1#!/usr/bin/env perl 2 3# ==================================================================== 4# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL 5# project. The module is, however, dual licensed under OpenSSL and 6# CRYPTOGAMS licenses depending on where you obtain it. For further 7# details see http://www.openssl.org/~appro/cryptogams/. 8# ==================================================================== 9 10# AES for ARMv4 11 12# January 2007. 13# 14# Code uses single 1K S-box and is >2 times faster than code generated 15# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which 16# allows to merge logical or arithmetic operation with shift or rotate 17# in one instruction and emit combined result every cycle. The module 18# is endian-neutral. The performance is ~42 cycles/byte for 128-bit 19# key [on single-issue Xscale PXA250 core]. 20 21# May 2007. 22# 23# AES_set_[en|de]crypt_key is added. 24 25# July 2010. 26# 27# Rescheduling for dual-issue pipeline resulted in 12% improvement on 28# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. 29 30# February 2011. 31# 32# Profiler-assisted and platform-specific optimization resulted in 16% 33# improvement on Cortex A8 core and ~21.5 cycles per byte. 34 35$flavour = shift; 36if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } 37else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } 38 39if ($flavour && $flavour ne "void") { 40 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; 41 ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or 42 ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or 43 die "can't locate arm-xlate.pl"; 44 45 open STDOUT,"| \"$^X\" $xlate $flavour $output"; 46} else { 47 open STDOUT,">$output"; 48} 49 50$s0="r0"; 51$s1="r1"; 52$s2="r2"; 53$s3="r3"; 54$t1="r4"; 55$t2="r5"; 56$t3="r6"; 57$i1="r7"; 58$i2="r8"; 59$i3="r9"; 60 61$tbl="r10"; 62$key="r11"; 63$rounds="r12"; 64 65$code=<<___; 66#if defined(__arm__) 67#ifndef __KERNEL__ 68# include <openssl/arm_arch.h> 69#else 70# define __ARM_ARCH__ __LINUX_ARM_ARCH__ 71#endif 72 73.text 74#if __ARM_ARCH__<7 75.code 32 76#else 77.syntax unified 78# if defined(__thumb2__) && !defined(__APPLE__) 79.thumb 80# else 81.code 32 82# endif 83#endif 84 85.type AES_Te,%object 86.align 5 87AES_Te: 88.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d 89.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 90.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d 91.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a 92.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 93.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b 94.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea 95.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b 96.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a 97.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f 98.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 99.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f 100.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e 101.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 102.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d 103.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f 104.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e 105.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb 106.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce 107.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 108.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c 109.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed 110.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b 111.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a 112.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 113.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 114.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 115.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 116.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a 117.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 118.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 119.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d 120.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f 121.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 122.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 123.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 124.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f 125.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 126.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c 127.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 128.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e 129.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 130.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 131.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b 132.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 133.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 134.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 135.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 136.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 137.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 138.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 139.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 140.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa 141.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 142.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 143.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 144.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 145.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 146.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 147.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a 148.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 149.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 150.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 151.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a 152@ Te4[256] 153.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 154.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 155.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 156.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 157.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc 158.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 159.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a 160.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 161.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 162.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 163.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b 164.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf 165.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 166.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 167.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 168.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 169.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 170.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 171.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 172.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb 173.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c 174.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 175.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 176.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 177.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 178.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a 179.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e 180.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e 181.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 182.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf 183.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 184.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 185@ rcon[] 186.word 0x01000000, 0x02000000, 0x04000000, 0x08000000 187.word 0x10000000, 0x20000000, 0x40000000, 0x80000000 188.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 189.size AES_Te,.-AES_Te 190 191@ void asm_AES_encrypt(const unsigned char *in, unsigned char *out, 192@ const AES_KEY *key) { 193.global asm_AES_encrypt 194.type asm_AES_encrypt,%function 195.align 5 196asm_AES_encrypt: 197#if __ARM_ARCH__<7 198 sub r3,pc,#8 @ asm_AES_encrypt 199#else 200 adr r3,asm_AES_encrypt 201#endif 202 stmdb sp!,{r1,r4-r12,lr} 203#ifdef __APPLE__ 204 adr $tbl,AES_Te 205#else 206 sub $tbl,r3,#asm_AES_encrypt-AES_Te @ Te 207#endif 208 mov $rounds,r0 @ inp 209 mov $key,r2 210#if __ARM_ARCH__<7 211 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 212 ldrb $t1,[$rounds,#2] @ manner... 213 ldrb $t2,[$rounds,#1] 214 ldrb $t3,[$rounds,#0] 215 orr $s0,$s0,$t1,lsl#8 216 ldrb $s1,[$rounds,#7] 217 orr $s0,$s0,$t2,lsl#16 218 ldrb $t1,[$rounds,#6] 219 orr $s0,$s0,$t3,lsl#24 220 ldrb $t2,[$rounds,#5] 221 ldrb $t3,[$rounds,#4] 222 orr $s1,$s1,$t1,lsl#8 223 ldrb $s2,[$rounds,#11] 224 orr $s1,$s1,$t2,lsl#16 225 ldrb $t1,[$rounds,#10] 226 orr $s1,$s1,$t3,lsl#24 227 ldrb $t2,[$rounds,#9] 228 ldrb $t3,[$rounds,#8] 229 orr $s2,$s2,$t1,lsl#8 230 ldrb $s3,[$rounds,#15] 231 orr $s2,$s2,$t2,lsl#16 232 ldrb $t1,[$rounds,#14] 233 orr $s2,$s2,$t3,lsl#24 234 ldrb $t2,[$rounds,#13] 235 ldrb $t3,[$rounds,#12] 236 orr $s3,$s3,$t1,lsl#8 237 orr $s3,$s3,$t2,lsl#16 238 orr $s3,$s3,$t3,lsl#24 239#else 240 ldr $s0,[$rounds,#0] 241 ldr $s1,[$rounds,#4] 242 ldr $s2,[$rounds,#8] 243 ldr $s3,[$rounds,#12] 244#ifdef __ARMEL__ 245 rev $s0,$s0 246 rev $s1,$s1 247 rev $s2,$s2 248 rev $s3,$s3 249#endif 250#endif 251 bl _armv4_AES_encrypt 252 253 ldr $rounds,[sp],#4 @ pop out 254#if __ARM_ARCH__>=7 255#ifdef __ARMEL__ 256 rev $s0,$s0 257 rev $s1,$s1 258 rev $s2,$s2 259 rev $s3,$s3 260#endif 261 str $s0,[$rounds,#0] 262 str $s1,[$rounds,#4] 263 str $s2,[$rounds,#8] 264 str $s3,[$rounds,#12] 265#else 266 mov $t1,$s0,lsr#24 @ write output in endian-neutral 267 mov $t2,$s0,lsr#16 @ manner... 268 mov $t3,$s0,lsr#8 269 strb $t1,[$rounds,#0] 270 strb $t2,[$rounds,#1] 271 mov $t1,$s1,lsr#24 272 strb $t3,[$rounds,#2] 273 mov $t2,$s1,lsr#16 274 strb $s0,[$rounds,#3] 275 mov $t3,$s1,lsr#8 276 strb $t1,[$rounds,#4] 277 strb $t2,[$rounds,#5] 278 mov $t1,$s2,lsr#24 279 strb $t3,[$rounds,#6] 280 mov $t2,$s2,lsr#16 281 strb $s1,[$rounds,#7] 282 mov $t3,$s2,lsr#8 283 strb $t1,[$rounds,#8] 284 strb $t2,[$rounds,#9] 285 mov $t1,$s3,lsr#24 286 strb $t3,[$rounds,#10] 287 mov $t2,$s3,lsr#16 288 strb $s2,[$rounds,#11] 289 mov $t3,$s3,lsr#8 290 strb $t1,[$rounds,#12] 291 strb $t2,[$rounds,#13] 292 strb $t3,[$rounds,#14] 293 strb $s3,[$rounds,#15] 294#endif 295#if __ARM_ARCH__>=5 296 ldmia sp!,{r4-r12,pc} 297#else 298 ldmia sp!,{r4-r12,lr} 299 tst lr,#1 300 moveq pc,lr @ be binary compatible with V4, yet 301 bx lr @ interoperable with Thumb ISA:-) 302#endif 303.size asm_AES_encrypt,.-asm_AES_encrypt 304 305.type _armv4_AES_encrypt,%function 306.align 2 307_armv4_AES_encrypt: 308 str lr,[sp,#-4]! @ push lr 309 ldmia $key!,{$t1-$i1} 310 eor $s0,$s0,$t1 311 ldr $rounds,[$key,#240-16] 312 eor $s1,$s1,$t2 313 eor $s2,$s2,$t3 314 eor $s3,$s3,$i1 315 sub $rounds,$rounds,#1 316 mov lr,#255 317 318 and $i1,lr,$s0 319 and $i2,lr,$s0,lsr#8 320 and $i3,lr,$s0,lsr#16 321 mov $s0,$s0,lsr#24 322.Lenc_loop: 323 ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] 324 and $i1,lr,$s1,lsr#16 @ i0 325 ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] 326 and $i2,lr,$s1 327 ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] 328 and $i3,lr,$s1,lsr#8 329 ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] 330 mov $s1,$s1,lsr#24 331 332 ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] 333 ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] 334 ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] 335 eor $s0,$s0,$i1,ror#8 336 ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] 337 and $i1,lr,$s2,lsr#8 @ i0 338 eor $t2,$t2,$i2,ror#8 339 and $i2,lr,$s2,lsr#16 @ i1 340 eor $t3,$t3,$i3,ror#8 341 and $i3,lr,$s2 342 ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] 343 eor $s1,$s1,$t1,ror#24 344 ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] 345 mov $s2,$s2,lsr#24 346 347 ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] 348 eor $s0,$s0,$i1,ror#16 349 ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] 350 and $i1,lr,$s3 @ i0 351 eor $s1,$s1,$i2,ror#8 352 and $i2,lr,$s3,lsr#8 @ i1 353 eor $t3,$t3,$i3,ror#16 354 and $i3,lr,$s3,lsr#16 @ i2 355 ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] 356 eor $s2,$s2,$t2,ror#16 357 ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] 358 mov $s3,$s3,lsr#24 359 360 ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] 361 eor $s0,$s0,$i1,ror#24 362 ldr $i1,[$key],#16 363 eor $s1,$s1,$i2,ror#16 364 ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] 365 eor $s2,$s2,$i3,ror#8 366 ldr $t1,[$key,#-12] 367 eor $s3,$s3,$t3,ror#8 368 369 ldr $t2,[$key,#-8] 370 eor $s0,$s0,$i1 371 ldr $t3,[$key,#-4] 372 and $i1,lr,$s0 373 eor $s1,$s1,$t1 374 and $i2,lr,$s0,lsr#8 375 eor $s2,$s2,$t2 376 and $i3,lr,$s0,lsr#16 377 eor $s3,$s3,$t3 378 mov $s0,$s0,lsr#24 379 380 subs $rounds,$rounds,#1 381 bne .Lenc_loop 382 383 add $tbl,$tbl,#2 384 385 ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] 386 and $i1,lr,$s1,lsr#16 @ i0 387 ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] 388 and $i2,lr,$s1 389 ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] 390 and $i3,lr,$s1,lsr#8 391 ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] 392 mov $s1,$s1,lsr#24 393 394 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] 395 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] 396 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] 397 eor $s0,$i1,$s0,lsl#8 398 ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] 399 and $i1,lr,$s2,lsr#8 @ i0 400 eor $t2,$i2,$t2,lsl#8 401 and $i2,lr,$s2,lsr#16 @ i1 402 eor $t3,$i3,$t3,lsl#8 403 and $i3,lr,$s2 404 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] 405 eor $s1,$t1,$s1,lsl#24 406 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] 407 mov $s2,$s2,lsr#24 408 409 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] 410 eor $s0,$i1,$s0,lsl#8 411 ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] 412 and $i1,lr,$s3 @ i0 413 eor $s1,$s1,$i2,lsl#16 414 and $i2,lr,$s3,lsr#8 @ i1 415 eor $t3,$i3,$t3,lsl#8 416 and $i3,lr,$s3,lsr#16 @ i2 417 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] 418 eor $s2,$t2,$s2,lsl#24 419 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] 420 mov $s3,$s3,lsr#24 421 422 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] 423 eor $s0,$i1,$s0,lsl#8 424 ldr $i1,[$key,#0] 425 ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] 426 eor $s1,$s1,$i2,lsl#8 427 ldr $t1,[$key,#4] 428 eor $s2,$s2,$i3,lsl#16 429 ldr $t2,[$key,#8] 430 eor $s3,$t3,$s3,lsl#24 431 ldr $t3,[$key,#12] 432 433 eor $s0,$s0,$i1 434 eor $s1,$s1,$t1 435 eor $s2,$s2,$t2 436 eor $s3,$s3,$t3 437 438 sub $tbl,$tbl,#2 439 ldr pc,[sp],#4 @ pop and return 440.size _armv4_AES_encrypt,.-_armv4_AES_encrypt 441 442.global asm_AES_set_encrypt_key 443.type asm_AES_set_encrypt_key,%function 444.align 5 445asm_AES_set_encrypt_key: 446_armv4_AES_set_encrypt_key: 447#if __ARM_ARCH__<7 448 sub r3,pc,#8 @ asm_AES_set_encrypt_key 449#else 450 adr r3,asm_AES_set_encrypt_key 451#endif 452 teq r0,#0 453#if __ARM_ARCH__>=7 454 itt eq @ Thumb2 thing, sanity check in ARM 455#endif 456 moveq r0,#-1 457 beq .Labrt 458 teq r2,#0 459#if __ARM_ARCH__>=7 460 itt eq @ Thumb2 thing, sanity check in ARM 461#endif 462 moveq r0,#-1 463 beq .Labrt 464 465 teq r1,#128 466 beq .Lok 467 teq r1,#192 468 beq .Lok 469 teq r1,#256 470#if __ARM_ARCH__>=7 471 itt ne @ Thumb2 thing, sanity check in ARM 472#endif 473 movne r0,#-1 474 bne .Labrt 475 476.Lok: stmdb sp!,{r4-r12,lr} 477 mov $rounds,r0 @ inp 478 mov lr,r1 @ bits 479 mov $key,r2 @ key 480 481#ifdef __APPLE__ 482 adr $tbl,AES_Te+1024 @ Te4 483#else 484 sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 485#endif 486 487#if __ARM_ARCH__<7 488 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 489 ldrb $t1,[$rounds,#2] @ manner... 490 ldrb $t2,[$rounds,#1] 491 ldrb $t3,[$rounds,#0] 492 orr $s0,$s0,$t1,lsl#8 493 ldrb $s1,[$rounds,#7] 494 orr $s0,$s0,$t2,lsl#16 495 ldrb $t1,[$rounds,#6] 496 orr $s0,$s0,$t3,lsl#24 497 ldrb $t2,[$rounds,#5] 498 ldrb $t3,[$rounds,#4] 499 orr $s1,$s1,$t1,lsl#8 500 ldrb $s2,[$rounds,#11] 501 orr $s1,$s1,$t2,lsl#16 502 ldrb $t1,[$rounds,#10] 503 orr $s1,$s1,$t3,lsl#24 504 ldrb $t2,[$rounds,#9] 505 ldrb $t3,[$rounds,#8] 506 orr $s2,$s2,$t1,lsl#8 507 ldrb $s3,[$rounds,#15] 508 orr $s2,$s2,$t2,lsl#16 509 ldrb $t1,[$rounds,#14] 510 orr $s2,$s2,$t3,lsl#24 511 ldrb $t2,[$rounds,#13] 512 ldrb $t3,[$rounds,#12] 513 orr $s3,$s3,$t1,lsl#8 514 str $s0,[$key],#16 515 orr $s3,$s3,$t2,lsl#16 516 str $s1,[$key,#-12] 517 orr $s3,$s3,$t3,lsl#24 518 str $s2,[$key,#-8] 519 str $s3,[$key,#-4] 520#else 521 ldr $s0,[$rounds,#0] 522 ldr $s1,[$rounds,#4] 523 ldr $s2,[$rounds,#8] 524 ldr $s3,[$rounds,#12] 525#ifdef __ARMEL__ 526 rev $s0,$s0 527 rev $s1,$s1 528 rev $s2,$s2 529 rev $s3,$s3 530#endif 531 str $s0,[$key],#16 532 str $s1,[$key,#-12] 533 str $s2,[$key,#-8] 534 str $s3,[$key,#-4] 535#endif 536 537 teq lr,#128 538 bne .Lnot128 539 mov $rounds,#10 540 str $rounds,[$key,#240-16] 541 add $t3,$tbl,#256 @ rcon 542 mov lr,#255 543 544.L128_loop: 545 and $t2,lr,$s3,lsr#24 546 and $i1,lr,$s3,lsr#16 547 ldrb $t2,[$tbl,$t2] 548 and $i2,lr,$s3,lsr#8 549 ldrb $i1,[$tbl,$i1] 550 and $i3,lr,$s3 551 ldrb $i2,[$tbl,$i2] 552 orr $t2,$t2,$i1,lsl#24 553 ldrb $i3,[$tbl,$i3] 554 orr $t2,$t2,$i2,lsl#16 555 ldr $t1,[$t3],#4 @ rcon[i++] 556 orr $t2,$t2,$i3,lsl#8 557 eor $t2,$t2,$t1 558 eor $s0,$s0,$t2 @ rk[4]=rk[0]^... 559 eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] 560 str $s0,[$key],#16 561 eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] 562 str $s1,[$key,#-12] 563 eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] 564 str $s2,[$key,#-8] 565 subs $rounds,$rounds,#1 566 str $s3,[$key,#-4] 567 bne .L128_loop 568 sub r2,$key,#176 569 b .Ldone 570 571.Lnot128: 572#if __ARM_ARCH__<7 573 ldrb $i2,[$rounds,#19] 574 ldrb $t1,[$rounds,#18] 575 ldrb $t2,[$rounds,#17] 576 ldrb $t3,[$rounds,#16] 577 orr $i2,$i2,$t1,lsl#8 578 ldrb $i3,[$rounds,#23] 579 orr $i2,$i2,$t2,lsl#16 580 ldrb $t1,[$rounds,#22] 581 orr $i2,$i2,$t3,lsl#24 582 ldrb $t2,[$rounds,#21] 583 ldrb $t3,[$rounds,#20] 584 orr $i3,$i3,$t1,lsl#8 585 orr $i3,$i3,$t2,lsl#16 586 str $i2,[$key],#8 587 orr $i3,$i3,$t3,lsl#24 588 str $i3,[$key,#-4] 589#else 590 ldr $i2,[$rounds,#16] 591 ldr $i3,[$rounds,#20] 592#ifdef __ARMEL__ 593 rev $i2,$i2 594 rev $i3,$i3 595#endif 596 str $i2,[$key],#8 597 str $i3,[$key,#-4] 598#endif 599 600 teq lr,#192 601 bne .Lnot192 602 mov $rounds,#12 603 str $rounds,[$key,#240-24] 604 add $t3,$tbl,#256 @ rcon 605 mov lr,#255 606 mov $rounds,#8 607 608.L192_loop: 609 and $t2,lr,$i3,lsr#24 610 and $i1,lr,$i3,lsr#16 611 ldrb $t2,[$tbl,$t2] 612 and $i2,lr,$i3,lsr#8 613 ldrb $i1,[$tbl,$i1] 614 and $i3,lr,$i3 615 ldrb $i2,[$tbl,$i2] 616 orr $t2,$t2,$i1,lsl#24 617 ldrb $i3,[$tbl,$i3] 618 orr $t2,$t2,$i2,lsl#16 619 ldr $t1,[$t3],#4 @ rcon[i++] 620 orr $t2,$t2,$i3,lsl#8 621 eor $i3,$t2,$t1 622 eor $s0,$s0,$i3 @ rk[6]=rk[0]^... 623 eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] 624 str $s0,[$key],#24 625 eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] 626 str $s1,[$key,#-20] 627 eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] 628 str $s2,[$key,#-16] 629 subs $rounds,$rounds,#1 630 str $s3,[$key,#-12] 631#if __ARM_ARCH__>=7 632 itt eq @ Thumb2 thing, sanity check in ARM 633#endif 634 subeq r2,$key,#216 635 beq .Ldone 636 637 ldr $i1,[$key,#-32] 638 ldr $i2,[$key,#-28] 639 eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9] 640 eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10] 641 str $i1,[$key,#-8] 642 str $i3,[$key,#-4] 643 b .L192_loop 644 645.Lnot192: 646#if __ARM_ARCH__<7 647 ldrb $i2,[$rounds,#27] 648 ldrb $t1,[$rounds,#26] 649 ldrb $t2,[$rounds,#25] 650 ldrb $t3,[$rounds,#24] 651 orr $i2,$i2,$t1,lsl#8 652 ldrb $i3,[$rounds,#31] 653 orr $i2,$i2,$t2,lsl#16 654 ldrb $t1,[$rounds,#30] 655 orr $i2,$i2,$t3,lsl#24 656 ldrb $t2,[$rounds,#29] 657 ldrb $t3,[$rounds,#28] 658 orr $i3,$i3,$t1,lsl#8 659 orr $i3,$i3,$t2,lsl#16 660 str $i2,[$key],#8 661 orr $i3,$i3,$t3,lsl#24 662 str $i3,[$key,#-4] 663#else 664 ldr $i2,[$rounds,#24] 665 ldr $i3,[$rounds,#28] 666#ifdef __ARMEL__ 667 rev $i2,$i2 668 rev $i3,$i3 669#endif 670 str $i2,[$key],#8 671 str $i3,[$key,#-4] 672#endif 673 674 mov $rounds,#14 675 str $rounds,[$key,#240-32] 676 add $t3,$tbl,#256 @ rcon 677 mov lr,#255 678 mov $rounds,#7 679 680.L256_loop: 681 and $t2,lr,$i3,lsr#24 682 and $i1,lr,$i3,lsr#16 683 ldrb $t2,[$tbl,$t2] 684 and $i2,lr,$i3,lsr#8 685 ldrb $i1,[$tbl,$i1] 686 and $i3,lr,$i3 687 ldrb $i2,[$tbl,$i2] 688 orr $t2,$t2,$i1,lsl#24 689 ldrb $i3,[$tbl,$i3] 690 orr $t2,$t2,$i2,lsl#16 691 ldr $t1,[$t3],#4 @ rcon[i++] 692 orr $t2,$t2,$i3,lsl#8 693 eor $i3,$t2,$t1 694 eor $s0,$s0,$i3 @ rk[8]=rk[0]^... 695 eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] 696 str $s0,[$key],#32 697 eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] 698 str $s1,[$key,#-28] 699 eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] 700 str $s2,[$key,#-24] 701 subs $rounds,$rounds,#1 702 str $s3,[$key,#-20] 703#if __ARM_ARCH__>=7 704 itt eq @ Thumb2 thing, sanity check in ARM 705#endif 706 subeq r2,$key,#256 707 beq .Ldone 708 709 and $t2,lr,$s3 710 and $i1,lr,$s3,lsr#8 711 ldrb $t2,[$tbl,$t2] 712 and $i2,lr,$s3,lsr#16 713 ldrb $i1,[$tbl,$i1] 714 and $i3,lr,$s3,lsr#24 715 ldrb $i2,[$tbl,$i2] 716 orr $t2,$t2,$i1,lsl#8 717 ldrb $i3,[$tbl,$i3] 718 orr $t2,$t2,$i2,lsl#16 719 ldr $t1,[$key,#-48] 720 orr $t2,$t2,$i3,lsl#24 721 722 ldr $i1,[$key,#-44] 723 ldr $i2,[$key,#-40] 724 eor $t1,$t1,$t2 @ rk[12]=rk[4]^... 725 ldr $i3,[$key,#-36] 726 eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] 727 str $t1,[$key,#-16] 728 eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] 729 str $i1,[$key,#-12] 730 eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] 731 str $i2,[$key,#-8] 732 str $i3,[$key,#-4] 733 b .L256_loop 734 735.align 2 736.Ldone: mov r0,#0 737 ldmia sp!,{r4-r12,lr} 738.Labrt: 739#if __ARM_ARCH__>=5 740 ret @ bx lr 741#else 742 tst lr,#1 743 moveq pc,lr @ be binary compatible with V4, yet 744 bx lr @ interoperable with Thumb ISA:-) 745#endif 746.size asm_AES_set_encrypt_key,.-asm_AES_set_encrypt_key 747 748.global asm_AES_set_decrypt_key 749.type asm_AES_set_decrypt_key,%function 750.align 5 751asm_AES_set_decrypt_key: 752 str lr,[sp,#-4]! @ push lr 753 bl _armv4_AES_set_encrypt_key 754 teq r0,#0 755 ldr lr,[sp],#4 @ pop lr 756 bne .Labrt 757 758 mov r0,r2 @ asm_AES_set_encrypt_key preserves r2, 759 mov r1,r2 @ which is AES_KEY *key 760 b _armv4_AES_set_enc2dec_key 761.size asm_AES_set_decrypt_key,.-asm_AES_set_decrypt_key 762 763@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out) 764.global AES_set_enc2dec_key 765.type AES_set_enc2dec_key,%function 766.align 5 767AES_set_enc2dec_key: 768_armv4_AES_set_enc2dec_key: 769 stmdb sp!,{r4-r12,lr} 770 771 ldr $rounds,[r0,#240] 772 mov $i1,r0 @ input 773 add $i2,r0,$rounds,lsl#4 774 mov $key,r1 @ ouput 775 add $tbl,r1,$rounds,lsl#4 776 str $rounds,[r1,#240] 777 778.Linv: ldr $s0,[$i1],#16 779 ldr $s1,[$i1,#-12] 780 ldr $s2,[$i1,#-8] 781 ldr $s3,[$i1,#-4] 782 ldr $t1,[$i2],#-16 783 ldr $t2,[$i2,#16+4] 784 ldr $t3,[$i2,#16+8] 785 ldr $i3,[$i2,#16+12] 786 str $s0,[$tbl],#-16 787 str $s1,[$tbl,#16+4] 788 str $s2,[$tbl,#16+8] 789 str $s3,[$tbl,#16+12] 790 str $t1,[$key],#16 791 str $t2,[$key,#-12] 792 str $t3,[$key,#-8] 793 str $i3,[$key,#-4] 794 teq $i1,$i2 795 bne .Linv 796 797 ldr $s0,[$i1] 798 ldr $s1,[$i1,#4] 799 ldr $s2,[$i1,#8] 800 ldr $s3,[$i1,#12] 801 str $s0,[$key] 802 str $s1,[$key,#4] 803 str $s2,[$key,#8] 804 str $s3,[$key,#12] 805 sub $key,$key,$rounds,lsl#3 806___ 807$mask80=$i1; 808$mask1b=$i2; 809$mask7f=$i3; 810$code.=<<___; 811 ldr $s0,[$key,#16]! @ prefetch tp1 812 mov $mask80,#0x80 813 mov $mask1b,#0x1b 814 orr $mask80,$mask80,#0x8000 815 orr $mask1b,$mask1b,#0x1b00 816 orr $mask80,$mask80,$mask80,lsl#16 817 orr $mask1b,$mask1b,$mask1b,lsl#16 818 sub $rounds,$rounds,#1 819 mvn $mask7f,$mask80 820 mov $rounds,$rounds,lsl#2 @ (rounds-1)*4 821 822.Lmix: and $t1,$s0,$mask80 823 and $s1,$s0,$mask7f 824 sub $t1,$t1,$t1,lsr#7 825 and $t1,$t1,$mask1b 826 eor $s1,$t1,$s1,lsl#1 @ tp2 827 828 and $t1,$s1,$mask80 829 and $s2,$s1,$mask7f 830 sub $t1,$t1,$t1,lsr#7 831 and $t1,$t1,$mask1b 832 eor $s2,$t1,$s2,lsl#1 @ tp4 833 834 and $t1,$s2,$mask80 835 and $s3,$s2,$mask7f 836 sub $t1,$t1,$t1,lsr#7 837 and $t1,$t1,$mask1b 838 eor $s3,$t1,$s3,lsl#1 @ tp8 839 840 eor $t1,$s1,$s2 841 eor $t2,$s0,$s3 @ tp9 842 eor $t1,$t1,$s3 @ tpe 843 eor $t1,$t1,$s1,ror#24 844 eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8) 845 eor $t1,$t1,$s2,ror#16 846 eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16) 847 eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24) 848 849 ldr $s0,[$key,#4] @ prefetch tp1 850 str $t1,[$key],#4 851 subs $rounds,$rounds,#1 852 bne .Lmix 853 854 mov r0,#0 855#if __ARM_ARCH__>=5 856 ldmia sp!,{r4-r12,pc} 857#else 858 ldmia sp!,{r4-r12,lr} 859 tst lr,#1 860 moveq pc,lr @ be binary compatible with V4, yet 861 bx lr @ interoperable with Thumb ISA:-) 862#endif 863.size AES_set_enc2dec_key,.-AES_set_enc2dec_key 864 865.type AES_Td,%object 866.align 5 867AES_Td: 868.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 869.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 870.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 871.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f 872.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 873.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 874.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da 875.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 876.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd 877.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 878.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 879.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 880.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 881.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a 882.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 883.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c 884.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 885.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a 886.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 887.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 888.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 889.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff 890.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 891.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb 892.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 893.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e 894.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 895.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a 896.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e 897.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 898.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d 899.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 900.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd 901.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 902.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 903.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 904.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d 905.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 906.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 907.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef 908.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 909.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 910.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 911.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 912.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 913.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b 914.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 915.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 916.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 917.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 918.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 919.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f 920.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df 921.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f 922.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e 923.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 924.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 925.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c 926.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf 927.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 928.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f 929.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 930.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 931.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 932@ Td4[256] 933.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 934.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb 935.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 936.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb 937.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d 938.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e 939.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 940.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 941.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 942.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 943.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda 944.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 945.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a 946.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 947.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 948.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b 949.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea 950.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 951.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 952.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e 953.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 954.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b 955.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 956.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 957.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 958.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f 959.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d 960.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef 961.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 962.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 963.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 964.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d 965.size AES_Td,.-AES_Td 966 967@ void asm_AES_decrypt(const unsigned char *in, unsigned char *out, 968@ const AES_KEY *key) { 969.global asm_AES_decrypt 970.type asm_AES_decrypt,%function 971.align 5 972asm_AES_decrypt: 973#if __ARM_ARCH__<7 974 sub r3,pc,#8 @ asm_AES_decrypt 975#else 976 adr r3,asm_AES_decrypt 977#endif 978 stmdb sp!,{r1,r4-r12,lr} 979#ifdef __APPLE__ 980 adr $tbl,AES_Td 981#else 982 sub $tbl,r3,#asm_AES_decrypt-AES_Td @ Td 983#endif 984 mov $rounds,r0 @ inp 985 mov $key,r2 986#if __ARM_ARCH__<7 987 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral 988 ldrb $t1,[$rounds,#2] @ manner... 989 ldrb $t2,[$rounds,#1] 990 ldrb $t3,[$rounds,#0] 991 orr $s0,$s0,$t1,lsl#8 992 ldrb $s1,[$rounds,#7] 993 orr $s0,$s0,$t2,lsl#16 994 ldrb $t1,[$rounds,#6] 995 orr $s0,$s0,$t3,lsl#24 996 ldrb $t2,[$rounds,#5] 997 ldrb $t3,[$rounds,#4] 998 orr $s1,$s1,$t1,lsl#8 999 ldrb $s2,[$rounds,#11] 1000 orr $s1,$s1,$t2,lsl#16 1001 ldrb $t1,[$rounds,#10] 1002 orr $s1,$s1,$t3,lsl#24 1003 ldrb $t2,[$rounds,#9] 1004 ldrb $t3,[$rounds,#8] 1005 orr $s2,$s2,$t1,lsl#8 1006 ldrb $s3,[$rounds,#15] 1007 orr $s2,$s2,$t2,lsl#16 1008 ldrb $t1,[$rounds,#14] 1009 orr $s2,$s2,$t3,lsl#24 1010 ldrb $t2,[$rounds,#13] 1011 ldrb $t3,[$rounds,#12] 1012 orr $s3,$s3,$t1,lsl#8 1013 orr $s3,$s3,$t2,lsl#16 1014 orr $s3,$s3,$t3,lsl#24 1015#else 1016 ldr $s0,[$rounds,#0] 1017 ldr $s1,[$rounds,#4] 1018 ldr $s2,[$rounds,#8] 1019 ldr $s3,[$rounds,#12] 1020#ifdef __ARMEL__ 1021 rev $s0,$s0 1022 rev $s1,$s1 1023 rev $s2,$s2 1024 rev $s3,$s3 1025#endif 1026#endif 1027 bl _armv4_AES_decrypt 1028 1029 ldr $rounds,[sp],#4 @ pop out 1030#if __ARM_ARCH__>=7 1031#ifdef __ARMEL__ 1032 rev $s0,$s0 1033 rev $s1,$s1 1034 rev $s2,$s2 1035 rev $s3,$s3 1036#endif 1037 str $s0,[$rounds,#0] 1038 str $s1,[$rounds,#4] 1039 str $s2,[$rounds,#8] 1040 str $s3,[$rounds,#12] 1041#else 1042 mov $t1,$s0,lsr#24 @ write output in endian-neutral 1043 mov $t2,$s0,lsr#16 @ manner... 1044 mov $t3,$s0,lsr#8 1045 strb $t1,[$rounds,#0] 1046 strb $t2,[$rounds,#1] 1047 mov $t1,$s1,lsr#24 1048 strb $t3,[$rounds,#2] 1049 mov $t2,$s1,lsr#16 1050 strb $s0,[$rounds,#3] 1051 mov $t3,$s1,lsr#8 1052 strb $t1,[$rounds,#4] 1053 strb $t2,[$rounds,#5] 1054 mov $t1,$s2,lsr#24 1055 strb $t3,[$rounds,#6] 1056 mov $t2,$s2,lsr#16 1057 strb $s1,[$rounds,#7] 1058 mov $t3,$s2,lsr#8 1059 strb $t1,[$rounds,#8] 1060 strb $t2,[$rounds,#9] 1061 mov $t1,$s3,lsr#24 1062 strb $t3,[$rounds,#10] 1063 mov $t2,$s3,lsr#16 1064 strb $s2,[$rounds,#11] 1065 mov $t3,$s3,lsr#8 1066 strb $t1,[$rounds,#12] 1067 strb $t2,[$rounds,#13] 1068 strb $t3,[$rounds,#14] 1069 strb $s3,[$rounds,#15] 1070#endif 1071#if __ARM_ARCH__>=5 1072 ldmia sp!,{r4-r12,pc} 1073#else 1074 ldmia sp!,{r4-r12,lr} 1075 tst lr,#1 1076 moveq pc,lr @ be binary compatible with V4, yet 1077 bx lr @ interoperable with Thumb ISA:-) 1078#endif 1079.size asm_AES_decrypt,.-asm_AES_decrypt 1080 1081.type _armv4_AES_decrypt,%function 1082.align 2 1083_armv4_AES_decrypt: 1084 str lr,[sp,#-4]! @ push lr 1085 ldmia $key!,{$t1-$i1} 1086 eor $s0,$s0,$t1 1087 ldr $rounds,[$key,#240-16] 1088 eor $s1,$s1,$t2 1089 eor $s2,$s2,$t3 1090 eor $s3,$s3,$i1 1091 sub $rounds,$rounds,#1 1092 mov lr,#255 1093 1094 and $i1,lr,$s0,lsr#16 1095 and $i2,lr,$s0,lsr#8 1096 and $i3,lr,$s0 1097 mov $s0,$s0,lsr#24 1098.Ldec_loop: 1099 ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] 1100 and $i1,lr,$s1 @ i0 1101 ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] 1102 and $i2,lr,$s1,lsr#16 1103 ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] 1104 and $i3,lr,$s1,lsr#8 1105 ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] 1106 mov $s1,$s1,lsr#24 1107 1108 ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] 1109 ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] 1110 ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] 1111 eor $s0,$s0,$i1,ror#24 1112 ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] 1113 and $i1,lr,$s2,lsr#8 @ i0 1114 eor $t2,$i2,$t2,ror#8 1115 and $i2,lr,$s2 @ i1 1116 eor $t3,$i3,$t3,ror#8 1117 and $i3,lr,$s2,lsr#16 1118 ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] 1119 eor $s1,$s1,$t1,ror#8 1120 ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] 1121 mov $s2,$s2,lsr#24 1122 1123 ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] 1124 eor $s0,$s0,$i1,ror#16 1125 ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] 1126 and $i1,lr,$s3,lsr#16 @ i0 1127 eor $s1,$s1,$i2,ror#24 1128 and $i2,lr,$s3,lsr#8 @ i1 1129 eor $t3,$i3,$t3,ror#8 1130 and $i3,lr,$s3 @ i2 1131 ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] 1132 eor $s2,$s2,$t2,ror#8 1133 ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] 1134 mov $s3,$s3,lsr#24 1135 1136 ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] 1137 eor $s0,$s0,$i1,ror#8 1138 ldr $i1,[$key],#16 1139 eor $s1,$s1,$i2,ror#16 1140 ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] 1141 eor $s2,$s2,$i3,ror#24 1142 1143 ldr $t1,[$key,#-12] 1144 eor $s0,$s0,$i1 1145 ldr $t2,[$key,#-8] 1146 eor $s3,$s3,$t3,ror#8 1147 ldr $t3,[$key,#-4] 1148 and $i1,lr,$s0,lsr#16 1149 eor $s1,$s1,$t1 1150 and $i2,lr,$s0,lsr#8 1151 eor $s2,$s2,$t2 1152 and $i3,lr,$s0 1153 eor $s3,$s3,$t3 1154 mov $s0,$s0,lsr#24 1155 1156 subs $rounds,$rounds,#1 1157 bne .Ldec_loop 1158 1159 add $tbl,$tbl,#1024 1160 1161 ldr $t2,[$tbl,#0] @ prefetch Td4 1162 ldr $t3,[$tbl,#32] 1163 ldr $t1,[$tbl,#64] 1164 ldr $t2,[$tbl,#96] 1165 ldr $t3,[$tbl,#128] 1166 ldr $t1,[$tbl,#160] 1167 ldr $t2,[$tbl,#192] 1168 ldr $t3,[$tbl,#224] 1169 1170 ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] 1171 ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] 1172 and $i1,lr,$s1 @ i0 1173 ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] 1174 and $i2,lr,$s1,lsr#16 1175 ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] 1176 and $i3,lr,$s1,lsr#8 1177 1178 add $s1,$tbl,$s1,lsr#24 1179 ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] 1180 ldrb $s1,[$s1] @ Td4[s1>>24] 1181 ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] 1182 eor $s0,$i1,$s0,lsl#24 1183 ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] 1184 eor $s1,$t1,$s1,lsl#8 1185 and $i1,lr,$s2,lsr#8 @ i0 1186 eor $t2,$t2,$i2,lsl#8 1187 and $i2,lr,$s2 @ i1 1188 ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] 1189 eor $t3,$t3,$i3,lsl#8 1190 ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] 1191 and $i3,lr,$s2,lsr#16 1192 1193 add $s2,$tbl,$s2,lsr#24 1194 ldrb $s2,[$s2] @ Td4[s2>>24] 1195 eor $s0,$s0,$i1,lsl#8 1196 ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] 1197 eor $s1,$i2,$s1,lsl#16 1198 and $i1,lr,$s3,lsr#16 @ i0 1199 eor $s2,$t2,$s2,lsl#16 1200 and $i2,lr,$s3,lsr#8 @ i1 1201 ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] 1202 eor $t3,$t3,$i3,lsl#16 1203 ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] 1204 and $i3,lr,$s3 @ i2 1205 1206 add $s3,$tbl,$s3,lsr#24 1207 ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] 1208 ldrb $s3,[$s3] @ Td4[s3>>24] 1209 eor $s0,$s0,$i1,lsl#16 1210 ldr $i1,[$key,#0] 1211 eor $s1,$s1,$i2,lsl#8 1212 ldr $t1,[$key,#4] 1213 eor $s2,$i3,$s2,lsl#8 1214 ldr $t2,[$key,#8] 1215 eor $s3,$t3,$s3,lsl#24 1216 ldr $t3,[$key,#12] 1217 1218 eor $s0,$s0,$i1 1219 eor $s1,$s1,$t1 1220 eor $s2,$s2,$t2 1221 eor $s3,$s3,$t3 1222 1223 sub $tbl,$tbl,#1024 1224 ldr pc,[sp],#4 @ pop and return 1225.size _armv4_AES_decrypt,.-_armv4_AES_decrypt 1226.asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" 1227.align 2 1228 1229#endif 1230___ 1231 1232$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 1233$code =~ s/\bret\b/bx\tlr/gm; 1234 1235open SELF,$0; 1236while(<SELF>) { 1237 next if (/^#!/); 1238 last if (!s/^#/@/ and !/^$/); 1239 print; 1240} 1241close SELF; 1242 1243print $code; 1244close STDOUT; # enforce flush 1245