$key,#-12] 732 eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] 733 str $i2,[$key,#-8] 734 str $i3,[$key,#-4] 735 b .L256_loop 736 737.align 2 738.Ldone: mov r0,#0 739 ldmia sp!,{r4-r12,lr} 740.Labrt: 741#if __ARM_ARCH__>=5 742 ret @ bx lr 743#else 744 tst lr,#1 745 moveq pc,lr @ be binary compatible with V4, yet 746 bx lr @ interoperable with Thumb ISA:-) 747#endif 748.size asm_AES_set_encrypt_key,.-asm_AES_set_encrypt_key 749 750.global asm_AES_set_decrypt_key 751.hidden asm_AES_set_decrypt_key 752.type asm_AES_set_decrypt_key,%function 753.align 5 754asm_AES_set_decrypt_key: 755 str lr,[sp,#-4]! @ push lr 756 bl _armv4_AES_set_encrypt_key 757 teq r0,#0 758 ldr lr,[sp],#4 @ pop lr 759 bne .Labrt 760 761 mov r0,r2 @ asm_AES_set_encrypt_key preserves r2, 762 mov r1,r2 @ which is AES_KEY *key 763 b _armv4_AES_set_enc2dec_key 764.size asm_AES_set_decrypt_key,.-asm_AES_set_decrypt_key 765 766@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out) 767.global AES_set_enc2dec_key 768.hidden AES_set_enc2dec_key 769.type AES_set_enc2dec_key,%function 770.align 5 771AES_set_enc2dec_key: 772_armv4_AES_set_enc2dec_key: 773 stmdb sp!,{r4-r12,lr} 774 775 ldr $rounds,[r0,#240] 776 mov $i1,r0 @ input 777 add $i2,r0,$rounds,lsl#4 778 mov $key,r1 @ ouput 779 add $tbl,r1,$rounds,lsl#4 780 str $rounds,[r1,#240] 781 782.Linv: ldr $s0,[$i1],#16 783 ldr $s1,[$i1,#-12] 784 ldr $s2,[$i1,#-8] 785 ldr $s3,[$i1,#-4] 786 ldr $t1,[$i2],#-16 787 ldr $t2,[$i2,#16+4] 788 ldr $t3,[$i2,#16+8] 789 ldr $i3,[$i2,#16+12] 790 str $s0,[$tbl],#-16 791 str $s1,[$tbl,#16+4] 792 str $s2,[$tbl,#16+8] 793 str $s3,[$tbl,#16+12] 794 str $t1,[$key],#16 795 str $t2,[$key,#-12] 796 str $t3,[$key,#-8] 797 str $i3,[$key,#-4] 798 teq $i1,$i2 799 bne .Linv 800 801 ldr $s0,[$i1] 802 ldr $s1,[$i1,#4] 803 ldr $s2,[$i1,#8] 804 ldr $s3,[$i1,#12] 805 str $s0,[$key] 806 str $s1,[$key,#4] 807 str $s2,[$key,#8] 808 str $s3,[$key,#12] 809 sub $key,$key,$rounds,lsl#3 810___ 811$mask80=$i1; 812$mask1b=$i2; 813$mask7f=$i3; 814$code.=<<___; 815 ldr $s0,[$key,#16]! @ prefetch tp1 816 mov $mask80,#0x80 817 mov $mask1b,#0x1b 818 orr $mask80,$mask80,#0x8000 819 orr $mask1b,$mask1b,#0x1b00 820 orr $mask80,$mask80,$mask80,lsl#16 821 orr $mask1b,$mask1b,$mask1b,lsl#16 822 sub $rounds,$rounds,#1 823 mvn $mask7f,$mask80 824 mov $rounds,$rounds,lsl#2 @ (rounds-1)*4 825 826.Lmix: and $t1,$s0,$mask80 827 and $s1,$s0,$mask7f 828 sub $t1,$t1,$t1,lsr#7 829 and $t1,$t1,$mask1b 830 eor $s1,$t1,$s1,lsl#1 @ tp2 831 832 and $t1,$s1,$mask80 833 and $s2,$s1,$mask7f 834 sub $t1,$t1,$t1,lsr#7 835 and $t1,$t1,$mask1b 836 eor $s2,$t1,$s2,lsl#1 @ tp4 837 838 and $t1,$s2,$mask80 839 and $s3,$s2,$mask7f 840 sub $t1,$t1,$t1,lsr#7 841 and $t1,$t1,$mask1b 842 eor $s3,$t1,$s3,lsl#1 @ tp8 843 844 eor $t1,$s1,$s2 845 eor $t2,$s0,$s3 @ tp9 846 eor $t1,$t1,$s3 @ tpe 847 eor $t1,$t1,$s1,ror#24 848 eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8) 849 eor $t1,$t1,$s2,ror#16 850 eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16) 851 eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24) 852 853 ldr $s0,[$key,#4] @ prefetch tp1 854 str $t1,[$key],#4 855 subs $rounds,$rounds,#1 856 bne .Lmix 857 858 mov r0,#0 859#if __ARM_ARCH__>=5 860 ldmia sp!,{r4-r12,pc} 861#else 862 ldmia sp!,{r4-r12,lr} 863 tst lr,#1 864 moveq pc,lr @ be binary compatible with V4, yet 865 bx lr @ interoperable with Thumb ISA:-) 866#endif 867.size AES_set_enc2dec_key,.-AES_set_enc2dec_key 868 869.type AES_Td,%object 870.align 5 871AES_Td: 872.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 873.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 874.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 875.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f 876.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 877.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 878.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da 879.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 880.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd 881.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 882.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 883.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 884.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 885.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a 886.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 887.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c 888.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 889.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a 890.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 891.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 892.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 893.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff 894.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 895.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb 896.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 897.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e 898.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 899.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a 900.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e 901.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 902.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d 903.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 904.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd 905.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 906.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 907.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 908.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d 909.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 910.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 911.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef 912.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 913.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 914.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 915.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 916.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 917.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b 918.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 919.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 920.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 921.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 922.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 923.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f 924.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df 925.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f 926.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e 927.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 928.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 929.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c 930.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf 931.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 932.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f 933.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 934.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 935.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 936@ Td4[256] 937.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 938.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb 939.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 940.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb 941.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d 942.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e 943.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 944.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 945.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 946.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 947.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda 948.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 949.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a 950.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 951.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 952.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b 953.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea 954.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 955.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 956.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e 957.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 958.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b 959.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 960.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 961.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 962.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f 963.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d 964.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef 965.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 966.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 967.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 968.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d 969.size AES_Td,.-AES_Td 970 971@ void asm_AES_decrypt(const unsigned char *in, unsigned char *out, 972@ const AES_KEY *key) { 973.global asm_AES_decrypt 974.hidden asm_AES_decrypt 975.type asm_AES_decrypt,%function 976.align 5 977asm_AES_decrypt: 978#if __ARM_ARCH__<7 979 sub r3,pc,#8 @ asm_AES_decrypt 980#else 981 adr r3,asm_AES_decrypt 982#endif 983 stmdb sp!,{r1,r4-r12,lr} 984#ifdef __APPLE__ 985 adr $tbl,AES_Td 986#else 987 sub $tbl,r3,#asm_AES_decrypt-AES_Td @ Td 988#endif 989 mov $rounds,r0 @ inp 990 mov $key,r2 991#if __ARM_ARCH__<7 992 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 993 ldrb $t1,[$rounds,#2] @ manner... 994 ldrb $t2,[$rounds,#1] 995 ldrb $t3,[$rounds,#0] 996 orr $s0,$s0,$t1,lsl#8 997 ldrb $s1,[$rounds,#7] 998 orr $s0,$s0,$t2,lsl#16 999 ldrb $t1,[$rounds,#6] 1000 orr $s0,$s0,$t3,lsl#24 1001 ldrb $t2,[$rounds,#5] 1002 ldrb $t3,[$rounds,#4] 1003 orr $s1,$s1,$t1,lsl#8 1004 ldrb $s2,[$rounds,#11] 1005 orr $s1,$s1,$t2,lsl#16 1006 ldrb $t1,[$rounds,#10] 1007 orr $s1,$s1,$t3,lsl#24 1008 ldrb $t2,[$rounds,#9] 1009 ldrb $t3,[$rounds,#8] 1010 orr $s2,$s2,$t1,lsl#8 1011 ldrb $s3,[$rounds,#15] 1012 orr $s2,$s2,$t2,lsl#16 1013 ldrb $t1,[$rounds,#14] 1014 orr $s2,$s2,$t3,lsl#24 1015 ldrb $t2,[$rounds,#13] 1016 ldrb $t3,[$rounds,#12] 1017 orr $s3,$s3,$t1,lsl#8 1018 orr $s3,$s3,$t2,lsl#16 1019 orr $s3,$s3,$t3,lsl#24 1020#else 1021 ldr $s0,[$rounds,#0] 1022 ldr $s1,[$rounds,#4] 1023 ldr $s2,[$rounds,#8] 1024 ldr $s3,[$rounds,#12] 1025#ifdef __ARMEL__ 1026 rev $s0,$s0 1027 rev $s1,$s1 1028 rev $s2,$s2 1029 rev $s3,$s3 1030#endif 1031#endif 1032 bl _armv4_AES_decrypt 1033 1034 ldr $rounds,[sp],#4 @ pop out 1035#if __ARM_ARCH__>=7 1036#ifdef __ARMEL__ 1037 rev $s0,$s0 1038 rev $s1,$s1 1039 rev $s2,$s2 1040 rev $s3,$s3 1041#endif 1042 str $s0,[$rounds,#0] 1043 str $s1,[$rounds,#4] 1044 str $s2,[$rounds,#8] 1045 str $s3,[$rounds,#12] 1046#else 1047 mov $t1,$s0,lsr#24 @ write output in endian-neutral 1048 mov $t2,$s0,lsr#16 @ manner... 1049 mov $t3,$s0,lsr#8 1050 strb $t1,[$rounds,#0] 1051 strb $t2,[$rounds,#1] 1052 mov $t1,$s1,lsr#24 1053 strb $t3,[$rounds,#2] 1054 mov $t2,$s1,lsr#16 1055 strb $s0,[$rounds,#3] 1056 mov $t3,$s1,lsr#8 1057 strb $t1,[$rounds,#4] 1058 strb $t2,[$rounds,#5] 1059 mov $t1,$s2,lsr#24 1060 strb $t3,[$rounds,#6] 1061 mov $t2,$s2,lsr#16 1062 strb $s1,[$rounds,#7] 1063 mov $t3,$s2,lsr#8 1064 strb $t1,[$rounds,#8] 1065 strb $t2,[$rounds,#9] 1066 mov $t1,$s3,lsr#24 1067 strb $t3,[$rounds,#10] 1068 mov $t2,$s3,lsr#16 1069 strb $s2,[$rounds,#11] 1070 mov $t3,$s3,lsr#8 1071 strb $t1,[$rounds,#12] 1072 strb $t2,[$rounds,#13] 1073 strb $t3,[$rounds,#14] 1074 strb $s3,[$rounds,#15] 1075#endif 1076#if __ARM_ARCH__>=5 1077 ldmia sp!,{r4-r12,pc} 1078#else 1079 ldmia sp!,{r4-r12,lr} 1080 tst lr,#1 1081 moveq pc,lr @ be binary compatible with V4, yet 1082 bx lr @ interoperable with Thumb ISA:-) 1083#endif 1084.size asm_AES_decrypt,.-asm_AES_decrypt 1085 1086.type _armv4_AES_decrypt,%function 1087.align 2 1088_armv4_AES_decrypt: 1089 str lr,[sp,#-4]! @ push lr 1090 ldmia $key!,{$t1-$i1} 1091 eor $s0,$s0,$t1 1092 ldr $rounds,[$key,#240-16] 1093 eor $s1,$s1,$t2 1094 eor $s2,$s2,$t3 1095 eor $s3,$s3,$i1 1096 sub $rounds,$rounds,#1 1097 mov lr,#255 1098 1099 and $i1,lr,$s0,lsr#16 1100 and $i2,lr,$s0,lsr#8 1101 and $i3,lr,$s0 1102 mov $s0,$s0,lsr#24 1103.Ldec_loop: 1104 ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] 1105 and $i1,lr,$s1 @ i0 1106 ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] 1107 and $i2,lr,$s1,lsr#16 1108 ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] 1109 and $i3,lr,$s1,lsr#8 1110 ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] 1111 mov $s1,$s1,lsr#24 1112 1113 ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] 1114 ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] 1115 ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] 1116 eor $s0,$s0,$i1,ror#24 1117 ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] 1118 and $i1,lr,$s2,lsr#8 @ i0 1119 eor $t2,$i2,$t2,ror#8 1120 and $i2,lr,$s2 @ i1 1121 eor $t3,$i3,$t3,ror#8 1122 and $i3,lr,$s2,lsr#16 1123 ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] 1124 eor $s1,$s1,$t1,ror#8 1125 ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] 1126 mov $s2,$s2,lsr#24 1127 1128 ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] 1129 eor $s0,$s0,$i1,ror#16 1130 ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] 1131 and $i1,lr,$s3,lsr#16 @ i0 1132 eor $s1,$s1,$i2,ror#24 1133 and $i2,lr,$s3,lsr#8 @ i1 1134 eor $t3,$i3,$t3,ror#8 1135 and $i3,lr,$s3 @ i2 1136 ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] 1137 eor $s2,$s2,$t2,ror#8 1138 ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] 1139 mov $s3,$s3,lsr#24 1140 1141 ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] 1142 eor $s0,$s0,$i1,ror#8 1143 ldr $i1,[$key],#16 1144 eor $s1,$s1,$i2,ror#16 1145 ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] 1146 eor $s2,$s2,$i3,ror#24 1147 1148 ldr $t1,[$key,#-12] 1149 eor $s0,$s0,$i1 1150 ldr $t2,[$key,#-8] 1151 eor $s3,$s3,$t3,ror#8 1152 ldr $t3,[$key,#-4] 1153 and $i1,lr,$s0,lsr#16 1154 eor $s1,$s1,$t1 1155 and $i2,lr,$s0,lsr#8 1156 eor $s2,$s2,$t2 1157 and $i3,lr,$s0 1158 eor $s3,$s3,$t3 1159 mov $s0,$s0,lsr#24 1160 1161 subs $rounds,$rounds,#1 1162 bne .Ldec_loop 1163 1164 add $tbl,$tbl,#1024 1165 1166 ldr $t2,[$tbl,#0] @ prefetch Td4 1167 ldr $t3,[$tbl,#32] 1168 ldr $t1,[$tbl,#64] 1169 ldr $t2,[$tbl,#96] 1170 ldr $t3,[$tbl,#128] 1171 ldr $t1,[$tbl,#160] 1172 ldr $t2,[$tbl,#192] 1173 ldr $t3,[$tbl,#224] 1174 1175 ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] 1176 ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] 1177 and $i1,lr,$s1 @ i0 1178 ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] 1179 and $i2,lr,$s1,lsr#16 1180 ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] 1181 and $i3,lr,$s1,lsr#8 1182 1183 add $s1,$tbl,$s1,lsr#24 1184 ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] 1185 ldrb $s1,[$s1] @ Td4[s1>>24] 1186 ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] 1187 eor $s0,$i1,$s0,lsl#24 1188 ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] 1189 eor $s1,$t1,$s1,lsl#8 1190 and $i1,lr,$s2,lsr#8 @ i0 1191 eor $t2,$t2,$i2,lsl#8 1192 and $i2,lr,$s2 @ i1 1193 ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] 1194 eor $t3,$t3,$i3,lsl#8 1195 ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] 1196 and $i3,lr,$s2,lsr#16 1197 1198 add $s2,$tbl,$s2,lsr#24 1199 ldrb $s2,[$s2] @ Td4[s2>>24] 1200 eor $s0,$s0,$i1,lsl#8 1201 ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] 1202 eor $s1,$i2,$s1,lsl#16 1203 and $i1,lr,$s3,lsr#16 @ i0 1204 eor $s2,$t2,$s2,lsl#16 1205 and $i2,lr,$s3,lsr#8 @ i1 1206 ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] 1207 eor $t3,$t3,$i3,lsl#16 1208 ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] 1209 and $i3,lr,$s3 @ i2 1210 1211 add $s3,$tbl,$s3,lsr#24 1212 ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] 1213 ldrb $s3,[$s3] @ Td4[s3>>24] 1214 eor $s0,$s0,$i1,lsl#16 1215 ldr $i1,[$key,#0] 1216 eor $s1,$s1,$i2,lsl#8 1217 ldr $t1,[$key,#4] 1218 eor $s2,$i3,$s2,lsl#8 1219 ldr $t2,[$key,#8] 1220 eor $s3,$t3,$s3,lsl#24 1221 ldr $t3,[$key,#12] 1222 1223 eor $s0,$s0,$i1 1224 eor $s1,$s1,$t1 1225 eor $s2,$s2,$t2 1226 eor $s3,$s3,$t3 1227 1228 sub $tbl,$tbl,#1024 1229 ldr pc,[sp],#4 @ pop and return 1230.size _armv4_AES_decrypt,.-_armv4_AES_decrypt 1231.asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" 1232.align 2 1233 1234#endif 1235___ 1236 1237$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 1238$code =~ s/\bret\b/bx\tlr/gm; 1239 1240open SELF,$0; 1241while(<SELF>) { 1242 next if (/^#!/); 1243 last if (!s/^#/@/ and !/^$/); 1244 print; 1245} 1246close SELF; 1247 1248print $code; 1249close STDOUT; # enforce flush 1250