Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 0c61efe6da4dd29556e9d2bf7321d2f9283a4e13 / . / ios-arm / crypto / fipsmodule / aes-armv4.S
blob: 63e2ec716325e1253fe90aebf28d30850ac45091 [file] [log] [blame]
Robert Sloanc9abfe42018-11-26 12:19:07 -0800[diff] [blame]1// This file is generated from a similarly-named Perl script in the BoringSSL
2// source tree. Do not edit by hand.
3
Pete Bentley0c61efe2019-08-13 09:32:23 +0100[diff] [blame^]4#if !defined(__has_feature)
5#define __has_feature(x) 0
6#endif
Robert Sloan726e9d12018-09-11 11:45:04 -0700[diff] [blame]7#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
8#define OPENSSL_NO_ASM
9#endif
Robert Sloan726e9d12018-09-11 11:45:04 -0700[diff] [blame]10
11#if !defined(OPENSSL_NO_ASM)
12#if defined(BORINGSSL_PREFIX)
13#include <boringssl_prefix_symbols_asm.h>
14#endif
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]15@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
16@
17@ Licensed under the OpenSSL license (the "License"). You may not use
18@ this file except in compliance with the License. You can obtain a copy
19@ in the file LICENSE in the source distribution or at
20@ https://www.openssl.org/source/license.html
21
22
23@ ====================================================================
24@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
25@ project. The module is, however, dual licensed under OpenSSL and
26@ CRYPTOGAMS licenses depending on where you obtain it. For further
27@ details see http://www.openssl.org/~appro/cryptogams/.
28@ ====================================================================
29
30@ AES for ARMv4
31
32@ January 2007.
33@
34@ Code uses single 1K S-box and is >2 times faster than code generated
35@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
36@ allows to merge logical or arithmetic operation with shift or rotate
37@ in one instruction and emit combined result every cycle. The module
38@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
39@ key [on single-issue Xscale PXA250 core].
40
41@ May 2007.
42@
43@ AES_set_[en|de]crypt_key is added.
44
45@ July 2010.
46@
47@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
48@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
49
50@ February 2011.
51@
52@ Profiler-assisted and platform-specific optimization resulted in 16%
53@ improvement on Cortex A8 core and ~21.5 cycles per byte.
54
55#ifndef __KERNEL__
56# include <openssl/arm_arch.h>
57#else
58# define __ARM_ARCH__ __LINUX_ARM_ARCH__
59#endif
60
Robert Sloan55818102017-12-18 11:26:17 -0800[diff] [blame]61@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
62@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
63@ instructions are in aesv8-armx.pl.)
64
65
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]66.text
67#if defined(__thumb2__) && !defined(__APPLE__)
68.syntax unified
69.thumb
70#else
71.code 32
72#undef __thumb2__
73#endif
74
75
76.align 5
77AES_Te:
78.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
79.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
80.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
81.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
82.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
83.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
84.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
85.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
86.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
87.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
88.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
89.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
90.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
91.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
92.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
93.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
94.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
95.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
96.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
97.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
98.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
99.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
100.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
101.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
102.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
103.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
104.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
105.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
106.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
107.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
108.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
109.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
110.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
111.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
112.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
113.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
114.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
115.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
116.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
117.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
118.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
119.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
120.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
121.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
122.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
123.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
124.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
125.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
126.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
127.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
128.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
129.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
130.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
131.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
132.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
133.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
134.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
135.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
136.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
137.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
138.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
139.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
140.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
141.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
142@ Te4[256]
143.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
144.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
145.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
146.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
147.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
148.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
149.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
150.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
151.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
152.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
153.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
154.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
155.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
156.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
157.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
158.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
159.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
160.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
161.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
162.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
163.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
164.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
165.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
166.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
167.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
168.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
169.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
170.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
171.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
172.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
173.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
174.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
175@ rcon[]
176.word 0x01000000, 0x02000000, 0x04000000, 0x08000000
177.word 0x10000000, 0x20000000, 0x40000000, 0x80000000
178.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
179
180
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]181@ void aes_nohw_encrypt(const unsigned char *in, unsigned char *out,
182@ const AES_KEY *key) {
183.globl _aes_nohw_encrypt
184.private_extern _aes_nohw_encrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]185#ifdef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]186.thumb_func _aes_nohw_encrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]187#endif
188.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]189_aes_nohw_encrypt:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]190#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]191 sub r3,pc,#8 @ _aes_nohw_encrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]192#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]193 adr r3,.
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]194#endif
195 stmdb sp!,{r1,r4-r12,lr}
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]196#if defined(__thumb2__) || defined(__APPLE__)
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]197 adr r10,AES_Te
198#else
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]199 sub r10,r3,#_aes_nohw_encrypt-AES_Te @ Te
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]200#endif
201 mov r12,r0 @ inp
202 mov r11,r2
203#if __ARM_ARCH__<7
204 ldrb r0,[r12,#3] @ load input data in endian-neutral
205 ldrb r4,[r12,#2] @ manner...
206 ldrb r5,[r12,#1]
207 ldrb r6,[r12,#0]
208 orr r0,r0,r4,lsl#8
209 ldrb r1,[r12,#7]
210 orr r0,r0,r5,lsl#16
211 ldrb r4,[r12,#6]
212 orr r0,r0,r6,lsl#24
213 ldrb r5,[r12,#5]
214 ldrb r6,[r12,#4]
215 orr r1,r1,r4,lsl#8
216 ldrb r2,[r12,#11]
217 orr r1,r1,r5,lsl#16
218 ldrb r4,[r12,#10]
219 orr r1,r1,r6,lsl#24
220 ldrb r5,[r12,#9]
221 ldrb r6,[r12,#8]
222 orr r2,r2,r4,lsl#8
223 ldrb r3,[r12,#15]
224 orr r2,r2,r5,lsl#16
225 ldrb r4,[r12,#14]
226 orr r2,r2,r6,lsl#24
227 ldrb r5,[r12,#13]
228 ldrb r6,[r12,#12]
229 orr r3,r3,r4,lsl#8
230 orr r3,r3,r5,lsl#16
231 orr r3,r3,r6,lsl#24
232#else
233 ldr r0,[r12,#0]
234 ldr r1,[r12,#4]
235 ldr r2,[r12,#8]
236 ldr r3,[r12,#12]
237#ifdef __ARMEL__
238 rev r0,r0
239 rev r1,r1
240 rev r2,r2
241 rev r3,r3
242#endif
243#endif
244 bl _armv4_AES_encrypt
245
246 ldr r12,[sp],#4 @ pop out
247#if __ARM_ARCH__>=7
248#ifdef __ARMEL__
249 rev r0,r0
250 rev r1,r1
251 rev r2,r2
252 rev r3,r3
253#endif
254 str r0,[r12,#0]
255 str r1,[r12,#4]
256 str r2,[r12,#8]
257 str r3,[r12,#12]
258#else
259 mov r4,r0,lsr#24 @ write output in endian-neutral
260 mov r5,r0,lsr#16 @ manner...
261 mov r6,r0,lsr#8
262 strb r4,[r12,#0]
263 strb r5,[r12,#1]
264 mov r4,r1,lsr#24
265 strb r6,[r12,#2]
266 mov r5,r1,lsr#16
267 strb r0,[r12,#3]
268 mov r6,r1,lsr#8
269 strb r4,[r12,#4]
270 strb r5,[r12,#5]
271 mov r4,r2,lsr#24
272 strb r6,[r12,#6]
273 mov r5,r2,lsr#16
274 strb r1,[r12,#7]
275 mov r6,r2,lsr#8
276 strb r4,[r12,#8]
277 strb r5,[r12,#9]
278 mov r4,r3,lsr#24
279 strb r6,[r12,#10]
280 mov r5,r3,lsr#16
281 strb r2,[r12,#11]
282 mov r6,r3,lsr#8
283 strb r4,[r12,#12]
284 strb r5,[r12,#13]
285 strb r6,[r12,#14]
286 strb r3,[r12,#15]
287#endif
288#if __ARM_ARCH__>=5
289 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
290#else
291 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
292 tst lr,#1
293 moveq pc,lr @ be binary compatible with V4, yet
294.word 0xe12fff1e @ interoperable with Thumb ISA:-)
295#endif
296
297
298#ifdef __thumb2__
299.thumb_func _armv4_AES_encrypt
300#endif
301.align 2
302_armv4_AES_encrypt:
303 str lr,[sp,#-4]! @ push lr
304 ldmia r11!,{r4,r5,r6,r7}
305 eor r0,r0,r4
306 ldr r12,[r11,#240-16]
307 eor r1,r1,r5
308 eor r2,r2,r6
309 eor r3,r3,r7
310 sub r12,r12,#1
311 mov lr,#255
312
313 and r7,lr,r0
314 and r8,lr,r0,lsr#8
315 and r9,lr,r0,lsr#16
316 mov r0,r0,lsr#24
317Lenc_loop:
318 ldr r4,[r10,r7,lsl#2] @ Te3[s0>>0]
319 and r7,lr,r1,lsr#16 @ i0
320 ldr r5,[r10,r8,lsl#2] @ Te2[s0>>8]
321 and r8,lr,r1
322 ldr r6,[r10,r9,lsl#2] @ Te1[s0>>16]
323 and r9,lr,r1,lsr#8
324 ldr r0,[r10,r0,lsl#2] @ Te0[s0>>24]
325 mov r1,r1,lsr#24
326
327 ldr r7,[r10,r7,lsl#2] @ Te1[s1>>16]
328 ldr r8,[r10,r8,lsl#2] @ Te3[s1>>0]
329 ldr r9,[r10,r9,lsl#2] @ Te2[s1>>8]
330 eor r0,r0,r7,ror#8
331 ldr r1,[r10,r1,lsl#2] @ Te0[s1>>24]
332 and r7,lr,r2,lsr#8 @ i0
333 eor r5,r5,r8,ror#8
334 and r8,lr,r2,lsr#16 @ i1
335 eor r6,r6,r9,ror#8
336 and r9,lr,r2
337 ldr r7,[r10,r7,lsl#2] @ Te2[s2>>8]
338 eor r1,r1,r4,ror#24
339 ldr r8,[r10,r8,lsl#2] @ Te1[s2>>16]
340 mov r2,r2,lsr#24
341
342 ldr r9,[r10,r9,lsl#2] @ Te3[s2>>0]
343 eor r0,r0,r7,ror#16
344 ldr r2,[r10,r2,lsl#2] @ Te0[s2>>24]
345 and r7,lr,r3 @ i0
346 eor r1,r1,r8,ror#8
347 and r8,lr,r3,lsr#8 @ i1
348 eor r6,r6,r9,ror#16
349 and r9,lr,r3,lsr#16 @ i2
350 ldr r7,[r10,r7,lsl#2] @ Te3[s3>>0]
351 eor r2,r2,r5,ror#16
352 ldr r8,[r10,r8,lsl#2] @ Te2[s3>>8]
353 mov r3,r3,lsr#24
354
355 ldr r9,[r10,r9,lsl#2] @ Te1[s3>>16]
356 eor r0,r0,r7,ror#24
357 ldr r7,[r11],#16
358 eor r1,r1,r8,ror#16
359 ldr r3,[r10,r3,lsl#2] @ Te0[s3>>24]
360 eor r2,r2,r9,ror#8
361 ldr r4,[r11,#-12]
362 eor r3,r3,r6,ror#8
363
364 ldr r5,[r11,#-8]
365 eor r0,r0,r7
366 ldr r6,[r11,#-4]
367 and r7,lr,r0
368 eor r1,r1,r4
369 and r8,lr,r0,lsr#8
370 eor r2,r2,r5
371 and r9,lr,r0,lsr#16
372 eor r3,r3,r6
373 mov r0,r0,lsr#24
374
375 subs r12,r12,#1
376 bne Lenc_loop
377
378 add r10,r10,#2
379
380 ldrb r4,[r10,r7,lsl#2] @ Te4[s0>>0]
381 and r7,lr,r1,lsr#16 @ i0
382 ldrb r5,[r10,r8,lsl#2] @ Te4[s0>>8]
383 and r8,lr,r1
384 ldrb r6,[r10,r9,lsl#2] @ Te4[s0>>16]
385 and r9,lr,r1,lsr#8
386 ldrb r0,[r10,r0,lsl#2] @ Te4[s0>>24]
387 mov r1,r1,lsr#24
388
389 ldrb r7,[r10,r7,lsl#2] @ Te4[s1>>16]
390 ldrb r8,[r10,r8,lsl#2] @ Te4[s1>>0]
391 ldrb r9,[r10,r9,lsl#2] @ Te4[s1>>8]
392 eor r0,r7,r0,lsl#8
393 ldrb r1,[r10,r1,lsl#2] @ Te4[s1>>24]
394 and r7,lr,r2,lsr#8 @ i0
395 eor r5,r8,r5,lsl#8
396 and r8,lr,r2,lsr#16 @ i1
397 eor r6,r9,r6,lsl#8
398 and r9,lr,r2
399 ldrb r7,[r10,r7,lsl#2] @ Te4[s2>>8]
400 eor r1,r4,r1,lsl#24
401 ldrb r8,[r10,r8,lsl#2] @ Te4[s2>>16]
402 mov r2,r2,lsr#24
403
404 ldrb r9,[r10,r9,lsl#2] @ Te4[s2>>0]
405 eor r0,r7,r0,lsl#8
406 ldrb r2,[r10,r2,lsl#2] @ Te4[s2>>24]
407 and r7,lr,r3 @ i0
408 eor r1,r1,r8,lsl#16
409 and r8,lr,r3,lsr#8 @ i1
410 eor r6,r9,r6,lsl#8
411 and r9,lr,r3,lsr#16 @ i2
412 ldrb r7,[r10,r7,lsl#2] @ Te4[s3>>0]
413 eor r2,r5,r2,lsl#24
414 ldrb r8,[r10,r8,lsl#2] @ Te4[s3>>8]
415 mov r3,r3,lsr#24
416
417 ldrb r9,[r10,r9,lsl#2] @ Te4[s3>>16]
418 eor r0,r7,r0,lsl#8
419 ldr r7,[r11,#0]
420 ldrb r3,[r10,r3,lsl#2] @ Te4[s3>>24]
421 eor r1,r1,r8,lsl#8
422 ldr r4,[r11,#4]
423 eor r2,r2,r9,lsl#16
424 ldr r5,[r11,#8]
425 eor r3,r6,r3,lsl#24
426 ldr r6,[r11,#12]
427
428 eor r0,r0,r7
429 eor r1,r1,r4
430 eor r2,r2,r5
431 eor r3,r3,r6
432
433 sub r10,r10,#2
434 ldr pc,[sp],#4 @ pop and return
435
436
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]437.globl _aes_nohw_set_encrypt_key
438.private_extern _aes_nohw_set_encrypt_key
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]439#ifdef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]440.thumb_func _aes_nohw_set_encrypt_key
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]441#endif
442.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]443_aes_nohw_set_encrypt_key:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]444_armv4_AES_set_encrypt_key:
445#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]446 sub r3,pc,#8 @ _aes_nohw_set_encrypt_key
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]447#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]448 adr r3,.
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]449#endif
450 teq r0,#0
451#ifdef __thumb2__
452 itt eq @ Thumb2 thing, sanity check in ARM
453#endif
454 moveq r0,#-1
455 beq Labrt
456 teq r2,#0
457#ifdef __thumb2__
458 itt eq @ Thumb2 thing, sanity check in ARM
459#endif
460 moveq r0,#-1
461 beq Labrt
462
463 teq r1,#128
464 beq Lok
465 teq r1,#192
466 beq Lok
467 teq r1,#256
468#ifdef __thumb2__
469 itt ne @ Thumb2 thing, sanity check in ARM
470#endif
471 movne r0,#-1
472 bne Labrt
473
474Lok: stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
475 mov r12,r0 @ inp
476 mov lr,r1 @ bits
477 mov r11,r2 @ key
478
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]479#if defined(__thumb2__) || defined(__APPLE__)
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]480 adr r10,AES_Te+1024 @ Te4
481#else
482 sub r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
483#endif
484
485#if __ARM_ARCH__<7
486 ldrb r0,[r12,#3] @ load input data in endian-neutral
487 ldrb r4,[r12,#2] @ manner...
488 ldrb r5,[r12,#1]
489 ldrb r6,[r12,#0]
490 orr r0,r0,r4,lsl#8
491 ldrb r1,[r12,#7]
492 orr r0,r0,r5,lsl#16
493 ldrb r4,[r12,#6]
494 orr r0,r0,r6,lsl#24
495 ldrb r5,[r12,#5]
496 ldrb r6,[r12,#4]
497 orr r1,r1,r4,lsl#8
498 ldrb r2,[r12,#11]
499 orr r1,r1,r5,lsl#16
500 ldrb r4,[r12,#10]
501 orr r1,r1,r6,lsl#24
502 ldrb r5,[r12,#9]
503 ldrb r6,[r12,#8]
504 orr r2,r2,r4,lsl#8
505 ldrb r3,[r12,#15]
506 orr r2,r2,r5,lsl#16
507 ldrb r4,[r12,#14]
508 orr r2,r2,r6,lsl#24
509 ldrb r5,[r12,#13]
510 ldrb r6,[r12,#12]
511 orr r3,r3,r4,lsl#8
512 str r0,[r11],#16
513 orr r3,r3,r5,lsl#16
514 str r1,[r11,#-12]
515 orr r3,r3,r6,lsl#24
516 str r2,[r11,#-8]
517 str r3,[r11,#-4]
518#else
519 ldr r0,[r12,#0]
520 ldr r1,[r12,#4]
521 ldr r2,[r12,#8]
522 ldr r3,[r12,#12]
523#ifdef __ARMEL__
524 rev r0,r0
525 rev r1,r1
526 rev r2,r2
527 rev r3,r3
528#endif
529 str r0,[r11],#16
530 str r1,[r11,#-12]
531 str r2,[r11,#-8]
532 str r3,[r11,#-4]
533#endif
534
535 teq lr,#128
536 bne Lnot128
537 mov r12,#10
538 str r12,[r11,#240-16]
539 add r6,r10,#256 @ rcon
540 mov lr,#255
541
542L128_loop:
543 and r5,lr,r3,lsr#24
544 and r7,lr,r3,lsr#16
545 ldrb r5,[r10,r5]
546 and r8,lr,r3,lsr#8
547 ldrb r7,[r10,r7]
548 and r9,lr,r3
549 ldrb r8,[r10,r8]
550 orr r5,r5,r7,lsl#24
551 ldrb r9,[r10,r9]
552 orr r5,r5,r8,lsl#16
553 ldr r4,[r6],#4 @ rcon[i++]
554 orr r5,r5,r9,lsl#8
555 eor r5,r5,r4
556 eor r0,r0,r5 @ rk[4]=rk[0]^...
557 eor r1,r1,r0 @ rk[5]=rk[1]^rk[4]
558 str r0,[r11],#16
559 eor r2,r2,r1 @ rk[6]=rk[2]^rk[5]
560 str r1,[r11,#-12]
561 eor r3,r3,r2 @ rk[7]=rk[3]^rk[6]
562 str r2,[r11,#-8]
563 subs r12,r12,#1
564 str r3,[r11,#-4]
565 bne L128_loop
566 sub r2,r11,#176
567 b Ldone
568
569Lnot128:
570#if __ARM_ARCH__<7
571 ldrb r8,[r12,#19]
572 ldrb r4,[r12,#18]
573 ldrb r5,[r12,#17]
574 ldrb r6,[r12,#16]
575 orr r8,r8,r4,lsl#8
576 ldrb r9,[r12,#23]
577 orr r8,r8,r5,lsl#16
578 ldrb r4,[r12,#22]
579 orr r8,r8,r6,lsl#24
580 ldrb r5,[r12,#21]
581 ldrb r6,[r12,#20]
582 orr r9,r9,r4,lsl#8
583 orr r9,r9,r5,lsl#16
584 str r8,[r11],#8
585 orr r9,r9,r6,lsl#24
586 str r9,[r11,#-4]
587#else
588 ldr r8,[r12,#16]
589 ldr r9,[r12,#20]
590#ifdef __ARMEL__
591 rev r8,r8
592 rev r9,r9
593#endif
594 str r8,[r11],#8
595 str r9,[r11,#-4]
596#endif
597
598 teq lr,#192
599 bne Lnot192
600 mov r12,#12
601 str r12,[r11,#240-24]
602 add r6,r10,#256 @ rcon
603 mov lr,#255
604 mov r12,#8
605
606L192_loop:
607 and r5,lr,r9,lsr#24
608 and r7,lr,r9,lsr#16
609 ldrb r5,[r10,r5]
610 and r8,lr,r9,lsr#8
611 ldrb r7,[r10,r7]
612 and r9,lr,r9
613 ldrb r8,[r10,r8]
614 orr r5,r5,r7,lsl#24
615 ldrb r9,[r10,r9]
616 orr r5,r5,r8,lsl#16
617 ldr r4,[r6],#4 @ rcon[i++]
618 orr r5,r5,r9,lsl#8
619 eor r9,r5,r4
620 eor r0,r0,r9 @ rk[6]=rk[0]^...
621 eor r1,r1,r0 @ rk[7]=rk[1]^rk[6]
622 str r0,[r11],#24
623 eor r2,r2,r1 @ rk[8]=rk[2]^rk[7]
624 str r1,[r11,#-20]
625 eor r3,r3,r2 @ rk[9]=rk[3]^rk[8]
626 str r2,[r11,#-16]
627 subs r12,r12,#1
628 str r3,[r11,#-12]
629#ifdef __thumb2__
630 itt eq @ Thumb2 thing, sanity check in ARM
631#endif
632 subeq r2,r11,#216
633 beq Ldone
634
635 ldr r7,[r11,#-32]
636 ldr r8,[r11,#-28]
637 eor r7,r7,r3 @ rk[10]=rk[4]^rk[9]
638 eor r9,r8,r7 @ rk[11]=rk[5]^rk[10]
639 str r7,[r11,#-8]
640 str r9,[r11,#-4]
641 b L192_loop
642
643Lnot192:
644#if __ARM_ARCH__<7
645 ldrb r8,[r12,#27]
646 ldrb r4,[r12,#26]
647 ldrb r5,[r12,#25]
648 ldrb r6,[r12,#24]
649 orr r8,r8,r4,lsl#8
650 ldrb r9,[r12,#31]
651 orr r8,r8,r5,lsl#16
652 ldrb r4,[r12,#30]
653 orr r8,r8,r6,lsl#24
654 ldrb r5,[r12,#29]
655 ldrb r6,[r12,#28]
656 orr r9,r9,r4,lsl#8
657 orr r9,r9,r5,lsl#16
658 str r8,[r11],#8
659 orr r9,r9,r6,lsl#24
660 str r9,[r11,#-4]
661#else
662 ldr r8,[r12,#24]
663 ldr r9,[r12,#28]
664#ifdef __ARMEL__
665 rev r8,r8
666 rev r9,r9
667#endif
668 str r8,[r11],#8
669 str r9,[r11,#-4]
670#endif
671
672 mov r12,#14
673 str r12,[r11,#240-32]
674 add r6,r10,#256 @ rcon
675 mov lr,#255
676 mov r12,#7
677
678L256_loop:
679 and r5,lr,r9,lsr#24
680 and r7,lr,r9,lsr#16
681 ldrb r5,[r10,r5]
682 and r8,lr,r9,lsr#8
683 ldrb r7,[r10,r7]
684 and r9,lr,r9
685 ldrb r8,[r10,r8]
686 orr r5,r5,r7,lsl#24
687 ldrb r9,[r10,r9]
688 orr r5,r5,r8,lsl#16
689 ldr r4,[r6],#4 @ rcon[i++]
690 orr r5,r5,r9,lsl#8
691 eor r9,r5,r4
692 eor r0,r0,r9 @ rk[8]=rk[0]^...
693 eor r1,r1,r0 @ rk[9]=rk[1]^rk[8]
694 str r0,[r11],#32
695 eor r2,r2,r1 @ rk[10]=rk[2]^rk[9]
696 str r1,[r11,#-28]
697 eor r3,r3,r2 @ rk[11]=rk[3]^rk[10]
698 str r2,[r11,#-24]
699 subs r12,r12,#1
700 str r3,[r11,#-20]
701#ifdef __thumb2__
702 itt eq @ Thumb2 thing, sanity check in ARM
703#endif
704 subeq r2,r11,#256
705 beq Ldone
706
707 and r5,lr,r3
708 and r7,lr,r3,lsr#8
709 ldrb r5,[r10,r5]
710 and r8,lr,r3,lsr#16
711 ldrb r7,[r10,r7]
712 and r9,lr,r3,lsr#24
713 ldrb r8,[r10,r8]
714 orr r5,r5,r7,lsl#8
715 ldrb r9,[r10,r9]
716 orr r5,r5,r8,lsl#16
717 ldr r4,[r11,#-48]
718 orr r5,r5,r9,lsl#24
719
720 ldr r7,[r11,#-44]
721 ldr r8,[r11,#-40]
722 eor r4,r4,r5 @ rk[12]=rk[4]^...
723 ldr r9,[r11,#-36]
724 eor r7,r7,r4 @ rk[13]=rk[5]^rk[12]
725 str r4,[r11,#-16]
726 eor r8,r8,r7 @ rk[14]=rk[6]^rk[13]
727 str r7,[r11,#-12]
728 eor r9,r9,r8 @ rk[15]=rk[7]^rk[14]
729 str r8,[r11,#-8]
730 str r9,[r11,#-4]
731 b L256_loop
732
733.align 2
734Ldone: mov r0,#0
735 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
736Labrt:
737#if __ARM_ARCH__>=5
738 bx lr @ .word 0xe12fff1e
739#else
740 tst lr,#1
741 moveq pc,lr @ be binary compatible with V4, yet
742.word 0xe12fff1e @ interoperable with Thumb ISA:-)
743#endif
744
745
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]746.globl _aes_nohw_set_decrypt_key
747.private_extern _aes_nohw_set_decrypt_key
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]748#ifdef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]749.thumb_func _aes_nohw_set_decrypt_key
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]750#endif
751.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]752_aes_nohw_set_decrypt_key:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]753 str lr,[sp,#-4]! @ push lr
754 bl _armv4_AES_set_encrypt_key
755 teq r0,#0
756 ldr lr,[sp],#4 @ pop lr
757 bne Labrt
758
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]759 mov r0,r2 @ _aes_nohw_set_encrypt_key preserves r2,
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]760 mov r1,r2 @ which is AES_KEY *key
761 b _armv4_AES_set_enc2dec_key
762
763
764@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
765.globl _AES_set_enc2dec_key
766.private_extern _AES_set_enc2dec_key
767#ifdef __thumb2__
768.thumb_func _AES_set_enc2dec_key
769#endif
770.align 5
771_AES_set_enc2dec_key:
772_armv4_AES_set_enc2dec_key:
773 stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
774
775 ldr r12,[r0,#240]
776 mov r7,r0 @ input
777 add r8,r0,r12,lsl#4
778 mov r11,r1 @ output
779 add r10,r1,r12,lsl#4
780 str r12,[r1,#240]
781
782Linv: ldr r0,[r7],#16
783 ldr r1,[r7,#-12]
784 ldr r2,[r7,#-8]
785 ldr r3,[r7,#-4]
786 ldr r4,[r8],#-16
787 ldr r5,[r8,#16+4]
788 ldr r6,[r8,#16+8]
789 ldr r9,[r8,#16+12]
790 str r0,[r10],#-16
791 str r1,[r10,#16+4]
792 str r2,[r10,#16+8]
793 str r3,[r10,#16+12]
794 str r4,[r11],#16
795 str r5,[r11,#-12]
796 str r6,[r11,#-8]
797 str r9,[r11,#-4]
798 teq r7,r8
799 bne Linv
800
801 ldr r0,[r7]
802 ldr r1,[r7,#4]
803 ldr r2,[r7,#8]
804 ldr r3,[r7,#12]
805 str r0,[r11]
806 str r1,[r11,#4]
807 str r2,[r11,#8]
808 str r3,[r11,#12]
809 sub r11,r11,r12,lsl#3
810 ldr r0,[r11,#16]! @ prefetch tp1
811 mov r7,#0x80
812 mov r8,#0x1b
813 orr r7,r7,#0x8000
814 orr r8,r8,#0x1b00
815 orr r7,r7,r7,lsl#16
816 orr r8,r8,r8,lsl#16
817 sub r12,r12,#1
818 mvn r9,r7
819 mov r12,r12,lsl#2 @ (rounds-1)*4
820
821Lmix: and r4,r0,r7
822 and r1,r0,r9
823 sub r4,r4,r4,lsr#7
824 and r4,r4,r8
825 eor r1,r4,r1,lsl#1 @ tp2
826
827 and r4,r1,r7
828 and r2,r1,r9
829 sub r4,r4,r4,lsr#7
830 and r4,r4,r8
831 eor r2,r4,r2,lsl#1 @ tp4
832
833 and r4,r2,r7
834 and r3,r2,r9
835 sub r4,r4,r4,lsr#7
836 and r4,r4,r8
837 eor r3,r4,r3,lsl#1 @ tp8
838
839 eor r4,r1,r2
840 eor r5,r0,r3 @ tp9
841 eor r4,r4,r3 @ tpe
842 eor r4,r4,r1,ror#24
843 eor r4,r4,r5,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8)
844 eor r4,r4,r2,ror#16
845 eor r4,r4,r5,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16)
846 eor r4,r4,r5,ror#8 @ ^= ROTATE(tp9,24)
847
848 ldr r0,[r11,#4] @ prefetch tp1
849 str r4,[r11],#4
850 subs r12,r12,#1
851 bne Lmix
852
853 mov r0,#0
854#if __ARM_ARCH__>=5
855 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
856#else
857 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
858 tst lr,#1
859 moveq pc,lr @ be binary compatible with V4, yet
860.word 0xe12fff1e @ interoperable with Thumb ISA:-)
861#endif
862
863
864
865.align 5
866AES_Td:
867.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
868.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
869.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
870.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
871.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
872.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
873.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
874.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
875.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
876.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
877.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
878.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
879.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
880.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
881.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
882.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
883.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
884.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
885.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
886.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
887.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
888.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
889.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
890.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
891.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
892.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
893.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
894.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
895.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
896.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
897.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
898.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
899.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
900.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
901.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
902.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
903.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
904.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
905.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
906.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
907.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
908.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
909.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
910.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
911.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
912.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
913.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
914.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
915.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
916.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
917.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
918.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
919.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
920.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
921.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
922.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
923.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
924.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
925.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
926.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
927.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
928.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
929.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
930.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
931@ Td4[256]
932.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
933.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
934.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
935.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
936.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
937.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
938.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
939.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
940.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
941.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
942.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
943.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
944.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
945.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
946.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
947.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
948.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
949.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
950.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
951.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
952.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
953.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
954.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
955.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
956.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
957.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
958.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
959.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
960.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
961.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
962.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
963.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
964
965
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]966@ void aes_nohw_decrypt(const unsigned char *in, unsigned char *out,
967@ const AES_KEY *key) {
968.globl _aes_nohw_decrypt
969.private_extern _aes_nohw_decrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]970#ifdef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]971.thumb_func _aes_nohw_decrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]972#endif
973.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]974_aes_nohw_decrypt:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]975#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]976 sub r3,pc,#8 @ _aes_nohw_decrypt
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]977#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]978 adr r3,.
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]979#endif
980 stmdb sp!,{r1,r4-r12,lr}
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]981#if defined(__thumb2__) || defined(__APPLE__)
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]982 adr r10,AES_Td
983#else
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame]984 sub r10,r3,#_aes_nohw_decrypt-AES_Td @ Td
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]985#endif
986 mov r12,r0 @ inp
987 mov r11,r2
988#if __ARM_ARCH__<7
989 ldrb r0,[r12,#3] @ load input data in endian-neutral
990 ldrb r4,[r12,#2] @ manner...
991 ldrb r5,[r12,#1]
992 ldrb r6,[r12,#0]
993 orr r0,r0,r4,lsl#8
994 ldrb r1,[r12,#7]
995 orr r0,r0,r5,lsl#16
996 ldrb r4,[r12,#6]
997 orr r0,r0,r6,lsl#24
998 ldrb r5,[r12,#5]
999 ldrb r6,[r12,#4]
1000 orr r1,r1,r4,lsl#8
1001 ldrb r2,[r12,#11]
1002 orr r1,r1,r5,lsl#16
1003 ldrb r4,[r12,#10]
1004 orr r1,r1,r6,lsl#24
1005 ldrb r5,[r12,#9]
1006 ldrb r6,[r12,#8]
1007 orr r2,r2,r4,lsl#8
1008 ldrb r3,[r12,#15]
1009 orr r2,r2,r5,lsl#16
1010 ldrb r4,[r12,#14]
1011 orr r2,r2,r6,lsl#24
1012 ldrb r5,[r12,#13]
1013 ldrb r6,[r12,#12]
1014 orr r3,r3,r4,lsl#8
1015 orr r3,r3,r5,lsl#16
1016 orr r3,r3,r6,lsl#24
1017#else
1018 ldr r0,[r12,#0]
1019 ldr r1,[r12,#4]
1020 ldr r2,[r12,#8]
1021 ldr r3,[r12,#12]
1022#ifdef __ARMEL__
1023 rev r0,r0
1024 rev r1,r1
1025 rev r2,r2
1026 rev r3,r3
1027#endif
1028#endif
1029 bl _armv4_AES_decrypt
1030
1031 ldr r12,[sp],#4 @ pop out
1032#if __ARM_ARCH__>=7
1033#ifdef __ARMEL__
1034 rev r0,r0
1035 rev r1,r1
1036 rev r2,r2
1037 rev r3,r3
1038#endif
1039 str r0,[r12,#0]
1040 str r1,[r12,#4]
1041 str r2,[r12,#8]
1042 str r3,[r12,#12]
1043#else
1044 mov r4,r0,lsr#24 @ write output in endian-neutral
1045 mov r5,r0,lsr#16 @ manner...
1046 mov r6,r0,lsr#8
1047 strb r4,[r12,#0]
1048 strb r5,[r12,#1]
1049 mov r4,r1,lsr#24
1050 strb r6,[r12,#2]
1051 mov r5,r1,lsr#16
1052 strb r0,[r12,#3]
1053 mov r6,r1,lsr#8
1054 strb r4,[r12,#4]
1055 strb r5,[r12,#5]
1056 mov r4,r2,lsr#24
1057 strb r6,[r12,#6]
1058 mov r5,r2,lsr#16
1059 strb r1,[r12,#7]
1060 mov r6,r2,lsr#8
1061 strb r4,[r12,#8]
1062 strb r5,[r12,#9]
1063 mov r4,r3,lsr#24
1064 strb r6,[r12,#10]
1065 mov r5,r3,lsr#16
1066 strb r2,[r12,#11]
1067 mov r6,r3,lsr#8
1068 strb r4,[r12,#12]
1069 strb r5,[r12,#13]
1070 strb r6,[r12,#14]
1071 strb r3,[r12,#15]
1072#endif
1073#if __ARM_ARCH__>=5
1074 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
1075#else
1076 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
1077 tst lr,#1
1078 moveq pc,lr @ be binary compatible with V4, yet
1079.word 0xe12fff1e @ interoperable with Thumb ISA:-)
1080#endif
1081
1082
1083#ifdef __thumb2__
1084.thumb_func _armv4_AES_decrypt
1085#endif
1086.align 2
1087_armv4_AES_decrypt:
1088 str lr,[sp,#-4]! @ push lr
1089 ldmia r11!,{r4,r5,r6,r7}
1090 eor r0,r0,r4
1091 ldr r12,[r11,#240-16]
1092 eor r1,r1,r5
1093 eor r2,r2,r6
1094 eor r3,r3,r7
1095 sub r12,r12,#1
1096 mov lr,#255
1097
1098 and r7,lr,r0,lsr#16
1099 and r8,lr,r0,lsr#8
1100 and r9,lr,r0
1101 mov r0,r0,lsr#24
1102Ldec_loop:
1103 ldr r4,[r10,r7,lsl#2] @ Td1[s0>>16]
1104 and r7,lr,r1 @ i0
1105 ldr r5,[r10,r8,lsl#2] @ Td2[s0>>8]
1106 and r8,lr,r1,lsr#16
1107 ldr r6,[r10,r9,lsl#2] @ Td3[s0>>0]
1108 and r9,lr,r1,lsr#8
1109 ldr r0,[r10,r0,lsl#2] @ Td0[s0>>24]
1110 mov r1,r1,lsr#24
1111
1112 ldr r7,[r10,r7,lsl#2] @ Td3[s1>>0]
1113 ldr r8,[r10,r8,lsl#2] @ Td1[s1>>16]
1114 ldr r9,[r10,r9,lsl#2] @ Td2[s1>>8]
1115 eor r0,r0,r7,ror#24
1116 ldr r1,[r10,r1,lsl#2] @ Td0[s1>>24]
1117 and r7,lr,r2,lsr#8 @ i0
1118 eor r5,r8,r5,ror#8
1119 and r8,lr,r2 @ i1
1120 eor r6,r9,r6,ror#8
1121 and r9,lr,r2,lsr#16
1122 ldr r7,[r10,r7,lsl#2] @ Td2[s2>>8]
1123 eor r1,r1,r4,ror#8
1124 ldr r8,[r10,r8,lsl#2] @ Td3[s2>>0]
1125 mov r2,r2,lsr#24
1126
1127 ldr r9,[r10,r9,lsl#2] @ Td1[s2>>16]
1128 eor r0,r0,r7,ror#16
1129 ldr r2,[r10,r2,lsl#2] @ Td0[s2>>24]
1130 and r7,lr,r3,lsr#16 @ i0
1131 eor r1,r1,r8,ror#24
1132 and r8,lr,r3,lsr#8 @ i1
1133 eor r6,r9,r6,ror#8
1134 and r9,lr,r3 @ i2
1135 ldr r7,[r10,r7,lsl#2] @ Td1[s3>>16]
1136 eor r2,r2,r5,ror#8
1137 ldr r8,[r10,r8,lsl#2] @ Td2[s3>>8]
1138 mov r3,r3,lsr#24
1139
1140 ldr r9,[r10,r9,lsl#2] @ Td3[s3>>0]
1141 eor r0,r0,r7,ror#8
1142 ldr r7,[r11],#16
1143 eor r1,r1,r8,ror#16
1144 ldr r3,[r10,r3,lsl#2] @ Td0[s3>>24]
1145 eor r2,r2,r9,ror#24
1146
1147 ldr r4,[r11,#-12]
1148 eor r0,r0,r7
1149 ldr r5,[r11,#-8]
1150 eor r3,r3,r6,ror#8
1151 ldr r6,[r11,#-4]
1152 and r7,lr,r0,lsr#16
1153 eor r1,r1,r4
1154 and r8,lr,r0,lsr#8
1155 eor r2,r2,r5
1156 and r9,lr,r0
1157 eor r3,r3,r6
1158 mov r0,r0,lsr#24
1159
1160 subs r12,r12,#1
1161 bne Ldec_loop
1162
1163 add r10,r10,#1024
1164
1165 ldr r5,[r10,#0] @ prefetch Td4
1166 ldr r6,[r10,#32]
1167 ldr r4,[r10,#64]
1168 ldr r5,[r10,#96]
1169 ldr r6,[r10,#128]
1170 ldr r4,[r10,#160]
1171 ldr r5,[r10,#192]
1172 ldr r6,[r10,#224]
1173
1174 ldrb r0,[r10,r0] @ Td4[s0>>24]
1175 ldrb r4,[r10,r7] @ Td4[s0>>16]
1176 and r7,lr,r1 @ i0
1177 ldrb r5,[r10,r8] @ Td4[s0>>8]
1178 and r8,lr,r1,lsr#16
1179 ldrb r6,[r10,r9] @ Td4[s0>>0]
1180 and r9,lr,r1,lsr#8
1181
1182 add r1,r10,r1,lsr#24
1183 ldrb r7,[r10,r7] @ Td4[s1>>0]
1184 ldrb r1,[r1] @ Td4[s1>>24]
1185 ldrb r8,[r10,r8] @ Td4[s1>>16]
1186 eor r0,r7,r0,lsl#24
1187 ldrb r9,[r10,r9] @ Td4[s1>>8]
1188 eor r1,r4,r1,lsl#8
1189 and r7,lr,r2,lsr#8 @ i0
1190 eor r5,r5,r8,lsl#8
1191 and r8,lr,r2 @ i1
1192 ldrb r7,[r10,r7] @ Td4[s2>>8]
1193 eor r6,r6,r9,lsl#8
1194 ldrb r8,[r10,r8] @ Td4[s2>>0]
1195 and r9,lr,r2,lsr#16
1196
1197 add r2,r10,r2,lsr#24
1198 ldrb r2,[r2] @ Td4[s2>>24]
1199 eor r0,r0,r7,lsl#8
1200 ldrb r9,[r10,r9] @ Td4[s2>>16]
1201 eor r1,r8,r1,lsl#16
1202 and r7,lr,r3,lsr#16 @ i0
1203 eor r2,r5,r2,lsl#16
1204 and r8,lr,r3,lsr#8 @ i1
1205 ldrb r7,[r10,r7] @ Td4[s3>>16]
1206 eor r6,r6,r9,lsl#16
1207 ldrb r8,[r10,r8] @ Td4[s3>>8]
1208 and r9,lr,r3 @ i2
1209
1210 add r3,r10,r3,lsr#24
1211 ldrb r9,[r10,r9] @ Td4[s3>>0]
1212 ldrb r3,[r3] @ Td4[s3>>24]
1213 eor r0,r0,r7,lsl#16
1214 ldr r7,[r11,#0]
1215 eor r1,r1,r8,lsl#8
1216 ldr r4,[r11,#4]
1217 eor r2,r9,r2,lsl#8
1218 ldr r5,[r11,#8]
1219 eor r3,r6,r3,lsl#24
1220 ldr r6,[r11,#12]
1221
1222 eor r0,r0,r7
1223 eor r1,r1,r4
1224 eor r2,r2,r5
1225 eor r3,r3,r6
1226
1227 sub r10,r10,#1024
1228 ldr pc,[sp],#4 @ pop and return
1229
1230.byte 65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1231.align 2
1232.align 2
Robert Sloan726e9d12018-09-11 11:45:04 -0700[diff] [blame]1233#endif // !OPENSSL_NO_ASM