Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / bfcf3a72c0bcb62cfde80e932db0668a7f96c0f8 / . / linux-arm / crypto / fipsmodule / aes-armv4.S
blob: 83dc7c3ffdc813a84a38d27f66a19a4492ad0f6e [file] [log] [blame]
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]1#if defined(__arm__)
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]2@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
3@
4@ Licensed under the OpenSSL license (the "License"). You may not use
5@ this file except in compliance with the License. You can obtain a copy
6@ in the file LICENSE in the source distribution or at
7@ https://www.openssl.org/source/license.html
8
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]9
10@ ====================================================================
11@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12@ project. The module is, however, dual licensed under OpenSSL and
13@ CRYPTOGAMS licenses depending on where you obtain it. For further
14@ details see http://www.openssl.org/~appro/cryptogams/.
15@ ====================================================================
16
17@ AES for ARMv4
18
19@ January 2007.
20@
21@ Code uses single 1K S-box and is >2 times faster than code generated
22@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
23@ allows to merge logical or arithmetic operation with shift or rotate
24@ in one instruction and emit combined result every cycle. The module
25@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
26@ key [on single-issue Xscale PXA250 core].
27
28@ May 2007.
29@
30@ AES_set_[en|de]crypt_key is added.
31
32@ July 2010.
33@
34@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
35@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
36
37@ February 2011.
38@
39@ Profiler-assisted and platform-specific optimization resulted in 16%
40@ improvement on Cortex A8 core and ~21.5 cycles per byte.
41
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]42#ifndef __KERNEL__
Kenny Rootb8494592015-09-25 02:29:14 +0000[diff] [blame]43# include <openssl/arm_arch.h>
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]44#else
45# define __ARM_ARCH__ __LINUX_ARM_ARCH__
46#endif
47
Robert Sloan55818102017-12-18 11:26:17 -0800[diff] [blame]48@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
49@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
50@ instructions are in aesv8-armx.pl.)
51.arch armv7-a
52
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]53.text
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]54#if defined(__thumb2__) && !defined(__APPLE__)
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]55.syntax unified
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]56.thumb
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]57#else
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]58.code 32
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]59#undef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]60#endif
61
62.type AES_Te,%object
63.align 5
64AES_Te:
65.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
66.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
67.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
68.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
69.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
70.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
71.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
72.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
73.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
74.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
75.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
76.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
77.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
78.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
79.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
80.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
81.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
82.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
83.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
84.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
85.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
86.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
87.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
88.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
89.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
90.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
91.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
92.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
93.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
94.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
95.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
96.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
97.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
98.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
99.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
100.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
101.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
102.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
103.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
104.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
105.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
106.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
107.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
108.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
109.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
110.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
111.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
112.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
113.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
114.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
115.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
116.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
117.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
118.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
119.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
120.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
121.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
122.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
123.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
124.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
125.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
126.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
127.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
128.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
129@ Te4[256]
130.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
131.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
132.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
133.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
134.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
135.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
136.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
137.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
138.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
139.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
140.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
141.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
142.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
143.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
144.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
145.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
146.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
147.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
148.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
149.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
150.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
151.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
152.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
153.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
154.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
155.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
156.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
157.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
158.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
159.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
160.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
161.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
162@ rcon[]
163.word 0x01000000, 0x02000000, 0x04000000, 0x08000000
164.word 0x10000000, 0x20000000, 0x40000000, 0x80000000
165.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
166.size AES_Te,.-AES_Te
167
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]168@ void aes_nohw_encrypt(const unsigned char *in, unsigned char *out,
169@ const AES_KEY *key) {
170.globl aes_nohw_encrypt
171.hidden aes_nohw_encrypt
172.type aes_nohw_encrypt,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]173.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]174aes_nohw_encrypt:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]175#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]176 sub r3,pc,#8 @ aes_nohw_encrypt
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]177#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]178 adr r3,.
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]179#endif
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]180 stmdb sp!,{r1,r4-r12,lr}
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]181#if defined(__thumb2__) || defined(__APPLE__)
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]182 adr r10,AES_Te
183#else
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]184 sub r10,r3,#aes_nohw_encrypt-AES_Te @ Te
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]185#endif
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]186 mov r12,r0 @ inp
187 mov r11,r2
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]188#if __ARM_ARCH__<7
189 ldrb r0,[r12,#3] @ load input data in endian-neutral
190 ldrb r4,[r12,#2] @ manner...
191 ldrb r5,[r12,#1]
192 ldrb r6,[r12,#0]
193 orr r0,r0,r4,lsl#8
194 ldrb r1,[r12,#7]
195 orr r0,r0,r5,lsl#16
196 ldrb r4,[r12,#6]
197 orr r0,r0,r6,lsl#24
198 ldrb r5,[r12,#5]
199 ldrb r6,[r12,#4]
200 orr r1,r1,r4,lsl#8
201 ldrb r2,[r12,#11]
202 orr r1,r1,r5,lsl#16
203 ldrb r4,[r12,#10]
204 orr r1,r1,r6,lsl#24
205 ldrb r5,[r12,#9]
206 ldrb r6,[r12,#8]
207 orr r2,r2,r4,lsl#8
208 ldrb r3,[r12,#15]
209 orr r2,r2,r5,lsl#16
210 ldrb r4,[r12,#14]
211 orr r2,r2,r6,lsl#24
212 ldrb r5,[r12,#13]
213 ldrb r6,[r12,#12]
214 orr r3,r3,r4,lsl#8
215 orr r3,r3,r5,lsl#16
216 orr r3,r3,r6,lsl#24
217#else
218 ldr r0,[r12,#0]
219 ldr r1,[r12,#4]
220 ldr r2,[r12,#8]
221 ldr r3,[r12,#12]
222#ifdef __ARMEL__
223 rev r0,r0
224 rev r1,r1
225 rev r2,r2
226 rev r3,r3
227#endif
228#endif
229 bl _armv4_AES_encrypt
230
231 ldr r12,[sp],#4 @ pop out
232#if __ARM_ARCH__>=7
233#ifdef __ARMEL__
234 rev r0,r0
235 rev r1,r1
236 rev r2,r2
237 rev r3,r3
238#endif
239 str r0,[r12,#0]
240 str r1,[r12,#4]
241 str r2,[r12,#8]
242 str r3,[r12,#12]
243#else
244 mov r4,r0,lsr#24 @ write output in endian-neutral
245 mov r5,r0,lsr#16 @ manner...
246 mov r6,r0,lsr#8
247 strb r4,[r12,#0]
248 strb r5,[r12,#1]
249 mov r4,r1,lsr#24
250 strb r6,[r12,#2]
251 mov r5,r1,lsr#16
252 strb r0,[r12,#3]
253 mov r6,r1,lsr#8
254 strb r4,[r12,#4]
255 strb r5,[r12,#5]
256 mov r4,r2,lsr#24
257 strb r6,[r12,#6]
258 mov r5,r2,lsr#16
259 strb r1,[r12,#7]
260 mov r6,r2,lsr#8
261 strb r4,[r12,#8]
262 strb r5,[r12,#9]
263 mov r4,r3,lsr#24
264 strb r6,[r12,#10]
265 mov r5,r3,lsr#16
266 strb r2,[r12,#11]
267 mov r6,r3,lsr#8
268 strb r4,[r12,#12]
269 strb r5,[r12,#13]
270 strb r6,[r12,#14]
271 strb r3,[r12,#15]
272#endif
273#if __ARM_ARCH__>=5
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]274 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]275#else
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]276 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]277 tst lr,#1
278 moveq pc,lr @ be binary compatible with V4, yet
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]279.word 0xe12fff1e @ interoperable with Thumb ISA:-)
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]280#endif
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]281.size aes_nohw_encrypt,.-aes_nohw_encrypt
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]282
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]283.type _armv4_AES_encrypt,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]284.align 2
285_armv4_AES_encrypt:
286 str lr,[sp,#-4]! @ push lr
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]287 ldmia r11!,{r4,r5,r6,r7}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]288 eor r0,r0,r4
289 ldr r12,[r11,#240-16]
290 eor r1,r1,r5
291 eor r2,r2,r6
292 eor r3,r3,r7
293 sub r12,r12,#1
294 mov lr,#255
295
296 and r7,lr,r0
297 and r8,lr,r0,lsr#8
298 and r9,lr,r0,lsr#16
299 mov r0,r0,lsr#24
300.Lenc_loop:
301 ldr r4,[r10,r7,lsl#2] @ Te3[s0>>0]
302 and r7,lr,r1,lsr#16 @ i0
303 ldr r5,[r10,r8,lsl#2] @ Te2[s0>>8]
304 and r8,lr,r1
305 ldr r6,[r10,r9,lsl#2] @ Te1[s0>>16]
306 and r9,lr,r1,lsr#8
307 ldr r0,[r10,r0,lsl#2] @ Te0[s0>>24]
308 mov r1,r1,lsr#24
309
310 ldr r7,[r10,r7,lsl#2] @ Te1[s1>>16]
311 ldr r8,[r10,r8,lsl#2] @ Te3[s1>>0]
312 ldr r9,[r10,r9,lsl#2] @ Te2[s1>>8]
313 eor r0,r0,r7,ror#8
314 ldr r1,[r10,r1,lsl#2] @ Te0[s1>>24]
315 and r7,lr,r2,lsr#8 @ i0
316 eor r5,r5,r8,ror#8
317 and r8,lr,r2,lsr#16 @ i1
318 eor r6,r6,r9,ror#8
319 and r9,lr,r2
320 ldr r7,[r10,r7,lsl#2] @ Te2[s2>>8]
321 eor r1,r1,r4,ror#24
322 ldr r8,[r10,r8,lsl#2] @ Te1[s2>>16]
323 mov r2,r2,lsr#24
324
325 ldr r9,[r10,r9,lsl#2] @ Te3[s2>>0]
326 eor r0,r0,r7,ror#16
327 ldr r2,[r10,r2,lsl#2] @ Te0[s2>>24]
328 and r7,lr,r3 @ i0
329 eor r1,r1,r8,ror#8
330 and r8,lr,r3,lsr#8 @ i1
331 eor r6,r6,r9,ror#16
332 and r9,lr,r3,lsr#16 @ i2
333 ldr r7,[r10,r7,lsl#2] @ Te3[s3>>0]
334 eor r2,r2,r5,ror#16
335 ldr r8,[r10,r8,lsl#2] @ Te2[s3>>8]
336 mov r3,r3,lsr#24
337
338 ldr r9,[r10,r9,lsl#2] @ Te1[s3>>16]
339 eor r0,r0,r7,ror#24
340 ldr r7,[r11],#16
341 eor r1,r1,r8,ror#16
342 ldr r3,[r10,r3,lsl#2] @ Te0[s3>>24]
343 eor r2,r2,r9,ror#8
344 ldr r4,[r11,#-12]
345 eor r3,r3,r6,ror#8
346
347 ldr r5,[r11,#-8]
348 eor r0,r0,r7
349 ldr r6,[r11,#-4]
350 and r7,lr,r0
351 eor r1,r1,r4
352 and r8,lr,r0,lsr#8
353 eor r2,r2,r5
354 and r9,lr,r0,lsr#16
355 eor r3,r3,r6
356 mov r0,r0,lsr#24
357
358 subs r12,r12,#1
359 bne .Lenc_loop
360
361 add r10,r10,#2
362
363 ldrb r4,[r10,r7,lsl#2] @ Te4[s0>>0]
364 and r7,lr,r1,lsr#16 @ i0
365 ldrb r5,[r10,r8,lsl#2] @ Te4[s0>>8]
366 and r8,lr,r1
367 ldrb r6,[r10,r9,lsl#2] @ Te4[s0>>16]
368 and r9,lr,r1,lsr#8
369 ldrb r0,[r10,r0,lsl#2] @ Te4[s0>>24]
370 mov r1,r1,lsr#24
371
372 ldrb r7,[r10,r7,lsl#2] @ Te4[s1>>16]
373 ldrb r8,[r10,r8,lsl#2] @ Te4[s1>>0]
374 ldrb r9,[r10,r9,lsl#2] @ Te4[s1>>8]
375 eor r0,r7,r0,lsl#8
376 ldrb r1,[r10,r1,lsl#2] @ Te4[s1>>24]
377 and r7,lr,r2,lsr#8 @ i0
378 eor r5,r8,r5,lsl#8
379 and r8,lr,r2,lsr#16 @ i1
380 eor r6,r9,r6,lsl#8
381 and r9,lr,r2
382 ldrb r7,[r10,r7,lsl#2] @ Te4[s2>>8]
383 eor r1,r4,r1,lsl#24
384 ldrb r8,[r10,r8,lsl#2] @ Te4[s2>>16]
385 mov r2,r2,lsr#24
386
387 ldrb r9,[r10,r9,lsl#2] @ Te4[s2>>0]
388 eor r0,r7,r0,lsl#8
389 ldrb r2,[r10,r2,lsl#2] @ Te4[s2>>24]
390 and r7,lr,r3 @ i0
391 eor r1,r1,r8,lsl#16
392 and r8,lr,r3,lsr#8 @ i1
393 eor r6,r9,r6,lsl#8
394 and r9,lr,r3,lsr#16 @ i2
395 ldrb r7,[r10,r7,lsl#2] @ Te4[s3>>0]
396 eor r2,r5,r2,lsl#24
397 ldrb r8,[r10,r8,lsl#2] @ Te4[s3>>8]
398 mov r3,r3,lsr#24
399
400 ldrb r9,[r10,r9,lsl#2] @ Te4[s3>>16]
401 eor r0,r7,r0,lsl#8
402 ldr r7,[r11,#0]
403 ldrb r3,[r10,r3,lsl#2] @ Te4[s3>>24]
404 eor r1,r1,r8,lsl#8
405 ldr r4,[r11,#4]
406 eor r2,r2,r9,lsl#16
407 ldr r5,[r11,#8]
408 eor r3,r6,r3,lsl#24
409 ldr r6,[r11,#12]
410
411 eor r0,r0,r7
412 eor r1,r1,r4
413 eor r2,r2,r5
414 eor r3,r3,r6
415
416 sub r10,r10,#2
417 ldr pc,[sp],#4 @ pop and return
418.size _armv4_AES_encrypt,.-_armv4_AES_encrypt
419
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]420.globl aes_nohw_set_encrypt_key
421.hidden aes_nohw_set_encrypt_key
422.type aes_nohw_set_encrypt_key,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]423.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]424aes_nohw_set_encrypt_key:
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]425_armv4_AES_set_encrypt_key:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]426#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]427 sub r3,pc,#8 @ aes_nohw_set_encrypt_key
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]428#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]429 adr r3,.
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]430#endif
431 teq r0,#0
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]432#ifdef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]433 itt eq @ Thumb2 thing, sanity check in ARM
434#endif
435 moveq r0,#-1
436 beq .Labrt
437 teq r2,#0
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]438#ifdef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]439 itt eq @ Thumb2 thing, sanity check in ARM
440#endif
441 moveq r0,#-1
442 beq .Labrt
443
444 teq r1,#128
445 beq .Lok
446 teq r1,#192
447 beq .Lok
448 teq r1,#256
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]449#ifdef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]450 itt ne @ Thumb2 thing, sanity check in ARM
451#endif
452 movne r0,#-1
453 bne .Labrt
454
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]455.Lok: stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]456 mov r12,r0 @ inp
457 mov lr,r1 @ bits
458 mov r11,r2 @ key
459
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]460#if defined(__thumb2__) || defined(__APPLE__)
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]461 adr r10,AES_Te+1024 @ Te4
462#else
463 sub r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
464#endif
465
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]466#if __ARM_ARCH__<7
467 ldrb r0,[r12,#3] @ load input data in endian-neutral
468 ldrb r4,[r12,#2] @ manner...
469 ldrb r5,[r12,#1]
470 ldrb r6,[r12,#0]
471 orr r0,r0,r4,lsl#8
472 ldrb r1,[r12,#7]
473 orr r0,r0,r5,lsl#16
474 ldrb r4,[r12,#6]
475 orr r0,r0,r6,lsl#24
476 ldrb r5,[r12,#5]
477 ldrb r6,[r12,#4]
478 orr r1,r1,r4,lsl#8
479 ldrb r2,[r12,#11]
480 orr r1,r1,r5,lsl#16
481 ldrb r4,[r12,#10]
482 orr r1,r1,r6,lsl#24
483 ldrb r5,[r12,#9]
484 ldrb r6,[r12,#8]
485 orr r2,r2,r4,lsl#8
486 ldrb r3,[r12,#15]
487 orr r2,r2,r5,lsl#16
488 ldrb r4,[r12,#14]
489 orr r2,r2,r6,lsl#24
490 ldrb r5,[r12,#13]
491 ldrb r6,[r12,#12]
492 orr r3,r3,r4,lsl#8
493 str r0,[r11],#16
494 orr r3,r3,r5,lsl#16
495 str r1,[r11,#-12]
496 orr r3,r3,r6,lsl#24
497 str r2,[r11,#-8]
498 str r3,[r11,#-4]
499#else
500 ldr r0,[r12,#0]
501 ldr r1,[r12,#4]
502 ldr r2,[r12,#8]
503 ldr r3,[r12,#12]
504#ifdef __ARMEL__
505 rev r0,r0
506 rev r1,r1
507 rev r2,r2
508 rev r3,r3
509#endif
510 str r0,[r11],#16
511 str r1,[r11,#-12]
512 str r2,[r11,#-8]
513 str r3,[r11,#-4]
514#endif
515
516 teq lr,#128
517 bne .Lnot128
518 mov r12,#10
519 str r12,[r11,#240-16]
520 add r6,r10,#256 @ rcon
521 mov lr,#255
522
523.L128_loop:
524 and r5,lr,r3,lsr#24
525 and r7,lr,r3,lsr#16
526 ldrb r5,[r10,r5]
527 and r8,lr,r3,lsr#8
528 ldrb r7,[r10,r7]
529 and r9,lr,r3
530 ldrb r8,[r10,r8]
531 orr r5,r5,r7,lsl#24
532 ldrb r9,[r10,r9]
533 orr r5,r5,r8,lsl#16
534 ldr r4,[r6],#4 @ rcon[i++]
535 orr r5,r5,r9,lsl#8
536 eor r5,r5,r4
537 eor r0,r0,r5 @ rk[4]=rk[0]^...
538 eor r1,r1,r0 @ rk[5]=rk[1]^rk[4]
539 str r0,[r11],#16
540 eor r2,r2,r1 @ rk[6]=rk[2]^rk[5]
541 str r1,[r11,#-12]
542 eor r3,r3,r2 @ rk[7]=rk[3]^rk[6]
543 str r2,[r11,#-8]
544 subs r12,r12,#1
545 str r3,[r11,#-4]
546 bne .L128_loop
547 sub r2,r11,#176
548 b .Ldone
549
550.Lnot128:
551#if __ARM_ARCH__<7
552 ldrb r8,[r12,#19]
553 ldrb r4,[r12,#18]
554 ldrb r5,[r12,#17]
555 ldrb r6,[r12,#16]
556 orr r8,r8,r4,lsl#8
557 ldrb r9,[r12,#23]
558 orr r8,r8,r5,lsl#16
559 ldrb r4,[r12,#22]
560 orr r8,r8,r6,lsl#24
561 ldrb r5,[r12,#21]
562 ldrb r6,[r12,#20]
563 orr r9,r9,r4,lsl#8
564 orr r9,r9,r5,lsl#16
565 str r8,[r11],#8
566 orr r9,r9,r6,lsl#24
567 str r9,[r11,#-4]
568#else
569 ldr r8,[r12,#16]
570 ldr r9,[r12,#20]
571#ifdef __ARMEL__
572 rev r8,r8
573 rev r9,r9
574#endif
575 str r8,[r11],#8
576 str r9,[r11,#-4]
577#endif
578
579 teq lr,#192
580 bne .Lnot192
581 mov r12,#12
582 str r12,[r11,#240-24]
583 add r6,r10,#256 @ rcon
584 mov lr,#255
585 mov r12,#8
586
587.L192_loop:
588 and r5,lr,r9,lsr#24
589 and r7,lr,r9,lsr#16
590 ldrb r5,[r10,r5]
591 and r8,lr,r9,lsr#8
592 ldrb r7,[r10,r7]
593 and r9,lr,r9
594 ldrb r8,[r10,r8]
595 orr r5,r5,r7,lsl#24
596 ldrb r9,[r10,r9]
597 orr r5,r5,r8,lsl#16
598 ldr r4,[r6],#4 @ rcon[i++]
599 orr r5,r5,r9,lsl#8
600 eor r9,r5,r4
601 eor r0,r0,r9 @ rk[6]=rk[0]^...
602 eor r1,r1,r0 @ rk[7]=rk[1]^rk[6]
603 str r0,[r11],#24
604 eor r2,r2,r1 @ rk[8]=rk[2]^rk[7]
605 str r1,[r11,#-20]
606 eor r3,r3,r2 @ rk[9]=rk[3]^rk[8]
607 str r2,[r11,#-16]
608 subs r12,r12,#1
609 str r3,[r11,#-12]
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]610#ifdef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]611 itt eq @ Thumb2 thing, sanity check in ARM
612#endif
613 subeq r2,r11,#216
614 beq .Ldone
615
616 ldr r7,[r11,#-32]
617 ldr r8,[r11,#-28]
618 eor r7,r7,r3 @ rk[10]=rk[4]^rk[9]
619 eor r9,r8,r7 @ rk[11]=rk[5]^rk[10]
620 str r7,[r11,#-8]
621 str r9,[r11,#-4]
622 b .L192_loop
623
624.Lnot192:
625#if __ARM_ARCH__<7
626 ldrb r8,[r12,#27]
627 ldrb r4,[r12,#26]
628 ldrb r5,[r12,#25]
629 ldrb r6,[r12,#24]
630 orr r8,r8,r4,lsl#8
631 ldrb r9,[r12,#31]
632 orr r8,r8,r5,lsl#16
633 ldrb r4,[r12,#30]
634 orr r8,r8,r6,lsl#24
635 ldrb r5,[r12,#29]
636 ldrb r6,[r12,#28]
637 orr r9,r9,r4,lsl#8
638 orr r9,r9,r5,lsl#16
639 str r8,[r11],#8
640 orr r9,r9,r6,lsl#24
641 str r9,[r11,#-4]
642#else
643 ldr r8,[r12,#24]
644 ldr r9,[r12,#28]
645#ifdef __ARMEL__
646 rev r8,r8
647 rev r9,r9
648#endif
649 str r8,[r11],#8
650 str r9,[r11,#-4]
651#endif
652
653 mov r12,#14
654 str r12,[r11,#240-32]
655 add r6,r10,#256 @ rcon
656 mov lr,#255
657 mov r12,#7
658
659.L256_loop:
660 and r5,lr,r9,lsr#24
661 and r7,lr,r9,lsr#16
662 ldrb r5,[r10,r5]
663 and r8,lr,r9,lsr#8
664 ldrb r7,[r10,r7]
665 and r9,lr,r9
666 ldrb r8,[r10,r8]
667 orr r5,r5,r7,lsl#24
668 ldrb r9,[r10,r9]
669 orr r5,r5,r8,lsl#16
670 ldr r4,[r6],#4 @ rcon[i++]
671 orr r5,r5,r9,lsl#8
672 eor r9,r5,r4
673 eor r0,r0,r9 @ rk[8]=rk[0]^...
674 eor r1,r1,r0 @ rk[9]=rk[1]^rk[8]
675 str r0,[r11],#32
676 eor r2,r2,r1 @ rk[10]=rk[2]^rk[9]
677 str r1,[r11,#-28]
678 eor r3,r3,r2 @ rk[11]=rk[3]^rk[10]
679 str r2,[r11,#-24]
680 subs r12,r12,#1
681 str r3,[r11,#-20]
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]682#ifdef __thumb2__
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]683 itt eq @ Thumb2 thing, sanity check in ARM
684#endif
685 subeq r2,r11,#256
686 beq .Ldone
687
688 and r5,lr,r3
689 and r7,lr,r3,lsr#8
690 ldrb r5,[r10,r5]
691 and r8,lr,r3,lsr#16
692 ldrb r7,[r10,r7]
693 and r9,lr,r3,lsr#24
694 ldrb r8,[r10,r8]
695 orr r5,r5,r7,lsl#8
696 ldrb r9,[r10,r9]
697 orr r5,r5,r8,lsl#16
698 ldr r4,[r11,#-48]
699 orr r5,r5,r9,lsl#24
700
701 ldr r7,[r11,#-44]
702 ldr r8,[r11,#-40]
703 eor r4,r4,r5 @ rk[12]=rk[4]^...
704 ldr r9,[r11,#-36]
705 eor r7,r7,r4 @ rk[13]=rk[5]^rk[12]
706 str r4,[r11,#-16]
707 eor r8,r8,r7 @ rk[14]=rk[6]^rk[13]
708 str r7,[r11,#-12]
709 eor r9,r9,r8 @ rk[15]=rk[7]^rk[14]
710 str r8,[r11,#-8]
711 str r9,[r11,#-4]
712 b .L256_loop
713
714.align 2
715.Ldone: mov r0,#0
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]716 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]717.Labrt:
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]718#if __ARM_ARCH__>=5
719 bx lr @ .word 0xe12fff1e
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]720#else
721 tst lr,#1
722 moveq pc,lr @ be binary compatible with V4, yet
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]723.word 0xe12fff1e @ interoperable with Thumb ISA:-)
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]724#endif
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]725.size aes_nohw_set_encrypt_key,.-aes_nohw_set_encrypt_key
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]726
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]727.globl aes_nohw_set_decrypt_key
728.hidden aes_nohw_set_decrypt_key
729.type aes_nohw_set_decrypt_key,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]730.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]731aes_nohw_set_decrypt_key:
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]732 str lr,[sp,#-4]! @ push lr
733 bl _armv4_AES_set_encrypt_key
734 teq r0,#0
735 ldr lr,[sp],#4 @ pop lr
736 bne .Labrt
737
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]738 mov r0,r2 @ aes_nohw_set_encrypt_key preserves r2,
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]739 mov r1,r2 @ which is AES_KEY *key
740 b _armv4_AES_set_enc2dec_key
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]741.size aes_nohw_set_decrypt_key,.-aes_nohw_set_decrypt_key
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]742
743@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]744.globl AES_set_enc2dec_key
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]745.hidden AES_set_enc2dec_key
746.type AES_set_enc2dec_key,%function
747.align 5
748AES_set_enc2dec_key:
749_armv4_AES_set_enc2dec_key:
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]750 stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]751
752 ldr r12,[r0,#240]
753 mov r7,r0 @ input
754 add r8,r0,r12,lsl#4
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]755 mov r11,r1 @ output
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]756 add r10,r1,r12,lsl#4
757 str r12,[r1,#240]
758
759.Linv: ldr r0,[r7],#16
760 ldr r1,[r7,#-12]
761 ldr r2,[r7,#-8]
762 ldr r3,[r7,#-4]
763 ldr r4,[r8],#-16
764 ldr r5,[r8,#16+4]
765 ldr r6,[r8,#16+8]
766 ldr r9,[r8,#16+12]
767 str r0,[r10],#-16
768 str r1,[r10,#16+4]
769 str r2,[r10,#16+8]
770 str r3,[r10,#16+12]
771 str r4,[r11],#16
772 str r5,[r11,#-12]
773 str r6,[r11,#-8]
774 str r9,[r11,#-4]
775 teq r7,r8
776 bne .Linv
777
778 ldr r0,[r7]
779 ldr r1,[r7,#4]
780 ldr r2,[r7,#8]
781 ldr r3,[r7,#12]
782 str r0,[r11]
783 str r1,[r11,#4]
784 str r2,[r11,#8]
785 str r3,[r11,#12]
786 sub r11,r11,r12,lsl#3
787 ldr r0,[r11,#16]! @ prefetch tp1
788 mov r7,#0x80
789 mov r8,#0x1b
790 orr r7,r7,#0x8000
791 orr r8,r8,#0x1b00
792 orr r7,r7,r7,lsl#16
793 orr r8,r8,r8,lsl#16
794 sub r12,r12,#1
795 mvn r9,r7
796 mov r12,r12,lsl#2 @ (rounds-1)*4
797
798.Lmix: and r4,r0,r7
799 and r1,r0,r9
800 sub r4,r4,r4,lsr#7
801 and r4,r4,r8
802 eor r1,r4,r1,lsl#1 @ tp2
803
804 and r4,r1,r7
805 and r2,r1,r9
806 sub r4,r4,r4,lsr#7
807 and r4,r4,r8
808 eor r2,r4,r2,lsl#1 @ tp4
809
810 and r4,r2,r7
811 and r3,r2,r9
812 sub r4,r4,r4,lsr#7
813 and r4,r4,r8
814 eor r3,r4,r3,lsl#1 @ tp8
815
816 eor r4,r1,r2
817 eor r5,r0,r3 @ tp9
818 eor r4,r4,r3 @ tpe
819 eor r4,r4,r1,ror#24
820 eor r4,r4,r5,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8)
821 eor r4,r4,r2,ror#16
822 eor r4,r4,r5,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16)
823 eor r4,r4,r5,ror#8 @ ^= ROTATE(tp9,24)
824
825 ldr r0,[r11,#4] @ prefetch tp1
826 str r4,[r11],#4
827 subs r12,r12,#1
828 bne .Lmix
829
830 mov r0,#0
831#if __ARM_ARCH__>=5
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]832 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]833#else
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]834 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]835 tst lr,#1
836 moveq pc,lr @ be binary compatible with V4, yet
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]837.word 0xe12fff1e @ interoperable with Thumb ISA:-)
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]838#endif
839.size AES_set_enc2dec_key,.-AES_set_enc2dec_key
840
841.type AES_Td,%object
842.align 5
843AES_Td:
844.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
845.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
846.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
847.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
848.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
849.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
850.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
851.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
852.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
853.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
854.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
855.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
856.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
857.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
858.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
859.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
860.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
861.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
862.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
863.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
864.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
865.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
866.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
867.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
868.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
869.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
870.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
871.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
872.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
873.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
874.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
875.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
876.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
877.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
878.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
879.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
880.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
881.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
882.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
883.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
884.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
885.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
886.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
887.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
888.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
889.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
890.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
891.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
892.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
893.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
894.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
895.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
896.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
897.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
898.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
899.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
900.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
901.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
902.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
903.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
904.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
905.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
906.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
907.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
908@ Td4[256]
909.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
910.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
911.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
912.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
913.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
914.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
915.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
916.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
917.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
918.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
919.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
920.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
921.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
922.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
923.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
924.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
925.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
926.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
927.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
928.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
929.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
930.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
931.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
932.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
933.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
934.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
935.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
936.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
937.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
938.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
939.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
940.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
941.size AES_Td,.-AES_Td
942
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]943@ void aes_nohw_decrypt(const unsigned char *in, unsigned char *out,
944@ const AES_KEY *key) {
945.globl aes_nohw_decrypt
946.hidden aes_nohw_decrypt
947.type aes_nohw_decrypt,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]948.align 5
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]949aes_nohw_decrypt:
Robert Sloan8ff03552017-06-14 12:40:58 -0700[diff] [blame]950#ifndef __thumb2__
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]951 sub r3,pc,#8 @ aes_nohw_decrypt
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]952#else
Robert Sloand5c22152017-11-13 09:22:12 -0800[diff] [blame]953 adr r3,.
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]954#endif
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]955 stmdb sp!,{r1,r4-r12,lr}
Robert Sloanab8b8882018-03-26 11:39:51 -0700[diff] [blame]956#if defined(__thumb2__) || defined(__APPLE__)
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]957 adr r10,AES_Td
958#else
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]959 sub r10,r3,#aes_nohw_decrypt-AES_Td @ Td
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]960#endif
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]961 mov r12,r0 @ inp
962 mov r11,r2
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]963#if __ARM_ARCH__<7
964 ldrb r0,[r12,#3] @ load input data in endian-neutral
965 ldrb r4,[r12,#2] @ manner...
966 ldrb r5,[r12,#1]
967 ldrb r6,[r12,#0]
968 orr r0,r0,r4,lsl#8
969 ldrb r1,[r12,#7]
970 orr r0,r0,r5,lsl#16
971 ldrb r4,[r12,#6]
972 orr r0,r0,r6,lsl#24
973 ldrb r5,[r12,#5]
974 ldrb r6,[r12,#4]
975 orr r1,r1,r4,lsl#8
976 ldrb r2,[r12,#11]
977 orr r1,r1,r5,lsl#16
978 ldrb r4,[r12,#10]
979 orr r1,r1,r6,lsl#24
980 ldrb r5,[r12,#9]
981 ldrb r6,[r12,#8]
982 orr r2,r2,r4,lsl#8
983 ldrb r3,[r12,#15]
984 orr r2,r2,r5,lsl#16
985 ldrb r4,[r12,#14]
986 orr r2,r2,r6,lsl#24
987 ldrb r5,[r12,#13]
988 ldrb r6,[r12,#12]
989 orr r3,r3,r4,lsl#8
990 orr r3,r3,r5,lsl#16
991 orr r3,r3,r6,lsl#24
992#else
993 ldr r0,[r12,#0]
994 ldr r1,[r12,#4]
995 ldr r2,[r12,#8]
996 ldr r3,[r12,#12]
997#ifdef __ARMEL__
998 rev r0,r0
999 rev r1,r1
1000 rev r2,r2
1001 rev r3,r3
1002#endif
1003#endif
1004 bl _armv4_AES_decrypt
1005
1006 ldr r12,[sp],#4 @ pop out
1007#if __ARM_ARCH__>=7
1008#ifdef __ARMEL__
1009 rev r0,r0
1010 rev r1,r1
1011 rev r2,r2
1012 rev r3,r3
1013#endif
1014 str r0,[r12,#0]
1015 str r1,[r12,#4]
1016 str r2,[r12,#8]
1017 str r3,[r12,#12]
1018#else
1019 mov r4,r0,lsr#24 @ write output in endian-neutral
1020 mov r5,r0,lsr#16 @ manner...
1021 mov r6,r0,lsr#8
1022 strb r4,[r12,#0]
1023 strb r5,[r12,#1]
1024 mov r4,r1,lsr#24
1025 strb r6,[r12,#2]
1026 mov r5,r1,lsr#16
1027 strb r0,[r12,#3]
1028 mov r6,r1,lsr#8
1029 strb r4,[r12,#4]
1030 strb r5,[r12,#5]
1031 mov r4,r2,lsr#24
1032 strb r6,[r12,#6]
1033 mov r5,r2,lsr#16
1034 strb r1,[r12,#7]
1035 mov r6,r2,lsr#8
1036 strb r4,[r12,#8]
1037 strb r5,[r12,#9]
1038 mov r4,r3,lsr#24
1039 strb r6,[r12,#10]
1040 mov r5,r3,lsr#16
1041 strb r2,[r12,#11]
1042 mov r6,r3,lsr#8
1043 strb r4,[r12,#12]
1044 strb r5,[r12,#13]
1045 strb r6,[r12,#14]
1046 strb r3,[r12,#15]
1047#endif
1048#if __ARM_ARCH__>=5
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1049 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1050#else
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1051 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1052 tst lr,#1
1053 moveq pc,lr @ be binary compatible with V4, yet
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1054.word 0xe12fff1e @ interoperable with Thumb ISA:-)
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1055#endif
Adam Vartanianbfcf3a72018-08-10 14:55:24 +0100[diff] [blame^]1056.size aes_nohw_decrypt,.-aes_nohw_decrypt
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1057
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1058.type _armv4_AES_decrypt,%function
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1059.align 2
1060_armv4_AES_decrypt:
1061 str lr,[sp,#-4]! @ push lr
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1062 ldmia r11!,{r4,r5,r6,r7}
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1063 eor r0,r0,r4
1064 ldr r12,[r11,#240-16]
1065 eor r1,r1,r5
1066 eor r2,r2,r6
1067 eor r3,r3,r7
1068 sub r12,r12,#1
1069 mov lr,#255
1070
1071 and r7,lr,r0,lsr#16
1072 and r8,lr,r0,lsr#8
1073 and r9,lr,r0
1074 mov r0,r0,lsr#24
1075.Ldec_loop:
1076 ldr r4,[r10,r7,lsl#2] @ Td1[s0>>16]
1077 and r7,lr,r1 @ i0
1078 ldr r5,[r10,r8,lsl#2] @ Td2[s0>>8]
1079 and r8,lr,r1,lsr#16
1080 ldr r6,[r10,r9,lsl#2] @ Td3[s0>>0]
1081 and r9,lr,r1,lsr#8
1082 ldr r0,[r10,r0,lsl#2] @ Td0[s0>>24]
1083 mov r1,r1,lsr#24
1084
1085 ldr r7,[r10,r7,lsl#2] @ Td3[s1>>0]
1086 ldr r8,[r10,r8,lsl#2] @ Td1[s1>>16]
1087 ldr r9,[r10,r9,lsl#2] @ Td2[s1>>8]
1088 eor r0,r0,r7,ror#24
1089 ldr r1,[r10,r1,lsl#2] @ Td0[s1>>24]
1090 and r7,lr,r2,lsr#8 @ i0
1091 eor r5,r8,r5,ror#8
1092 and r8,lr,r2 @ i1
1093 eor r6,r9,r6,ror#8
1094 and r9,lr,r2,lsr#16
1095 ldr r7,[r10,r7,lsl#2] @ Td2[s2>>8]
1096 eor r1,r1,r4,ror#8
1097 ldr r8,[r10,r8,lsl#2] @ Td3[s2>>0]
1098 mov r2,r2,lsr#24
1099
1100 ldr r9,[r10,r9,lsl#2] @ Td1[s2>>16]
1101 eor r0,r0,r7,ror#16
1102 ldr r2,[r10,r2,lsl#2] @ Td0[s2>>24]
1103 and r7,lr,r3,lsr#16 @ i0
1104 eor r1,r1,r8,ror#24
1105 and r8,lr,r3,lsr#8 @ i1
1106 eor r6,r9,r6,ror#8
1107 and r9,lr,r3 @ i2
1108 ldr r7,[r10,r7,lsl#2] @ Td1[s3>>16]
1109 eor r2,r2,r5,ror#8
1110 ldr r8,[r10,r8,lsl#2] @ Td2[s3>>8]
1111 mov r3,r3,lsr#24
1112
1113 ldr r9,[r10,r9,lsl#2] @ Td3[s3>>0]
1114 eor r0,r0,r7,ror#8
1115 ldr r7,[r11],#16
1116 eor r1,r1,r8,ror#16
1117 ldr r3,[r10,r3,lsl#2] @ Td0[s3>>24]
1118 eor r2,r2,r9,ror#24
1119
1120 ldr r4,[r11,#-12]
1121 eor r0,r0,r7
1122 ldr r5,[r11,#-8]
1123 eor r3,r3,r6,ror#8
1124 ldr r6,[r11,#-4]
1125 and r7,lr,r0,lsr#16
1126 eor r1,r1,r4
1127 and r8,lr,r0,lsr#8
1128 eor r2,r2,r5
1129 and r9,lr,r0
1130 eor r3,r3,r6
1131 mov r0,r0,lsr#24
1132
1133 subs r12,r12,#1
1134 bne .Ldec_loop
1135
1136 add r10,r10,#1024
1137
1138 ldr r5,[r10,#0] @ prefetch Td4
1139 ldr r6,[r10,#32]
1140 ldr r4,[r10,#64]
1141 ldr r5,[r10,#96]
1142 ldr r6,[r10,#128]
1143 ldr r4,[r10,#160]
1144 ldr r5,[r10,#192]
1145 ldr r6,[r10,#224]
1146
1147 ldrb r0,[r10,r0] @ Td4[s0>>24]
1148 ldrb r4,[r10,r7] @ Td4[s0>>16]
1149 and r7,lr,r1 @ i0
1150 ldrb r5,[r10,r8] @ Td4[s0>>8]
1151 and r8,lr,r1,lsr#16
1152 ldrb r6,[r10,r9] @ Td4[s0>>0]
1153 and r9,lr,r1,lsr#8
1154
1155 add r1,r10,r1,lsr#24
1156 ldrb r7,[r10,r7] @ Td4[s1>>0]
1157 ldrb r1,[r1] @ Td4[s1>>24]
1158 ldrb r8,[r10,r8] @ Td4[s1>>16]
1159 eor r0,r7,r0,lsl#24
1160 ldrb r9,[r10,r9] @ Td4[s1>>8]
1161 eor r1,r4,r1,lsl#8
1162 and r7,lr,r2,lsr#8 @ i0
1163 eor r5,r5,r8,lsl#8
1164 and r8,lr,r2 @ i1
1165 ldrb r7,[r10,r7] @ Td4[s2>>8]
1166 eor r6,r6,r9,lsl#8
1167 ldrb r8,[r10,r8] @ Td4[s2>>0]
1168 and r9,lr,r2,lsr#16
1169
1170 add r2,r10,r2,lsr#24
1171 ldrb r2,[r2] @ Td4[s2>>24]
1172 eor r0,r0,r7,lsl#8
1173 ldrb r9,[r10,r9] @ Td4[s2>>16]
1174 eor r1,r8,r1,lsl#16
1175 and r7,lr,r3,lsr#16 @ i0
1176 eor r2,r5,r2,lsl#16
1177 and r8,lr,r3,lsr#8 @ i1
1178 ldrb r7,[r10,r7] @ Td4[s3>>16]
1179 eor r6,r6,r9,lsl#16
1180 ldrb r8,[r10,r8] @ Td4[s3>>8]
1181 and r9,lr,r3 @ i2
1182
1183 add r3,r10,r3,lsr#24
1184 ldrb r9,[r10,r9] @ Td4[s3>>0]
1185 ldrb r3,[r3] @ Td4[s3>>24]
1186 eor r0,r0,r7,lsl#16
1187 ldr r7,[r11,#0]
1188 eor r1,r1,r8,lsl#8
1189 ldr r4,[r11,#4]
1190 eor r2,r9,r2,lsl#8
1191 ldr r5,[r11,#8]
1192 eor r3,r6,r3,lsl#24
1193 ldr r6,[r11,#12]
1194
1195 eor r0,r0,r7
1196 eor r1,r1,r4
1197 eor r2,r2,r5
1198 eor r3,r3,r6
1199
1200 sub r10,r10,#1024
1201 ldr pc,[sp],#4 @ pop and return
1202.size _armv4_AES_decrypt,.-_armv4_AES_decrypt
Adam Langleye9ada862015-05-11 17:20:37 -0700[diff] [blame]1203.byte 65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1204.align 2
Adam Langleyd9e397b2015-01-22 14:27:53 -0800[diff] [blame]1205.align 2
David Benjamin4969cc92016-04-22 15:02:23 -0400[diff] [blame]1206#endif