summaryrefslogtreecommitdiff
path: root/crypto/aes/asm
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/aes/asm')
-rwxr-xr-xcrypto/aes/asm/aes-586.pl3304
-rw-r--r--crypto/aes/asm/aes-armv4.pl1030
-rw-r--r--crypto/aes/asm/aes-ia64.S1819
-rw-r--r--crypto/aes/asm/aes-parisc.pl1021
-rw-r--r--crypto/aes/asm/aes-ppc.pl1176
-rw-r--r--crypto/aes/asm/aes-s390x.pl1339
-rwxr-xr-xcrypto/aes/asm/aes-sparcv9.pl1181
-rwxr-xr-xcrypto/aes/asm/aes-x86_64.pl2809
-rw-r--r--crypto/aes/asm/aesni-x86.pl784
-rw-r--r--crypto/aes/asm/aesni-x86_64.pl991
10 files changed, 13219 insertions, 2235 deletions
diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index ee02ded463..aab40e6f1c 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -2,11 +2,12 @@
#
# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. Rights for redistribution and usage in source and binary
-# forms are granted according to the OpenSSL license.
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================
#
-# Version 3.1.
+# Version 4.3.
#
# You might fail to appreciate this module performance from the first
# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
@@ -46,33 +47,152 @@
# Instruction Level Parallelism, and it indeed resulted in up to 15%
# better performance on most recent µ-archs...
#
-# Current ECB performance numbers for 128-bit key in CPU cycles per
-# processed byte [measure commonly used by AES benchmarkers] are:
-#
-# small footprint fully unrolled
-# P4[-3] 23[24] 22[23]
-# AMD K8 19 18
-# PIII 26 23
-# Pentium 63(*) 52
-#
-# (*) Performance difference between small footprint code and fully
-# unrolled in more commonly used CBC mode is not as big, 4% for
-# for Pentium. PIII's ~13% difference [in both cases in 3rd
-# version] is considered tolerable...
-#
# Third version adds AES_cbc_encrypt implementation, which resulted in
# up to 40% performance imrovement of CBC benchmark results. 40% was
# observed on P4 core, where "overall" imrovement coefficient, i.e. if
# compared to PIC generated by GCC and in CBC mode, was observed to be
# as large as 4x:-) CBC performance is virtually identical to ECB now
-# and on some platforms even better, e.g. 56 "small" cycles/byte on
-# senior Pentium, because certain function prologues and epilogues are
+# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
+# Opteron, because certain function prologues and epilogues are
# effectively taken out of the loop...
-
-push(@INC,"perlasm","../../perlasm");
+#
+# Version 3.2 implements compressed tables and prefetch of these tables
+# in CBC[!] mode. Former means that 3/4 of table references are now
+# misaligned, which unfortunately has negative impact on elder IA-32
+# implementations, Pentium suffered 30% penalty, PIII - 10%.
+#
+# Version 3.3 avoids L1 cache aliasing between stack frame and
+# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
+# latter is achieved by copying the key schedule to controlled place in
+# stack. This unfortunately has rather strong impact on small block CBC
+# performance, ~2x deterioration on 16-byte block if compared to 3.3.
+#
+# Version 3.5 checks if there is L1 cache aliasing between user-supplied
+# key schedule and S-boxes and abstains from copying the former if
+# there is no. This allows end-user to consciously retain small block
+# performance by aligning key schedule in specific manner.
+#
+# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
+#
+# Current ECB performance numbers for 128-bit key in CPU cycles per
+# processed byte [measure commonly used by AES benchmarkers] are:
+#
+# small footprint fully unrolled
+# P4 24 22
+# AMD K8 20 19
+# PIII 25 23
+# Pentium 81 78
+#
+# Version 3.7 reimplements outer rounds as "compact." Meaning that
+# first and last rounds reference compact 256 bytes S-box. This means
+# that first round consumes a lot more CPU cycles and that encrypt
+# and decrypt performance becomes asymmetric. Encrypt performance
+# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is
+# aggressively pre-fetched.
+#
+# Version 4.0 effectively rolls back to 3.6 and instead implements
+# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact,
+# which use exclusively 256 byte S-box. These functions are to be
+# called in modes not concealing plain text, such as ECB, or when
+# we're asked to process smaller amount of data [or unconditionally
+# on hyper-threading CPU]. Currently it's called unconditionally from
+# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine
+# still needs to be modified to switch between slower and faster
+# mode when appropriate... But in either case benchmark landscape
+# changes dramatically and below numbers are CPU cycles per processed
+# byte for 128-bit key.
+#
+# ECB encrypt ECB decrypt CBC large chunk
+# P4 56[60] 84[100] 23
+# AMD K8 48[44] 70[79] 18
+# PIII 41[50] 61[91] 24
+# Core 2 32[38] 45[70] 18.5
+# Pentium 120 160 77
+#
+# Version 4.1 switches to compact S-box even in key schedule setup.
+#
+# Version 4.2 prefetches compact S-box in every SSE round or in other
+# words every cache-line is *guaranteed* to be accessed within ~50
+# cycles window. Why just SSE? Because it's needed on hyper-threading
+# CPU! Which is also why it's prefetched with 64 byte stride. Best
+# part is that it has no negative effect on performance:-)
+#
+# Version 4.3 implements switch between compact and non-compact block
+# functions in AES_cbc_encrypt depending on how much data was asked
+# to be processed in one stroke.
+#
+######################################################################
+# Timing attacks are classified in two classes: synchronous when
+# attacker consciously initiates cryptographic operation and collects
+# timing data of various character afterwards, and asynchronous when
+# malicious code is executed on same CPU simultaneously with AES,
+# instruments itself and performs statistical analysis of this data.
+#
+# As far as synchronous attacks go the root to the AES timing
+# vulnerability is twofold. Firstly, of 256 S-box elements at most 160
+# are referred to in single 128-bit block operation. Well, in C
+# implementation with 4 distinct tables it's actually as little as 40
+# references per 256 elements table, but anyway... Secondly, even
+# though S-box elements are clustered into smaller amount of cache-
+# lines, smaller than 160 and even 40, it turned out that for certain
+# plain-text pattern[s] or simply put chosen plain-text and given key
+# few cache-lines remain unaccessed during block operation. Now, if
+# attacker can figure out this access pattern, he can deduct the key
+# [or at least part of it]. The natural way to mitigate this kind of
+# attacks is to minimize the amount of cache-lines in S-box and/or
+# prefetch them to ensure that every one is accessed for more uniform
+# timing. But note that *if* plain-text was concealed in such way that
+# input to block function is distributed *uniformly*, then attack
+# wouldn't apply. Now note that some encryption modes, most notably
+# CBC, do mask the plain-text in this exact way [secure cipher output
+# is distributed uniformly]. Yes, one still might find input that
+# would reveal the information about given key, but if amount of
+# candidate inputs to be tried is larger than amount of possible key
+# combinations then attack becomes infeasible. This is why revised
+# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
+# of data is to be processed in one stroke. The current size limit of
+# 512 bytes is chosen to provide same [diminishigly low] probability
+# for cache-line to remain untouched in large chunk operation with
+# large S-box as for single block operation with compact S-box and
+# surely needs more careful consideration...
+#
+# As for asynchronous attacks. There are two flavours: attacker code
+# being interleaved with AES on hyper-threading CPU at *instruction*
+# level, and two processes time sharing single core. As for latter.
+# Two vectors. 1. Given that attacker process has higher priority,
+# yield execution to process performing AES just before timer fires
+# off the scheduler, immediately regain control of CPU and analyze the
+# cache state. For this attack to be efficient attacker would have to
+# effectively slow down the operation by several *orders* of magnitute,
+# by ratio of time slice to duration of handful of AES rounds, which
+# unlikely to remain unnoticed. Not to mention that this also means
+# that he would spend correspondigly more time to collect enough
+# statistical data to mount the attack. It's probably appropriate to
+# say that if adeversary reckons that this attack is beneficial and
+# risks to be noticed, you probably have larger problems having him
+# mere opportunity. In other words suggested code design expects you
+# to preclude/mitigate this attack by overall system security design.
+# 2. Attacker manages to make his code interrupt driven. In order for
+# this kind of attack to be feasible, interrupt rate has to be high
+# enough, again comparable to duration of handful of AES rounds. But
+# is there interrupt source of such rate? Hardly, not even 1Gbps NIC
+# generates interrupts at such raging rate...
+#
+# And now back to the former, hyper-threading CPU or more specifically
+# Intel P4. Recall that asynchronous attack implies that malicious
+# code instruments itself. And naturally instrumentation granularity
+# has be noticeably lower than duration of codepath accessing S-box.
+# Given that all cache-lines are accessed during that time that is.
+# Current implementation accesses *all* cache-lines within ~50 cycles
+# window, which is actually *less* than RDTSC latency on Intel P4!
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
require "x86asm.pl";
-&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
+&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386");
+&static_label("AES_Te");
+&static_label("AES_Td");
$s0="eax";
$s1="ebx";
@@ -80,15 +200,36 @@ $s2="ecx";
$s3="edx";
$key="edi";
$acc="esi";
-
+$tbl="ebp";
+
+# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated
+# by caller
+$__ra=&DWP(0,"esp"); # return address
+$__s0=&DWP(4,"esp"); # s0 backing store
+$__s1=&DWP(8,"esp"); # s1 backing store
+$__s2=&DWP(12,"esp"); # s2 backing store
+$__s3=&DWP(16,"esp"); # s3 backing store
+$__key=&DWP(20,"esp"); # pointer to key schedule
+$__end=&DWP(24,"esp"); # pointer to end of key schedule
+$__tbl=&DWP(28,"esp"); # %ebp backing store
+
+# stack frame layout in AES_[en|crypt] routines, which differs from
+# above by 4 and overlaps by %ebp backing store
+$_tbl=&DWP(24,"esp");
+$_esp=&DWP(28,"esp");
+
+sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+
+$speed_limit=512; # chunks smaller than $speed_limit are
+ # processed with compact routine in CBC mode
$small_footprint=1; # $small_footprint=1 code is ~5% slower [on
# recent µ-archs], but ~5 times smaller!
# I favor compact code to minimize cache
# contention and in hope to "collect" 5% back
# in real-life applications...
+
$vertical_spin=0; # shift "verticaly" defaults to 0, because of
# its proof-of-concept status...
-
# Note that there is no decvert(), as well as last encryption round is
# performed with "horizontal" shifts. This is because this "vertical"
# implementation [one which groups shifts on a given $s[i] to form a
@@ -104,87 +245,554 @@ sub encvert()
my $v0 = $acc, $v1 = $key;
&mov ($v0,$s[3]); # copy s3
- &mov (&DWP(0,"esp"),$s[2]); # save s2
+ &mov (&DWP(4,"esp"),$s[2]); # save s2
&mov ($v1,$s[0]); # copy s0
- &mov (&DWP(4,"esp"),$s[1]); # save s1
+ &mov (&DWP(8,"esp"),$s[1]); # save s1
&movz ($s[2],&HB($s[0]));
&and ($s[0],0xFF);
- &mov ($s[0],&DWP(1024*0,$te,$s[0],4)); # s0>>0
+ &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0
&shr ($v1,16);
- &mov ($s[3],&DWP(1024*1,$te,$s[2],4)); # s0>>8
+ &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8
&movz ($s[1],&HB($v1));
&and ($v1,0xFF);
- &mov ($s[2],&DWP(1024*2,$te,$v1,4)); # s0>>16
+ &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16
&mov ($v1,$v0);
- &mov ($s[1],&DWP(1024*3,$te,$s[1],4)); # s0>>24
+ &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24
&and ($v0,0xFF);
- &xor ($s[3],&DWP(1024*0,$te,$v0,4)); # s3>>0
+ &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0
&movz ($v0,&HB($v1));
&shr ($v1,16);
- &xor ($s[2],&DWP(1024*1,$te,$v0,4)); # s3>>8
+ &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8
&movz ($v0,&HB($v1));
&and ($v1,0xFF);
- &xor ($s[1],&DWP(1024*2,$te,$v1,4)); # s3>>16
- &mov ($v1,&DWP(0,"esp")); # restore s2
- &xor ($s[0],&DWP(1024*3,$te,$v0,4)); # s3>>24
+ &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16
+ &mov ($v1,&DWP(4,"esp")); # restore s2
+ &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24
&mov ($v0,$v1);
&and ($v1,0xFF);
- &xor ($s[2],&DWP(1024*0,$te,$v1,4)); # s2>>0
+ &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0
&movz ($v1,&HB($v0));
&shr ($v0,16);
- &xor ($s[1],&DWP(1024*1,$te,$v1,4)); # s2>>8
+ &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8
&movz ($v1,&HB($v0));
&and ($v0,0xFF);
- &xor ($s[0],&DWP(1024*2,$te,$v0,4)); # s2>>16
- &mov ($v0,&DWP(4,"esp")); # restore s1
- &xor ($s[3],&DWP(1024*3,$te,$v1,4)); # s2>>24
+ &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16
+ &mov ($v0,&DWP(8,"esp")); # restore s1
+ &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24
&mov ($v1,$v0);
&and ($v0,0xFF);
- &xor ($s[1],&DWP(1024*0,$te,$v0,4)); # s1>>0
+ &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0
&movz ($v0,&HB($v1));
&shr ($v1,16);
- &xor ($s[0],&DWP(1024*1,$te,$v0,4)); # s1>>8
+ &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8
&movz ($v0,&HB($v1));
&and ($v1,0xFF);
- &xor ($s[3],&DWP(1024*2,$te,$v1,4)); # s1>>16
- &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key
- &xor ($s[2],&DWP(1024*3,$te,$v0,4)); # s1>>24
+ &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16
+ &mov ($key,$__key); # reincarnate v1 as key
+ &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24
+}
+
+# Another experimental routine, which features "horizontal spin," but
+# eliminates one reference to stack. Strangely enough runs slower...
+sub enchoriz()
+{ my $v0 = $key, $v1 = $acc;
+
+ &movz ($v0,&LB($s0)); # 3, 2, 1, 0*
+ &rotr ($s2,8); # 8,11,10, 9
+ &mov ($v1,&DWP(0,$te,$v0,8)); # 0
+ &movz ($v0,&HB($s1)); # 7, 6, 5*, 4
+ &rotr ($s3,16); # 13,12,15,14
+ &xor ($v1,&DWP(3,$te,$v0,8)); # 5
+ &movz ($v0,&HB($s2)); # 8,11,10*, 9
+ &rotr ($s0,16); # 1, 0, 3, 2
+ &xor ($v1,&DWP(2,$te,$v0,8)); # 10
+ &movz ($v0,&HB($s3)); # 13,12,15*,14
+ &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected
+ &mov ($__s0,$v1); # t[0] saved
+
+ &movz ($v0,&LB($s1)); # 7, 6, 5, 4*
+ &shr ($s1,16); # -, -, 7, 6
+ &mov ($v1,&DWP(0,$te,$v0,8)); # 4
+ &movz ($v0,&LB($s3)); # 13,12,15,14*
+ &xor ($v1,&DWP(2,$te,$v0,8)); # 14
+ &movz ($v0,&HB($s0)); # 1, 0, 3*, 2
+ &and ($s3,0xffff0000); # 13,12, -, -
+ &xor ($v1,&DWP(1,$te,$v0,8)); # 3
+ &movz ($v0,&LB($s2)); # 8,11,10, 9*
+ &or ($s3,$s1); # 13,12, 7, 6
+ &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected
+ &mov ($s1,$v1); # s[1]=t[1]
+
+ &movz ($v0,&LB($s0)); # 1, 0, 3, 2*
+ &shr ($s2,16); # -, -, 8,11
+ &mov ($v1,&DWP(2,$te,$v0,8)); # 2
+ &movz ($v0,&HB($s3)); # 13,12, 7*, 6
+ &xor ($v1,&DWP(1,$te,$v0,8)); # 7
+ &movz ($v0,&HB($s2)); # -, -, 8*,11
+ &xor ($v1,&DWP(0,$te,$v0,8)); # 8
+ &mov ($v0,$s3);
+ &shr ($v0,24); # 13
+ &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected
+
+ &movz ($v0,&LB($s2)); # -, -, 8,11*
+ &shr ($s0,24); # 1*
+ &mov ($s2,&DWP(1,$te,$v0,8)); # 11
+ &xor ($s2,&DWP(3,$te,$s0,8)); # 1
+ &mov ($s0,$__s0); # s[0]=t[0]
+ &movz ($v0,&LB($s3)); # 13,12, 7, 6*
+ &shr ($s3,16); # , ,13,12
+ &xor ($s2,&DWP(2,$te,$v0,8)); # 6
+ &mov ($key,$__key); # reincarnate v0 as key
+ &and ($s3,0xff); # , ,13,12*
+ &mov ($s3,&DWP(0,$te,$s3,8)); # 12
+ &xor ($s3,$s2); # s[2]=t[3] collected
+ &mov ($s2,$v1); # s[2]=t[2]
+}
+
+# More experimental code... SSE one... Even though this one eliminates
+# *all* references to stack, it's not faster...
+sub sse_encbody()
+{
+ &movz ($acc,&LB("eax")); # 0
+ &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0
+ &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
+ &movz ("edx",&HB("eax")); # 1
+ &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1
+ &shr ("eax",16); # 5, 4
+
+ &movz ($acc,&LB("ebx")); # 10
+ &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10
+ &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8
+ &movz ($acc,&HB("ebx")); # 11
+ &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11
+ &shr ("ebx",16); # 15,14
+
+ &movz ($acc,&HB("eax")); # 5
+ &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5
+ &movq ("mm3",QWP(16,$key));
+ &movz ($acc,&HB("ebx")); # 15
+ &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15
+ &movd ("mm0","ecx"); # t[0] collected
+
+ &movz ($acc,&LB("eax")); # 4
+ &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4
+ &movd ("eax","mm2"); # 7, 6, 3, 2
+ &movz ($acc,&LB("ebx")); # 14
+ &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14
+ &movd ("ebx","mm6"); # 13,12, 9, 8
+
+ &movz ($acc,&HB("eax")); # 3
+ &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3
+ &movz ($acc,&HB("ebx")); # 9
+ &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9
+ &movd ("mm1","ecx"); # t[1] collected
+
+ &movz ($acc,&LB("eax")); # 2
+ &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2
+ &shr ("eax",16); # 7, 6
+ &punpckldq ("mm0","mm1"); # t[0,1] collected
+ &movz ($acc,&LB("ebx")); # 8
+ &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8
+ &shr ("ebx",16); # 13,12
+
+ &movz ($acc,&HB("eax")); # 7
+ &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7
+ &pxor ("mm0","mm3");
+ &movz ("eax",&LB("eax")); # 6
+ &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6
+ &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0
+ &movz ($acc,&HB("ebx")); # 13
+ &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13
+ &xor ("ecx",&DWP(24,$key)); # t[2]
+ &movd ("mm4","ecx"); # t[2] collected
+ &movz ("ebx",&LB("ebx")); # 12
+ &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12
+ &shr ("ecx",16);
+ &movd ("eax","mm1"); # 5, 4, 1, 0
+ &mov ("ebx",&DWP(28,$key)); # t[3]
+ &xor ("ebx","edx");
+ &movd ("mm5","ebx"); # t[3] collected
+ &and ("ebx",0xffff0000);
+ &or ("ebx","ecx");
+
+ &punpckldq ("mm4","mm5"); # t[2,3] collected
+}
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub enccompact()
+{ my $Fn = mov;
+ while ($#_>5) { pop(@_); $Fn=sub{}; }
+ my ($i,$te,@s)=@_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ # $Fn is used in first compact round and its purpose is to
+ # void restoration of some values from stack, so that after
+ # 4xenccompact with extra argument $key value is left there...
+ if ($i==3) { &$Fn ($key,$__key); }##%edx
+ else { &mov ($out,$s[0]); }
+ &and ($out,0xFF);
+ if ($i==1) { &shr ($s[0],16); }#%ebx[1]
+ if ($i==2) { &shr ($s[0],24); }#%ecx[2]
+ &movz ($out,&BP(-128,$te,$out,1));
+
+ if ($i==3) { $tmp=$s[1]; }##%eax
+ &movz ($tmp,&HB($s[1]));
+ &movz ($tmp,&BP(-128,$te,$tmp,1));
+ &shl ($tmp,8);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
+ else { &mov ($tmp,$s[2]);
+ &shr ($tmp,16); }
+ if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
+ &and ($tmp,0xFF);
+ &movz ($tmp,&BP(-128,$te,$tmp,1));
+ &shl ($tmp,16);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
+ elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
+ else { &mov ($tmp,$s[3]);
+ &shr ($tmp,24); }
+ &movz ($tmp,&BP(-128,$te,$tmp,1));
+ &shl ($tmp,24);
+ &xor ($out,$tmp);
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],$acc); }
+ &comment();
+}
+
+sub enctransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+ my $i = shift;
+ my $tmp = $tbl;
+ my $r2 = $key ;
+
+ &mov ($acc,$s[$i]);
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($r2,&DWP(0,$s[$i],$s[$i]));
+ &sub ($acc,$tmp);
+ &and ($r2,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &mov ($tmp,$s[$i]);
+ &xor ($acc,$r2); # r2
+
+ &xor ($s[$i],$acc); # r0 ^ r2
+ &rotl ($s[$i],24);
+ &xor ($s[$i],$acc) # ROTATE(r2^r0,24) ^ r2
+ &rotr ($tmp,16);
+ &xor ($s[$i],$tmp);
+ &rotr ($tmp,8);
+ &xor ($s[$i],$tmp);
+}
+
+&function_begin_B("_x86_AES_encrypt_compact");
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($__key,$key); # save key
+
+ &xor ($s0,&DWP(0,$key)); # xor with key
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov ($__end,$acc); # end of key schedule
+
+ # prefetch Te4
+ &mov ($key,&DWP(0-128,$tbl));
+ &mov ($acc,&DWP(32-128,$tbl));
+ &mov ($key,&DWP(64-128,$tbl));
+ &mov ($acc,&DWP(96-128,$tbl));
+ &mov ($key,&DWP(128-128,$tbl));
+ &mov ($acc,&DWP(160-128,$tbl));
+ &mov ($key,&DWP(192-128,$tbl));
+ &mov ($acc,&DWP(224-128,$tbl));
+
+ &set_label("loop",16);
+
+ &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1);
+ &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1);
+ &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1);
+ &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1);
+ &enctransform(2);
+ &enctransform(3);
+ &enctransform(0);
+ &enctransform(1);
+ &mov ($key,$__key);
+ &mov ($tbl,$__tbl);
+ &add ($key,16); # advance rd_key
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &cmp ($key,$__end);
+ &mov ($__key,$key);
+ &jb (&label("loop"));
+
+ &enccompact(0,$tbl,$s0,$s1,$s2,$s3);
+ &enccompact(1,$tbl,$s1,$s2,$s3,$s0);
+ &enccompact(2,$tbl,$s2,$s3,$s0,$s1);
+ &enccompact(3,$tbl,$s3,$s0,$s1,$s2);
+
+ &xor ($s0,&DWP(16,$key));
+ &xor ($s1,&DWP(20,$key));
+ &xor ($s2,&DWP(24,$key));
+ &xor ($s3,&DWP(28,$key));
+
+ &ret ();
+&function_end_B("_x86_AES_encrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+#
+# Performance is not actually extraordinary in comparison to pure
+# x86 code. In particular encrypt performance is virtually the same.
+# Decrypt performance on the other hand is 15-20% better on newer
+# µ-archs [but we're thankful for *any* improvement here], and ~50%
+# better on PIII:-) And additionally on the pros side this code
+# eliminates redundant references to stack and thus relieves/
+# minimizes the pressure on the memory bus.
+#
+# MMX register layout lsb
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# | mm4 | mm0 |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# | s3 | s2 | s1 | s0 |
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0|
+# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+#
+# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8.
+# In this terms encryption and decryption "compact" permutation
+# matrices can be depicted as following:
+#
+# encryption lsb # decryption lsb
+# +----++----+----+----+----+ # +----++----+----+----+----+
+# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 |
+# +----++----+----+----+----+ # +----++----+----+----+----+
+# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 |
+# +----++----+----+----+----+ # +----++----+----+----+----+
+# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 |
+# +----++----+----+----+----+ # +----++----+----+----+----+
+# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 |
+# +----++----+----+----+----+ # +----++----+----+----+----+
+#
+######################################################################
+# Why not xmm registers? Short answer. It was actually tested and
+# was not any faster, but *contrary*, most notably on Intel CPUs.
+# Longer answer. Main advantage of using mm registers is that movd
+# latency is lower, especially on Intel P4. While arithmetic
+# instructions are twice as many, they can be scheduled every cycle
+# and not every second one when they are operating on xmm register,
+# so that "arithmetic throughput" remains virtually the same. And
+# finally the code can be executed even on elder SSE-only CPUs:-)
+
+sub sse_enccompact()
+{
+ &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0
+ &pshufw ("mm5","mm4",0x0d); # 15,14,11,10
+ &movd ("eax","mm1"); # 5, 4, 1, 0
+ &movd ("ebx","mm5"); # 15,14,11,10
+
+ &movz ($acc,&LB("eax")); # 0
+ &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
+ &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2
+ &movz ("edx",&HB("eax")); # 1
+ &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
+ &shl ("edx",8); # 1
+ &shr ("eax",16); # 5, 4
+
+ &movz ($acc,&LB("ebx")); # 10
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
+ &shl ($acc,16); # 10
+ &or ("ecx",$acc); # 10
+ &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8
+ &movz ($acc,&HB("ebx")); # 11
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
+ &shl ($acc,24); # 11
+ &or ("edx",$acc); # 11
+ &shr ("ebx",16); # 15,14
+
+ &movz ($acc,&HB("eax")); # 5
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 5
+ &shl ($acc,8); # 5
+ &or ("ecx",$acc); # 5
+ &movz ($acc,&HB("ebx")); # 15
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
+ &shl ($acc,24); # 15
+ &or ("ecx",$acc); # 15
+ &movd ("mm0","ecx"); # t[0] collected
+
+ &movz ($acc,&LB("eax")); # 4
+ &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 4
+ &movd ("eax","mm2"); # 7, 6, 3, 2
+ &movz ($acc,&LB("ebx")); # 14
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
+ &shl ($acc,16); # 14
+ &or ("ecx",$acc); # 14
+
+ &movd ("ebx","mm6"); # 13,12, 9, 8
+ &movz ($acc,&HB("eax")); # 3
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 3
+ &shl ($acc,24); # 3
+ &or ("ecx",$acc); # 3
+ &movz ($acc,&HB("ebx")); # 9
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
+ &shl ($acc,8); # 9
+ &or ("ecx",$acc); # 9
+ &movd ("mm1","ecx"); # t[1] collected
+
+ &movz ($acc,&LB("ebx")); # 8
+ &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 8
+ &shr ("ebx",16); # 13,12
+ &movz ($acc,&LB("eax")); # 2
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
+ &shl ($acc,16); # 2
+ &or ("ecx",$acc); # 2
+ &shr ("eax",16); # 7, 6
+
+ &punpckldq ("mm0","mm1"); # t[0,1] collected
+
+ &movz ($acc,&HB("eax")); # 7
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
+ &shl ($acc,24); # 7
+ &or ("ecx",$acc); # 7
+ &and ("eax",0xff); # 6
+ &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6
+ &shl ("eax",16); # 6
+ &or ("edx","eax"); # 6
+ &movz ($acc,&HB("ebx")); # 13
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
+ &shl ($acc,8); # 13
+ &or ("ecx",$acc); # 13
+ &movd ("mm4","ecx"); # t[2] collected
+ &and ("ebx",0xff); # 12
+ &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12
+ &or ("edx","ebx"); # 12
+ &movd ("mm5","edx"); # t[3] collected
+
+ &punpckldq ("mm4","mm5"); # t[2,3] collected
}
+ if (!$x86only) {
+&function_begin_B("_sse_AES_encrypt_compact");
+ &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0
+ &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8
+
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov ($__end,$acc); # end of key schedule
+
+ &mov ($s0,0x1b1b1b1b); # magic constant
+ &mov (&DWP(8,"esp"),$s0);
+ &mov (&DWP(12,"esp"),$s0);
+
+ # prefetch Te4
+ &mov ($s0,&DWP(0-128,$tbl));
+ &mov ($s1,&DWP(32-128,$tbl));
+ &mov ($s2,&DWP(64-128,$tbl));
+ &mov ($s3,&DWP(96-128,$tbl));
+ &mov ($s0,&DWP(128-128,$tbl));
+ &mov ($s1,&DWP(160-128,$tbl));
+ &mov ($s2,&DWP(192-128,$tbl));
+ &mov ($s3,&DWP(224-128,$tbl));
+
+ &set_label("loop",16);
+ &sse_enccompact();
+ &add ($key,16);
+ &cmp ($key,$__end);
+ &ja (&label("out"));
+
+ &movq ("mm2",&QWP(8,"esp"));
+ &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
+ &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0
+ &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4");
+ &pand ("mm3","mm2"); &pand ("mm7","mm2");
+ &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16)
+ &paddb ("mm0","mm0"); &paddb ("mm4","mm4");
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2
+ &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0
+ &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16)
+
+ &movq ("mm2","mm3"); &movq ("mm6","mm7");
+ &pslld ("mm3",8); &pslld ("mm7",8);
+ &psrld ("mm2",24); &psrld ("mm6",24);
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24
+
+ &movq ("mm3","mm1"); &movq ("mm7","mm5");
+ &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key));
+ &psrld ("mm1",8); &psrld ("mm5",8);
+ &mov ($s0,&DWP(0-128,$tbl));
+ &pslld ("mm3",24); &pslld ("mm7",24);
+ &mov ($s1,&DWP(64-128,$tbl));
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8
+ &mov ($s2,&DWP(128-128,$tbl));
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24
+ &mov ($s3,&DWP(192-128,$tbl));
+
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6");
+ &jmp (&label("loop"));
+
+ &set_label("out",16);
+ &pxor ("mm0",&QWP(0,$key));
+ &pxor ("mm4",&QWP(8,$key));
+
+ &ret ();
+&function_end_B("_sse_AES_encrypt_compact");
+ }
+
+######################################################################
+# Vanilla block function.
+######################################################################
+
sub encstep()
{ my ($i,$te,@s) = @_;
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
# lines marked with #%e?x[i] denote "reordered" instructions...
- if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
+ if ($i==3) { &mov ($key,$__key); }##%edx
else { &mov ($out,$s[0]);
&and ($out,0xFF); }
if ($i==1) { &shr ($s[0],16); }#%ebx[1]
if ($i==2) { &shr ($s[0],24); }#%ecx[2]
- &mov ($out,&DWP(1024*0,$te,$out,4));
+ &mov ($out,&DWP(0,$te,$out,8));
if ($i==3) { $tmp=$s[1]; }##%eax
&movz ($tmp,&HB($s[1]));
- &xor ($out,&DWP(1024*1,$te,$tmp,4));
+ &xor ($out,&DWP(3,$te,$tmp,8));
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
else { &mov ($tmp,$s[2]);
&shr ($tmp,16); }
if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
&and ($tmp,0xFF);
- &xor ($out,&DWP(1024*2,$te,$tmp,4));
+ &xor ($out,&DWP(2,$te,$tmp,8));
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
else { &mov ($tmp,$s[3]);
&shr ($tmp,24) }
- &xor ($out,&DWP(1024*3,$te,$tmp,4));
- if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); }
+ &xor ($out,&DWP(1,$te,$tmp,8));
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
if ($i==3) { &mov ($s[3],$acc); }
&comment();
}
@@ -194,41 +802,40 @@ sub enclast()
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
- if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx
+ if ($i==3) { &mov ($key,$__key); }##%edx
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
if ($i==1) { &shr ($s[0],16); }#%ebx[1]
if ($i==2) { &shr ($s[0],24); }#%ecx[2]
- &mov ($out,&DWP(1024*4,$te,$out,4));
+ &mov ($out,&DWP(2,$te,$out,8));
&and ($out,0x000000ff);
if ($i==3) { $tmp=$s[1]; }##%eax
&movz ($tmp,&HB($s[1]));
- &mov ($tmp,&DWP(1024*4,$te,$tmp,4));
+ &mov ($tmp,&DWP(0,$te,$tmp,8));
&and ($tmp,0x0000ff00);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
- else { mov ($tmp,$s[2]);
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx
+ else { &mov ($tmp,$s[2]);
&shr ($tmp,16); }
if ($i==2) { &and ($s[1],0xFF); }#%edx[2]
&and ($tmp,0xFF);
- &mov ($tmp,&DWP(1024*4,$te,$tmp,4));
+ &mov ($tmp,&DWP(0,$te,$tmp,8));
&and ($tmp,0x00ff0000);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx
elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2]
else { &mov ($tmp,$s[3]);
&shr ($tmp,24); }
- &mov ($tmp,&DWP(1024*4,$te,$tmp,4));
+ &mov ($tmp,&DWP(2,$te,$tmp,8));
&and ($tmp,0xff000000);
&xor ($out,$tmp);
- if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); }
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
if ($i==3) { &mov ($s[3],$acc); }
}
-&public_label("AES_Te");
&function_begin_B("_x86_AES_encrypt");
if ($vertical_spin) {
# I need high parts of volatile registers to be accessible...
@@ -236,13 +843,8 @@ sub enclast()
&mov ($s2="esi",$acc="ecx");
}
- # allocate aligned stack frame
- &mov ($acc,"esp");
- &sub ("esp",20);
- &and ("esp",-16);
-
- &mov (&DWP(12,"esp"),$key); # save key
- &mov (&DWP(16,"esp"),$acc); # save %esp
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($__key,$key); # save key
&xor ($s0,&DWP(0,$key)); # xor with key
&xor ($s1,&DWP(4,$key));
@@ -254,24 +856,24 @@ sub enclast()
if ($small_footprint) {
&lea ($acc,&DWP(-2,$acc,$acc));
&lea ($acc,&DWP(0,$key,$acc,8));
- &mov (&DWP(8,"esp"),$acc); # end of key schedule
- &align (4);
- &set_label("loop");
+ &mov ($__end,$acc); # end of key schedule
+
+ &set_label("loop",16);
if ($vertical_spin) {
- &encvert("ebp",$s0,$s1,$s2,$s3);
+ &encvert($tbl,$s0,$s1,$s2,$s3);
} else {
- &encstep(0,"ebp",$s0,$s1,$s2,$s3);
- &encstep(1,"ebp",$s1,$s2,$s3,$s0);
- &encstep(2,"ebp",$s2,$s3,$s0,$s1);
- &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+ &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+ &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+ &encstep(3,$tbl,$s3,$s0,$s1,$s2);
}
- &add ($key,16); # advance rd_key
+ &add ($key,16); # advance rd_key
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &cmp ($key,&DWP(8,"esp"));
- &mov (&DWP(12,"esp"),$key);
+ &cmp ($key,$__end);
+ &mov ($__key,$key);
&jb (&label("loop"));
}
else {
@@ -280,15 +882,15 @@ sub enclast()
&cmp ($acc,12);
&jle (&label("12rounds"));
- &set_label("14rounds");
+ &set_label("14rounds",4);
for ($i=1;$i<3;$i++) {
if ($vertical_spin) {
- &encvert("ebp",$s0,$s1,$s2,$s3);
+ &encvert($tbl,$s0,$s1,$s2,$s3);
} else {
- &encstep(0,"ebp",$s0,$s1,$s2,$s3);
- &encstep(1,"ebp",$s1,$s2,$s3,$s0);
- &encstep(2,"ebp",$s2,$s3,$s0,$s1);
- &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+ &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+ &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+ &encstep(3,$tbl,$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
@@ -296,16 +898,16 @@ sub enclast()
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov (&DWP(12,"esp"),$key); # advance rd_key
- &set_label("12rounds");
+ &mov ($__key,$key); # advance rd_key
+ &set_label("12rounds",4);
for ($i=1;$i<3;$i++) {
if ($vertical_spin) {
- &encvert("ebp",$s0,$s1,$s2,$s3);
+ &encvert($tbl,$s0,$s1,$s2,$s3);
} else {
- &encstep(0,"ebp",$s0,$s1,$s2,$s3);
- &encstep(1,"ebp",$s1,$s2,$s3,$s0);
- &encstep(2,"ebp",$s2,$s3,$s0,$s1);
- &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+ &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+ &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+ &encstep(3,$tbl,$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
@@ -313,16 +915,16 @@ sub enclast()
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov (&DWP(12,"esp"),$key); # advance rd_key
- &set_label("10rounds");
+ &mov ($__key,$key); # advance rd_key
+ &set_label("10rounds",4);
for ($i=1;$i<10;$i++) {
if ($vertical_spin) {
- &encvert("ebp",$s0,$s1,$s2,$s3);
+ &encvert($tbl,$s0,$s1,$s2,$s3);
} else {
- &encstep(0,"ebp",$s0,$s1,$s2,$s3);
- &encstep(1,"ebp",$s1,$s2,$s3,$s0);
- &encstep(2,"ebp",$s2,$s3,$s0,$s1);
- &encstep(3,"ebp",$s3,$s0,$s1,$s2);
+ &encstep(0,$tbl,$s0,$s1,$s2,$s3);
+ &encstep(1,$tbl,$s1,$s2,$s3,$s0);
+ &encstep(2,$tbl,$s2,$s3,$s0,$s1);
+ &encstep(3,$tbl,$s3,$s0,$s1,$s2);
}
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
@@ -336,12 +938,11 @@ sub enclast()
&mov ($s1="ebx",$key="edi");
&mov ($s2="ecx",$acc="esi");
}
- &enclast(0,"ebp",$s0,$s1,$s2,$s3);
- &enclast(1,"ebp",$s1,$s2,$s3,$s0);
- &enclast(2,"ebp",$s2,$s3,$s0,$s1);
- &enclast(3,"ebp",$s3,$s0,$s1,$s2);
+ &enclast(0,$tbl,$s0,$s1,$s2,$s3);
+ &enclast(1,$tbl,$s1,$s2,$s3,$s0);
+ &enclast(2,$tbl,$s2,$s3,$s0,$s1);
+ &enclast(3,$tbl,$s3,$s0,$s1,$s2);
- &mov ("esp",&DWP(16,"esp")); # restore %esp
&add ($key,$small_footprint?16:160);
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
@@ -351,354 +952,262 @@ sub enclast()
&ret ();
&set_label("AES_Te",64); # Yes! I keep it in the code segment!
- &data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
- &data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
- &data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
- &data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
- &data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
- &data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
- &data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
- &data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
- &data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
- &data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
- &data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
- &data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
- &data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
- &data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
- &data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
- &data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
- &data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
- &data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
- &data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
- &data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
- &data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
- &data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
- &data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
- &data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
- &data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
- &data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
- &data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
- &data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
- &data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
- &data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
- &data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
- &data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
- &data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
- &data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
- &data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
- &data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
- &data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
- &data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
- &data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
- &data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
- &data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
- &data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
- &data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
- &data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
- &data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
- &data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
- &data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
- &data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
- &data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
- &data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
- &data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
- &data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
- &data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
- &data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
- &data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
- &data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
- &data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
- &data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
- &data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
- &data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
- &data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
- &data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
- &data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
- &data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-#Te1:
- &data_word(0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d);
- &data_word(0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154);
- &data_word(0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d);
- &data_word(0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a);
- &data_word(0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87);
- &data_word(0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b);
- &data_word(0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea);
- &data_word(0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b);
- &data_word(0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a);
- &data_word(0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f);
- &data_word(0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908);
- &data_word(0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f);
- &data_word(0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e);
- &data_word(0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5);
- &data_word(0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d);
- &data_word(0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f);
- &data_word(0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e);
- &data_word(0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb);
- &data_word(0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce);
- &data_word(0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397);
- &data_word(0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c);
- &data_word(0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed);
- &data_word(0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b);
- &data_word(0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a);
- &data_word(0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16);
- &data_word(0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194);
- &data_word(0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81);
- &data_word(0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3);
- &data_word(0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a);
- &data_word(0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104);
- &data_word(0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263);
- &data_word(0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d);
- &data_word(0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f);
- &data_word(0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39);
- &data_word(0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47);
- &data_word(0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695);
- &data_word(0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f);
- &data_word(0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83);
- &data_word(0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c);
- &data_word(0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76);
- &data_word(0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e);
- &data_word(0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4);
- &data_word(0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6);
- &data_word(0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b);
- &data_word(0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7);
- &data_word(0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0);
- &data_word(0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25);
- &data_word(0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018);
- &data_word(0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72);
- &data_word(0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751);
- &data_word(0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21);
- &data_word(0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85);
- &data_word(0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa);
- &data_word(0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12);
- &data_word(0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0);
- &data_word(0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9);
- &data_word(0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233);
- &data_word(0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7);
- &data_word(0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920);
- &data_word(0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a);
- &data_word(0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17);
- &data_word(0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8);
- &data_word(0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11);
- &data_word(0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a);
-#Te2:
- &data_word(0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b);
- &data_word(0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5);
- &data_word(0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b);
- &data_word(0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76);
- &data_word(0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d);
- &data_word(0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0);
- &data_word(0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf);
- &data_word(0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0);
- &data_word(0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26);
- &data_word(0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc);
- &data_word(0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1);
- &data_word(0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15);
- &data_word(0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3);
- &data_word(0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a);
- &data_word(0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2);
- &data_word(0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75);
- &data_word(0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a);
- &data_word(0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0);
- &data_word(0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3);
- &data_word(0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784);
- &data_word(0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced);
- &data_word(0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b);
- &data_word(0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39);
- &data_word(0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf);
- &data_word(0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb);
- &data_word(0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485);
- &data_word(0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f);
- &data_word(0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8);
- &data_word(0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f);
- &data_word(0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5);
- &data_word(0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321);
- &data_word(0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2);
- &data_word(0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec);
- &data_word(0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917);
- &data_word(0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d);
- &data_word(0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573);
- &data_word(0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc);
- &data_word(0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388);
- &data_word(0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14);
- &data_word(0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db);
- &data_word(0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a);
- &data_word(0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c);
- &data_word(0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662);
- &data_word(0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79);
- &data_word(0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d);
- &data_word(0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9);
- &data_word(0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea);
- &data_word(0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808);
- &data_word(0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e);
- &data_word(0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6);
- &data_word(0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f);
- &data_word(0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a);
- &data_word(0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66);
- &data_word(0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e);
- &data_word(0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9);
- &data_word(0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e);
- &data_word(0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311);
- &data_word(0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794);
- &data_word(0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9);
- &data_word(0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf);
- &data_word(0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d);
- &data_word(0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868);
- &data_word(0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f);
- &data_word(0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16);
-#Te3:
- &data_word(0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b);
- &data_word(0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5);
- &data_word(0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b);
- &data_word(0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676);
- &data_word(0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d);
- &data_word(0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0);
- &data_word(0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf);
- &data_word(0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0);
- &data_word(0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626);
- &data_word(0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc);
- &data_word(0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1);
- &data_word(0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515);
- &data_word(0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3);
- &data_word(0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a);
- &data_word(0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2);
- &data_word(0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575);
- &data_word(0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a);
- &data_word(0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0);
- &data_word(0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3);
- &data_word(0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484);
- &data_word(0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded);
- &data_word(0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b);
- &data_word(0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939);
- &data_word(0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf);
- &data_word(0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb);
- &data_word(0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585);
- &data_word(0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f);
- &data_word(0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8);
- &data_word(0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f);
- &data_word(0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5);
- &data_word(0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121);
- &data_word(0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2);
- &data_word(0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec);
- &data_word(0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717);
- &data_word(0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d);
- &data_word(0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373);
- &data_word(0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc);
- &data_word(0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888);
- &data_word(0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414);
- &data_word(0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb);
- &data_word(0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a);
- &data_word(0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c);
- &data_word(0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262);
- &data_word(0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979);
- &data_word(0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d);
- &data_word(0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9);
- &data_word(0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea);
- &data_word(0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808);
- &data_word(0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e);
- &data_word(0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6);
- &data_word(0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f);
- &data_word(0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a);
- &data_word(0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666);
- &data_word(0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e);
- &data_word(0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9);
- &data_word(0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e);
- &data_word(0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111);
- &data_word(0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494);
- &data_word(0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9);
- &data_word(0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf);
- &data_word(0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d);
- &data_word(0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868);
- &data_word(0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f);
- &data_word(0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616);
-#Te4:
- &data_word(0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b);
- &data_word(0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5);
- &data_word(0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b);
- &data_word(0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676);
- &data_word(0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d);
- &data_word(0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0);
- &data_word(0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf);
- &data_word(0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0);
- &data_word(0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626);
- &data_word(0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc);
- &data_word(0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1);
- &data_word(0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515);
- &data_word(0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3);
- &data_word(0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a);
- &data_word(0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2);
- &data_word(0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575);
- &data_word(0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a);
- &data_word(0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0);
- &data_word(0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3);
- &data_word(0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484);
- &data_word(0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed);
- &data_word(0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b);
- &data_word(0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939);
- &data_word(0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf);
- &data_word(0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb);
- &data_word(0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585);
- &data_word(0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f);
- &data_word(0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8);
- &data_word(0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f);
- &data_word(0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5);
- &data_word(0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121);
- &data_word(0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2);
- &data_word(0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec);
- &data_word(0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717);
- &data_word(0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d);
- &data_word(0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373);
- &data_word(0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc);
- &data_word(0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888);
- &data_word(0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414);
- &data_word(0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb);
- &data_word(0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a);
- &data_word(0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c);
- &data_word(0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262);
- &data_word(0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979);
- &data_word(0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d);
- &data_word(0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9);
- &data_word(0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea);
- &data_word(0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808);
- &data_word(0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e);
- &data_word(0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6);
- &data_word(0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f);
- &data_word(0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a);
- &data_word(0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666);
- &data_word(0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e);
- &data_word(0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9);
- &data_word(0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e);
- &data_word(0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111);
- &data_word(0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494);
- &data_word(0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9);
- &data_word(0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf);
- &data_word(0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d);
- &data_word(0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868);
- &data_word(0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f);
- &data_word(0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616);
+ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+ &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+ &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+ &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+ &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+ &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+ &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+ &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+ &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+ &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+ &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+ &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+ &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+ &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+ &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+ &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+ &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+ &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+ &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+ &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+ &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+ &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+ &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+ &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+ &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+ &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+ &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+ &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+ &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+ &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+ &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+ &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+ &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+ &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+ &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+ &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+ &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+ &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+ &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+ &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+ &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+ &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+ &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+ &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+ &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+ &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+ &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+ &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+ &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+ &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+ &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+ &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+ &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+ &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+ &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+ &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+ &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+ &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+ &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+ &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+ &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+ &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+ &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4 # four copies of Te4 to choose from to avoid L1 aliasing
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
#rcon:
&data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
- &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
- &data_word(0x0000001b, 0x00000036);
+ &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+ &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000);
+ &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000);
&function_end_B("_x86_AES_encrypt");
# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Te");
&function_begin("AES_encrypt");
&mov ($acc,&wparam(0)); # load inp
&mov ($key,&wparam(2)); # load key
+ &mov ($s0,"esp");
+ &sub ("esp",36);
+ &and ("esp",-64); # align to cache-line
+
+ # place stack frame just "above" the key schedule
+ &lea ($s1,&DWP(-64-63,$key));
+ &sub ($s1,"esp");
+ &neg ($s1);
+ &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
+ &sub ("esp",$s1);
+ &add ("esp",4); # 4 is reserved for caller's return address
+ &mov ($_esp,$s0); # save stack pointer
+
&call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop("ebp");
- &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-
+ &blindpop($tbl);
+ &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only);
+ &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+
+ # pick Te4 copy which can't "overlap" with stack frame or key schedule
+ &lea ($s1,&DWP(768-4,"esp"));
+ &sub ($s1,$tbl);
+ &and ($s1,0x300);
+ &lea ($tbl,&DWP(2048+128,$tbl,$s1));
+
+ if (!$x86only) {
+ &bt (&DWP(0,$s0),25); # check for SSE bit
+ &jnc (&label("x86"));
+
+ &movq ("mm0",&QWP(0,$acc));
+ &movq ("mm4",&QWP(8,$acc));
+ &call ("_sse_AES_encrypt_compact");
+ &mov ("esp",$_esp); # restore stack pointer
+ &mov ($acc,&wparam(1)); # load out
+ &movq (&QWP(0,$acc),"mm0"); # write output data
+ &movq (&QWP(8,$acc),"mm4");
+ &emms ();
+ &function_end_A();
+ }
+ &set_label("x86",16);
+ &mov ($_tbl,$tbl);
&mov ($s0,&DWP(0,$acc)); # load input data
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
-
- &call ("_x86_AES_encrypt");
-
+ &call ("_x86_AES_encrypt_compact");
+ &mov ("esp",$_esp); # restore stack pointer
&mov ($acc,&wparam(1)); # load out
&mov (&DWP(0,$acc),$s0); # write output data
&mov (&DWP(4,$acc),$s1);
@@ -706,7 +1215,370 @@ sub enclast()
&mov (&DWP(12,$acc),$s3);
&function_end("AES_encrypt");
-#------------------------------------------------------------------#
+#--------------------------------------------------------------------#
+
+######################################################################
+# "Compact" block function
+######################################################################
+
+sub deccompact()
+{ my $Fn = mov;
+ while ($#_>5) { pop(@_); $Fn=sub{}; }
+ my ($i,$td,@s)=@_;
+ my $tmp = $key;
+ my $out = $i==3?$s[0]:$acc;
+
+ # $Fn is used in first compact round and its purpose is to
+ # void restoration of some values from stack, so that after
+ # 4xdeccompact with extra argument $key, $s0 and $s1 values
+ # are left there...
+ if($i==3) { &$Fn ($key,$__key); }
+ else { &mov ($out,$s[0]); }
+ &and ($out,0xFF);
+ &movz ($out,&BP(-128,$td,$out,1));
+
+ if ($i==3) { $tmp=$s[1]; }
+ &movz ($tmp,&HB($s[1]));
+ &movz ($tmp,&BP(-128,$td,$tmp,1));
+ &shl ($tmp,8);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
+ else { mov ($tmp,$s[2]); }
+ &shr ($tmp,16);
+ &and ($tmp,0xFF);
+ &movz ($tmp,&BP(-128,$td,$tmp,1));
+ &shl ($tmp,16);
+ &xor ($out,$tmp);
+
+ if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); }
+ else { &mov ($tmp,$s[3]); }
+ &shr ($tmp,24);
+ &movz ($tmp,&BP(-128,$td,$tmp,1));
+ &shl ($tmp,24);
+ &xor ($out,$tmp);
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &$Fn ($s[3],$__s0); }
+}
+
+# must be called with 2,3,0,1 as argument sequence!!!
+sub dectransform()
+{ my @s = ($s0,$s1,$s2,$s3);
+ my $i = shift;
+ my $tmp = $key;
+ my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1);
+ my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1);
+ my $tp8 = $tbl;
+
+ &mov ($acc,$s[$i]);
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp2,&DWP(0,$s[$i],$s[$i]));
+ &sub ($acc,$tmp);
+ &and ($tp2,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &xor ($acc,$tp2);
+ &mov ($tp2,$acc);
+
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp4,&DWP(0,$tp2,$tp2));
+ &sub ($acc,$tmp);
+ &and ($tp4,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &xor ($tp2,$s[$i]); # tp2^tp1
+ &xor ($acc,$tp4);
+ &mov ($tp4,$acc);
+
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp8,&DWP(0,$tp4,$tp4));
+ &sub ($acc,$tmp);
+ &and ($tp8,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &xor ($tp4,$s[$i]); # tp4^tp1
+ &rotl ($s[$i],8); # = ROTATE(tp1,8)
+ &xor ($tp8,$acc);
+
+ &xor ($s[$i],$tp2);
+ &xor ($tp2,$tp8);
+ &rotl ($tp2,24);
+ &xor ($s[$i],$tp4);
+ &xor ($tp4,$tp8);
+ &rotl ($tp4,16);
+ &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1)
+ &rotl ($tp8,8);
+ &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24)
+ &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16)
+ &mov ($s[0],$__s0) if($i==2); #prefetch $s0
+ &mov ($s[1],$__s1) if($i==3); #prefetch $s1
+ &mov ($s[2],$__s2) if($i==1);
+ &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8)
+
+ &mov ($s[3],$__s3) if($i==1);
+ &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2);
+}
+
+&function_begin_B("_x86_AES_decrypt_compact");
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($__key,$key); # save key
+
+ &xor ($s0,&DWP(0,$key)); # xor with key
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov ($__end,$acc); # end of key schedule
+
+ # prefetch Td4
+ &mov ($key,&DWP(0-128,$tbl));
+ &mov ($acc,&DWP(32-128,$tbl));
+ &mov ($key,&DWP(64-128,$tbl));
+ &mov ($acc,&DWP(96-128,$tbl));
+ &mov ($key,&DWP(128-128,$tbl));
+ &mov ($acc,&DWP(160-128,$tbl));
+ &mov ($key,&DWP(192-128,$tbl));
+ &mov ($acc,&DWP(224-128,$tbl));
+
+ &set_label("loop",16);
+
+ &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1);
+ &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1);
+ &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1);
+ &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1);
+ &dectransform(2);
+ &dectransform(3);
+ &dectransform(0);
+ &dectransform(1);
+ &mov ($key,$__key);
+ &mov ($tbl,$__tbl);
+ &add ($key,16); # advance rd_key
+ &xor ($s0,&DWP(0,$key));
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &cmp ($key,$__end);
+ &mov ($__key,$key);
+ &jb (&label("loop"));
+
+ &deccompact(0,$tbl,$s0,$s3,$s2,$s1);
+ &deccompact(1,$tbl,$s1,$s0,$s3,$s2);
+ &deccompact(2,$tbl,$s2,$s1,$s0,$s3);
+ &deccompact(3,$tbl,$s3,$s2,$s1,$s0);
+
+ &xor ($s0,&DWP(16,$key));
+ &xor ($s1,&DWP(20,$key));
+ &xor ($s2,&DWP(24,$key));
+ &xor ($s3,&DWP(28,$key));
+
+ &ret ();
+&function_end_B("_x86_AES_decrypt_compact");
+
+######################################################################
+# "Compact" SSE block function.
+######################################################################
+
+sub sse_deccompact()
+{
+ &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0
+ &movd ("eax","mm1"); # 7, 6, 1, 0
+
+ &pshufw ("mm5","mm4",0x09); # 13,12,11,10
+ &movz ($acc,&LB("eax")); # 0
+ &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0
+ &movd ("ebx","mm5"); # 13,12,11,10
+ &movz ("edx",&HB("eax")); # 1
+ &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1
+ &shl ("edx",8); # 1
+
+ &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4
+ &movz ($acc,&LB("ebx")); # 10
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10
+ &shl ($acc,16); # 10
+ &or ("ecx",$acc); # 10
+ &shr ("eax",16); # 7, 6
+ &movz ($acc,&HB("ebx")); # 11
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11
+ &shl ($acc,24); # 11
+ &or ("edx",$acc); # 11
+ &shr ("ebx",16); # 13,12
+
+ &pshufw ("mm6","mm4",0x03); # 9, 8,15,14
+ &movz ($acc,&HB("eax")); # 7
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7
+ &shl ($acc,24); # 7
+ &or ("ecx",$acc); # 7
+ &movz ($acc,&HB("ebx")); # 13
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13
+ &shl ($acc,8); # 13
+ &or ("ecx",$acc); # 13
+ &movd ("mm0","ecx"); # t[0] collected
+
+ &movz ($acc,&LB("eax")); # 6
+ &movd ("eax","mm2"); # 3, 2, 5, 4
+ &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 6
+ &shl ("ecx",16); # 6
+ &movz ($acc,&LB("ebx")); # 12
+ &movd ("ebx","mm6"); # 9, 8,15,14
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 12
+ &or ("ecx",$acc); # 12
+
+ &movz ($acc,&LB("eax")); # 4
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 4
+ &or ("edx",$acc); # 4
+ &movz ($acc,&LB("ebx")); # 14
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14
+ &shl ($acc,16); # 14
+ &or ("edx",$acc); # 14
+ &movd ("mm1","edx"); # t[1] collected
+
+ &movz ($acc,&HB("eax")); # 5
+ &movz ("edx",&BP(-128,$tbl,$acc,1)); # 5
+ &shl ("edx",8); # 5
+ &movz ($acc,&HB("ebx")); # 15
+ &shr ("eax",16); # 3, 2
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15
+ &shl ($acc,24); # 15
+ &or ("edx",$acc); # 15
+ &shr ("ebx",16); # 9, 8
+
+ &punpckldq ("mm0","mm1"); # t[0,1] collected
+
+ &movz ($acc,&HB("ebx")); # 9
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9
+ &shl ($acc,8); # 9
+ &or ("ecx",$acc); # 9
+ &and ("ebx",0xff); # 8
+ &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8
+ &or ("edx","ebx"); # 8
+ &movz ($acc,&LB("eax")); # 2
+ &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2
+ &shl ($acc,16); # 2
+ &or ("edx",$acc); # 2
+ &movd ("mm4","edx"); # t[2] collected
+ &movz ("eax",&HB("eax")); # 3
+ &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3
+ &shl ("eax",24); # 3
+ &or ("ecx","eax"); # 3
+ &movd ("mm5","ecx"); # t[3] collected
+
+ &punpckldq ("mm4","mm5"); # t[2,3] collected
+}
+
+ if (!$x86only) {
+&function_begin_B("_sse_AES_decrypt_compact");
+ &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0
+ &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8
+
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($acc,&DWP(240,$key)); # load key->rounds
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov ($__end,$acc); # end of key schedule
+
+ &mov ($s0,0x1b1b1b1b); # magic constant
+ &mov (&DWP(8,"esp"),$s0);
+ &mov (&DWP(12,"esp"),$s0);
+
+ # prefetch Td4
+ &mov ($s0,&DWP(0-128,$tbl));
+ &mov ($s1,&DWP(32-128,$tbl));
+ &mov ($s2,&DWP(64-128,$tbl));
+ &mov ($s3,&DWP(96-128,$tbl));
+ &mov ($s0,&DWP(128-128,$tbl));
+ &mov ($s1,&DWP(160-128,$tbl));
+ &mov ($s2,&DWP(192-128,$tbl));
+ &mov ($s3,&DWP(224-128,$tbl));
+
+ &set_label("loop",16);
+ &sse_deccompact();
+ &add ($key,16);
+ &cmp ($key,$__end);
+ &ja (&label("out"));
+
+ # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N)
+ &movq ("mm3","mm0"); &movq ("mm7","mm4");
+ &movq ("mm2","mm0",1); &movq ("mm6","mm4",1);
+ &movq ("mm1","mm0"); &movq ("mm5","mm4");
+ &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16)
+ &pslld ("mm2",8); &pslld ("mm6",8);
+ &psrld ("mm3",8); &psrld ("mm7",8);
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8
+ &pslld ("mm2",16); &pslld ("mm6",16);
+ &psrld ("mm3",16); &psrld ("mm7",16);
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24
+
+ &movq ("mm3",&QWP(8,"esp"));
+ &pxor ("mm2","mm2"); &pxor ("mm6","mm6");
+ &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5");
+ &pand ("mm2","mm3"); &pand ("mm6","mm3");
+ &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
+ &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2
+ &movq ("mm3","mm1"); &movq ("mm7","mm5");
+ &movq ("mm2","mm1"); &movq ("mm6","mm5");
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2
+ &pslld ("mm3",24); &pslld ("mm7",24);
+ &psrld ("mm2",8); &psrld ("mm6",8);
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8
+
+ &movq ("mm2",&QWP(8,"esp"));
+ &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
+ &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5");
+ &pand ("mm3","mm2"); &pand ("mm7","mm2");
+ &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
+ &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4
+ &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1);
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16)
+
+ &pxor ("mm3","mm3"); &pxor ("mm7","mm7");
+ &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5");
+ &pand ("mm3","mm2"); &pand ("mm7","mm2");
+ &paddb ("mm1","mm1"); &paddb ("mm5","mm5");
+ &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8
+ &movq ("mm3","mm1"); &movq ("mm7","mm5");
+ &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1);
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16)
+ &pslld ("mm1",8); &pslld ("mm5",8);
+ &psrld ("mm3",8); &psrld ("mm7",8);
+ &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key));
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8
+ &mov ($s0,&DWP(0-128,$tbl));
+ &pslld ("mm1",16); &pslld ("mm5",16);
+ &mov ($s1,&DWP(64-128,$tbl));
+ &psrld ("mm3",16); &psrld ("mm7",16);
+ &mov ($s2,&DWP(128-128,$tbl));
+ &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24
+ &mov ($s3,&DWP(192-128,$tbl));
+ &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24
+
+ &pxor ("mm0","mm2"); &pxor ("mm4","mm6");
+ &jmp (&label("loop"));
+
+ &set_label("out",16);
+ &pxor ("mm0",&QWP(0,$key));
+ &pxor ("mm4",&QWP(8,$key));
+
+ &ret ();
+&function_end_B("_sse_AES_decrypt_compact");
+ }
+
+######################################################################
+# Vanilla block function.
+######################################################################
sub decstep()
{ my ($i,$td,@s) = @_;
@@ -717,27 +1589,27 @@ sub decstep()
# optimal... or rather that all attempts to reorder didn't
# result in better performance [which by the way is not a
# bit lower than ecryption].
- if($i==3) { &mov ($key,&DWP(12,"esp")); }
+ if($i==3) { &mov ($key,$__key); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
- &mov ($out,&DWP(1024*0,$td,$out,4));
+ &mov ($out,&DWP(0,$td,$out,8));
if ($i==3) { $tmp=$s[1]; }
&movz ($tmp,&HB($s[1]));
- &xor ($out,&DWP(1024*1,$td,$tmp,4));
+ &xor ($out,&DWP(3,$td,$tmp,8));
if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
else { &mov ($tmp,$s[2]); }
&shr ($tmp,16);
&and ($tmp,0xFF);
- &xor ($out,&DWP(1024*2,$td,$tmp,4));
+ &xor ($out,&DWP(2,$td,$tmp,8));
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
- &xor ($out,&DWP(1024*3,$td,$tmp,4));
- if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); }
- if ($i==3) { &mov ($s[3],&DWP(0,"esp")); }
+ &xor ($out,&DWP(1,$td,$tmp,8));
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],$__s0); }
&comment();
}
@@ -746,45 +1618,49 @@ sub declast()
my $tmp = $key;
my $out = $i==3?$s[0]:$acc;
- if($i==3) { &mov ($key,&DWP(12,"esp")); }
+ if($i==0) { &lea ($td,&DWP(2048+128,$td));
+ &mov ($tmp,&DWP(0-128,$td));
+ &mov ($acc,&DWP(32-128,$td));
+ &mov ($tmp,&DWP(64-128,$td));
+ &mov ($acc,&DWP(96-128,$td));
+ &mov ($tmp,&DWP(128-128,$td));
+ &mov ($acc,&DWP(160-128,$td));
+ &mov ($tmp,&DWP(192-128,$td));
+ &mov ($acc,&DWP(224-128,$td));
+ &lea ($td,&DWP(-128,$td)); }
+ if($i==3) { &mov ($key,$__key); }
else { &mov ($out,$s[0]); }
&and ($out,0xFF);
- &mov ($out,&DWP(1024*4,$td,$out,4));
- &and ($out,0x000000ff);
+ &movz ($out,&BP(0,$td,$out,1));
if ($i==3) { $tmp=$s[1]; }
&movz ($tmp,&HB($s[1]));
- &mov ($tmp,&DWP(1024*4,$td,$tmp,4));
- &and ($tmp,0x0000ff00);
+ &movz ($tmp,&BP(0,$td,$tmp,1));
+ &shl ($tmp,8);
&xor ($out,$tmp);
if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); }
else { mov ($tmp,$s[2]); }
&shr ($tmp,16);
&and ($tmp,0xFF);
- &mov ($tmp,&DWP(1024*4,$td,$tmp,4));
- &and ($tmp,0x00ff0000);
+ &movz ($tmp,&BP(0,$td,$tmp,1));
+ &shl ($tmp,16);
&xor ($out,$tmp);
- if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
+ if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }
else { &mov ($tmp,$s[3]); }
&shr ($tmp,24);
- &mov ($tmp,&DWP(1024*4,$td,$tmp,4));
- &and ($tmp,0xff000000);
+ &movz ($tmp,&BP(0,$td,$tmp,1));
+ &shl ($tmp,24);
&xor ($out,$tmp);
- if ($i<2) { &mov (&DWP(4*$i,"esp"),$out); }
- if ($i==3) { &mov ($s[3],&DWP(0,"esp")); }
+ if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); }
+ if ($i==3) { &mov ($s[3],$__s0);
+ &lea ($td,&DWP(-2048,$td)); }
}
-&public_label("AES_Td");
&function_begin_B("_x86_AES_decrypt");
- # allocate aligned stack frame
- &mov ($acc,"esp");
- &sub ("esp",20);
- &and ("esp",-16);
-
- &mov (&DWP(12,"esp"),$key); # save key
- &mov (&DWP(16,"esp"),$acc); # save %esp
+ # note that caller is expected to allocate stack frame for me!
+ &mov ($__key,$key); # save key
&xor ($s0,&DWP(0,$key)); # xor with key
&xor ($s1,&DWP(4,$key));
@@ -796,20 +1672,19 @@ sub declast()
if ($small_footprint) {
&lea ($acc,&DWP(-2,$acc,$acc));
&lea ($acc,&DWP(0,$key,$acc,8));
- &mov (&DWP(8,"esp"),$acc); # end of key schedule
- &align (4);
- &set_label("loop");
- &decstep(0,"ebp",$s0,$s3,$s2,$s1);
- &decstep(1,"ebp",$s1,$s0,$s3,$s2);
- &decstep(2,"ebp",$s2,$s1,$s0,$s3);
- &decstep(3,"ebp",$s3,$s2,$s1,$s0);
- &add ($key,16); # advance rd_key
+ &mov ($__end,$acc); # end of key schedule
+ &set_label("loop",16);
+ &decstep(0,$tbl,$s0,$s3,$s2,$s1);
+ &decstep(1,$tbl,$s1,$s0,$s3,$s2);
+ &decstep(2,$tbl,$s2,$s1,$s0,$s3);
+ &decstep(3,$tbl,$s3,$s2,$s1,$s0);
+ &add ($key,16); # advance rd_key
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &cmp ($key,&DWP(8,"esp"));
- &mov (&DWP(12,"esp"),$key);
+ &cmp ($key,$__end);
+ &mov ($__key,$key);
&jb (&label("loop"));
}
else {
@@ -818,38 +1693,38 @@ sub declast()
&cmp ($acc,12);
&jle (&label("12rounds"));
- &set_label("14rounds");
+ &set_label("14rounds",4);
for ($i=1;$i<3;$i++) {
- &decstep(0,"ebp",$s0,$s3,$s2,$s1);
- &decstep(1,"ebp",$s1,$s0,$s3,$s2);
- &decstep(2,"ebp",$s2,$s1,$s0,$s3);
- &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &decstep(0,$tbl,$s0,$s3,$s2,$s1);
+ &decstep(1,$tbl,$s1,$s0,$s3,$s2);
+ &decstep(2,$tbl,$s2,$s1,$s0,$s3);
+ &decstep(3,$tbl,$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov (&DWP(12,"esp"),$key); # advance rd_key
- &set_label("12rounds");
+ &mov ($__key,$key); # advance rd_key
+ &set_label("12rounds",4);
for ($i=1;$i<3;$i++) {
- &decstep(0,"ebp",$s0,$s3,$s2,$s1);
- &decstep(1,"ebp",$s1,$s0,$s3,$s2);
- &decstep(2,"ebp",$s2,$s1,$s0,$s3);
- &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &decstep(0,$tbl,$s0,$s3,$s2,$s1);
+ &decstep(1,$tbl,$s1,$s0,$s3,$s2);
+ &decstep(2,$tbl,$s2,$s1,$s0,$s3);
+ &decstep(3,$tbl,$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
&xor ($s3,&DWP(16*$i+12,$key));
}
&add ($key,32);
- &mov (&DWP(12,"esp"),$key); # advance rd_key
- &set_label("10rounds");
+ &mov ($__key,$key); # advance rd_key
+ &set_label("10rounds",4);
for ($i=1;$i<10;$i++) {
- &decstep(0,"ebp",$s0,$s3,$s2,$s1);
- &decstep(1,"ebp",$s1,$s0,$s3,$s2);
- &decstep(2,"ebp",$s2,$s1,$s0,$s3);
- &decstep(3,"ebp",$s3,$s2,$s1,$s0);
+ &decstep(0,$tbl,$s0,$s3,$s2,$s1);
+ &decstep(1,$tbl,$s1,$s0,$s3,$s2);
+ &decstep(2,$tbl,$s2,$s1,$s0,$s3);
+ &decstep(3,$tbl,$s3,$s2,$s1,$s0);
&xor ($s0,&DWP(16*$i+0,$key));
&xor ($s1,&DWP(16*$i+4,$key));
&xor ($s2,&DWP(16*$i+8,$key));
@@ -857,12 +1732,11 @@ sub declast()
}
}
- &declast(0,"ebp",$s0,$s3,$s2,$s1);
- &declast(1,"ebp",$s1,$s0,$s3,$s2);
- &declast(2,"ebp",$s2,$s1,$s0,$s3);
- &declast(3,"ebp",$s3,$s2,$s1,$s0);
+ &declast(0,$tbl,$s0,$s3,$s2,$s1);
+ &declast(1,$tbl,$s1,$s0,$s3,$s2);
+ &declast(2,$tbl,$s2,$s1,$s0,$s3);
+ &declast(3,$tbl,$s3,$s2,$s1,$s0);
- &mov ("esp",&DWP(16,"esp")); # restore %esp
&add ($key,$small_footprint?16:160);
&xor ($s0,&DWP(0,$key));
&xor ($s1,&DWP(4,$key));
@@ -872,350 +1746,257 @@ sub declast()
&ret ();
&set_label("AES_Td",64); # Yes! I keep it in the code segment!
- &data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
- &data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
- &data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
- &data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
- &data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
- &data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
- &data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
- &data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
- &data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
- &data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
- &data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
- &data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
- &data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
- &data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
- &data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
- &data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
- &data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
- &data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
- &data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
- &data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
- &data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
- &data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
- &data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
- &data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
- &data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
- &data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
- &data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
- &data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
- &data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
- &data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
- &data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
- &data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
- &data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
- &data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
- &data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
- &data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
- &data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
- &data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
- &data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
- &data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
- &data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
- &data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
- &data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
- &data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
- &data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
- &data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
- &data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
- &data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
- &data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
- &data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
- &data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
- &data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
- &data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
- &data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
- &data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
- &data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
- &data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
- &data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
- &data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
- &data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
- &data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
- &data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
- &data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
- &data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td1:
- &data_word(0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96);
- &data_word(0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93);
- &data_word(0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525);
- &data_word(0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f);
- &data_word(0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1);
- &data_word(0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6);
- &data_word(0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da);
- &data_word(0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44);
- &data_word(0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd);
- &data_word(0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4);
- &data_word(0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245);
- &data_word(0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994);
- &data_word(0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7);
- &data_word(0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a);
- &data_word(0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5);
- &data_word(0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c);
- &data_word(0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1);
- &data_word(0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a);
- &data_word(0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475);
- &data_word(0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51);
- &data_word(0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46);
- &data_word(0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff);
- &data_word(0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777);
- &data_word(0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db);
- &data_word(0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000);
- &data_word(0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e);
- &data_word(0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627);
- &data_word(0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a);
- &data_word(0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e);
- &data_word(0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16);
- &data_word(0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d);
- &data_word(0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8);
- &data_word(0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd);
- &data_word(0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34);
- &data_word(0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863);
- &data_word(0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420);
- &data_word(0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d);
- &data_word(0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0);
- &data_word(0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722);
- &data_word(0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef);
- &data_word(0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836);
- &data_word(0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4);
- &data_word(0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462);
- &data_word(0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5);
- &data_word(0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3);
- &data_word(0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b);
- &data_word(0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8);
- &data_word(0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6);
- &data_word(0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6);
- &data_word(0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0);
- &data_word(0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315);
- &data_word(0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f);
- &data_word(0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df);
- &data_word(0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f);
- &data_word(0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e);
- &data_word(0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13);
- &data_word(0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89);
- &data_word(0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c);
- &data_word(0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf);
- &data_word(0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886);
- &data_word(0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f);
- &data_word(0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41);
- &data_word(0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490);
- &data_word(0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042);
-#Td2:
- &data_word(0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e);
- &data_word(0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303);
- &data_word(0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c);
- &data_word(0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3);
- &data_word(0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0);
- &data_word(0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9);
- &data_word(0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59);
- &data_word(0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8);
- &data_word(0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71);
- &data_word(0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a);
- &data_word(0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f);
- &data_word(0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b);
- &data_word(0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8);
- &data_word(0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab);
- &data_word(0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508);
- &data_word(0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82);
- &data_word(0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2);
- &data_word(0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe);
- &data_word(0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb);
- &data_word(0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110);
- &data_word(0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd);
- &data_word(0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15);
- &data_word(0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e);
- &data_word(0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee);
- &data_word(0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000);
- &data_word(0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72);
- &data_word(0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739);
- &data_word(0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e);
- &data_word(0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91);
- &data_word(0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a);
- &data_word(0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17);
- &data_word(0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9);
- &data_word(0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60);
- &data_word(0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e);
- &data_word(0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1);
- &data_word(0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011);
- &data_word(0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1);
- &data_word(0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3);
- &data_word(0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264);
- &data_word(0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90);
- &data_word(0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b);
- &data_word(0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf);
- &data_word(0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246);
- &data_word(0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af);
- &data_word(0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312);
- &data_word(0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb);
- &data_word(0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a);
- &data_word(0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8);
- &data_word(0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c);
- &data_word(0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066);
- &data_word(0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8);
- &data_word(0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6);
- &data_word(0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04);
- &data_word(0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51);
- &data_word(0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41);
- &data_word(0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347);
- &data_word(0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c);
- &data_word(0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1);
- &data_word(0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37);
- &data_word(0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db);
- &data_word(0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40);
- &data_word(0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195);
- &data_word(0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1);
- &data_word(0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257);
-#Td3:
- &data_word(0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27);
- &data_word(0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3);
- &data_word(0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02);
- &data_word(0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362);
- &data_word(0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe);
- &data_word(0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3);
- &data_word(0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952);
- &data_word(0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9);
- &data_word(0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9);
- &data_word(0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace);
- &data_word(0x63184adf, 0xe582311a, 0x97603351, 0x62457f53);
- &data_word(0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08);
- &data_word(0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b);
- &data_word(0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55);
- &data_word(0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837);
- &data_word(0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216);
- &data_word(0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269);
- &data_word(0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6);
- &data_word(0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6);
- &data_word(0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e);
- &data_word(0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6);
- &data_word(0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550);
- &data_word(0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9);
- &data_word(0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8);
- &data_word(0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000);
- &data_word(0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a);
- &data_word(0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d);
- &data_word(0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36);
- &data_word(0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b);
- &data_word(0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12);
- &data_word(0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b);
- &data_word(0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e);
- &data_word(0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f);
- &data_word(0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb);
- &data_word(0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4);
- &data_word(0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6);
- &data_word(0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129);
- &data_word(0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1);
- &data_word(0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9);
- &data_word(0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033);
- &data_word(0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4);
- &data_word(0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad);
- &data_word(0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e);
- &data_word(0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3);
- &data_word(0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225);
- &data_word(0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b);
- &data_word(0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f);
- &data_word(0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815);
- &data_word(0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0);
- &data_word(0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2);
- &data_word(0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7);
- &data_word(0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691);
- &data_word(0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496);
- &data_word(0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165);
- &data_word(0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b);
- &data_word(0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6);
- &data_word(0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13);
- &data_word(0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147);
- &data_word(0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7);
- &data_word(0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44);
- &data_word(0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3);
- &data_word(0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d);
- &data_word(0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156);
- &data_word(0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8);
-#Td4:
- &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
- &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
- &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
- &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
- &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
- &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
- &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
- &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
- &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
- &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
- &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
- &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
- &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
- &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
- &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
- &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
- &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
- &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
- &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
- &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
- &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
- &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
- &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
- &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
- &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
- &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
- &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
- &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
- &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
- &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
- &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
- &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
- &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
- &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
- &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
- &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
- &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
- &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
- &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
- &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
- &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
- &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
- &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
- &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
- &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
- &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
- &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
- &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
- &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
- &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
- &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
- &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
- &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
- &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
- &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
- &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
- &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
- &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
- &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
- &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
- &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
- &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
- &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
- &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+ &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+ &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+ &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+ &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+ &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+ &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+ &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+ &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+ &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+ &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+ &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+ &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+ &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+ &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+ &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+ &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+ &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+ &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+ &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+ &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+ &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+ &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+ &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+ &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+ &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+ &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+ &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+ &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+ &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+ &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+ &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+ &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+ &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+ &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+ &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+ &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+ &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+ &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+ &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+ &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+ &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+ &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+ &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+ &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+ &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+ &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+ &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+ &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+ &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+ &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+ &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+ &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+ &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+ &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+ &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+ &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+ &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+ &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+ &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+ &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+ &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+ &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4: # four copies of Td4 to choose from to avoid L1 aliasing
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
&function_end_B("_x86_AES_decrypt");
# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
&function_begin("AES_decrypt");
&mov ($acc,&wparam(0)); # load inp
&mov ($key,&wparam(2)); # load key
+ &mov ($s0,"esp");
+ &sub ("esp",36);
+ &and ("esp",-64); # align to cache-line
+
+ # place stack frame just "above" the key schedule
+ &lea ($s1,&DWP(-64-63,$key));
+ &sub ($s1,"esp");
+ &neg ($s1);
+ &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
+ &sub ("esp",$s1);
+ &add ("esp",4); # 4 is reserved for caller's return address
+ &mov ($_esp,$s0); # save stack pointer
+
&call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop("ebp");
- &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-
+ &blindpop($tbl);
+ &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
+ &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl));
+
+ # pick Td4 copy which can't "overlap" with stack frame or key schedule
+ &lea ($s1,&DWP(768-4,"esp"));
+ &sub ($s1,$tbl);
+ &and ($s1,0x300);
+ &lea ($tbl,&DWP(2048+128,$tbl,$s1));
+
+ if (!$x86only) {
+ &bt (&DWP(0,$s0),25); # check for SSE bit
+ &jnc (&label("x86"));
+
+ &movq ("mm0",&QWP(0,$acc));
+ &movq ("mm4",&QWP(8,$acc));
+ &call ("_sse_AES_decrypt_compact");
+ &mov ("esp",$_esp); # restore stack pointer
+ &mov ($acc,&wparam(1)); # load out
+ &movq (&QWP(0,$acc),"mm0"); # write output data
+ &movq (&QWP(8,$acc),"mm4");
+ &emms ();
+ &function_end_A();
+ }
+ &set_label("x86",16);
+ &mov ($_tbl,$tbl);
&mov ($s0,&DWP(0,$acc)); # load input data
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
-
- &call ("_x86_AES_decrypt");
-
+ &call ("_x86_AES_decrypt_compact");
+ &mov ("esp",$_esp); # restore stack pointer
&mov ($acc,&wparam(1)); # load out
&mov (&DWP(0,$acc),$s0); # write output data
&mov (&DWP(4,$acc),$s1);
@@ -1225,156 +2006,233 @@ sub declast()
# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
# size_t length, const AES_KEY *key,
-# unsigned char *ivp,const int enc);
-&public_label("AES_Te");
-&public_label("AES_Td");
+# unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -4(%esp) # return address 0(%esp)
+# 0(%esp) # s0 backing store 4(%esp)
+# 4(%esp) # s1 backing store 8(%esp)
+# 8(%esp) # s2 backing store 12(%esp)
+# 12(%esp) # s3 backing store 16(%esp)
+# 16(%esp) # key backup 20(%esp)
+# 20(%esp) # end of key schedule 24(%esp)
+# 24(%esp) # %ebp backup 28(%esp)
+# 28(%esp) # %esp backup
+my $_inp=&DWP(32,"esp"); # copy of wparam(0)
+my $_out=&DWP(36,"esp"); # copy of wparam(1)
+my $_len=&DWP(40,"esp"); # copy of wparam(2)
+my $_key=&DWP(44,"esp"); # copy of wparam(3)
+my $_ivp=&DWP(48,"esp"); # copy of wparam(4)
+my $_tmp=&DWP(52,"esp"); # volatile variable
+#
+my $ivec=&DWP(60,"esp"); # ivec[16]
+my $aes_key=&DWP(76,"esp"); # copy of aes_key
+my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds
+
&function_begin("AES_cbc_encrypt");
&mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len
&cmp ($s2,0);
- &je (&label("enc_out"));
+ &je (&label("drop_out"));
- &call (&label("pic_point")); # make it PIC!
+ &call (&label("pic_point")); # make it PIC!
&set_label("pic_point");
- &blindpop("ebp");
+ &blindpop($tbl);
+ &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only);
&cmp (&wparam(5),0);
- &je (&label("DECRYPT"));
+ &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+ &jne (&label("picked_te"));
+ &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl));
+ &set_label("picked_te");
- &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-
- &mov ($acc,&wparam(0)); # load inp
- &mov ($key,&wparam(4)); # load ivp
-
- &test ($s2,~15);
- &jz (&label("enc_tail")); # short input...
+ # one can argue if this is required
+ &pushf ();
+ &cld ();
+ &cmp ($s2,$speed_limit);
+ &jb (&label("slow_way"));
+ &test ($s2,15);
+ &jnz (&label("slow_way"));
+ if (!$x86only) {
+ &bt (&DWP(0,$s0),28); # check for hyper-threading bit
+ &jc (&label("slow_way"));
+ }
+ # pre-allocate aligned stack frame...
+ &lea ($acc,&DWP(-80-244,"esp"));
+ &and ($acc,-64);
+
+ # ... and make sure it doesn't alias with $tbl modulo 4096
+ &mov ($s0,$tbl);
+ &lea ($s1,&DWP(2048+256,$tbl));
+ &mov ($s3,$acc);
+ &and ($s0,0xfff); # s = %ebp&0xfff
+ &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff
+ &and ($s3,0xfff); # p = %esp&0xfff
+
+ &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e);
+ &jb (&label("tbl_break_out"));
+ &sub ($s3,$s1);
+ &sub ($acc,$s3);
+ &jmp (&label("tbl_ok"));
+ &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz;
+ &sub ($s3,$s0);
+ &and ($s3,0xfff);
+ &add ($s3,384);
+ &sub ($acc,$s3);
+ &set_label("tbl_ok",4);
+
+ &lea ($s3,&wparam(0)); # obtain pointer to parameter block
+ &exch ("esp",$acc); # allocate stack frame
+ &add ("esp",4); # reserve for return address!
+ &mov ($_tbl,$tbl); # save %ebp
+ &mov ($_esp,$acc); # save %esp
+
+ &mov ($s0,&DWP(0,$s3)); # load inp
+ &mov ($s1,&DWP(4,$s3)); # load out
+ #&mov ($s2,&DWP(8,$s3)); # load len
+ &mov ($key,&DWP(12,$s3)); # load key
+ &mov ($acc,&DWP(16,$s3)); # load ivp
+ &mov ($s3,&DWP(20,$s3)); # load enc flag
+
+ &mov ($_inp,$s0); # save copy of inp
+ &mov ($_out,$s1); # save copy of out
+ &mov ($_len,$s2); # save copy of len
+ &mov ($_key,$key); # save copy of key
+ &mov ($_ivp,$acc); # save copy of ivp
+
+ &mov ($mark,0); # copy of aes_key->rounds = 0;
+ # do we copy key schedule to stack?
+ &mov ($s1 eq "ebx" ? $s1 : "",$key);
+ &mov ($s2 eq "ecx" ? $s2 : "",244/4);
+ &sub ($s1,$tbl);
+ &mov ("esi",$key);
+ &and ($s1,0xfff);
+ &lea ("edi",$aes_key);
+ &cmp ($s1,2048+256);
+ &jb (&label("do_copy"));
+ &cmp ($s1,4096-244);
+ &jb (&label("skip_copy"));
+ &set_label("do_copy",4);
+ &mov ($_key,"edi");
+ &data_word(0xA5F3F689); # rep movsd
+ &set_label("skip_copy");
+
+ &mov ($key,16);
+ &set_label("prefetch_tbl",4);
+ &mov ($s0,&DWP(0,$tbl));
+ &mov ($s1,&DWP(32,$tbl));
+ &mov ($s2,&DWP(64,$tbl));
+ &mov ($acc,&DWP(96,$tbl));
+ &lea ($tbl,&DWP(128,$tbl));
+ &sub ($key,1);
+ &jnz (&label("prefetch_tbl"));
+ &sub ($tbl,2048);
+
+ &mov ($acc,$_inp);
+ &mov ($key,$_ivp);
+
+ &cmp ($s3,0);
+ &je (&label("fast_decrypt"));
+
+#----------------------------- ENCRYPT -----------------------------#
&mov ($s0,&DWP(0,$key)); # load iv
&mov ($s1,&DWP(4,$key));
- &align (4);
- &set_label("enc_loop");
+ &set_label("fast_enc_loop",16);
&mov ($s2,&DWP(8,$key));
&mov ($s3,&DWP(12,$key));
- &xor ($s0,&DWP(0,$acc)); # xor input data
+ &xor ($s0,&DWP(0,$acc)); # xor input data
&xor ($s1,&DWP(4,$acc));
&xor ($s2,&DWP(8,$acc));
&xor ($s3,&DWP(12,$acc));
- &mov ($key,&wparam(3)); # load key
+ &mov ($key,$_key); # load key
&call ("_x86_AES_encrypt");
- &mov ($acc,&wparam(0)); # load inp
- &mov ($key,&wparam(1)); # load out
+ &mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
- &mov (&DWP(0,$key),$s0); # save output data
+ &mov (&DWP(0,$key),$s0); # save output data
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &mov ($s2,&wparam(2)); # load len
-
- &lea ($acc,&DWP(16,$acc));
- &mov (&wparam(0),$acc); # save inp
-
- &lea ($s3,&DWP(16,$key));
- &mov (&wparam(1),$s3); # save out
-
- &sub ($s2,16);
- &test ($s2,~15);
- &mov (&wparam(2),$s2); # save len
- &jnz (&label("enc_loop"));
- &test ($s2,15);
- &jnz (&label("enc_tail"));
- &mov ($acc,&wparam(4)); # load ivp
- &mov ($s2,&DWP(8,$key)); # restore last dwords
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($s2,$_len); # load len
+ &mov ($_inp,$acc); # save inp
+ &lea ($s3,&DWP(16,$key)); # advance out
+ &mov ($_out,$s3); # save out
+ &sub ($s2,16); # decrease len
+ &mov ($_len,$s2); # save len
+ &jnz (&label("fast_enc_loop"));
+ &mov ($acc,$_ivp); # load ivp
+ &mov ($s2,&DWP(8,$key)); # restore last 2 dwords
&mov ($s3,&DWP(12,$key));
- &mov (&DWP(0,$acc),$s0); # save iv
+ &mov (&DWP(0,$acc),$s0); # save ivec
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
- &set_label("enc_out");
- &function_end_A();
- &align (4);
- &set_label("enc_tail");
- &push ($key eq "edi" ? $key : ""); # push ivp
- &pushf ();
- &mov ($key,&wparam(1)); # load out
- &mov ($s1,16);
- &sub ($s1,$s2);
- &cmp ($key,$acc); # compare with inp
- &je (&label("enc_in_place"));
- &data_word(0x90A4F3FC); # cld; rep movsb; nop # copy input
- &jmp (&label("enc_skip_in_place"));
- &set_label("enc_in_place");
- &lea ($key,&DWP(0,$key,$s2));
- &set_label("enc_skip_in_place");
- &mov ($s2,$s1);
- &xor ($s0,$s0);
- &data_word(0x90AAF3FC); # cld; rep stosb; nop # zero tail
+ &cmp ($mark,0); # was the key schedule copied?
+ &mov ("edi",$_key);
+ &je (&label("skip_ezero"));
+ # zero copy of key schedule
+ &mov ("ecx",240/4);
+ &xor ("eax","eax");
+ &align (4);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_ezero")
+ &mov ("esp",$_esp);
&popf ();
- &pop ($key); # pop ivp
-
- &mov ($acc,&wparam(1)); # output as input
- &mov ($s0,&DWP(0,$key));
- &mov ($s1,&DWP(4,$key));
- &mov (&wparam(2),16); # len=16
- &jmp (&label("enc_loop")); # one more spin...
+ &set_label("drop_out");
+ &function_end_A();
+ &pushf (); # kludge, never executed
#----------------------------- DECRYPT -----------------------------#
-&align (4);
-&set_label("DECRYPT");
- &stack_push(5); # allocate temp + ivp
+&set_label("fast_decrypt",16);
- &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+ &cmp ($acc,$_out);
+ &je (&label("fast_dec_in_place")); # in-place processing...
- &mov ($acc,&wparam(0)); # load inp
- &cmp ($acc,&wparam(1));
- &je (&label("dec_in_place")); # in-place processing...
-
- &mov ($key,&wparam(4)); # load ivp
- &mov (&swtmp(4),$key);
+ &mov ($_tmp,$key);
&align (4);
- &set_label("dec_loop");
- &mov ($s0,&DWP(0,$acc)); # read input
+ &set_label("fast_dec_loop",16);
+ &mov ($s0,&DWP(0,$acc)); # read input
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &mov ($key,&wparam(3)); # load key
+ &mov ($key,$_key); # load key
&call ("_x86_AES_decrypt");
- &mov ($key,&swtmp(4)); # load ivp
- &mov ($acc,&wparam(2)); # load len
- &xor ($s0,&DWP(0,$key)); # xor iv
+ &mov ($key,$_tmp); # load ivp
+ &mov ($acc,$_len); # load len
+ &xor ($s0,&DWP(0,$key)); # xor iv
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &sub ($acc,16);
- &jc (&label("dec_partial"));
- &mov (&wparam(2),$acc); # save len
- &mov ($acc,&wparam(0)); # load inp
- &mov ($key,&wparam(1)); # load out
+ &mov ($key,$_out); # load out
+ &mov ($acc,$_inp); # load inp
- &mov (&DWP(0,$key),$s0); # write output
+ &mov (&DWP(0,$key),$s0); # write output
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &mov (&swtmp(4),$acc); # save ivp
- &lea ($acc,&DWP(16,$acc));
- &mov (&wparam(0),$acc); # save inp
-
- &lea ($key,&DWP(16,$key));
- &mov (&wparam(1),$key); # save out
-
- &jnz (&label("dec_loop"));
- &mov ($key,&swtmp(4)); # load temp ivp
- &set_label("dec_end");
- &mov ($acc,&wparam(4)); # load user ivp
+ &mov ($s2,$_len); # load len
+ &mov ($_tmp,$acc); # save ivp
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &lea ($key,&DWP(16,$key)); # advance out
+ &mov ($_out,$key); # save out
+ &sub ($s2,16); # decrease len
+ &mov ($_len,$s2); # save len
+ &jnz (&label("fast_dec_loop"));
+ &mov ($key,$_tmp); # load temp ivp
+ &mov ($acc,$_ivp); # load user ivp
&mov ($s0,&DWP(0,$key)); # load iv
&mov ($s1,&DWP(4,$key));
&mov ($s2,&DWP(8,$key));
@@ -1383,130 +2241,418 @@ sub declast()
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
- &jmp (&label("dec_out"));
+ &jmp (&label("fast_dec_out"));
- &align (4);
- &set_label("dec_partial");
- &lea ($key,&swtmp(0));
- &mov (&DWP(0,$key),$s0); # dump output to stack
- &mov (&DWP(4,$key),$s1);
- &mov (&DWP(8,$key),$s2);
- &mov (&DWP(12,$key),$s3);
- &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
- &mov ($acc eq "esi" ? $acc : "",$key);
- &mov ($key eq "edi" ? $key : "",&wparam(1));
- &pushf ();
- &data_word(0x90A4F3FC); # cld; rep movsb; nop # copy output
- &popf ();
- &mov ($key,&wparam(0)); # load temp ivp
- &jmp (&label("dec_end"));
-
- &align (4);
- &set_label("dec_in_place");
- &set_label("dec_in_place_loop");
- &lea ($key,&swtmp(0));
- &mov ($s0,&DWP(0,$acc)); # read input
+ &set_label("fast_dec_in_place",16);
+ &set_label("fast_dec_in_place_loop");
+ &mov ($s0,&DWP(0,$acc)); # read input
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &mov (&DWP(0,$key),$s0); # copy to temp
+ &lea ($key,$ivec);
+ &mov (&DWP(0,$key),$s0); # copy to temp
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &mov ($key,&wparam(3)); # load key
+ &mov ($key,$_key); # load key
&call ("_x86_AES_decrypt");
- &mov ($key,&wparam(4)); # load ivp
- &mov ($acc,&wparam(1)); # load out
- &xor ($s0,&DWP(0,$key)); # xor iv
+ &mov ($key,$_ivp); # load ivp
+ &mov ($acc,$_out); # load out
+ &xor ($s0,&DWP(0,$key)); # xor iv
&xor ($s1,&DWP(4,$key));
&xor ($s2,&DWP(8,$key));
&xor ($s3,&DWP(12,$key));
- &mov (&DWP(0,$acc),$s0); # write output
+ &mov (&DWP(0,$acc),$s0); # write output
&mov (&DWP(4,$acc),$s1);
&mov (&DWP(8,$acc),$s2);
&mov (&DWP(12,$acc),$s3);
- &lea ($acc,&DWP(16,$acc));
- &mov (&wparam(1),$acc); # save out
+ &lea ($acc,&DWP(16,$acc)); # advance out
+ &mov ($_out,$acc); # save out
- &lea ($acc,&swtmp(0));
- &mov ($s0,&DWP(0,$acc)); # read temp
+ &lea ($acc,$ivec);
+ &mov ($s0,&DWP(0,$acc)); # read temp
&mov ($s1,&DWP(4,$acc));
&mov ($s2,&DWP(8,$acc));
&mov ($s3,&DWP(12,$acc));
- &mov (&DWP(0,$key),$s0); # copy iv
+ &mov (&DWP(0,$key),$s0); # copy iv
&mov (&DWP(4,$key),$s1);
&mov (&DWP(8,$key),$s2);
&mov (&DWP(12,$key),$s3);
- &mov ($acc,&wparam(0)); # load inp
+ &mov ($acc,$_inp); # load inp
+ &mov ($s2,$_len); # load len
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &sub ($s2,16); # decrease len
+ &mov ($_len,$s2); # save len
+ &jnz (&label("fast_dec_in_place_loop"));
+
+ &set_label("fast_dec_out",4);
+ &cmp ($mark,0); # was the key schedule copied?
+ &mov ("edi",$_key);
+ &je (&label("skip_dzero"));
+ # zero copy of key schedule
+ &mov ("ecx",240/4);
+ &xor ("eax","eax");
+ &align (4);
+ &data_word(0xABF3F689); # rep stosd
+ &set_label("skip_dzero")
+ &mov ("esp",$_esp);
+ &popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+&set_label("slow_way",16);
+
+ &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap
+ &mov ($key,&wparam(3)); # load key
+
+ # pre-allocate aligned stack frame...
+ &lea ($acc,&DWP(-80,"esp"));
+ &and ($acc,-64);
+
+ # ... and make sure it doesn't alias with $key modulo 1024
+ &lea ($s1,&DWP(-80-63,$key));
+ &sub ($s1,$acc);
+ &neg ($s1);
+ &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line
+ &sub ($acc,$s1);
+
+ # pick S-box copy which can't overlap with stack frame or $key
+ &lea ($s1,&DWP(768,$acc));
+ &sub ($s1,$tbl);
+ &and ($s1,0x300);
+ &lea ($tbl,&DWP(2048+128,$tbl,$s1));
+
+ &lea ($s3,&wparam(0)); # pointer to parameter block
+
+ &exch ("esp",$acc);
+ &add ("esp",4); # reserve for return address!
+ &mov ($_tbl,$tbl); # save %ebp
+ &mov ($_esp,$acc); # save %esp
+ &mov ($_tmp,$s0); # save OPENSSL_ia32cap
+
+ &mov ($s0,&DWP(0,$s3)); # load inp
+ &mov ($s1,&DWP(4,$s3)); # load out
+ #&mov ($s2,&DWP(8,$s3)); # load len
+ #&mov ($key,&DWP(12,$s3)); # load key
+ &mov ($acc,&DWP(16,$s3)); # load ivp
+ &mov ($s3,&DWP(20,$s3)); # load enc flag
+
+ &mov ($_inp,$s0); # save copy of inp
+ &mov ($_out,$s1); # save copy of out
+ &mov ($_len,$s2); # save copy of len
+ &mov ($_key,$key); # save copy of key
+ &mov ($_ivp,$acc); # save copy of ivp
+
+ &mov ($key,$acc);
+ &mov ($acc,$s0);
+
+ &cmp ($s3,0);
+ &je (&label("slow_decrypt"));
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+ &cmp ($s2,16);
+ &mov ($s3,$s1);
+ &jb (&label("slow_enc_tail"));
+
+ if (!$x86only) {
+ &bt ($_tmp,25); # check for SSE bit
+ &jnc (&label("slow_enc_x86"));
+
+ &movq ("mm0",&QWP(0,$key)); # load iv
+ &movq ("mm4",&QWP(8,$key));
+
+ &set_label("slow_enc_loop_sse",16);
+ &pxor ("mm0",&QWP(0,$acc)); # xor input data
+ &pxor ("mm4",&QWP(8,$acc));
+
+ &mov ($key,$_key);
+ &call ("_sse_AES_encrypt_compact");
+
+ &mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
+ &mov ($s2,$_len); # load len
+
+ &movq (&QWP(0,$key),"mm0"); # save output data
+ &movq (&QWP(8,$key),"mm4");
+
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &lea ($s3,&DWP(16,$key)); # advance out
+ &mov ($_out,$s3); # save out
+ &sub ($s2,16); # decrease len
+ &cmp ($s2,16);
+ &mov ($_len,$s2); # save len
+ &jae (&label("slow_enc_loop_sse"));
+ &test ($s2,15);
+ &jnz (&label("slow_enc_tail"));
+ &mov ($acc,$_ivp); # load ivp
+ &movq (&QWP(0,$acc),"mm0"); # save ivec
+ &movq (&QWP(8,$acc),"mm4");
+ &emms ();
+ &mov ("esp",$_esp);
+ &popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
+ }
+ &set_label("slow_enc_x86",16);
+ &mov ($s0,&DWP(0,$key)); # load iv
+ &mov ($s1,&DWP(4,$key));
+
+ &set_label("slow_enc_loop_x86",4);
+ &mov ($s2,&DWP(8,$key));
+ &mov ($s3,&DWP(12,$key));
+
+ &xor ($s0,&DWP(0,$acc)); # xor input data
+ &xor ($s1,&DWP(4,$acc));
+ &xor ($s2,&DWP(8,$acc));
+ &xor ($s3,&DWP(12,$acc));
+
+ &mov ($key,$_key); # load key
+ &call ("_x86_AES_encrypt_compact");
+
+ &mov ($acc,$_inp); # load inp
+ &mov ($key,$_out); # load out
- &lea ($acc,&DWP(16,$acc));
- &mov (&wparam(0),$acc); # save inp
+ &mov (&DWP(0,$key),$s0); # save output data
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($s2,$_len); # load len
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &lea ($s3,&DWP(16,$key)); # advance out
+ &mov ($_out,$s3); # save out
+ &sub ($s2,16); # decrease len
+ &cmp ($s2,16);
+ &mov ($_len,$s2); # save len
+ &jae (&label("slow_enc_loop_x86"));
+ &test ($s2,15);
+ &jnz (&label("slow_enc_tail"));
+ &mov ($acc,$_ivp); # load ivp
+ &mov ($s2,&DWP(8,$key)); # restore last dwords
+ &mov ($s3,&DWP(12,$key));
+ &mov (&DWP(0,$acc),$s0); # save ivec
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
- &mov ($s2,&wparam(2)); # load len
- &sub ($s2,16);
- &jc (&label("dec_in_place_partial"));
- &mov (&wparam(2),$s2); # save len
- &jnz (&label("dec_in_place_loop"));
- &jmp (&label("dec_out"));
+ &mov ("esp",$_esp);
+ &popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
- &align (4);
- &set_label("dec_in_place_partial");
- # one can argue if this is actually required...
- &mov ($key eq "edi" ? $key : "",&wparam(1));
- &lea ($acc eq "esi" ? $acc : "",&swtmp(0));
+ &set_label("slow_enc_tail",16);
+ &emms () if (!$x86only);
+ &mov ($key eq "edi"? $key:"",$s3); # load out to edi
+ &mov ($s1,16);
+ &sub ($s1,$s2);
+ &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp
+ &je (&label("enc_in_place"));
+ &align (4);
+ &data_word(0xA4F3F689); # rep movsb # copy input
+ &jmp (&label("enc_skip_in_place"));
+ &set_label("enc_in_place");
&lea ($key,&DWP(0,$key,$s2));
- &lea ($acc,&DWP(16,$acc,$s2));
- &neg ($s2 eq "ecx" ? $s2 : "");
- &pushf ();
- &data_word(0x90A4F3FC); # cld; rep movsb; nop # restore tail
+ &set_label("enc_skip_in_place");
+ &mov ($s2,$s1);
+ &xor ($s0,$s0);
+ &align (4);
+ &data_word(0xAAF3F689); # rep stosb # zero tail
+
+ &mov ($key,$_ivp); # restore ivp
+ &mov ($acc,$s3); # output as input
+ &mov ($s0,&DWP(0,$key));
+ &mov ($s1,&DWP(4,$key));
+ &mov ($_len,16); # len=16
+ &jmp (&label("slow_enc_loop_x86")); # one more spin...
+
+#--------------------------- SLOW DECRYPT ---------------------------#
+&set_label("slow_decrypt",16);
+ if (!$x86only) {
+ &bt ($_tmp,25); # check for SSE bit
+ &jnc (&label("slow_dec_loop_x86"));
+
+ &set_label("slow_dec_loop_sse",4);
+ &movq ("mm0",&QWP(0,$acc)); # read input
+ &movq ("mm4",&QWP(8,$acc));
+
+ &mov ($key,$_key);
+ &call ("_sse_AES_decrypt_compact");
+
+ &mov ($acc,$_inp); # load inp
+ &lea ($s0,$ivec);
+ &mov ($s1,$_out); # load out
+ &mov ($s2,$_len); # load len
+ &mov ($key,$_ivp); # load ivp
+
+ &movq ("mm1",&QWP(0,$acc)); # re-read input
+ &movq ("mm5",&QWP(8,$acc));
+
+ &pxor ("mm0",&QWP(0,$key)); # xor iv
+ &pxor ("mm4",&QWP(8,$key));
+
+ &movq (&QWP(0,$key),"mm1"); # copy input to iv
+ &movq (&QWP(8,$key),"mm5");
+
+ &sub ($s2,16); # decrease len
+ &jc (&label("slow_dec_partial_sse"));
+
+ &movq (&QWP(0,$s1),"mm0"); # write output
+ &movq (&QWP(8,$s1),"mm4");
+
+ &lea ($s1,&DWP(16,$s1)); # advance out
+ &mov ($_out,$s1); # save out
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &mov ($_len,$s2); # save len
+ &jnz (&label("slow_dec_loop_sse"));
+ &emms ();
+ &mov ("esp",$_esp);
&popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
+
+ &set_label("slow_dec_partial_sse",16);
+ &movq (&QWP(0,$s0),"mm0"); # save output to temp
+ &movq (&QWP(8,$s0),"mm4");
+ &emms ();
+
+ &add ($s2 eq "ecx" ? "ecx":"",16);
+ &mov ("edi",$s1); # out
+ &mov ("esi",$s0); # temp
+ &align (4);
+ &data_word(0xA4F3F689); # rep movsb # copy partial output
+
+ &mov ("esp",$_esp);
+ &popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
+ }
+ &set_label("slow_dec_loop_x86",16);
+ &mov ($s0,&DWP(0,$acc)); # read input
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &lea ($key,$ivec);
+ &mov (&DWP(0,$key),$s0); # copy to temp
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($key,$_key); # load key
+ &call ("_x86_AES_decrypt_compact");
+
+ &mov ($key,$_ivp); # load ivp
+ &mov ($acc,$_len); # load len
+ &xor ($s0,&DWP(0,$key)); # xor iv
+ &xor ($s1,&DWP(4,$key));
+ &xor ($s2,&DWP(8,$key));
+ &xor ($s3,&DWP(12,$key));
+
+ &sub ($acc,16);
+ &jc (&label("slow_dec_partial_x86"));
+
+ &mov ($_len,$acc); # save len
+ &mov ($acc,$_out); # load out
+
+ &mov (&DWP(0,$acc),$s0); # write output
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+
+ &lea ($acc,&DWP(16,$acc)); # advance out
+ &mov ($_out,$acc); # save out
+
+ &lea ($acc,$ivec);
+ &mov ($s0,&DWP(0,$acc)); # read temp
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
- &align (4);
- &set_label("dec_out");
- &stack_pop(5);
+ &mov (&DWP(0,$key),$s0); # copy it to iv
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ($acc,$_inp); # load inp
+ &lea ($acc,&DWP(16,$acc)); # advance inp
+ &mov ($_inp,$acc); # save inp
+ &jnz (&label("slow_dec_loop_x86"));
+ &mov ("esp",$_esp);
+ &popf ();
+ &function_end_A();
+ &pushf (); # kludge, never executed
+
+ &set_label("slow_dec_partial_x86",16);
+ &lea ($acc,$ivec);
+ &mov (&DWP(0,$acc),$s0); # save output to temp
+ &mov (&DWP(4,$acc),$s1);
+ &mov (&DWP(8,$acc),$s2);
+ &mov (&DWP(12,$acc),$s3);
+
+ &mov ($acc,$_inp);
+ &mov ($s0,&DWP(0,$acc)); # re-read input
+ &mov ($s1,&DWP(4,$acc));
+ &mov ($s2,&DWP(8,$acc));
+ &mov ($s3,&DWP(12,$acc));
+
+ &mov (&DWP(0,$key),$s0); # copy it to iv
+ &mov (&DWP(4,$key),$s1);
+ &mov (&DWP(8,$key),$s2);
+ &mov (&DWP(12,$key),$s3);
+
+ &mov ("ecx",$_len);
+ &mov ("edi",$_out);
+ &lea ("esi",$ivec);
+ &align (4);
+ &data_word(0xA4F3F689); # rep movsb # copy partial output
+
+ &mov ("esp",$_esp);
+ &popf ();
&function_end("AES_cbc_encrypt");
+}
#------------------------------------------------------------------#
sub enckey()
{
&movz ("esi",&LB("edx")); # rk[i]>>0
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&movz ("esi",&HB("edx")); # rk[i]>>8
- &and ("ebx",0xFF000000);
+ &shl ("ebx",24);
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&shr ("edx",16);
- &and ("ebx",0x000000FF);
&movz ("esi",&LB("edx")); # rk[i]>>16
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&movz ("esi",&HB("edx")); # rk[i]>>24
- &and ("ebx",0x0000FF00);
+ &shl ("ebx",8);
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
- &and ("ebx",0x00FF0000);
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &shl ("ebx",16);
&xor ("eax","ebx");
- &xor ("eax",&DWP(1024,"ebp","ecx",4)); # rcon
+ &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon
}
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-# AES_KEY *key)
-&public_label("AES_Te");
-&function_begin("AES_set_encrypt_key");
- &mov ("esi",&wparam(0)); # user supplied key
- &mov ("edi",&wparam(2)); # private key schedule
+&function_begin("_x86_AES_set_encrypt_key");
+ &mov ("esi",&wparam(1)); # user supplied key
+ &mov ("edi",&wparam(3)); # private key schedule
&test ("esi",-1);
&jz (&label("badpointer"));
@@ -1515,11 +2661,21 @@ sub enckey()
&call (&label("pic_point"));
&set_label("pic_point");
- &blindpop("ebp");
- &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
- &add ("ebp",1024*4); # skip to Te4
-
- &mov ("ecx",&wparam(1)); # number of bits in key
+ &blindpop($tbl);
+ &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl));
+ &lea ($tbl,&DWP(2048+128,$tbl));
+
+ # prefetch Te4
+ &mov ("eax",&DWP(0-128,$tbl));
+ &mov ("ebx",&DWP(32-128,$tbl));
+ &mov ("ecx",&DWP(64-128,$tbl));
+ &mov ("edx",&DWP(96-128,$tbl));
+ &mov ("eax",&DWP(128-128,$tbl));
+ &mov ("ebx",&DWP(160-128,$tbl));
+ &mov ("ecx",&DWP(192-128,$tbl));
+ &mov ("edx",&DWP(224-128,$tbl));
+
+ &mov ("ecx",&wparam(2)); # number of bits in key
&cmp ("ecx",128);
&je (&label("10rounds"));
&cmp ("ecx",192);
@@ -1658,24 +2814,23 @@ sub enckey()
&mov ("edx","eax");
&mov ("eax",&DWP(16,"edi")); # rk[4]
&movz ("esi",&LB("edx")); # rk[11]>>0
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&movz ("esi",&HB("edx")); # rk[11]>>8
- &and ("ebx",0x000000FF);
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&shr ("edx",16);
- &and ("ebx",0x0000FF00);
+ &shl ("ebx",8);
&movz ("esi",&LB("edx")); # rk[11]>>16
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
&movz ("esi",&HB("edx")); # rk[11]>>24
- &and ("ebx",0x00FF0000);
+ &shl ("ebx",16);
&xor ("eax","ebx");
- &mov ("ebx",&DWP(0,"ebp","esi",4));
- &and ("ebx",0xFF000000);
+ &movz ("ebx",&BP(-128,$tbl,"esi",1));
+ &shl ("ebx",24);
&xor ("eax","ebx");
&mov (&DWP(48,"edi"),"eax"); # rk[12]
@@ -1697,43 +2852,74 @@ sub enckey()
&set_label("badpointer");
&mov ("eax",-1);
&set_label("exit");
-&function_end("AES_set_encrypt_key");
+&function_end("_x86_AES_set_encrypt_key");
-sub deckey()
-{ my ($i,$ptr,$te4,$td) = @_;
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+&function_begin_B("AES_set_encrypt_key");
+ &call ("_x86_AES_set_encrypt_key");
+ &ret ();
+&function_end_B("AES_set_encrypt_key");
- &mov ("eax",&DWP($i,$ptr));
- &mov ("edx","eax");
- &movz ("ebx",&HB("eax"));
- &shr ("edx",16);
- &and ("eax",0xFF);
- &movz ("eax",&BP(0,$te4,"eax",4));
- &movz ("ebx",&BP(0,$te4,"ebx",4));
- &mov ("eax",&DWP(1024*0,$td,"eax",4));
- &xor ("eax",&DWP(1024*1,$td,"ebx",4));
- &movz ("ebx",&HB("edx"));
- &and ("edx",0xFF);
- &movz ("edx",&BP(0,$te4,"edx",4));
- &movz ("ebx",&BP(0,$te4,"ebx",4));
- &xor ("eax",&DWP(1024*2,$td,"edx",4));
- &xor ("eax",&DWP(1024*3,$td,"ebx",4));
- &mov (&DWP($i,$ptr),"eax");
+sub deckey()
+{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
+ my $tmp = $tbl;
+
+ &mov ($acc,$tp1);
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp2,&DWP(0,$tp1,$tp1));
+ &sub ($acc,$tmp);
+ &and ($tp2,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &xor ($acc,$tp2);
+ &mov ($tp2,$acc);
+
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp4,&DWP(0,$tp2,$tp2));
+ &sub ($acc,$tmp);
+ &and ($tp4,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &xor ($tp2,$tp1); # tp2^tp1
+ &xor ($acc,$tp4);
+ &mov ($tp4,$acc);
+
+ &and ($acc,0x80808080);
+ &mov ($tmp,$acc);
+ &shr ($tmp,7);
+ &lea ($tp8,&DWP(0,$tp4,$tp4));
+ &xor ($tp4,$tp1); # tp4^tp1
+ &sub ($acc,$tmp);
+ &and ($tp8,0xfefefefe);
+ &and ($acc,0x1b1b1b1b);
+ &rotl ($tp1,8); # = ROTATE(tp1,8)
+ &xor ($tp8,$acc);
+
+ &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load
+
+ &xor ($tp1,$tp2);
+ &xor ($tp2,$tp8);
+ &xor ($tp1,$tp4);
+ &rotl ($tp2,24);
+ &xor ($tp4,$tp8);
+ &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1)
+ &rotl ($tp4,16);
+ &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24)
+ &rotl ($tp8,8);
+ &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16)
+ &mov ($tp2,$tmp);
+ &xor ($tp1,$tp8); # ^= ROTATE(tp8,8)
+
+ &mov (&DWP(4*$i,$key),$tp1);
}
# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
# AES_KEY *key)
-&public_label("AES_Td");
-&public_label("AES_Te");
&function_begin_B("AES_set_decrypt_key");
- &mov ("eax",&wparam(0));
- &mov ("ecx",&wparam(1));
- &mov ("edx",&wparam(2));
- &sub ("esp",12);
- &mov (&DWP(0,"esp"),"eax");
- &mov (&DWP(4,"esp"),"ecx");
- &mov (&DWP(8,"esp"),"edx");
- &call ("AES_set_encrypt_key");
- &add ("esp",12);
+ &call ("_x86_AES_set_encrypt_key");
&cmp ("eax",0);
&je (&label("proceed"));
&ret ();
@@ -1749,8 +2935,7 @@ sub deckey()
&lea ("ecx",&DWP(0,"","ecx",4));
&lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk
- &align (4);
- &set_label("invert"); # invert order of chunks
+ &set_label("invert",4); # invert order of chunks
&mov ("eax",&DWP(0,"esi"));
&mov ("ebx",&DWP(4,"esi"));
&mov ("ecx",&DWP(0,"edi"));
@@ -1772,27 +2957,24 @@ sub deckey()
&cmp ("esi","edi");
&jne (&label("invert"));
- &call (&label("pic_point"));
- &set_label("pic_point");
- blindpop("ebp");
- &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
- &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
- &add ("ebp",1024*4); # skip to Te4
-
- &mov ("esi",&wparam(2));
- &mov ("ecx",&DWP(240,"esi")); # pull number of rounds
- &dec ("ecx");
- &align (4);
- &set_label("permute"); # permute the key schedule
- &add ("esi",16);
- &deckey (0,"esi","ebp","edi");
- &deckey (4,"esi","ebp","edi");
- &deckey (8,"esi","ebp","edi");
- &deckey (12,"esi","ebp","edi");
- &dec ("ecx");
- &jnz (&label("permute"));
+ &mov ($key,&wparam(2));
+ &mov ($acc,&DWP(240,$key)); # pull number of rounds
+ &lea ($acc,&DWP(-2,$acc,$acc));
+ &lea ($acc,&DWP(0,$key,$acc,8));
+ &mov (&wparam(2),$acc);
+
+ &mov ($s0,&DWP(16,$key)); # modulo-scheduled load
+ &set_label("permute",4); # permute the key schedule
+ &add ($key,16);
+ &deckey (0,$key,$s0,$s1,$s2,$s3);
+ &deckey (1,$key,$s1,$s2,$s3,$s0);
+ &deckey (2,$key,$s2,$s3,$s0,$s1);
+ &deckey (3,$key,$s3,$s0,$s1,$s2);
+ &cmp ($key,&wparam(2));
+ &jb (&label("permute"));
&xor ("eax","eax"); # return success
&function_end("AES_set_decrypt_key");
+&asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
&asm_finish();
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
new file mode 100644
index 0000000000..15742c1ec5
--- /dev/null
+++ b/crypto/aes/asm/aes-armv4.pl
@@ -0,0 +1,1030 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for ARMv4
+
+# January 2007.
+#
+# Code uses single 1K S-box and is >2 times faster than code generated
+# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
+# allows to merge logical or arithmetic operation with shift or rotate
+# in one instruction and emit combined result every cycle. The module
+# is endian-neutral. The performance is ~42 cycles/byte for 128-bit
+# key.
+
+# May 2007.
+#
+# AES_set_[en|de]crypt_key is added.
+
+$s0="r0";
+$s1="r1";
+$s2="r2";
+$s3="r3";
+$t1="r4";
+$t2="r5";
+$t3="r6";
+$i1="r7";
+$i2="r8";
+$i3="r9";
+
+$tbl="r10";
+$key="r11";
+$rounds="r12";
+
+$code=<<___;
+.text
+.code 32
+
+.type AES_Te,%object
+.align 5
+AES_Te:
+.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+@ Te4[256]
+.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+@ rcon[]
+.word 0x01000000, 0x02000000, 0x04000000, 0x08000000
+.word 0x10000000, 0x20000000, 0x40000000, 0x80000000
+.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.size AES_Te,.-AES_Te
+
+@ void AES_encrypt(const unsigned char *in, unsigned char *out,
+@ const AES_KEY *key) {
+.global AES_encrypt
+.type AES_encrypt,%function
+.align 5
+AES_encrypt:
+ sub r3,pc,#8 @ AES_encrypt
+ stmdb sp!,{r1,r4-r12,lr}
+ mov $rounds,r0 @ inp
+ mov $key,r2
+ sub $tbl,r3,#AES_encrypt-AES_Te @ Te
+
+ ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
+ ldrb $t1,[$rounds,#2] @ manner...
+ ldrb $t2,[$rounds,#1]
+ ldrb $t3,[$rounds,#0]
+ orr $s0,$s0,$t1,lsl#8
+ orr $s0,$s0,$t2,lsl#16
+ orr $s0,$s0,$t3,lsl#24
+ ldrb $s1,[$rounds,#7]
+ ldrb $t1,[$rounds,#6]
+ ldrb $t2,[$rounds,#5]
+ ldrb $t3,[$rounds,#4]
+ orr $s1,$s1,$t1,lsl#8
+ orr $s1,$s1,$t2,lsl#16
+ orr $s1,$s1,$t3,lsl#24
+ ldrb $s2,[$rounds,#11]
+ ldrb $t1,[$rounds,#10]
+ ldrb $t2,[$rounds,#9]
+ ldrb $t3,[$rounds,#8]
+ orr $s2,$s2,$t1,lsl#8
+ orr $s2,$s2,$t2,lsl#16
+ orr $s2,$s2,$t3,lsl#24
+ ldrb $s3,[$rounds,#15]
+ ldrb $t1,[$rounds,#14]
+ ldrb $t2,[$rounds,#13]
+ ldrb $t3,[$rounds,#12]
+ orr $s3,$s3,$t1,lsl#8
+ orr $s3,$s3,$t2,lsl#16
+ orr $s3,$s3,$t3,lsl#24
+
+ bl _armv4_AES_encrypt
+
+ ldr $rounds,[sp],#4 @ pop out
+ mov $t1,$s0,lsr#24 @ write output in endian-neutral
+ mov $t2,$s0,lsr#16 @ manner...
+ mov $t3,$s0,lsr#8
+ strb $t1,[$rounds,#0]
+ strb $t2,[$rounds,#1]
+ strb $t3,[$rounds,#2]
+ strb $s0,[$rounds,#3]
+ mov $t1,$s1,lsr#24
+ mov $t2,$s1,lsr#16
+ mov $t3,$s1,lsr#8
+ strb $t1,[$rounds,#4]
+ strb $t2,[$rounds,#5]
+ strb $t3,[$rounds,#6]
+ strb $s1,[$rounds,#7]
+ mov $t1,$s2,lsr#24
+ mov $t2,$s2,lsr#16
+ mov $t3,$s2,lsr#8
+ strb $t1,[$rounds,#8]
+ strb $t2,[$rounds,#9]
+ strb $t3,[$rounds,#10]
+ strb $s2,[$rounds,#11]
+ mov $t1,$s3,lsr#24
+ mov $t2,$s3,lsr#16
+ mov $t3,$s3,lsr#8
+ strb $t1,[$rounds,#12]
+ strb $t2,[$rounds,#13]
+ strb $t3,[$rounds,#14]
+ strb $s3,[$rounds,#15]
+
+ ldmia sp!,{r4-r12,lr}
+ tst lr,#1
+ moveq pc,lr @ be binary compatible with V4, yet
+ bx lr @ interoperable with Thumb ISA:-)
+.size AES_encrypt,.-AES_encrypt
+
+.type _armv4_AES_encrypt,%function
+.align 2
+_armv4_AES_encrypt:
+ str lr,[sp,#-4]! @ push lr
+ ldr $t1,[$key],#16
+ ldr $t2,[$key,#-12]
+ ldr $t3,[$key,#-8]
+ ldr $i1,[$key,#-4]
+ ldr $rounds,[$key,#240-16]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+ sub $rounds,$rounds,#1
+ mov lr,#255
+
+.Lenc_loop:
+ and $i2,lr,$s0,lsr#8
+ and $i3,lr,$s0,lsr#16
+ and $i1,lr,$s0
+ mov $s0,$s0,lsr#24
+ ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0]
+ ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24]
+ ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8]
+ ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16]
+
+ and $i1,lr,$s1,lsr#16 @ i0
+ and $i2,lr,$s1
+ and $i3,lr,$s1,lsr#8
+ mov $s1,$s1,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16]
+ ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8]
+ eor $s0,$s0,$i1,ror#8
+ eor $s1,$s1,$t1,ror#24
+ eor $t2,$t2,$i2,ror#8
+ eor $t3,$t3,$i3,ror#8
+
+ and $i1,lr,$s2,lsr#8 @ i0
+ and $i2,lr,$s2,lsr#16 @ i1
+ and $i3,lr,$s2
+ mov $s2,$s2,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16]
+ ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0]
+ eor $s0,$s0,$i1,ror#16
+ eor $s1,$s1,$i2,ror#8
+ eor $s2,$s2,$t2,ror#16
+ eor $t3,$t3,$i3,ror#16
+
+ and $i1,lr,$s3 @ i0
+ and $i2,lr,$s3,lsr#8 @ i1
+ and $i3,lr,$s3,lsr#16 @ i2
+ mov $s3,$s3,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16]
+ ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24]
+ eor $s0,$s0,$i1,ror#24
+ eor $s1,$s1,$i2,ror#16
+ eor $s2,$s2,$i3,ror#8
+ eor $s3,$s3,$t3,ror#8
+
+ ldr $t1,[$key],#16
+ ldr $t2,[$key,#-12]
+ ldr $t3,[$key,#-8]
+ ldr $i1,[$key,#-4]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+
+ subs $rounds,$rounds,#1
+ bne .Lenc_loop
+
+ add $tbl,$tbl,#2
+
+ and $i1,lr,$s0
+ and $i2,lr,$s0,lsr#8
+ and $i3,lr,$s0,lsr#16
+ mov $s0,$s0,lsr#24
+ ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0]
+ ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24]
+ ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8]
+ ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16]
+
+ and $i1,lr,$s1,lsr#16 @ i0
+ and $i2,lr,$s1
+ and $i3,lr,$s1,lsr#8
+ mov $s1,$s1,lsr#24
+ ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16]
+ ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24]
+ ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0]
+ ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8]
+ eor $s0,$i1,$s0,lsl#8
+ eor $s1,$t1,$s1,lsl#24
+ eor $t2,$i2,$t2,lsl#8
+ eor $t3,$i3,$t3,lsl#8
+
+ and $i1,lr,$s2,lsr#8 @ i0
+ and $i2,lr,$s2,lsr#16 @ i1
+ and $i3,lr,$s2
+ mov $s2,$s2,lsr#24
+ ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8]
+ ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16]
+ ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24]
+ ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0]
+ eor $s0,$i1,$s0,lsl#8
+ eor $s1,$s1,$i2,lsl#16
+ eor $s2,$t2,$s2,lsl#24
+ eor $t3,$i3,$t3,lsl#8
+
+ and $i1,lr,$s3 @ i0
+ and $i2,lr,$s3,lsr#8 @ i1
+ and $i3,lr,$s3,lsr#16 @ i2
+ mov $s3,$s3,lsr#24
+ ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0]
+ ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8]
+ ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16]
+ ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24]
+ eor $s0,$i1,$s0,lsl#8
+ eor $s1,$s1,$i2,lsl#8
+ eor $s2,$s2,$i3,lsl#16
+ eor $s3,$t3,$s3,lsl#24
+
+ ldr lr,[sp],#4 @ pop lr
+ ldr $t1,[$key,#0]
+ ldr $t2,[$key,#4]
+ ldr $t3,[$key,#8]
+ ldr $i1,[$key,#12]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+
+ sub $tbl,$tbl,#2
+ mov pc,lr @ return
+.size _armv4_AES_encrypt,.-_armv4_AES_encrypt
+
+.global AES_set_encrypt_key
+.type AES_set_encrypt_key,%function
+.align 5
+AES_set_encrypt_key:
+ sub r3,pc,#8 @ AES_set_encrypt_key
+ teq r0,#0
+ moveq r0,#-1
+ beq .Labrt
+ teq r2,#0
+ moveq r0,#-1
+ beq .Labrt
+
+ teq r1,#128
+ beq .Lok
+ teq r1,#192
+ beq .Lok
+ teq r1,#256
+ movne r0,#-1
+ bne .Labrt
+
+.Lok: stmdb sp!,{r4-r12,lr}
+ sub $tbl,r3,#AES_set_encrypt_key-AES_Te-1024 @ Te4
+
+ mov $rounds,r0 @ inp
+ mov lr,r1 @ bits
+ mov $key,r2 @ key
+
+ ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
+ ldrb $t1,[$rounds,#2] @ manner...
+ ldrb $t2,[$rounds,#1]
+ ldrb $t3,[$rounds,#0]
+ orr $s0,$s0,$t1,lsl#8
+ orr $s0,$s0,$t2,lsl#16
+ orr $s0,$s0,$t3,lsl#24
+ ldrb $s1,[$rounds,#7]
+ ldrb $t1,[$rounds,#6]
+ ldrb $t2,[$rounds,#5]
+ ldrb $t3,[$rounds,#4]
+ orr $s1,$s1,$t1,lsl#8
+ orr $s1,$s1,$t2,lsl#16
+ orr $s1,$s1,$t3,lsl#24
+ ldrb $s2,[$rounds,#11]
+ ldrb $t1,[$rounds,#10]
+ ldrb $t2,[$rounds,#9]
+ ldrb $t3,[$rounds,#8]
+ orr $s2,$s2,$t1,lsl#8
+ orr $s2,$s2,$t2,lsl#16
+ orr $s2,$s2,$t3,lsl#24
+ ldrb $s3,[$rounds,#15]
+ ldrb $t1,[$rounds,#14]
+ ldrb $t2,[$rounds,#13]
+ ldrb $t3,[$rounds,#12]
+ orr $s3,$s3,$t1,lsl#8
+ orr $s3,$s3,$t2,lsl#16
+ orr $s3,$s3,$t3,lsl#24
+ str $s0,[$key],#16
+ str $s1,[$key,#-12]
+ str $s2,[$key,#-8]
+ str $s3,[$key,#-4]
+
+ teq lr,#128
+ bne .Lnot128
+ mov $rounds,#10
+ str $rounds,[$key,#240-16]
+ add $t3,$tbl,#256 @ rcon
+ mov lr,#255
+
+.L128_loop:
+ and $t2,lr,$s3,lsr#24
+ and $i1,lr,$s3,lsr#16
+ and $i2,lr,$s3,lsr#8
+ and $i3,lr,$s3
+ ldrb $t2,[$tbl,$t2]
+ ldrb $i1,[$tbl,$i1]
+ ldrb $i2,[$tbl,$i2]
+ ldrb $i3,[$tbl,$i3]
+ ldr $t1,[$t3],#4 @ rcon[i++]
+ orr $t2,$t2,$i1,lsl#24
+ orr $t2,$t2,$i2,lsl#16
+ orr $t2,$t2,$i3,lsl#8
+ eor $t2,$t2,$t1
+ eor $s0,$s0,$t2 @ rk[4]=rk[0]^...
+ eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4]
+ eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5]
+ eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6]
+ str $s0,[$key],#16
+ str $s1,[$key,#-12]
+ str $s2,[$key,#-8]
+ str $s3,[$key,#-4]
+
+ subs $rounds,$rounds,#1
+ bne .L128_loop
+ sub r2,$key,#176
+ b .Ldone
+
+.Lnot128:
+ ldrb $i2,[$rounds,#19]
+ ldrb $t1,[$rounds,#18]
+ ldrb $t2,[$rounds,#17]
+ ldrb $t3,[$rounds,#16]
+ orr $i2,$i2,$t1,lsl#8
+ orr $i2,$i2,$t2,lsl#16
+ orr $i2,$i2,$t3,lsl#24
+ ldrb $i3,[$rounds,#23]
+ ldrb $t1,[$rounds,#22]
+ ldrb $t2,[$rounds,#21]
+ ldrb $t3,[$rounds,#20]
+ orr $i3,$i3,$t1,lsl#8
+ orr $i3,$i3,$t2,lsl#16
+ orr $i3,$i3,$t3,lsl#24
+ str $i2,[$key],#8
+ str $i3,[$key,#-4]
+
+ teq lr,#192
+ bne .Lnot192
+ mov $rounds,#12
+ str $rounds,[$key,#240-24]
+ add $t3,$tbl,#256 @ rcon
+ mov lr,#255
+ mov $rounds,#8
+
+.L192_loop:
+ and $t2,lr,$i3,lsr#24
+ and $i1,lr,$i3,lsr#16
+ and $i2,lr,$i3,lsr#8
+ and $i3,lr,$i3
+ ldrb $t2,[$tbl,$t2]
+ ldrb $i1,[$tbl,$i1]
+ ldrb $i2,[$tbl,$i2]
+ ldrb $i3,[$tbl,$i3]
+ ldr $t1,[$t3],#4 @ rcon[i++]
+ orr $t2,$t2,$i1,lsl#24
+ orr $t2,$t2,$i2,lsl#16
+ orr $t2,$t2,$i3,lsl#8
+ eor $i3,$t2,$t1
+ eor $s0,$s0,$i3 @ rk[6]=rk[0]^...
+ eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6]
+ eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7]
+ eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8]
+ str $s0,[$key],#24
+ str $s1,[$key,#-20]
+ str $s2,[$key,#-16]
+ str $s3,[$key,#-12]
+
+ subs $rounds,$rounds,#1
+ subeq r2,$key,#216
+ beq .Ldone
+
+ ldr $i1,[$key,#-32]
+ ldr $i2,[$key,#-28]
+ eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9]
+ eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10]
+ str $i1,[$key,#-8]
+ str $i3,[$key,#-4]
+ b .L192_loop
+
+.Lnot192:
+ ldrb $i2,[$rounds,#27]
+ ldrb $t1,[$rounds,#26]
+ ldrb $t2,[$rounds,#25]
+ ldrb $t3,[$rounds,#24]
+ orr $i2,$i2,$t1,lsl#8
+ orr $i2,$i2,$t2,lsl#16
+ orr $i2,$i2,$t3,lsl#24
+ ldrb $i3,[$rounds,#31]
+ ldrb $t1,[$rounds,#30]
+ ldrb $t2,[$rounds,#29]
+ ldrb $t3,[$rounds,#28]
+ orr $i3,$i3,$t1,lsl#8
+ orr $i3,$i3,$t2,lsl#16
+ orr $i3,$i3,$t3,lsl#24
+ str $i2,[$key],#8
+ str $i3,[$key,#-4]
+
+ mov $rounds,#14
+ str $rounds,[$key,#240-32]
+ add $t3,$tbl,#256 @ rcon
+ mov lr,#255
+ mov $rounds,#7
+
+.L256_loop:
+ and $t2,lr,$i3,lsr#24
+ and $i1,lr,$i3,lsr#16
+ and $i2,lr,$i3,lsr#8
+ and $i3,lr,$i3
+ ldrb $t2,[$tbl,$t2]
+ ldrb $i1,[$tbl,$i1]
+ ldrb $i2,[$tbl,$i2]
+ ldrb $i3,[$tbl,$i3]
+ ldr $t1,[$t3],#4 @ rcon[i++]
+ orr $t2,$t2,$i1,lsl#24
+ orr $t2,$t2,$i2,lsl#16
+ orr $t2,$t2,$i3,lsl#8
+ eor $i3,$t2,$t1
+ eor $s0,$s0,$i3 @ rk[8]=rk[0]^...
+ eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8]
+ eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9]
+ eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10]
+ str $s0,[$key],#32
+ str $s1,[$key,#-28]
+ str $s2,[$key,#-24]
+ str $s3,[$key,#-20]
+
+ subs $rounds,$rounds,#1
+ subeq r2,$key,#256
+ beq .Ldone
+
+ and $t2,lr,$s3
+ and $i1,lr,$s3,lsr#8
+ and $i2,lr,$s3,lsr#16
+ and $i3,lr,$s3,lsr#24
+ ldrb $t2,[$tbl,$t2]
+ ldrb $i1,[$tbl,$i1]
+ ldrb $i2,[$tbl,$i2]
+ ldrb $i3,[$tbl,$i3]
+ orr $t2,$t2,$i1,lsl#8
+ orr $t2,$t2,$i2,lsl#16
+ orr $t2,$t2,$i3,lsl#24
+
+ ldr $t1,[$key,#-48]
+ ldr $i1,[$key,#-44]
+ ldr $i2,[$key,#-40]
+ ldr $i3,[$key,#-36]
+ eor $t1,$t1,$t2 @ rk[12]=rk[4]^...
+ eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12]
+ eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13]
+ eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14]
+ str $t1,[$key,#-16]
+ str $i1,[$key,#-12]
+ str $i2,[$key,#-8]
+ str $i3,[$key,#-4]
+ b .L256_loop
+
+.Ldone: mov r0,#0
+ ldmia sp!,{r4-r12,lr}
+.Labrt: tst lr,#1
+ moveq pc,lr @ be binary compatible with V4, yet
+ bx lr @ interoperable with Thumb ISA:-)
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.global AES_set_decrypt_key
+.type AES_set_decrypt_key,%function
+.align 5
+AES_set_decrypt_key:
+ str lr,[sp,#-4]! @ push lr
+ bl AES_set_encrypt_key
+ teq r0,#0
+ ldrne lr,[sp],#4 @ pop lr
+ bne .Labrt
+
+ stmdb sp!,{r4-r12}
+
+ ldr $rounds,[r2,#240] @ AES_set_encrypt_key preserves r2,
+ mov $key,r2 @ which is AES_KEY *key
+ mov $i1,r2
+ add $i2,r2,$rounds,lsl#4
+
+.Linv: ldr $s0,[$i1]
+ ldr $s1,[$i1,#4]
+ ldr $s2,[$i1,#8]
+ ldr $s3,[$i1,#12]
+ ldr $t1,[$i2]
+ ldr $t2,[$i2,#4]
+ ldr $t3,[$i2,#8]
+ ldr $i3,[$i2,#12]
+ str $s0,[$i2],#-16
+ str $s1,[$i2,#16+4]
+ str $s2,[$i2,#16+8]
+ str $s3,[$i2,#16+12]
+ str $t1,[$i1],#16
+ str $t2,[$i1,#-12]
+ str $t3,[$i1,#-8]
+ str $i3,[$i1,#-4]
+ teq $i1,$i2
+ bne .Linv
+___
+$mask80=$i1;
+$mask1b=$i2;
+$mask7f=$i3;
+$code.=<<___;
+ ldr $s0,[$key,#16]! @ prefetch tp1
+ mov $mask80,#0x80
+ mov $mask1b,#0x1b
+ orr $mask80,$mask80,#0x8000
+ orr $mask1b,$mask1b,#0x1b00
+ orr $mask80,$mask80,$mask80,lsl#16
+ orr $mask1b,$mask1b,$mask1b,lsl#16
+ sub $rounds,$rounds,#1
+ mvn $mask7f,$mask80
+ mov $rounds,$rounds,lsl#2 @ (rounds-1)*4
+
+.Lmix: and $t1,$s0,$mask80
+ and $s1,$s0,$mask7f
+ sub $t1,$t1,$t1,lsr#7
+ and $t1,$t1,$mask1b
+ eor $s1,$t1,$s1,lsl#1 @ tp2
+
+ and $t1,$s1,$mask80
+ and $s2,$s1,$mask7f
+ sub $t1,$t1,$t1,lsr#7
+ and $t1,$t1,$mask1b
+ eor $s2,$t1,$s2,lsl#1 @ tp4
+
+ and $t1,$s2,$mask80
+ and $s3,$s2,$mask7f
+ sub $t1,$t1,$t1,lsr#7
+ and $t1,$t1,$mask1b
+ eor $s3,$t1,$s3,lsl#1 @ tp8
+
+ eor $t1,$s1,$s2
+ eor $t2,$s0,$s3 @ tp9
+ eor $t1,$t1,$s3 @ tpe
+ eor $t1,$t1,$s1,ror#24
+ eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8)
+ eor $t1,$t1,$s2,ror#16
+ eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16)
+ eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24)
+
+ ldr $s0,[$key,#4] @ prefetch tp1
+ str $t1,[$key],#4
+ subs $rounds,$rounds,#1
+ bne .Lmix
+
+ mov r0,#0
+ ldmia sp!,{r4-r12,lr}
+ tst lr,#1
+ moveq pc,lr @ be binary compatible with V4, yet
+ bx lr @ interoperable with Thumb ISA:-)
+.size AES_set_decrypt_key,.-AES_set_decrypt_key
+
+.type AES_Td,%object
+.align 5
+AES_Td:
+.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+@ Td4[256]
+.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size AES_Td,.-AES_Td
+
+@ void AES_decrypt(const unsigned char *in, unsigned char *out,
+@ const AES_KEY *key) {
+.global AES_decrypt
+.type AES_decrypt,%function
+.align 5
+AES_decrypt:
+ sub r3,pc,#8 @ AES_decrypt
+ stmdb sp!,{r1,r4-r12,lr}
+ mov $rounds,r0 @ inp
+ mov $key,r2
+ sub $tbl,r3,#AES_decrypt-AES_Td @ Td
+
+ ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
+ ldrb $t1,[$rounds,#2] @ manner...
+ ldrb $t2,[$rounds,#1]
+ ldrb $t3,[$rounds,#0]
+ orr $s0,$s0,$t1,lsl#8
+ orr $s0,$s0,$t2,lsl#16
+ orr $s0,$s0,$t3,lsl#24
+ ldrb $s1,[$rounds,#7]
+ ldrb $t1,[$rounds,#6]
+ ldrb $t2,[$rounds,#5]
+ ldrb $t3,[$rounds,#4]
+ orr $s1,$s1,$t1,lsl#8
+ orr $s1,$s1,$t2,lsl#16
+ orr $s1,$s1,$t3,lsl#24
+ ldrb $s2,[$rounds,#11]
+ ldrb $t1,[$rounds,#10]
+ ldrb $t2,[$rounds,#9]
+ ldrb $t3,[$rounds,#8]
+ orr $s2,$s2,$t1,lsl#8
+ orr $s2,$s2,$t2,lsl#16
+ orr $s2,$s2,$t3,lsl#24
+ ldrb $s3,[$rounds,#15]
+ ldrb $t1,[$rounds,#14]
+ ldrb $t2,[$rounds,#13]
+ ldrb $t3,[$rounds,#12]
+ orr $s3,$s3,$t1,lsl#8
+ orr $s3,$s3,$t2,lsl#16
+ orr $s3,$s3,$t3,lsl#24
+
+ bl _armv4_AES_decrypt
+
+ ldr $rounds,[sp],#4 @ pop out
+ mov $t1,$s0,lsr#24 @ write output in endian-neutral
+ mov $t2,$s0,lsr#16 @ manner...
+ mov $t3,$s0,lsr#8
+ strb $t1,[$rounds,#0]
+ strb $t2,[$rounds,#1]
+ strb $t3,[$rounds,#2]
+ strb $s0,[$rounds,#3]
+ mov $t1,$s1,lsr#24
+ mov $t2,$s1,lsr#16
+ mov $t3,$s1,lsr#8
+ strb $t1,[$rounds,#4]
+ strb $t2,[$rounds,#5]
+ strb $t3,[$rounds,#6]
+ strb $s1,[$rounds,#7]
+ mov $t1,$s2,lsr#24
+ mov $t2,$s2,lsr#16
+ mov $t3,$s2,lsr#8
+ strb $t1,[$rounds,#8]
+ strb $t2,[$rounds,#9]
+ strb $t3,[$rounds,#10]
+ strb $s2,[$rounds,#11]
+ mov $t1,$s3,lsr#24
+ mov $t2,$s3,lsr#16
+ mov $t3,$s3,lsr#8
+ strb $t1,[$rounds,#12]
+ strb $t2,[$rounds,#13]
+ strb $t3,[$rounds,#14]
+ strb $s3,[$rounds,#15]
+
+ ldmia sp!,{r4-r12,lr}
+ tst lr,#1
+ moveq pc,lr @ be binary compatible with V4, yet
+ bx lr @ interoperable with Thumb ISA:-)
+.size AES_decrypt,.-AES_decrypt
+
+.type _armv4_AES_decrypt,%function
+.align 2
+_armv4_AES_decrypt:
+ str lr,[sp,#-4]! @ push lr
+ ldr $t1,[$key],#16
+ ldr $t2,[$key,#-12]
+ ldr $t3,[$key,#-8]
+ ldr $i1,[$key,#-4]
+ ldr $rounds,[$key,#240-16]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+ sub $rounds,$rounds,#1
+ mov lr,#255
+
+.Ldec_loop:
+ and $i1,lr,$s0,lsr#16
+ and $i2,lr,$s0,lsr#8
+ and $i3,lr,$s0
+ mov $s0,$s0,lsr#24
+ ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16]
+ ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24]
+ ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8]
+ ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0]
+
+ and $i1,lr,$s1 @ i0
+ and $i2,lr,$s1,lsr#16
+ and $i3,lr,$s1,lsr#8
+ mov $s1,$s1,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0]
+ ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8]
+ eor $s0,$s0,$i1,ror#24
+ eor $s1,$s1,$t1,ror#8
+ eor $t2,$i2,$t2,ror#8
+ eor $t3,$i3,$t3,ror#8
+
+ and $i1,lr,$s2,lsr#8 @ i0
+ and $i2,lr,$s2 @ i1
+ and $i3,lr,$s2,lsr#16
+ mov $s2,$s2,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0]
+ ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16]
+ eor $s0,$s0,$i1,ror#16
+ eor $s1,$s1,$i2,ror#24
+ eor $s2,$s2,$t2,ror#8
+ eor $t3,$i3,$t3,ror#8
+
+ and $i1,lr,$s3,lsr#16 @ i0
+ and $i2,lr,$s3,lsr#8 @ i1
+ and $i3,lr,$s3 @ i2
+ mov $s3,$s3,lsr#24
+ ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16]
+ ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8]
+ ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0]
+ ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24]
+ eor $s0,$s0,$i1,ror#8
+ eor $s1,$s1,$i2,ror#16
+ eor $s2,$s2,$i3,ror#24
+ eor $s3,$s3,$t3,ror#8
+
+ ldr $t1,[$key],#16
+ ldr $t2,[$key,#-12]
+ ldr $t3,[$key,#-8]
+ ldr $i1,[$key,#-4]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+
+ subs $rounds,$rounds,#1
+ bne .Ldec_loop
+
+ add $tbl,$tbl,#1024
+
+ ldr $t1,[$tbl,#0] @ prefetch Td4
+ ldr $t2,[$tbl,#32]
+ ldr $t3,[$tbl,#64]
+ ldr $i1,[$tbl,#96]
+ ldr $i2,[$tbl,#128]
+ ldr $i3,[$tbl,#160]
+ ldr $t1,[$tbl,#192]
+ ldr $t2,[$tbl,#224]
+
+ and $i1,lr,$s0,lsr#16
+ and $i2,lr,$s0,lsr#8
+ and $i3,lr,$s0
+ ldrb $s0,[$tbl,$s0,lsr#24] @ Td4[s0>>24]
+ ldrb $t1,[$tbl,$i1] @ Td4[s0>>16]
+ ldrb $t2,[$tbl,$i2] @ Td4[s0>>8]
+ ldrb $t3,[$tbl,$i3] @ Td4[s0>>0]
+
+ and $i1,lr,$s1 @ i0
+ and $i2,lr,$s1,lsr#16
+ and $i3,lr,$s1,lsr#8
+ ldrb $i1,[$tbl,$i1] @ Td4[s1>>0]
+ ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24]
+ ldrb $i2,[$tbl,$i2] @ Td4[s1>>16]
+ ldrb $i3,[$tbl,$i3] @ Td4[s1>>8]
+ eor $s0,$i1,$s0,lsl#24
+ eor $s1,$t1,$s1,lsl#8
+ eor $t2,$t2,$i2,lsl#8
+ eor $t3,$t3,$i3,lsl#8
+
+ and $i1,lr,$s2,lsr#8 @ i0
+ and $i2,lr,$s2 @ i1
+ and $i3,lr,$s2,lsr#16
+ ldrb $i1,[$tbl,$i1] @ Td4[s2>>8]
+ ldrb $i2,[$tbl,$i2] @ Td4[s2>>0]
+ ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24]
+ ldrb $i3,[$tbl,$i3] @ Td4[s2>>16]
+ eor $s0,$s0,$i1,lsl#8
+ eor $s1,$i2,$s1,lsl#16
+ eor $s2,$t2,$s2,lsl#16
+ eor $t3,$t3,$i3,lsl#16
+
+ and $i1,lr,$s3,lsr#16 @ i0
+ and $i2,lr,$s3,lsr#8 @ i1
+ and $i3,lr,$s3 @ i2
+ ldrb $i1,[$tbl,$i1] @ Td4[s3>>16]
+ ldrb $i2,[$tbl,$i2] @ Td4[s3>>8]
+ ldrb $i3,[$tbl,$i3] @ Td4[s3>>0]
+ ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24]
+ eor $s0,$s0,$i1,lsl#16
+ eor $s1,$s1,$i2,lsl#8
+ eor $s2,$i3,$s2,lsl#8
+ eor $s3,$t3,$s3,lsl#24
+
+ ldr lr,[sp],#4 @ pop lr
+ ldr $t1,[$key,#0]
+ ldr $t2,[$key,#4]
+ ldr $t3,[$key,#8]
+ ldr $i1,[$key,#12]
+ eor $s0,$s0,$t1
+ eor $s1,$s1,$t2
+ eor $s2,$s2,$t3
+ eor $s3,$s3,$i1
+
+ sub $tbl,$tbl,#1024
+ mov pc,lr @ return
+.size _armv4_AES_decrypt,.-_armv4_AES_decrypt
+.asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4
+print $code;
diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
index 542cf335e9..7f6c4c3662 100644
--- a/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
@@ -17,14 +17,24 @@
// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
-.ident "aes-ia64.S, version 1.1"
+// Version 1.2 mitigates the hazard of cache-timing attacks by
+// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
+// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
+// prior last round. As result performance dropped to (26 + 15*rounds)
+// ticks per block or 11 cycles per byte processed with 128-bit key.
+// This is ~16% deterioration. For reference Itanium 2 L1 cache has
+// 64 bytes line size and L2 - 128 bytes...
+
+.ident "aes-ia64.S, version 1.2"
.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
.explicit
.text
rk0=r8; rk1=r9;
-prsave=r10;
+pfssave=r2;
+lcsave=r10;
+prsave=r3;
maskff=r11;
twenty4=r14;
sixteen=r15;
@@ -44,12 +54,21 @@ te0=r40; te1=r41; te2=r42; te3=r43;
#if defined(_HPUX_SOURCE) && !defined(_LP64)
# define ADDP addp4
-# define KSZ 4
-# define LDKEY ld4
#else
# define ADDP add
#endif
+// Offsets from Te0
+#define TE0 0
+#define TE2 2
+#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
+#define TE1 3
+#define TE3 1
+#else
+#define TE1 1
+#define TE3 3
+#endif
+
// This implies that AES_KEY comprises 32-bit key schedule elements
// even on LP64 platforms.
#ifndef KSZ
@@ -67,16 +86,19 @@ te0=r40; te1=r41; te2=r42; te3=r43;
// Clobber: r16-r31,rk0-rk1,r32-r43
.align 32
_ia64_AES_encrypt:
+ .prologue
+ .altrp b6
+ .body
{ .mmi; alloc r16=ar.pfs,12,0,0,8
LDKEY t0=[rk0],2*KSZ
mov pr.rot=1<<16 }
{ .mmi; LDKEY t1=[rk1],2*KSZ
- add te1=1024,te0
+ add te1=TE1,te0
add te3=-3,te3 };;
{ .mib; LDKEY t2=[rk0],2*KSZ
- mov ar.ec=3 }
+ mov ar.ec=2 }
{ .mib; LDKEY t3=[rk1],2*KSZ
- add te2=2048,te0
+ add te2=TE2,te0
brp.loop.imp .Le_top,.Le_end-16 };;
{ .mmi; xor s0=s0,t0
@@ -84,8 +106,8 @@ _ia64_AES_encrypt:
mov ar.lc=te3 }
{ .mmi; xor s2=s2,t2
xor s3=s3,t3
- add te3=3072,te0 };;
-
+ add te3=TE3,te0 };;
+
.align 32
.Le_top:
{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
@@ -95,105 +117,184 @@ _ia64_AES_encrypt:
(p0) and te30=s0,maskff // 0/1:s0&0xff
(p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
- (p0) shladd te33=te33,2,te3 // 1/0:te0+s0>>24
+ (p0) shladd te33=te33,3,te3 // 1/0:te0+s0>>24
(p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
- (p0) shladd te30=te30,2,te3 // 1/1:te3+s0
+ (p0) shladd te30=te30,3,te3 // 1/1:te3+s0
(p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff]
- (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
(p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0]
- (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
(p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
- (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
(p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
- (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
(p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
- (p0) shladd te21=te21,2,te2 // 4/3:te3+s2
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
(p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
- (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
(p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16
{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
- (p0) shladd te11=te11,2,te1 // 5/0:te1+s1>>16
+ (p0) shladd te11=te11,3,te1 // 5/0:te1+s1>>16
(p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
- (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
(p0) and te31=s1,maskff };; // 5/2:s1&0xff
-
{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16]
- (p0) shladd te12=te12,2,te1 // 6/1:te1+s2>>16
+ (p0) shladd te12=te12,3,te1 // 6/1:te1+s2>>16
(p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
- (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
(p0) and te32=s2,maskff };; // 6/3:s2&0xff
+
{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16]
- (p0) shladd te31=te31,2,te3 // 7/2:te3+s1&0xff
+ (p0) shladd te31=te31,3,te3 // 7/2:te3+s1&0xff
(p0) and te13=te13,maskff} // 7/2:s3>>16&0xff
{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
- (p0) shladd te32=te32,2,te3 // 7/3:te3+s2
+ (p0) shladd te32=te32,3,te3 // 7/3:te3+s2
(p0) xor t0=t0,te33 };; // 7/0:
{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1]
- (p0) shladd te13=te13,2,te1 // 8/2:te1+s3>>16
+ (p0) shladd te13=te13,3,te1 // 8/2:te1+s3>>16
(p0) xor t0=t0,te22 } // 8/0:
{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2]
- (p0) shladd te10=te10,2,te1 // 8/3:te1+s0>>16
+ (p0) shladd te10=te10,3,te1 // 8/3:te1+s0>>16
(p0) xor t1=t1,te30 };; // 8/1:
{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16]
- (p0) xor t0=t0,te00 // 9/0:
- (p0) xor t1=t1,te23 } // 9/1:
-{ .mmi; (p0) ld4 te10=[te10] // 9/3:te1[s0>>16]
- (p0) xor t2=t2,te20 // 9/2:
- (p0) xor t3=t3,te21 };; // 9/3:
-{ .mmi; (p0) xor t0=t0,te11 // 10/0:done!
- (p0) xor t1=t1,te01 // 10/1:
- (p0) xor t2=t2,te02 } // 10/2:
-{ .mmi; (p0) xor t3=t3,te03 // 10/3:
- (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17)
-{ .mmi; (p0) xor t1=t1,te12 // 11/1:done!
- (p0) xor t2=t2,te31 // 11/2:
- (p0) xor t3=t3,te32 } // 11/3:
-{ .mmi; (p17) add te0=4096,te0 // 11/
- (p17) add te1=4096,te1 };; // 11/
-{ .mib; (p0) xor t2=t2,te13 // 12/2:done!
- (p0) xor t3=t3,te10 } // 12/3:done!
-{ .mib; (p17) add te2=4096,te2 // 12/
- (p17) add te3=4096,te3 // 12/
+ (p0) ld4 te10=[te10] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te11 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te12 // 13[11]/1:done!
+ (p0) xor t2=t2,te31 // 13[11]/2:
+ (p0) xor t3=t3,te32 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te13 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te10 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
br.ctop.sptk .Le_top };;
.Le_end:
-{ .mib; mov r16=s0
- mov r20=s1 }
-{ .mib; mov r24=s2
- mov r28=s3
- br.ret.sptk b6 };;
+
+
+{ .mmi; ld8 te12=[te0] // prefetch Te4
+ ld8 te31=[te1] }
+{ .mmi; ld8 te10=[te2]
+ ld8 te32=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te33=s3,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te30=s0,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te33=te33,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te30=te30,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te33=[te33] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te30=[te30] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te13=s3,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te11=te11,te0 // 5/0:te0+s1>>16
+ extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te31=s1,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te11=[te11] // 6/0:te0[s1>>16]
+ add te12=te12,te0 // 6/1:te0+s2>>16
+ extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te32=s2,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te12=[te12] // 7/1:te0[s2>>16]
+ add te31=te31,te0 // 7/2:te0+s1&0xff
+ dep te33=te22,te33,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te32=te32,te0 // 7/3:te0+s2
+ and te13=te13,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te31=[te31] // 8/2:te0[s1]
+ add te13=te13,te0 // 8/2:te0+s3>>16
+ dep te30=te23,te30,8,8} // 8/1:
+{ .mmi; ld1 te32=[te32] // 8/3:te0[s2]
+ add te10=te10,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te13=[te13] // 9/2:te0[s3>>16]
+ dep te33=te11,te33,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te10=[te10] // 10/3:te0[s0>>16]
+ dep te31=te20,te31,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te33 // 11/0:
+ dep te32=te21,te32,8,8 // 11/3:
+ shl te12=te12,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te31=te13,te31,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te32=te10,te32,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te30 // 14/1:
+ xor r24=t2,te31 // 14/2:done!
+ xor t3=t3,te32 };; // 14/3:
+{ .mib; xor r20=t1,te12 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
.endp _ia64_AES_encrypt#
// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
.global AES_encrypt#
.proc AES_encrypt#
.align 32
-.skip 16
AES_encrypt:
.prologue
- .fframe 0
- .save ar.pfs,r2
- .save ar.lc,r3
-{ .mmi; alloc r2=ar.pfs,3,0,12,0
- addl out8=@ltoff(AES_Te#),gp
- mov r3=ar.lc }
-{ .mmi; and out0=3,in0
- ADDP in0=0,in0
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
- .body
-{ .mmi; ld8 out8=[out8] // Te0
- ld4 out11=[out11] // AES_KEY->rounds
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Te#-AES_encrypt#),r3 // Te0
+ .save pr,prsave
mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+ .body
#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
{ .mib; cmp.ne p6,p0=out0,r0
add out0=4,in0
@@ -216,8 +317,9 @@ AES_encrypt:
ADDP in1=0,in1
(p6) br.spnt .Le_o_unaligned };;
-{ .mii; mov ar.pfs=r2
- mov ar.lc=r3 }
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
{ .mmi; st4 [in1]=r16,8 // s0
st4 [in0]=r20,8 // s1
mov pr=prsave,0x1ffff };;
@@ -278,13 +380,13 @@ AES_encrypt:
shr.u r23=r20,twenty4 }//;; // s1
{ .mii; ADDP out2=2,in1
extr.u r21=r20,8,8
- shr.u r22=r20,sixteen }//;;
+ shr.u r22=r20,sixteen }//;;
{ .mii; ADDP out3=3,in1
extr.u r25=r24,8,8 // s2
shr.u r27=r24,twenty4 };;
{ .mii; st1 [out3]=r16,4
extr.u r26=r24,16,8
- shr.u r31=r28,twenty4 }//;; // s3
+ shr.u r31=r28,twenty4 }//;; // s3
{ .mii; st1 [out2]=r17,4
extr.u r29=r28,8,8
shr.u r30=r28,sixteen }//;;
@@ -300,12 +402,13 @@ AES_encrypt:
mov pr=prsave,0x1ffff }//;;
{ .mmi; st1 [out1]=r26,4
st1 [out0]=r27,4
- mov ar.pfs=r2 };;
+ mov ar.pfs=pfssave };;
{ .mmi; st1 [out3]=r28
st1 [out2]=r29
- mov ar.lc=r3 }//;;
-{ .mmb; st1 [out1]=r30
- st1 [out0]=r31
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
br.ret.sptk.many b0 };;
.endp AES_encrypt#
@@ -360,16 +463,19 @@ while(<>) {
// Clobber: r16-r31,rk0-rk1,r32-r43
.align 32
_ia64_AES_decrypt:
+ .prologue
+ .altrp b6
+ .body
{ .mmi; alloc r16=ar.pfs,12,0,0,8
LDKEY t0=[rk0],2*KSZ
mov pr.rot=1<<16 }
{ .mmi; LDKEY t1=[rk1],2*KSZ
- add te1=1024,te0
+ add te1=TE1,te0
add te3=-3,te3 };;
{ .mib; LDKEY t2=[rk0],2*KSZ
- mov ar.ec=3 }
+ mov ar.ec=2 }
{ .mib; LDKEY t3=[rk1],2*KSZ
- add te2=2048,te0
+ add te2=TE2,te0
brp.loop.imp .Ld_top,.Ld_end-16 };;
{ .mmi; xor s0=s0,t0
@@ -377,8 +483,8 @@ _ia64_AES_decrypt:
mov ar.lc=te3 }
{ .mmi; xor s2=s2,t2
xor s3=s3,t3
- add te3=3072,te0 };;
-
+ add te3=TE3,te0 };;
+
.align 32
.Ld_top:
{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
@@ -388,105 +494,184 @@ _ia64_AES_decrypt:
(p0) and te32=s2,maskff // 0/1:s0&0xff
(p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24
{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
- (p0) shladd te31=te31,2,te3 // 1/0:te0+s0>>24
+ (p0) shladd te31=te31,3,te3 // 1/0:te0+s0>>24
(p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
- (p0) shladd te32=te32,2,te3 // 1/1:te3+s0
+ (p0) shladd te32=te32,3,te3 // 1/1:te3+s0
(p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24
{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff]
- (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff
+ (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff
(p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0]
- (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8
+ (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8
(p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24
{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8]
- (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8
+ (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8
(p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8]
- (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24
+ (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24
(p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24
{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8]
- (p0) shladd te21=te21,2,te2 // 4/3:te3+s2
+ (p0) shladd te21=te21,3,te2 // 4/3:te3+s2
(p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24]
- (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24
+ (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24
(p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16
{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8]
- (p0) shladd te13=te13,2,te1 // 5/0:te1+s1>>16
+ (p0) shladd te13=te13,3,te1 // 5/0:te1+s1>>16
(p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24]
- (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24
+ (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24
(p0) and te33=s3,maskff };; // 5/2:s1&0xff
-
{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16]
- (p0) shladd te10=te10,2,te1 // 6/1:te1+s2>>16
+ (p0) shladd te10=te10,3,te1 // 6/1:te1+s2>>16
(p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24]
- (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16
+ (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16
(p0) and te30=s0,maskff };; // 6/3:s2&0xff
+
{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16]
- (p0) shladd te33=te33,2,te3 // 7/2:te3+s1&0xff
+ (p0) shladd te33=te33,3,te3 // 7/2:te3+s1&0xff
(p0) and te11=te11,maskff} // 7/2:s3>>16&0xff
{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24]
- (p0) shladd te30=te30,2,te3 // 7/3:te3+s2
+ (p0) shladd te30=te30,3,te3 // 7/3:te3+s2
(p0) xor t0=t0,te31 };; // 7/0:
{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1]
- (p0) shladd te11=te11,2,te1 // 8/2:te1+s3>>16
+ (p0) shladd te11=te11,3,te1 // 8/2:te1+s3>>16
(p0) xor t0=t0,te22 } // 8/0:
{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2]
- (p0) shladd te12=te12,2,te1 // 8/3:te1+s0>>16
+ (p0) shladd te12=te12,3,te1 // 8/3:te1+s0>>16
(p0) xor t1=t1,te32 };; // 8/1:
{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16]
- (p0) xor t0=t0,te00 // 9/0:
- (p0) xor t1=t1,te23 } // 9/1:
-{ .mmi; (p0) ld4 te12=[te12] // 9/3:te1[s0>>16]
- (p0) xor t2=t2,te20 // 9/2:
- (p0) xor t3=t3,te21 };; // 9/3:
-{ .mmi; (p0) xor t0=t0,te13 // 10/0:done!
- (p0) xor t1=t1,te01 // 10/1:
- (p0) xor t2=t2,te02 } // 10/2:
-{ .mmi; (p0) xor t3=t3,te03 // 10/3:
- (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17)
-{ .mmi; (p0) xor t1=t1,te10 // 11/1:done!
- (p0) xor t2=t2,te33 // 11/2:
- (p0) xor t3=t3,te30 } // 11/3:
-{ .mmi; (p17) add te0=4096,te0 // 11/
- (p17) add te1=4096,te1 };; // 11/
-{ .mib; (p0) xor t2=t2,te11 // 12/2:done!
- (p0) xor t3=t3,te12 } // 12/3:done!
-{ .mib; (p17) add te2=4096,te2 // 12/
- (p17) add te3=4096,te3 // 12/
+ (p0) ld4 te12=[te12] // 9/3:te1[s0>>16]
+ (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling
+{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1:
+ (p0) xor t2=t2,te20 // 10[9]/2:
+ (p0) xor t3=t3,te21 };; // 10[9]/3:
+{ .mmi; (p0) xor t0=t0,te13 // 11[10]/0:done!
+ (p0) xor t1=t1,te01 // 11[10]/1:
+ (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling
+{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3:
+ (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17)
+{ .mmi; (p0) xor t1=t1,te10 // 13[11]/1:done!
+ (p0) xor t2=t2,te33 // 13[11]/2:
+ (p0) xor t3=t3,te30 } // 13[11]/3:
+{ .mmi; (p17) add te0=2048,te0 // 13[11]/
+ (p17) add te1=2048+64-TE1,te1};; // 13[11]/
+{ .mib; (p0) xor t2=t2,te11 // 14[12]/2:done!
+ (p17) add te2=2048+128-TE2,te2} // 14[12]/
+{ .mib; (p0) xor t3=t3,te12 // 14[12]/3:done!
+ (p17) add te3=2048+192-TE3,te3 // 14[12]/
br.ctop.sptk .Ld_top };;
.Ld_end:
-{ .mib; mov r16=s0
- mov r20=s1 }
-{ .mib; mov r24=s2
- mov r28=s3
- br.ret.sptk b6 };;
+
+
+{ .mmi; ld8 te10=[te0] // prefetch Td4
+ ld8 te33=[te1] }
+{ .mmi; ld8 te12=[te2]
+ ld8 te30=[te3] }
+
+{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0]
+ and te31=s1,maskff // 0/0:s3&0xff
+ extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff
+{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1]
+ and te32=s2,maskff // 0/1:s0&0xff
+ shr.u te00=s0,twenty4 };; // 0/0:s0>>24
+{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2]
+ add te31=te31,te0 // 1/0:te0+s0>>24
+ extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff
+{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3]
+ add te32=te32,te0 // 1/1:te0+s0
+ shr.u te01=s1,twenty4 };; // 1/1:s1>>24
+{ .mmi; ld1 te31=[te31] // 2/0:te0[s3&0xff]
+ add te22=te22,te0 // 2/0:te0+s2>>8&0xff
+ extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff
+{ .mmi; ld1 te32=[te32] // 2/1:te0[s0]
+ add te23=te23,te0 // 2/1:te0+s3>>8
+ shr.u te02=s2,twenty4 };; // 2/2:s2>>24
+{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8]
+ add te20=te20,te0 // 3/2:te0+s0>>8
+ extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff
+{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8]
+ add te00=te00,te0 // 3/0:te0+s0>>24
+ shr.u te03=s3,twenty4 };; // 3/3:s3>>24
+{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8]
+ add te21=te21,te0 // 4/3:te0+s2
+ extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff
+{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24]
+ add te01=te01,te0 // 4/1:te0+s1>>24
+ shr.u te11=s1,sixteen };; // 4/2:s3>>16
+{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8]
+ add te13=te13,te0 // 5/0:te0+s1>>16
+ extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff
+{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24]
+ add te02=te02,te0 // 5/2:te0+s2>>24
+ and te33=s3,maskff };; // 5/2:s1&0xff
+{ .mmi; ld1 te13=[te13] // 6/0:te0[s1>>16]
+ add te10=te10,te0 // 6/1:te0+s2>>16
+ extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff
+{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24]
+ add te03=te03,te0 // 6/3:te0+s0>>16
+ and te30=s0,maskff };; // 6/3:s2&0xff
+
+{ .mmi; ld1 te10=[te10] // 7/1:te0[s2>>16]
+ add te33=te33,te0 // 7/2:te0+s1&0xff
+ dep te31=te22,te31,8,8} // 7/0:
+{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24]
+ add te30=te30,te0 // 7/3:te0+s2
+ and te11=te11,maskff};; // 7/2:s3>>16&0xff
+{ .mmi; ld1 te33=[te33] // 8/2:te0[s1]
+ add te11=te11,te0 // 8/2:te0+s3>>16
+ dep te32=te23,te32,8,8} // 8/1:
+{ .mmi; ld1 te30=[te30] // 8/3:te0[s2]
+ add te12=te12,te0 // 8/3:te0+s0>>16
+ shl te00=te00,twenty4};; // 8/0:
+{ .mii; ld1 te11=[te11] // 9/2:te0[s3>>16]
+ dep te31=te13,te31,16,8 // 9/0:
+ shl te01=te01,twenty4};; // 9/1:
+{ .mii; ld1 te12=[te12] // 10/3:te0[s0>>16]
+ dep te33=te20,te33,8,8 // 10/2:
+ shl te02=te02,twenty4};; // 10/2:
+{ .mii; xor t0=t0,te31 // 11/0:
+ dep te30=te21,te30,8,8 // 11/3:
+ shl te10=te10,sixteen};; // 11/1:
+{ .mii; xor r16=t0,te00 // 12/0:done!
+ dep te33=te11,te33,16,8 // 12/2:
+ shl te03=te03,twenty4};; // 12/3:
+{ .mmi; xor t1=t1,te01 // 13/1:
+ xor t2=t2,te02 // 13/2:
+ dep te30=te12,te30,16,8};; // 13/3:
+{ .mmi; xor t1=t1,te32 // 14/1:
+ xor r24=t2,te33 // 14/2:done!
+ xor t3=t3,te30 };; // 14/3:
+{ .mib; xor r20=t1,te10 // 15/1:done!
+ xor r28=t3,te03 // 15/3:done!
+ br.ret.sptk b6 };;
.endp _ia64_AES_decrypt#
// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
.global AES_decrypt#
.proc AES_decrypt#
.align 32
-.skip 16
AES_decrypt:
.prologue
- .fframe 0
- .save ar.pfs,r2
- .save ar.lc,r3
-{ .mmi; alloc r2=ar.pfs,3,0,12,0
- addl out8=@ltoff(AES_Td#),gp
- mov r3=ar.lc }
-{ .mmi; and out0=3,in0
- ADDP in0=0,in0
+ .save ar.pfs,pfssave
+{ .mmi; alloc pfssave=ar.pfs,3,1,12,0
+ and out0=3,in0
+ mov r3=ip }
+{ .mmi; ADDP in0=0,in0
+ mov loc0=psr.um
ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds
- .body
-{ .mmi; ld8 out8=[out8] // Te0
- ld4 out11=[out11] // AES_KEY->rounds
+{ .mmi; ld4 out11=[out11] // AES_KEY->rounds
+ add out8=(AES_Td#-AES_decrypt#),r3 // Te0
+ .save pr,prsave
mov prsave=pr }
+{ .mmi; rum 1<<3 // clear um.ac
+ .save ar.lc,lcsave
+ mov lcsave=ar.lc };;
+ .body
#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles...
{ .mib; cmp.ne p6,p0=out0,r0
add out0=4,in0
@@ -509,8 +694,9 @@ AES_decrypt:
ADDP in1=0,in1
(p6) br.spnt .Ld_o_unaligned };;
-{ .mii; mov ar.pfs=r2
- mov ar.lc=r3 }
+{ .mii; mov psr.um=loc0
+ mov ar.pfs=pfssave
+ mov ar.lc=lcsave };;
{ .mmi; st4 [in1]=r16,8 // s0
st4 [in0]=r20,8 // s1
mov pr=prsave,0x1ffff };;
@@ -571,13 +757,13 @@ AES_decrypt:
shr.u r23=r20,twenty4 }//;; // s1
{ .mii; ADDP out2=2,in1
extr.u r21=r20,8,8
- shr.u r22=r20,sixteen }//;;
+ shr.u r22=r20,sixteen }//;;
{ .mii; ADDP out3=3,in1
extr.u r25=r24,8,8 // s2
shr.u r27=r24,twenty4 };;
{ .mii; st1 [out3]=r16,4
extr.u r26=r24,16,8
- shr.u r31=r28,twenty4 }//;; // s3
+ shr.u r31=r28,twenty4 }//;; // s3
{ .mii; st1 [out2]=r17,4
extr.u r29=r28,8,8
shr.u r30=r28,sixteen }//;;
@@ -593,12 +779,13 @@ AES_decrypt:
mov pr=prsave,0x1ffff }//;;
{ .mmi; st1 [out1]=r26,4
st1 [out0]=r27,4
- mov ar.pfs=r2 };;
+ mov ar.pfs=pfssave };;
{ .mmi; st1 [out3]=r28
st1 [out2]=r29
- mov ar.lc=r3 }//;;
-{ .mmb; st1 [out1]=r30
- st1 [out0]=r31
+ mov ar.lc=lcsave }//;;
+{ .mmi; st1 [out1]=r30
+ st1 [out0]=r31 }
+{ .mfb; mov psr.um=loc0 // restore user mask
br.ret.sptk.many b0 };;
.endp AES_decrypt#
@@ -606,1047 +793,331 @@ AES_decrypt:
.align 64
.global AES_Te#
.type AES_Te#,@object
-AES_Te: data4 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
- data4 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
- data4 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
- data4 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
- data4 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
- data4 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
- data4 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
- data4 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
- data4 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
- data4 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
- data4 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
- data4 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
- data4 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
- data4 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
- data4 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
- data4 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
- data4 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
- data4 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
- data4 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
- data4 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
- data4 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
- data4 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
- data4 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
- data4 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
- data4 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
- data4 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
- data4 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
- data4 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
- data4 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
- data4 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
- data4 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
- data4 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
- data4 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
- data4 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
- data4 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
- data4 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
- data4 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
- data4 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
- data4 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
- data4 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
- data4 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
- data4 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
- data4 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
- data4 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
- data4 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
- data4 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
- data4 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
- data4 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
- data4 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
- data4 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
- data4 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
- data4 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
- data4 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
- data4 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
- data4 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
- data4 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
- data4 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
- data4 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
- data4 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
- data4 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
- data4 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
- data4 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
- data4 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
- data4 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
-// Te1:
- data4 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b
- data4 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5
- data4 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b
- data4 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676
- data4 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d
- data4 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0
- data4 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf
- data4 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0
- data4 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626
- data4 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc
- data4 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1
- data4 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515
- data4 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3
- data4 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a
- data4 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2
- data4 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575
- data4 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a
- data4 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0
- data4 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3
- data4 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484
- data4 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded
- data4 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b
- data4 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939
- data4 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf
- data4 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb
- data4 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585
- data4 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f
- data4 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8
- data4 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f
- data4 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5
- data4 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121
- data4 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2
- data4 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec
- data4 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717
- data4 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d
- data4 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373
- data4 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc
- data4 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888
- data4 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414
- data4 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb
- data4 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a
- data4 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c
- data4 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262
- data4 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979
- data4 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d
- data4 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9
- data4 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea
- data4 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808
- data4 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e
- data4 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6
- data4 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f
- data4 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a
- data4 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666
- data4 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e
- data4 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9
- data4 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e
- data4 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111
- data4 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494
- data4 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9
- data4 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf
- data4 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d
- data4 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868
- data4 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f
- data4 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616
-// Te2:
- data4 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b
- data4 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5
- data4 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b
- data4 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76
- data4 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d
- data4 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0
- data4 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af
- data4 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0
- data4 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26
- data4 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc
- data4 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1
- data4 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15
- data4 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3
- data4 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a
- data4 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2
- data4 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75
- data4 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a
- data4 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0
- data4 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3
- data4 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384
- data4 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed
- data4 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b
- data4 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239
- data4 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf
- data4 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb
- data4 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185
- data4 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f
- data4 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8
- data4 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f
- data4 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5
- data4 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221
- data4 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2
- data4 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec
- data4 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17
- data4 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d
- data4 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673
- data4 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc
- data4 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88
- data4 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814
- data4 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb
- data4 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a
- data4 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c
- data4 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462
- data4 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279
- data4 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d
- data4 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9
- data4 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea
- data4 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008
- data4 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e
- data4 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6
- data4 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f
- data4 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a
- data4 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66
- data4 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e
- data4 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9
- data4 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e
- data4 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211
- data4 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394
- data4 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9
- data4 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df
- data4 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d
- data4 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068
- data4 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f
- data4 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16
-// Te3:
- data4 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6
- data4 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491
- data4 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56
- data4 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec
- data4 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa
- data4 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb
- data4 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45
- data4 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b
- data4 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c
- data4 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83
- data4 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9
- data4 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a
- data4 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d
- data4 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f
- data4 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf
- data4 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea
- data4 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34
- data4 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b
- data4 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d
- data4 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713
- data4 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1
- data4 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6
- data4 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72
- data4 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85
- data4 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed
- data4 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411
- data4 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe
- data4 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b
- data4 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05
- data4 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1
- data4 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342
- data4 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf
- data4 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3
- data4 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e
- data4 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a
- data4 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6
- data4 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3
- data4 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b
- data4 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28
- data4 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad
- data4 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14
- data4 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8
- data4 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4
- data4 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2
- data4 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da
- data4 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049
- data4 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf
- data4 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810
- data4 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c
- data4 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197
- data4 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e
- data4 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f
- data4 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc
- data4 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c
- data4 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069
- data4 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927
- data4 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322
- data4 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733
- data4 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9
- data4 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5
- data4 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a
- data4 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0
- data4 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e
- data4 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c
+AES_Te: data4 0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
+ data4 0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
+ data4 0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
+ data4 0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
+ data4 0x60303050,0x60303050, 0x02010103,0x02010103
+ data4 0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
+ data4 0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
+ data4 0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
+ data4 0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
+ data4 0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
+ data4 0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
+ data4 0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
+ data4 0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
+ data4 0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
+ data4 0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
+ data4 0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
+ data4 0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
+ data4 0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
+ data4 0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
+ data4 0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
+ data4 0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
+ data4 0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
+ data4 0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
+ data4 0x62313153,0x62313153, 0x2a15153f,0x2a15153f
+ data4 0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
+ data4 0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
+ data4 0x30181828,0x30181828, 0x379696a1,0x379696a1
+ data4 0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
+ data4 0x0e070709,0x0e070709, 0x24121236,0x24121236
+ data4 0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
+ data4 0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
+ data4 0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
+ data4 0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
+ data4 0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
+ data4 0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
+ data4 0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
+ data4 0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
+ data4 0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
+ data4 0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
+ data4 0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
+ data4 0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
+ data4 0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
+ data4 0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
+ data4 0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
+ data4 0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
+ data4 0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
+ data4 0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
+ data4 0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
+ data4 0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
+ data4 0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
+ data4 0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
+ data4 0x66333355,0x66333355, 0x11858594,0x11858594
+ data4 0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
+ data4 0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
+ data4 0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
+ data4 0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
+ data4 0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
+ data4 0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
+ data4 0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
+ data4 0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
+ data4 0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
+ data4 0xafdada75,0xafdada75, 0x42212163,0x42212163
+ data4 0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
+ data4 0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
+ data4 0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
+ data4 0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
+ data4 0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
+ data4 0x884444cc,0x884444cc, 0x2e171739,0x2e171739
+ data4 0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
+ data4 0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
+ data4 0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
+ data4 0x3219192b,0x3219192b, 0xe6737395,0xe6737395
+ data4 0xc06060a0,0xc06060a0, 0x19818198,0x19818198
+ data4 0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
+ data4 0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
+ data4 0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
+ data4 0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
+ data4 0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
+ data4 0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
+ data4 0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
+ data4 0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
+ data4 0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
+ data4 0x924949db,0x924949db, 0x0c06060a,0x0c06060a
+ data4 0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
+ data4 0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
+ data4 0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
+ data4 0x399191a8,0x399191a8, 0x319595a4,0x319595a4
+ data4 0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
+ data4 0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
+ data4 0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
+ data4 0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
+ data4 0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
+ data4 0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
+ data4 0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
+ data4 0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
+ data4 0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
+ data4 0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
+ data4 0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
+ data4 0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
+ data4 0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
+ data4 0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
+ data4 0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
+ data4 0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
+ data4 0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
+ data4 0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
+ data4 0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
+ data4 0x904848d8,0x904848d8, 0x06030305,0x06030305
+ data4 0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
+ data4 0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
+ data4 0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
+ data4 0x17868691,0x17868691, 0x99c1c158,0x99c1c158
+ data4 0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
+ data4 0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
+ data4 0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
+ data4 0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
+ data4 0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
+ data4 0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
+ data4 0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
+ data4 0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
+ data4 0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
+ data4 0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
+ data4 0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
+ data4 0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
+ data4 0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
+ data4 0x824141c3,0x824141c3, 0x299999b0,0x299999b0
+ data4 0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
+ data4 0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
+ data4 0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
// Te4:
- data4 0x63000000, 0x7c000000, 0x77000000, 0x7b000000
- data4 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000
- data4 0x30000000, 0x01000000, 0x67000000, 0x2b000000
- data4 0xfe000000, 0xd7000000, 0xab000000, 0x76000000
- data4 0xca000000, 0x82000000, 0xc9000000, 0x7d000000
- data4 0xfa000000, 0x59000000, 0x47000000, 0xf0000000
- data4 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000
- data4 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000
- data4 0xb7000000, 0xfd000000, 0x93000000, 0x26000000
- data4 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000
- data4 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000
- data4 0x71000000, 0xd8000000, 0x31000000, 0x15000000
- data4 0x04000000, 0xc7000000, 0x23000000, 0xc3000000
- data4 0x18000000, 0x96000000, 0x05000000, 0x9a000000
- data4 0x07000000, 0x12000000, 0x80000000, 0xe2000000
- data4 0xeb000000, 0x27000000, 0xb2000000, 0x75000000
- data4 0x09000000, 0x83000000, 0x2c000000, 0x1a000000
- data4 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000
- data4 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000
- data4 0x29000000, 0xe3000000, 0x2f000000, 0x84000000
- data4 0x53000000, 0xd1000000, 0x00000000, 0xed000000
- data4 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000
- data4 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000
- data4 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000
- data4 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000
- data4 0x43000000, 0x4d000000, 0x33000000, 0x85000000
- data4 0x45000000, 0xf9000000, 0x02000000, 0x7f000000
- data4 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000
- data4 0x51000000, 0xa3000000, 0x40000000, 0x8f000000
- data4 0x92000000, 0x9d000000, 0x38000000, 0xf5000000
- data4 0xbc000000, 0xb6000000, 0xda000000, 0x21000000
- data4 0x10000000, 0xff000000, 0xf3000000, 0xd2000000
- data4 0xcd000000, 0x0c000000, 0x13000000, 0xec000000
- data4 0x5f000000, 0x97000000, 0x44000000, 0x17000000
- data4 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000
- data4 0x64000000, 0x5d000000, 0x19000000, 0x73000000
- data4 0x60000000, 0x81000000, 0x4f000000, 0xdc000000
- data4 0x22000000, 0x2a000000, 0x90000000, 0x88000000
- data4 0x46000000, 0xee000000, 0xb8000000, 0x14000000
- data4 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000
- data4 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000
- data4 0x49000000, 0x06000000, 0x24000000, 0x5c000000
- data4 0xc2000000, 0xd3000000, 0xac000000, 0x62000000
- data4 0x91000000, 0x95000000, 0xe4000000, 0x79000000
- data4 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000
- data4 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000
- data4 0x6c000000, 0x56000000, 0xf4000000, 0xea000000
- data4 0x65000000, 0x7a000000, 0xae000000, 0x08000000
- data4 0xba000000, 0x78000000, 0x25000000, 0x2e000000
- data4 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000
- data4 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000
- data4 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000
- data4 0x70000000, 0x3e000000, 0xb5000000, 0x66000000
- data4 0x48000000, 0x03000000, 0xf6000000, 0x0e000000
- data4 0x61000000, 0x35000000, 0x57000000, 0xb9000000
- data4 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000
- data4 0xe1000000, 0xf8000000, 0x98000000, 0x11000000
- data4 0x69000000, 0xd9000000, 0x8e000000, 0x94000000
- data4 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000
- data4 0xce000000, 0x55000000, 0x28000000, 0xdf000000
- data4 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000
- data4 0xbf000000, 0xe6000000, 0x42000000, 0x68000000
- data4 0x41000000, 0x99000000, 0x2d000000, 0x0f000000
- data4 0xb0000000, 0x54000000, 0xbb000000, 0x16000000
-// Te5:
- data4 0x00630000, 0x007c0000, 0x00770000, 0x007b0000
- data4 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000
- data4 0x00300000, 0x00010000, 0x00670000, 0x002b0000
- data4 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000
- data4 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000
- data4 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000
- data4 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000
- data4 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000
- data4 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000
- data4 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000
- data4 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000
- data4 0x00710000, 0x00d80000, 0x00310000, 0x00150000
- data4 0x00040000, 0x00c70000, 0x00230000, 0x00c30000
- data4 0x00180000, 0x00960000, 0x00050000, 0x009a0000
- data4 0x00070000, 0x00120000, 0x00800000, 0x00e20000
- data4 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000
- data4 0x00090000, 0x00830000, 0x002c0000, 0x001a0000
- data4 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000
- data4 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000
- data4 0x00290000, 0x00e30000, 0x002f0000, 0x00840000
- data4 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000
- data4 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000
- data4 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000
- data4 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000
- data4 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000
- data4 0x00430000, 0x004d0000, 0x00330000, 0x00850000
- data4 0x00450000, 0x00f90000, 0x00020000, 0x007f0000
- data4 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000
- data4 0x00510000, 0x00a30000, 0x00400000, 0x008f0000
- data4 0x00920000, 0x009d0000, 0x00380000, 0x00f50000
- data4 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000
- data4 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000
- data4 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000
- data4 0x005f0000, 0x00970000, 0x00440000, 0x00170000
- data4 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000
- data4 0x00640000, 0x005d0000, 0x00190000, 0x00730000
- data4 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000
- data4 0x00220000, 0x002a0000, 0x00900000, 0x00880000
- data4 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000
- data4 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000
- data4 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000
- data4 0x00490000, 0x00060000, 0x00240000, 0x005c0000
- data4 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000
- data4 0x00910000, 0x00950000, 0x00e40000, 0x00790000
- data4 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000
- data4 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000
- data4 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000
- data4 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000
- data4 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000
- data4 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000
- data4 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000
- data4 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000
- data4 0x00700000, 0x003e0000, 0x00b50000, 0x00660000
- data4 0x00480000, 0x00030000, 0x00f60000, 0x000e0000
- data4 0x00610000, 0x00350000, 0x00570000, 0x00b90000
- data4 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000
- data4 0x00e10000, 0x00f80000, 0x00980000, 0x00110000
- data4 0x00690000, 0x00d90000, 0x008e0000, 0x00940000
- data4 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000
- data4 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000
- data4 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000
- data4 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000
- data4 0x00410000, 0x00990000, 0x002d0000, 0x000f0000
- data4 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000
-// Te6:
- data4 0x00006300, 0x00007c00, 0x00007700, 0x00007b00
- data4 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500
- data4 0x00003000, 0x00000100, 0x00006700, 0x00002b00
- data4 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600
- data4 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00
- data4 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000
- data4 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00
- data4 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000
- data4 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600
- data4 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00
- data4 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100
- data4 0x00007100, 0x0000d800, 0x00003100, 0x00001500
- data4 0x00000400, 0x0000c700, 0x00002300, 0x0000c300
- data4 0x00001800, 0x00009600, 0x00000500, 0x00009a00
- data4 0x00000700, 0x00001200, 0x00008000, 0x0000e200
- data4 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500
- data4 0x00000900, 0x00008300, 0x00002c00, 0x00001a00
- data4 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000
- data4 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300
- data4 0x00002900, 0x0000e300, 0x00002f00, 0x00008400
- data4 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00
- data4 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00
- data4 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900
- data4 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00
- data4 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00
- data4 0x00004300, 0x00004d00, 0x00003300, 0x00008500
- data4 0x00004500, 0x0000f900, 0x00000200, 0x00007f00
- data4 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800
- data4 0x00005100, 0x0000a300, 0x00004000, 0x00008f00
- data4 0x00009200, 0x00009d00, 0x00003800, 0x0000f500
- data4 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100
- data4 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200
- data4 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00
- data4 0x00005f00, 0x00009700, 0x00004400, 0x00001700
- data4 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00
- data4 0x00006400, 0x00005d00, 0x00001900, 0x00007300
- data4 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00
- data4 0x00002200, 0x00002a00, 0x00009000, 0x00008800
- data4 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400
- data4 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00
- data4 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00
- data4 0x00004900, 0x00000600, 0x00002400, 0x00005c00
- data4 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200
- data4 0x00009100, 0x00009500, 0x0000e400, 0x00007900
- data4 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00
- data4 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900
- data4 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00
- data4 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800
- data4 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00
- data4 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600
- data4 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00
- data4 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00
- data4 0x00007000, 0x00003e00, 0x0000b500, 0x00006600
- data4 0x00004800, 0x00000300, 0x0000f600, 0x00000e00
- data4 0x00006100, 0x00003500, 0x00005700, 0x0000b900
- data4 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00
- data4 0x0000e100, 0x0000f800, 0x00009800, 0x00001100
- data4 0x00006900, 0x0000d900, 0x00008e00, 0x00009400
- data4 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900
- data4 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00
- data4 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00
- data4 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800
- data4 0x00004100, 0x00009900, 0x00002d00, 0x00000f00
- data4 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600
-// Te7:
- data4 0x00000063, 0x0000007c, 0x00000077, 0x0000007b
- data4 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5
- data4 0x00000030, 0x00000001, 0x00000067, 0x0000002b
- data4 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076
- data4 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d
- data4 0x000000fa, 0x00000059, 0x00000047, 0x000000f0
- data4 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af
- data4 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0
- data4 0x000000b7, 0x000000fd, 0x00000093, 0x00000026
- data4 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc
- data4 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1
- data4 0x00000071, 0x000000d8, 0x00000031, 0x00000015
- data4 0x00000004, 0x000000c7, 0x00000023, 0x000000c3
- data4 0x00000018, 0x00000096, 0x00000005, 0x0000009a
- data4 0x00000007, 0x00000012, 0x00000080, 0x000000e2
- data4 0x000000eb, 0x00000027, 0x000000b2, 0x00000075
- data4 0x00000009, 0x00000083, 0x0000002c, 0x0000001a
- data4 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0
- data4 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3
- data4 0x00000029, 0x000000e3, 0x0000002f, 0x00000084
- data4 0x00000053, 0x000000d1, 0x00000000, 0x000000ed
- data4 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b
- data4 0x0000006a, 0x000000cb, 0x000000be, 0x00000039
- data4 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf
- data4 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb
- data4 0x00000043, 0x0000004d, 0x00000033, 0x00000085
- data4 0x00000045, 0x000000f9, 0x00000002, 0x0000007f
- data4 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8
- data4 0x00000051, 0x000000a3, 0x00000040, 0x0000008f
- data4 0x00000092, 0x0000009d, 0x00000038, 0x000000f5
- data4 0x000000bc, 0x000000b6, 0x000000da, 0x00000021
- data4 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2
- data4 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec
- data4 0x0000005f, 0x00000097, 0x00000044, 0x00000017
- data4 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d
- data4 0x00000064, 0x0000005d, 0x00000019, 0x00000073
- data4 0x00000060, 0x00000081, 0x0000004f, 0x000000dc
- data4 0x00000022, 0x0000002a, 0x00000090, 0x00000088
- data4 0x00000046, 0x000000ee, 0x000000b8, 0x00000014
- data4 0x000000de, 0x0000005e, 0x0000000b, 0x000000db
- data4 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a
- data4 0x00000049, 0x00000006, 0x00000024, 0x0000005c
- data4 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062
- data4 0x00000091, 0x00000095, 0x000000e4, 0x00000079
- data4 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d
- data4 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9
- data4 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea
- data4 0x00000065, 0x0000007a, 0x000000ae, 0x00000008
- data4 0x000000ba, 0x00000078, 0x00000025, 0x0000002e
- data4 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6
- data4 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f
- data4 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a
- data4 0x00000070, 0x0000003e, 0x000000b5, 0x00000066
- data4 0x00000048, 0x00000003, 0x000000f6, 0x0000000e
- data4 0x00000061, 0x00000035, 0x00000057, 0x000000b9
- data4 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e
- data4 0x000000e1, 0x000000f8, 0x00000098, 0x00000011
- data4 0x00000069, 0x000000d9, 0x0000008e, 0x00000094
- data4 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9
- data4 0x000000ce, 0x00000055, 0x00000028, 0x000000df
- data4 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d
- data4 0x000000bf, 0x000000e6, 0x00000042, 0x00000068
- data4 0x00000041, 0x00000099, 0x0000002d, 0x0000000f
- data4 0x000000b0, 0x00000054, 0x000000bb, 0x00000016
-.size AES_Te#,8*256*4 // HP-UX assembler fails to ".-AES_Te#"
+ data1 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+ data1 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+ data1 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+ data1 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+ data1 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+ data1 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+ data1 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+ data1 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+ data1 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+ data1 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+ data1 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+ data1 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+ data1 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+ data1 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+ data1 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+ data1 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+ data1 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+ data1 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+ data1 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+ data1 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+ data1 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+ data1 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+ data1 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+ data1 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+ data1 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+ data1 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+ data1 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+ data1 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+ data1 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+ data1 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+ data1 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+ data1 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.size AES_Te#,2048+256 // HP-UX assembler fails to ".-AES_Te#"
.align 64
.global AES_Td#
.type AES_Td#,@object
-AES_Td: data4 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
- data4 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
- data4 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
- data4 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
- data4 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
- data4 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
- data4 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
- data4 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
- data4 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
- data4 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
- data4 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
- data4 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
- data4 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
- data4 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
- data4 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
- data4 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
- data4 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
- data4 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
- data4 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
- data4 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
- data4 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
- data4 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
- data4 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
- data4 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
- data4 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
- data4 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
- data4 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
- data4 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
- data4 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
- data4 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
- data4 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
- data4 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
- data4 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
- data4 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
- data4 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
- data4 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
- data4 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
- data4 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
- data4 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
- data4 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
- data4 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
- data4 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
- data4 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
- data4 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
- data4 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
- data4 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
- data4 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
- data4 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
- data4 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
- data4 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
- data4 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
- data4 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
- data4 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
- data4 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
- data4 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
- data4 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
- data4 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
- data4 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
- data4 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
- data4 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
- data4 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
- data4 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
- data4 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
- data4 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
-// Td1:
- data4 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e
- data4 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303
- data4 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c
- data4 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3
- data4 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0
- data4 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9
- data4 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259
- data4 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8
- data4 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971
- data4 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a
- data4 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f
- data4 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b
- data4 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8
- data4 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab
- data4 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708
- data4 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682
- data4 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2
- data4 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe
- data4 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb
- data4 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10
- data4 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd
- data4 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015
- data4 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e
- data4 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee
- data4 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000
- data4 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72
- data4 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39
- data4 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e
- data4 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91
- data4 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a
- data4 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17
- data4 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9
- data4 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60
- data4 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e
- data4 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1
- data4 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611
- data4 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1
- data4 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3
- data4 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964
- data4 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390
- data4 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b
- data4 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf
- data4 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46
- data4 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af
- data4 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512
- data4 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb
- data4 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a
- data4 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8
- data4 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c
- data4 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266
- data4 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8
- data4 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6
- data4 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604
- data4 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551
- data4 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41
- data4 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647
- data4 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c
- data4 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1
- data4 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737
- data4 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db
- data4 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340
- data4 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95
- data4 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1
- data4 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857
-// Td2:
- data4 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27
- data4 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3
- data4 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502
- data4 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562
- data4 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe
- data4 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3
- data4 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552
- data4 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9
- data4 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9
- data4 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce
- data4 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253
- data4 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908
- data4 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b
- data4 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655
- data4 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337
- data4 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16
- data4 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69
- data4 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6
- data4 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6
- data4 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e
- data4 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6
- data4 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050
- data4 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9
- data4 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8
- data4 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000
- data4 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a
- data4 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d
- data4 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436
- data4 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b
- data4 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12
- data4 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b
- data4 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e
- data4 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f
- data4 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb
- data4 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4
- data4 0xdccad731, 0x85104263, 0x22401397, 0x112084c6
- data4 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729
- data4 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1
- data4 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9
- data4 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233
- data4 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4
- data4 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad
- data4 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e
- data4 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3
- data4 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25
- data4 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b
- data4 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f
- data4 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15
- data4 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0
- data4 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2
- data4 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7
- data4 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791
- data4 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496
- data4 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665
- data4 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b
- data4 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6
- data4 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13
- data4 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47
- data4 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7
- data4 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844
- data4 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3
- data4 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d
- data4 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456
- data4 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8
-// Td3:
- data4 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a
- data4 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b
- data4 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5
- data4 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5
- data4 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d
- data4 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b
- data4 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95
- data4 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e
- data4 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27
- data4 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d
- data4 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562
- data4 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9
- data4 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752
- data4 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66
- data4 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3
- data4 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced
- data4 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e
- data4 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4
- data4 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4
- data4 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd
- data4 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d
- data4 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60
- data4 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767
- data4 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79
- data4 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000
- data4 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c
- data4 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736
- data4 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24
- data4 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b
- data4 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c
- data4 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12
- data4 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814
- data4 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3
- data4 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b
- data4 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8
- data4 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084
- data4 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7
- data4 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077
- data4 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247
- data4 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22
- data4 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698
- data4 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f
- data4 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254
- data4 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582
- data4 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf
- data4 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb
- data4 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883
- data4 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef
- data4 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629
- data4 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035
- data4 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533
- data4 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17
- data4 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4
- data4 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46
- data4 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb
- data4 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d
- data4 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb
- data4 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a
- data4 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73
- data4 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678
- data4 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2
- data4 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff
- data4 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064
- data4 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0
+AES_Td: data4 0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
+ data4 0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
+ data4 0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
+ data4 0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
+ data4 0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
+ data4 0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
+ data4 0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
+ data4 0x26354480,0x26354480, 0xb562a38f,0xb562a38f
+ data4 0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
+ data4 0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
+ data4 0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
+ data4 0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
+ data4 0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
+ data4 0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
+ data4 0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
+ data4 0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
+ data4 0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
+ data4 0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
+ data4 0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
+ data4 0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
+ data4 0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
+ data4 0x97513360,0x97513360, 0x62537f45,0x62537f45
+ data4 0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
+ data4 0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
+ data4 0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
+ data4 0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
+ data4 0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
+ data4 0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
+ data4 0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
+ data4 0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
+ data4 0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
+ data4 0x02036aba,0x02036aba, 0xed16825c,0xed16825c
+ data4 0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
+ data4 0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
+ data4 0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
+ data4 0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
+ data4 0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
+ data4 0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
+ data4 0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
+ data4 0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
+ data4 0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
+ data4 0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
+ data4 0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
+ data4 0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
+ data4 0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
+ data4 0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
+ data4 0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
+ data4 0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
+ data4 0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
+ data4 0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
+ data4 0x09808683,0x09808683, 0x322bed48,0x322bed48
+ data4 0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
+ data4 0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
+ data4 0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
+ data4 0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
+ data4 0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
+ data4 0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
+ data4 0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
+ data4 0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
+ data4 0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
+ data4 0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
+ data4 0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
+ data4 0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
+ data4 0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
+ data4 0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
+ data4 0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
+ data4 0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
+ data4 0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
+ data4 0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
+ data4 0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
+ data4 0xd731dcca,0xd731dcca, 0x42638510,0x42638510
+ data4 0x13972240,0x13972240, 0x84c61120,0x84c61120
+ data4 0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
+ data4 0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
+ data4 0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
+ data4 0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
+ data4 0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
+ data4 0x119448fa,0x119448fa, 0x47e96422,0x47e96422
+ data4 0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
+ data4 0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
+ data4 0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
+ data4 0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
+ data4 0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
+ data4 0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
+ data4 0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
+ data4 0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
+ data4 0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
+ data4 0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
+ data4 0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
+ data4 0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
+ data4 0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
+ data4 0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
+ data4 0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
+ data4 0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
+ data4 0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
+ data4 0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
+ data4 0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
+ data4 0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
+ data4 0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
+ data4 0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
+ data4 0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
+ data4 0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
+ data4 0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
+ data4 0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
+ data4 0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
+ data4 0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
+ data4 0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
+ data4 0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
+ data4 0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
+ data4 0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
+ data4 0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
+ data4 0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
+ data4 0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
+ data4 0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
+ data4 0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
+ data4 0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
+ data4 0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
+ data4 0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
+ data4 0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
+ data4 0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
+ data4 0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
+ data4 0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
+ data4 0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
+ data4 0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
+ data4 0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
+ data4 0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
+ data4 0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
+ data4 0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
// Td4:
- data4 0x52000000, 0x09000000, 0x6a000000, 0xd5000000
- data4 0x30000000, 0x36000000, 0xa5000000, 0x38000000
- data4 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000
- data4 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000
- data4 0x7c000000, 0xe3000000, 0x39000000, 0x82000000
- data4 0x9b000000, 0x2f000000, 0xff000000, 0x87000000
- data4 0x34000000, 0x8e000000, 0x43000000, 0x44000000
- data4 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000
- data4 0x54000000, 0x7b000000, 0x94000000, 0x32000000
- data4 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000
- data4 0xee000000, 0x4c000000, 0x95000000, 0x0b000000
- data4 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000
- data4 0x08000000, 0x2e000000, 0xa1000000, 0x66000000
- data4 0x28000000, 0xd9000000, 0x24000000, 0xb2000000
- data4 0x76000000, 0x5b000000, 0xa2000000, 0x49000000
- data4 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000
- data4 0x72000000, 0xf8000000, 0xf6000000, 0x64000000
- data4 0x86000000, 0x68000000, 0x98000000, 0x16000000
- data4 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000
- data4 0x5d000000, 0x65000000, 0xb6000000, 0x92000000
- data4 0x6c000000, 0x70000000, 0x48000000, 0x50000000
- data4 0xfd000000, 0xed000000, 0xb9000000, 0xda000000
- data4 0x5e000000, 0x15000000, 0x46000000, 0x57000000
- data4 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000
- data4 0x90000000, 0xd8000000, 0xab000000, 0x00000000
- data4 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000
- data4 0xf7000000, 0xe4000000, 0x58000000, 0x05000000
- data4 0xb8000000, 0xb3000000, 0x45000000, 0x06000000
- data4 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000
- data4 0xca000000, 0x3f000000, 0x0f000000, 0x02000000
- data4 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000
- data4 0x01000000, 0x13000000, 0x8a000000, 0x6b000000
- data4 0x3a000000, 0x91000000, 0x11000000, 0x41000000
- data4 0x4f000000, 0x67000000, 0xdc000000, 0xea000000
- data4 0x97000000, 0xf2000000, 0xcf000000, 0xce000000
- data4 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000
- data4 0x96000000, 0xac000000, 0x74000000, 0x22000000
- data4 0xe7000000, 0xad000000, 0x35000000, 0x85000000
- data4 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000
- data4 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000
- data4 0x47000000, 0xf1000000, 0x1a000000, 0x71000000
- data4 0x1d000000, 0x29000000, 0xc5000000, 0x89000000
- data4 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000
- data4 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000
- data4 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000
- data4 0xc6000000, 0xd2000000, 0x79000000, 0x20000000
- data4 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000
- data4 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000
- data4 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000
- data4 0x88000000, 0x07000000, 0xc7000000, 0x31000000
- data4 0xb1000000, 0x12000000, 0x10000000, 0x59000000
- data4 0x27000000, 0x80000000, 0xec000000, 0x5f000000
- data4 0x60000000, 0x51000000, 0x7f000000, 0xa9000000
- data4 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000
- data4 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000
- data4 0x93000000, 0xc9000000, 0x9c000000, 0xef000000
- data4 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000
- data4 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000
- data4 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000
- data4 0x83000000, 0x53000000, 0x99000000, 0x61000000
- data4 0x17000000, 0x2b000000, 0x04000000, 0x7e000000
- data4 0xba000000, 0x77000000, 0xd6000000, 0x26000000
- data4 0xe1000000, 0x69000000, 0x14000000, 0x63000000
- data4 0x55000000, 0x21000000, 0x0c000000, 0x7d000000
-// Td5:
- data4 0x00520000, 0x00090000, 0x006a0000, 0x00d50000
- data4 0x00300000, 0x00360000, 0x00a50000, 0x00380000
- data4 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000
- data4 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000
- data4 0x007c0000, 0x00e30000, 0x00390000, 0x00820000
- data4 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000
- data4 0x00340000, 0x008e0000, 0x00430000, 0x00440000
- data4 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000
- data4 0x00540000, 0x007b0000, 0x00940000, 0x00320000
- data4 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000
- data4 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000
- data4 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000
- data4 0x00080000, 0x002e0000, 0x00a10000, 0x00660000
- data4 0x00280000, 0x00d90000, 0x00240000, 0x00b20000
- data4 0x00760000, 0x005b0000, 0x00a20000, 0x00490000
- data4 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000
- data4 0x00720000, 0x00f80000, 0x00f60000, 0x00640000
- data4 0x00860000, 0x00680000, 0x00980000, 0x00160000
- data4 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000
- data4 0x005d0000, 0x00650000, 0x00b60000, 0x00920000
- data4 0x006c0000, 0x00700000, 0x00480000, 0x00500000
- data4 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000
- data4 0x005e0000, 0x00150000, 0x00460000, 0x00570000
- data4 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000
- data4 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000
- data4 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000
- data4 0x00f70000, 0x00e40000, 0x00580000, 0x00050000
- data4 0x00b80000, 0x00b30000, 0x00450000, 0x00060000
- data4 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000
- data4 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000
- data4 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000
- data4 0x00010000, 0x00130000, 0x008a0000, 0x006b0000
- data4 0x003a0000, 0x00910000, 0x00110000, 0x00410000
- data4 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000
- data4 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000
- data4 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000
- data4 0x00960000, 0x00ac0000, 0x00740000, 0x00220000
- data4 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000
- data4 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000
- data4 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000
- data4 0x00470000, 0x00f10000, 0x001a0000, 0x00710000
- data4 0x001d0000, 0x00290000, 0x00c50000, 0x00890000
- data4 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000
- data4 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000
- data4 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000
- data4 0x00c60000, 0x00d20000, 0x00790000, 0x00200000
- data4 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000
- data4 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000
- data4 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000
- data4 0x00880000, 0x00070000, 0x00c70000, 0x00310000
- data4 0x00b10000, 0x00120000, 0x00100000, 0x00590000
- data4 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000
- data4 0x00600000, 0x00510000, 0x007f0000, 0x00a90000
- data4 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000
- data4 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000
- data4 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000
- data4 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000
- data4 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000
- data4 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000
- data4 0x00830000, 0x00530000, 0x00990000, 0x00610000
- data4 0x00170000, 0x002b0000, 0x00040000, 0x007e0000
- data4 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000
- data4 0x00e10000, 0x00690000, 0x00140000, 0x00630000
- data4 0x00550000, 0x00210000, 0x000c0000, 0x007d0000
-// Td6:
- data4 0x00005200, 0x00000900, 0x00006a00, 0x0000d500
- data4 0x00003000, 0x00003600, 0x0000a500, 0x00003800
- data4 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00
- data4 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00
- data4 0x00007c00, 0x0000e300, 0x00003900, 0x00008200
- data4 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700
- data4 0x00003400, 0x00008e00, 0x00004300, 0x00004400
- data4 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00
- data4 0x00005400, 0x00007b00, 0x00009400, 0x00003200
- data4 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00
- data4 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00
- data4 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00
- data4 0x00000800, 0x00002e00, 0x0000a100, 0x00006600
- data4 0x00002800, 0x0000d900, 0x00002400, 0x0000b200
- data4 0x00007600, 0x00005b00, 0x0000a200, 0x00004900
- data4 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500
- data4 0x00007200, 0x0000f800, 0x0000f600, 0x00006400
- data4 0x00008600, 0x00006800, 0x00009800, 0x00001600
- data4 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00
- data4 0x00005d00, 0x00006500, 0x0000b600, 0x00009200
- data4 0x00006c00, 0x00007000, 0x00004800, 0x00005000
- data4 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00
- data4 0x00005e00, 0x00001500, 0x00004600, 0x00005700
- data4 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400
- data4 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000
- data4 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00
- data4 0x0000f700, 0x0000e400, 0x00005800, 0x00000500
- data4 0x0000b800, 0x0000b300, 0x00004500, 0x00000600
- data4 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00
- data4 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200
- data4 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300
- data4 0x00000100, 0x00001300, 0x00008a00, 0x00006b00
- data4 0x00003a00, 0x00009100, 0x00001100, 0x00004100
- data4 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00
- data4 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00
- data4 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300
- data4 0x00009600, 0x0000ac00, 0x00007400, 0x00002200
- data4 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500
- data4 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800
- data4 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00
- data4 0x00004700, 0x0000f100, 0x00001a00, 0x00007100
- data4 0x00001d00, 0x00002900, 0x0000c500, 0x00008900
- data4 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00
- data4 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00
- data4 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00
- data4 0x0000c600, 0x0000d200, 0x00007900, 0x00002000
- data4 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00
- data4 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400
- data4 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300
- data4 0x00008800, 0x00000700, 0x0000c700, 0x00003100
- data4 0x0000b100, 0x00001200, 0x00001000, 0x00005900
- data4 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00
- data4 0x00006000, 0x00005100, 0x00007f00, 0x0000a900
- data4 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00
- data4 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00
- data4 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00
- data4 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00
- data4 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000
- data4 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00
- data4 0x00008300, 0x00005300, 0x00009900, 0x00006100
- data4 0x00001700, 0x00002b00, 0x00000400, 0x00007e00
- data4 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600
- data4 0x0000e100, 0x00006900, 0x00001400, 0x00006300
- data4 0x00005500, 0x00002100, 0x00000c00, 0x00007d00
-// Td7:
- data4 0x00000052, 0x00000009, 0x0000006a, 0x000000d5
- data4 0x00000030, 0x00000036, 0x000000a5, 0x00000038
- data4 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e
- data4 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb
- data4 0x0000007c, 0x000000e3, 0x00000039, 0x00000082
- data4 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087
- data4 0x00000034, 0x0000008e, 0x00000043, 0x00000044
- data4 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb
- data4 0x00000054, 0x0000007b, 0x00000094, 0x00000032
- data4 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d
- data4 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b
- data4 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e
- data4 0x00000008, 0x0000002e, 0x000000a1, 0x00000066
- data4 0x00000028, 0x000000d9, 0x00000024, 0x000000b2
- data4 0x00000076, 0x0000005b, 0x000000a2, 0x00000049
- data4 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025
- data4 0x00000072, 0x000000f8, 0x000000f6, 0x00000064
- data4 0x00000086, 0x00000068, 0x00000098, 0x00000016
- data4 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc
- data4 0x0000005d, 0x00000065, 0x000000b6, 0x00000092
- data4 0x0000006c, 0x00000070, 0x00000048, 0x00000050
- data4 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da
- data4 0x0000005e, 0x00000015, 0x00000046, 0x00000057
- data4 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084
- data4 0x00000090, 0x000000d8, 0x000000ab, 0x00000000
- data4 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a
- data4 0x000000f7, 0x000000e4, 0x00000058, 0x00000005
- data4 0x000000b8, 0x000000b3, 0x00000045, 0x00000006
- data4 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f
- data4 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002
- data4 0x000000c1, 0x000000af, 0x000000bd, 0x00000003
- data4 0x00000001, 0x00000013, 0x0000008a, 0x0000006b
- data4 0x0000003a, 0x00000091, 0x00000011, 0x00000041
- data4 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea
- data4 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce
- data4 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073
- data4 0x00000096, 0x000000ac, 0x00000074, 0x00000022
- data4 0x000000e7, 0x000000ad, 0x00000035, 0x00000085
- data4 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8
- data4 0x0000001c, 0x00000075, 0x000000df, 0x0000006e
- data4 0x00000047, 0x000000f1, 0x0000001a, 0x00000071
- data4 0x0000001d, 0x00000029, 0x000000c5, 0x00000089
- data4 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e
- data4 0x000000aa, 0x00000018, 0x000000be, 0x0000001b
- data4 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b
- data4 0x000000c6, 0x000000d2, 0x00000079, 0x00000020
- data4 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe
- data4 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4
- data4 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033
- data4 0x00000088, 0x00000007, 0x000000c7, 0x00000031
- data4 0x000000b1, 0x00000012, 0x00000010, 0x00000059
- data4 0x00000027, 0x00000080, 0x000000ec, 0x0000005f
- data4 0x00000060, 0x00000051, 0x0000007f, 0x000000a9
- data4 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d
- data4 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f
- data4 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef
- data4 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d
- data4 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0
- data4 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c
- data4 0x00000083, 0x00000053, 0x00000099, 0x00000061
- data4 0x00000017, 0x0000002b, 0x00000004, 0x0000007e
- data4 0x000000ba, 0x00000077, 0x000000d6, 0x00000026
- data4 0x000000e1, 0x00000069, 0x00000014, 0x00000063
- data4 0x00000055, 0x00000021, 0x0000000c, 0x0000007d
-.size AES_Td#,8*256*4 // HP-UX assembler fails to ".-AES_Td#"
+ data1 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+ data1 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+ data1 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+ data1 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+ data1 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+ data1 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+ data1 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+ data1 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+ data1 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+ data1 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+ data1 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+ data1 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+ data1 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+ data1 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+ data1 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+ data1 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+ data1 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+ data1 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+ data1 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+ data1 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+ data1 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+ data1 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+ data1 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+ data1 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+ data1 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+ data1 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+ data1 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+ data1 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+ data1 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+ data1 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+ data1 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+ data1 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size AES_Td#,2048+256 // HP-UX assembler fails to ".-AES_Td#"
diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
new file mode 100644
index 0000000000..c36b6a2270
--- /dev/null
+++ b/crypto/aes/asm/aes-parisc.pl
@@ -0,0 +1,1021 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for PA-RISC.
+#
+# June 2009.
+#
+# The module is mechanical transliteration of aes-sparcv9.pl, but with
+# a twist: S-boxes are compressed even further down to 1K+256B. On
+# PA-7100LC performance is ~40% better than gcc 3.2 generated code and
+# is about 33 cycles per byte processed with 128-bit key. Newer CPUs
+# perform at 16 cycles per byte. It's not faster than code generated
+# by vendor compiler, but recall that it has compressed S-boxes, which
+# requires extra processing.
+#
+# Special thanks to polarhome.com for providing HP-UX account.
+
+$flavour = shift;
+$output = shift;
+open STDOUT,">$output";
+
+if ($flavour =~ /64/) {
+ $LEVEL ="2.0W";
+ $SIZE_T =8;
+ $FRAME_MARKER =80;
+ $SAVED_RP =16;
+ $PUSH ="std";
+ $PUSHMA ="std,ma";
+ $POP ="ldd";
+ $POPMB ="ldd,mb";
+} else {
+ $LEVEL ="1.0";
+ $SIZE_T =4;
+ $FRAME_MARKER =48;
+ $SAVED_RP =20;
+ $PUSH ="stw";
+ $PUSHMA ="stwm";
+ $POP ="ldw";
+ $POPMB ="ldwm";
+}
+
+$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker
+ # [+ argument transfer]
+$inp="%r26"; # arg0
+$out="%r25"; # arg1
+$key="%r24"; # arg2
+
+($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4");
+($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8");
+
+($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7,
+ $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) =
+("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16",
+"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26");
+
+$tbl="%r28";
+$rounds="%r29";
+
+$code=<<___;
+ .LEVEL $LEVEL
+ .SPACE \$TEXT\$
+ .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
+
+ .EXPORT AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+ .ALIGN 64
+AES_encrypt
+ .PROC
+ .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+ .ENTRY
+ $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue
+ $PUSHMA %r3,$FRAME(%sp)
+ $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp)
+ $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp)
+ $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp)
+ $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp)
+ $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp)
+ $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp)
+ $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp)
+ $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp)
+ $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp)
+ $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp)
+ $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp)
+ $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp)
+ $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp)
+ $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp)
+ $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+ blr %r0,$tbl
+ ldi 3,$t0
+L\$enc_pic
+ andcm $tbl,$t0,$tbl
+ ldo L\$AES_Te-L\$enc_pic($tbl),$tbl
+
+ and $inp,$t0,$t0
+ sub $inp,$t0,$inp
+ ldw 0($inp),$s0
+ ldw 4($inp),$s1
+ ldw 8($inp),$s2
+ comib,= 0,$t0,L\$enc_inp_aligned
+ ldw 12($inp),$s3
+
+ sh3addl $t0,%r0,$t0
+ subi 32,$t0,$t0
+ mtctl $t0,%cr11
+ ldw 16($inp),$t1
+ vshd $s0,$s1,$s0
+ vshd $s1,$s2,$s1
+ vshd $s2,$s3,$s2
+ vshd $s3,$t1,$s3
+
+L\$enc_inp_aligned
+ bl _parisc_AES_encrypt,%r31
+ nop
+
+ extru,<> $out,31,2,%r0
+ b L\$enc_out_aligned
+ nop
+
+ _srm $s0,24,$acc0
+ _srm $s0,16,$acc1
+ stb $acc0,0($out)
+ _srm $s0,8,$acc2
+ stb $acc1,1($out)
+ _srm $s1,24,$acc4
+ stb $acc2,2($out)
+ _srm $s1,16,$acc5
+ stb $s0,3($out)
+ _srm $s1,8,$acc6
+ stb $acc4,4($out)
+ _srm $s2,24,$acc0
+ stb $acc5,5($out)
+ _srm $s2,16,$acc1
+ stb $acc6,6($out)
+ _srm $s2,8,$acc2
+ stb $s1,7($out)
+ _srm $s3,24,$acc4
+ stb $acc0,8($out)
+ _srm $s3,16,$acc5
+ stb $acc1,9($out)
+ _srm $s3,8,$acc6
+ stb $acc2,10($out)
+ stb $s2,11($out)
+ stb $acc4,12($out)
+ stb $acc5,13($out)
+ stb $acc6,14($out)
+ b L\$enc_done
+ stb $s3,15($out)
+
+L\$enc_out_aligned
+ stw $s0,0($out)
+ stw $s1,4($out)
+ stw $s2,8($out)
+ stw $s3,12($out)
+
+L\$enc_done
+ $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue
+ $POP `-$FRAME+1*$SIZE_T`(%sp),%r4
+ $POP `-$FRAME+2*$SIZE_T`(%sp),%r5
+ $POP `-$FRAME+3*$SIZE_T`(%sp),%r6
+ $POP `-$FRAME+4*$SIZE_T`(%sp),%r7
+ $POP `-$FRAME+5*$SIZE_T`(%sp),%r8
+ $POP `-$FRAME+6*$SIZE_T`(%sp),%r9
+ $POP `-$FRAME+7*$SIZE_T`(%sp),%r10
+ $POP `-$FRAME+8*$SIZE_T`(%sp),%r11
+ $POP `-$FRAME+9*$SIZE_T`(%sp),%r12
+ $POP `-$FRAME+10*$SIZE_T`(%sp),%r13
+ $POP `-$FRAME+11*$SIZE_T`(%sp),%r14
+ $POP `-$FRAME+12*$SIZE_T`(%sp),%r15
+ $POP `-$FRAME+13*$SIZE_T`(%sp),%r16
+ $POP `-$FRAME+14*$SIZE_T`(%sp),%r17
+ $POP `-$FRAME+15*$SIZE_T`(%sp),%r18
+ bv (%r2)
+ .EXIT
+ $POPMB -$FRAME(%sp),%r3
+ .PROCEND
+
+ .ALIGN 16
+_parisc_AES_encrypt
+ .PROC
+ .CALLINFO MILLICODE
+ .ENTRY
+ ldw 240($key),$rounds
+ ldw 0($key),$t0
+ ldw 4($key),$t1
+ ldw 8($key),$t2
+ _srm $rounds,1,$rounds
+ xor $t0,$s0,$s0
+ ldw 12($key),$t3
+ _srm $s0,24,$acc0
+ xor $t1,$s1,$s1
+ ldw 16($key),$t0
+ _srm $s1,16,$acc1
+ xor $t2,$s2,$s2
+ ldw 20($key),$t1
+ xor $t3,$s3,$s3
+ ldw 24($key),$t2
+ ldw 28($key),$t3
+L\$enc_loop
+ _srm $s2,8,$acc2
+ ldwx,s $acc0($tbl),$acc0
+ _srm $s3,0,$acc3
+ ldwx,s $acc1($tbl),$acc1
+ _srm $s1,24,$acc4
+ ldwx,s $acc2($tbl),$acc2
+ _srm $s2,16,$acc5
+ ldwx,s $acc3($tbl),$acc3
+ _srm $s3,8,$acc6
+ ldwx,s $acc4($tbl),$acc4
+ _srm $s0,0,$acc7
+ ldwx,s $acc5($tbl),$acc5
+ _srm $s2,24,$acc8
+ ldwx,s $acc6($tbl),$acc6
+ _srm $s3,16,$acc9
+ ldwx,s $acc7($tbl),$acc7
+ _srm $s0,8,$acc10
+ ldwx,s $acc8($tbl),$acc8
+ _srm $s1,0,$acc11
+ ldwx,s $acc9($tbl),$acc9
+ _srm $s3,24,$acc12
+ ldwx,s $acc10($tbl),$acc10
+ _srm $s0,16,$acc13
+ ldwx,s $acc11($tbl),$acc11
+ _srm $s1,8,$acc14
+ ldwx,s $acc12($tbl),$acc12
+ _srm $s2,0,$acc15
+ ldwx,s $acc13($tbl),$acc13
+ ldwx,s $acc14($tbl),$acc14
+ ldwx,s $acc15($tbl),$acc15
+ addib,= -1,$rounds,L\$enc_last
+ ldo 32($key),$key
+
+ _ror $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ldw 0($key),$s0
+ _ror $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ldw 4($key),$s1
+ _ror $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ldw 8($key),$s2
+ _ror $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ldw 12($key),$s3
+ _ror $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ _ror $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ _ror $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ _ror $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ _ror $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ _ror $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ _ror $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ _ror $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ _srm $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ _srm $t1,16,$acc1
+ xor $acc15,$t3,$t3
+
+ _srm $t2,8,$acc2
+ ldwx,s $acc0($tbl),$acc0
+ _srm $t3,0,$acc3
+ ldwx,s $acc1($tbl),$acc1
+ _srm $t1,24,$acc4
+ ldwx,s $acc2($tbl),$acc2
+ _srm $t2,16,$acc5
+ ldwx,s $acc3($tbl),$acc3
+ _srm $t3,8,$acc6
+ ldwx,s $acc4($tbl),$acc4
+ _srm $t0,0,$acc7
+ ldwx,s $acc5($tbl),$acc5
+ _srm $t2,24,$acc8
+ ldwx,s $acc6($tbl),$acc6
+ _srm $t3,16,$acc9
+ ldwx,s $acc7($tbl),$acc7
+ _srm $t0,8,$acc10
+ ldwx,s $acc8($tbl),$acc8
+ _srm $t1,0,$acc11
+ ldwx,s $acc9($tbl),$acc9
+ _srm $t3,24,$acc12
+ ldwx,s $acc10($tbl),$acc10
+ _srm $t0,16,$acc13
+ ldwx,s $acc11($tbl),$acc11
+ _srm $t1,8,$acc14
+ ldwx,s $acc12($tbl),$acc12
+ _srm $t2,0,$acc15
+ ldwx,s $acc13($tbl),$acc13
+ _ror $acc1,8,$acc1
+ ldwx,s $acc14($tbl),$acc14
+
+ _ror $acc2,16,$acc2
+ xor $acc0,$s0,$s0
+ ldwx,s $acc15($tbl),$acc15
+ _ror $acc3,24,$acc3
+ xor $acc1,$s0,$s0
+ ldw 16($key),$t0
+ _ror $acc5,8,$acc5
+ xor $acc2,$s0,$s0
+ ldw 20($key),$t1
+ _ror $acc6,16,$acc6
+ xor $acc3,$s0,$s0
+ ldw 24($key),$t2
+ _ror $acc7,24,$acc7
+ xor $acc4,$s1,$s1
+ ldw 28($key),$t3
+ _ror $acc9,8,$acc9
+ xor $acc5,$s1,$s1
+ ldw 1024+0($tbl),%r0 ; prefetch te4
+ _ror $acc10,16,$acc10
+ xor $acc6,$s1,$s1
+ ldw 1024+32($tbl),%r0 ; prefetch te4
+ _ror $acc11,24,$acc11
+ xor $acc7,$s1,$s1
+ ldw 1024+64($tbl),%r0 ; prefetch te4
+ _ror $acc13,8,$acc13
+ xor $acc8,$s2,$s2
+ ldw 1024+96($tbl),%r0 ; prefetch te4
+ _ror $acc14,16,$acc14
+ xor $acc9,$s2,$s2
+ ldw 1024+128($tbl),%r0 ; prefetch te4
+ _ror $acc15,24,$acc15
+ xor $acc10,$s2,$s2
+ ldw 1024+160($tbl),%r0 ; prefetch te4
+ _srm $s0,24,$acc0
+ xor $acc11,$s2,$s2
+ ldw 1024+192($tbl),%r0 ; prefetch te4
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ ldw 1024+224($tbl),%r0 ; prefetch te4
+ _srm $s1,16,$acc1
+ xor $acc14,$s3,$s3
+ b L\$enc_loop
+ xor $acc15,$s3,$s3
+
+ .ALIGN 16
+L\$enc_last
+ ldo 1024($tbl),$rounds
+ _ror $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ldw 0($key),$s0
+ _ror $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ldw 4($key),$s1
+ _ror $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ldw 8($key),$s2
+ _ror $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ldw 12($key),$s3
+ _ror $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ _ror $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ _ror $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ _ror $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ _ror $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ _ror $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ _ror $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ _ror $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ _srm $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ _srm $t1,16,$acc1
+ xor $acc15,$t3,$t3
+
+ _srm $t2,8,$acc2
+ ldbx $acc0($rounds),$acc0
+ _srm $t1,24,$acc4
+ ldbx $acc1($rounds),$acc1
+ _srm $t2,16,$acc5
+ _srm $t3,0,$acc3
+ ldbx $acc2($rounds),$acc2
+ ldbx $acc3($rounds),$acc3
+ _srm $t3,8,$acc6
+ ldbx $acc4($rounds),$acc4
+ _srm $t2,24,$acc8
+ ldbx $acc5($rounds),$acc5
+ _srm $t3,16,$acc9
+ _srm $t0,0,$acc7
+ ldbx $acc6($rounds),$acc6
+ ldbx $acc7($rounds),$acc7
+ _srm $t0,8,$acc10
+ ldbx $acc8($rounds),$acc8
+ _srm $t3,24,$acc12
+ ldbx $acc9($rounds),$acc9
+ _srm $t0,16,$acc13
+ _srm $t1,0,$acc11
+ ldbx $acc10($rounds),$acc10
+ _srm $t1,8,$acc14
+ ldbx $acc11($rounds),$acc11
+ ldbx $acc12($rounds),$acc12
+ ldbx $acc13($rounds),$acc13
+ _srm $t2,0,$acc15
+ ldbx $acc14($rounds),$acc14
+
+ dep $acc0,7,8,$acc3
+ ldbx $acc15($rounds),$acc15
+ dep $acc4,7,8,$acc7
+ dep $acc1,15,8,$acc3
+ dep $acc5,15,8,$acc7
+ dep $acc2,23,8,$acc3
+ dep $acc6,23,8,$acc7
+ xor $acc3,$s0,$s0
+ xor $acc7,$s1,$s1
+ dep $acc8,7,8,$acc11
+ dep $acc12,7,8,$acc15
+ dep $acc9,15,8,$acc11
+ dep $acc13,15,8,$acc15
+ dep $acc10,23,8,$acc11
+ dep $acc14,23,8,$acc15
+ xor $acc11,$s2,$s2
+
+ bv (%r31)
+ .EXIT
+ xor $acc15,$s3,$s3
+ .PROCEND
+
+ .ALIGN 64
+L\$AES_Te
+ .WORD 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
+ .WORD 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
+ .WORD 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
+ .WORD 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
+ .WORD 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
+ .WORD 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
+ .WORD 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
+ .WORD 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
+ .WORD 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
+ .WORD 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
+ .WORD 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
+ .WORD 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
+ .WORD 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
+ .WORD 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
+ .WORD 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
+ .WORD 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
+ .WORD 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
+ .WORD 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
+ .WORD 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
+ .WORD 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
+ .WORD 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
+ .WORD 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
+ .WORD 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
+ .WORD 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
+ .WORD 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
+ .WORD 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
+ .WORD 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
+ .WORD 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
+ .WORD 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
+ .WORD 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
+ .WORD 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
+ .WORD 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
+ .WORD 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
+ .WORD 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
+ .WORD 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
+ .WORD 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
+ .WORD 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
+ .WORD 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
+ .WORD 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
+ .WORD 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
+ .WORD 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
+ .WORD 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
+ .WORD 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
+ .WORD 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
+ .WORD 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
+ .WORD 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
+ .WORD 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
+ .WORD 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
+ .WORD 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
+ .WORD 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
+ .WORD 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
+ .WORD 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
+ .WORD 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
+ .WORD 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
+ .WORD 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
+ .WORD 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
+ .WORD 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
+ .WORD 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
+ .WORD 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
+ .WORD 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
+ .WORD 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
+ .WORD 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
+ .WORD 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
+ .WORD 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
+ .BYTE 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+ .BYTE 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+ .BYTE 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+ .BYTE 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+ .BYTE 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+ .BYTE 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+ .BYTE 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+ .BYTE 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+ .BYTE 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+ .BYTE 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+ .BYTE 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+ .BYTE 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+ .BYTE 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+ .BYTE 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+ .BYTE 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+ .BYTE 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+ .BYTE 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+ .BYTE 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+ .BYTE 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+ .BYTE 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+ .BYTE 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+ .BYTE 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+ .BYTE 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+ .BYTE 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+ .BYTE 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+ .BYTE 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+ .BYTE 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+ .BYTE 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+ .BYTE 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+ .BYTE 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+ .BYTE 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+ .BYTE 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+
+$code.=<<___;
+ .EXPORT AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR
+ .ALIGN 16
+AES_decrypt
+ .PROC
+ .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18
+ .ENTRY
+ $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue
+ $PUSHMA %r3,$FRAME(%sp)
+ $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp)
+ $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp)
+ $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp)
+ $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp)
+ $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp)
+ $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp)
+ $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp)
+ $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp)
+ $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp)
+ $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp)
+ $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp)
+ $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp)
+ $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp)
+ $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp)
+ $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp)
+
+ blr %r0,$tbl
+ ldi 3,$t0
+L\$dec_pic
+ andcm $tbl,$t0,$tbl
+ ldo L\$AES_Td-L\$dec_pic($tbl),$tbl
+
+ and $inp,$t0,$t0
+ sub $inp,$t0,$inp
+ ldw 0($inp),$s0
+ ldw 4($inp),$s1
+ ldw 8($inp),$s2
+ comib,= 0,$t0,L\$dec_inp_aligned
+ ldw 12($inp),$s3
+
+ sh3addl $t0,%r0,$t0
+ subi 32,$t0,$t0
+ mtctl $t0,%cr11
+ ldw 16($inp),$t1
+ vshd $s0,$s1,$s0
+ vshd $s1,$s2,$s1
+ vshd $s2,$s3,$s2
+ vshd $s3,$t1,$s3
+
+L\$dec_inp_aligned
+ bl _parisc_AES_decrypt,%r31
+ nop
+
+ extru,<> $out,31,2,%r0
+ b L\$dec_out_aligned
+ nop
+
+ _srm $s0,24,$acc0
+ _srm $s0,16,$acc1
+ stb $acc0,0($out)
+ _srm $s0,8,$acc2
+ stb $acc1,1($out)
+ _srm $s1,24,$acc4
+ stb $acc2,2($out)
+ _srm $s1,16,$acc5
+ stb $s0,3($out)
+ _srm $s1,8,$acc6
+ stb $acc4,4($out)
+ _srm $s2,24,$acc0
+ stb $acc5,5($out)
+ _srm $s2,16,$acc1
+ stb $acc6,6($out)
+ _srm $s2,8,$acc2
+ stb $s1,7($out)
+ _srm $s3,24,$acc4
+ stb $acc0,8($out)
+ _srm $s3,16,$acc5
+ stb $acc1,9($out)
+ _srm $s3,8,$acc6
+ stb $acc2,10($out)
+ stb $s2,11($out)
+ stb $acc4,12($out)
+ stb $acc5,13($out)
+ stb $acc6,14($out)
+ b L\$dec_done
+ stb $s3,15($out)
+
+L\$dec_out_aligned
+ stw $s0,0($out)
+ stw $s1,4($out)
+ stw $s2,8($out)
+ stw $s3,12($out)
+
+L\$dec_done
+ $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue
+ $POP `-$FRAME+1*$SIZE_T`(%sp),%r4
+ $POP `-$FRAME+2*$SIZE_T`(%sp),%r5
+ $POP `-$FRAME+3*$SIZE_T`(%sp),%r6
+ $POP `-$FRAME+4*$SIZE_T`(%sp),%r7
+ $POP `-$FRAME+5*$SIZE_T`(%sp),%r8
+ $POP `-$FRAME+6*$SIZE_T`(%sp),%r9
+ $POP `-$FRAME+7*$SIZE_T`(%sp),%r10
+ $POP `-$FRAME+8*$SIZE_T`(%sp),%r11
+ $POP `-$FRAME+9*$SIZE_T`(%sp),%r12
+ $POP `-$FRAME+10*$SIZE_T`(%sp),%r13
+ $POP `-$FRAME+11*$SIZE_T`(%sp),%r14
+ $POP `-$FRAME+12*$SIZE_T`(%sp),%r15
+ $POP `-$FRAME+13*$SIZE_T`(%sp),%r16
+ $POP `-$FRAME+14*$SIZE_T`(%sp),%r17
+ $POP `-$FRAME+15*$SIZE_T`(%sp),%r18
+ bv (%r2)
+ .EXIT
+ $POPMB -$FRAME(%sp),%r3
+ .PROCEND
+
+ .ALIGN 16
+_parisc_AES_decrypt
+ .PROC
+ .CALLINFO MILLICODE
+ .ENTRY
+ ldw 240($key),$rounds
+ ldw 0($key),$t0
+ ldw 4($key),$t1
+ ldw 8($key),$t2
+ ldw 12($key),$t3
+ _srm $rounds,1,$rounds
+ xor $t0,$s0,$s0
+ ldw 16($key),$t0
+ xor $t1,$s1,$s1
+ ldw 20($key),$t1
+ _srm $s0,24,$acc0
+ xor $t2,$s2,$s2
+ ldw 24($key),$t2
+ xor $t3,$s3,$s3
+ ldw 28($key),$t3
+ _srm $s3,16,$acc1
+L\$dec_loop
+ _srm $s2,8,$acc2
+ ldwx,s $acc0($tbl),$acc0
+ _srm $s1,0,$acc3
+ ldwx,s $acc1($tbl),$acc1
+ _srm $s1,24,$acc4
+ ldwx,s $acc2($tbl),$acc2
+ _srm $s0,16,$acc5
+ ldwx,s $acc3($tbl),$acc3
+ _srm $s3,8,$acc6
+ ldwx,s $acc4($tbl),$acc4
+ _srm $s2,0,$acc7
+ ldwx,s $acc5($tbl),$acc5
+ _srm $s2,24,$acc8
+ ldwx,s $acc6($tbl),$acc6
+ _srm $s1,16,$acc9
+ ldwx,s $acc7($tbl),$acc7
+ _srm $s0,8,$acc10
+ ldwx,s $acc8($tbl),$acc8
+ _srm $s3,0,$acc11
+ ldwx,s $acc9($tbl),$acc9
+ _srm $s3,24,$acc12
+ ldwx,s $acc10($tbl),$acc10
+ _srm $s2,16,$acc13
+ ldwx,s $acc11($tbl),$acc11
+ _srm $s1,8,$acc14
+ ldwx,s $acc12($tbl),$acc12
+ _srm $s0,0,$acc15
+ ldwx,s $acc13($tbl),$acc13
+ ldwx,s $acc14($tbl),$acc14
+ ldwx,s $acc15($tbl),$acc15
+ addib,= -1,$rounds,L\$dec_last
+ ldo 32($key),$key
+
+ _ror $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ldw 0($key),$s0
+ _ror $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ldw 4($key),$s1
+ _ror $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ldw 8($key),$s2
+ _ror $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ldw 12($key),$s3
+ _ror $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ _ror $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ _ror $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ _ror $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ _ror $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ _ror $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ _ror $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ _ror $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ _srm $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ xor $acc15,$t3,$t3
+ _srm $t3,16,$acc1
+
+ _srm $t2,8,$acc2
+ ldwx,s $acc0($tbl),$acc0
+ _srm $t1,0,$acc3
+ ldwx,s $acc1($tbl),$acc1
+ _srm $t1,24,$acc4
+ ldwx,s $acc2($tbl),$acc2
+ _srm $t0,16,$acc5
+ ldwx,s $acc3($tbl),$acc3
+ _srm $t3,8,$acc6
+ ldwx,s $acc4($tbl),$acc4
+ _srm $t2,0,$acc7
+ ldwx,s $acc5($tbl),$acc5
+ _srm $t2,24,$acc8
+ ldwx,s $acc6($tbl),$acc6
+ _srm $t1,16,$acc9
+ ldwx,s $acc7($tbl),$acc7
+ _srm $t0,8,$acc10
+ ldwx,s $acc8($tbl),$acc8
+ _srm $t3,0,$acc11
+ ldwx,s $acc9($tbl),$acc9
+ _srm $t3,24,$acc12
+ ldwx,s $acc10($tbl),$acc10
+ _srm $t2,16,$acc13
+ ldwx,s $acc11($tbl),$acc11
+ _srm $t1,8,$acc14
+ ldwx,s $acc12($tbl),$acc12
+ _srm $t0,0,$acc15
+ ldwx,s $acc13($tbl),$acc13
+ _ror $acc1,8,$acc1
+ ldwx,s $acc14($tbl),$acc14
+
+ _ror $acc2,16,$acc2
+ xor $acc0,$s0,$s0
+ ldwx,s $acc15($tbl),$acc15
+ _ror $acc3,24,$acc3
+ xor $acc1,$s0,$s0
+ ldw 16($key),$t0
+ _ror $acc5,8,$acc5
+ xor $acc2,$s0,$s0
+ ldw 20($key),$t1
+ _ror $acc6,16,$acc6
+ xor $acc3,$s0,$s0
+ ldw 24($key),$t2
+ _ror $acc7,24,$acc7
+ xor $acc4,$s1,$s1
+ ldw 28($key),$t3
+ _ror $acc9,8,$acc9
+ xor $acc5,$s1,$s1
+ ldw 1024+0($tbl),%r0 ; prefetch td4
+ _ror $acc10,16,$acc10
+ xor $acc6,$s1,$s1
+ ldw 1024+32($tbl),%r0 ; prefetch td4
+ _ror $acc11,24,$acc11
+ xor $acc7,$s1,$s1
+ ldw 1024+64($tbl),%r0 ; prefetch td4
+ _ror $acc13,8,$acc13
+ xor $acc8,$s2,$s2
+ ldw 1024+96($tbl),%r0 ; prefetch td4
+ _ror $acc14,16,$acc14
+ xor $acc9,$s2,$s2
+ ldw 1024+128($tbl),%r0 ; prefetch td4
+ _ror $acc15,24,$acc15
+ xor $acc10,$s2,$s2
+ ldw 1024+160($tbl),%r0 ; prefetch td4
+ _srm $s0,24,$acc0
+ xor $acc11,$s2,$s2
+ ldw 1024+192($tbl),%r0 ; prefetch td4
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ ldw 1024+224($tbl),%r0 ; prefetch td4
+ xor $acc14,$s3,$s3
+ xor $acc15,$s3,$s3
+ b L\$dec_loop
+ _srm $s3,16,$acc1
+
+ .ALIGN 16
+L\$dec_last
+ ldo 1024($tbl),$rounds
+ _ror $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ldw 0($key),$s0
+ _ror $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ldw 4($key),$s1
+ _ror $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ldw 8($key),$s2
+ _ror $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ldw 12($key),$s3
+ _ror $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ _ror $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ _ror $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ _ror $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ _ror $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ _ror $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ _ror $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ _ror $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ _srm $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ xor $acc15,$t3,$t3
+ _srm $t3,16,$acc1
+
+ _srm $t2,8,$acc2
+ ldbx $acc0($rounds),$acc0
+ _srm $t1,24,$acc4
+ ldbx $acc1($rounds),$acc1
+ _srm $t0,16,$acc5
+ _srm $t1,0,$acc3
+ ldbx $acc2($rounds),$acc2
+ ldbx $acc3($rounds),$acc3
+ _srm $t3,8,$acc6
+ ldbx $acc4($rounds),$acc4
+ _srm $t2,24,$acc8
+ ldbx $acc5($rounds),$acc5
+ _srm $t1,16,$acc9
+ _srm $t2,0,$acc7
+ ldbx $acc6($rounds),$acc6
+ ldbx $acc7($rounds),$acc7
+ _srm $t0,8,$acc10
+ ldbx $acc8($rounds),$acc8
+ _srm $t3,24,$acc12
+ ldbx $acc9($rounds),$acc9
+ _srm $t2,16,$acc13
+ _srm $t3,0,$acc11
+ ldbx $acc10($rounds),$acc10
+ _srm $t1,8,$acc14
+ ldbx $acc11($rounds),$acc11
+ ldbx $acc12($rounds),$acc12
+ ldbx $acc13($rounds),$acc13
+ _srm $t0,0,$acc15
+ ldbx $acc14($rounds),$acc14
+
+ dep $acc0,7,8,$acc3
+ ldbx $acc15($rounds),$acc15
+ dep $acc4,7,8,$acc7
+ dep $acc1,15,8,$acc3
+ dep $acc5,15,8,$acc7
+ dep $acc2,23,8,$acc3
+ dep $acc6,23,8,$acc7
+ xor $acc3,$s0,$s0
+ xor $acc7,$s1,$s1
+ dep $acc8,7,8,$acc11
+ dep $acc12,7,8,$acc15
+ dep $acc9,15,8,$acc11
+ dep $acc13,15,8,$acc15
+ dep $acc10,23,8,$acc11
+ dep $acc14,23,8,$acc15
+ xor $acc11,$s2,$s2
+
+ bv (%r31)
+ .EXIT
+ xor $acc15,$s3,$s3
+ .PROCEND
+
+ .ALIGN 64
+L\$AES_Td
+ .WORD 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
+ .WORD 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
+ .WORD 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
+ .WORD 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
+ .WORD 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
+ .WORD 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
+ .WORD 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
+ .WORD 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
+ .WORD 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
+ .WORD 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
+ .WORD 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
+ .WORD 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
+ .WORD 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
+ .WORD 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
+ .WORD 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
+ .WORD 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
+ .WORD 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
+ .WORD 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
+ .WORD 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
+ .WORD 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
+ .WORD 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
+ .WORD 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
+ .WORD 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
+ .WORD 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
+ .WORD 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
+ .WORD 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
+ .WORD 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
+ .WORD 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
+ .WORD 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
+ .WORD 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
+ .WORD 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
+ .WORD 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
+ .WORD 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
+ .WORD 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
+ .WORD 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
+ .WORD 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
+ .WORD 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
+ .WORD 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
+ .WORD 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
+ .WORD 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
+ .WORD 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
+ .WORD 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
+ .WORD 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
+ .WORD 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
+ .WORD 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
+ .WORD 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
+ .WORD 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
+ .WORD 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
+ .WORD 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
+ .WORD 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
+ .WORD 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
+ .WORD 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
+ .WORD 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
+ .WORD 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
+ .WORD 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
+ .WORD 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
+ .WORD 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
+ .WORD 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
+ .WORD 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
+ .WORD 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
+ .WORD 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
+ .WORD 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
+ .WORD 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
+ .WORD 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
+ .BYTE 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+ .BYTE 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+ .BYTE 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+ .BYTE 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+ .BYTE 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+ .BYTE 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+ .BYTE 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+ .BYTE 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+ .BYTE 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+ .BYTE 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+ .BYTE 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+ .BYTE 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+ .BYTE 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+ .BYTE 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+ .BYTE 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+ .BYTE 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+ .BYTE 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+ .BYTE 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+ .BYTE 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+ .BYTE 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+ .BYTE 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+ .BYTE 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+ .BYTE 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+ .BYTE 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+ .BYTE 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+ .BYTE 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+ .BYTE 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+ .BYTE 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+ .BYTE 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+ .BYTE 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+ .BYTE 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+ .BYTE 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+ .STRINGZ "AES for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+foreach (split("\n",$code)) {
+ s/\`([^\`]*)\`/eval $1/ge;
+
+ # translate made up instructons: _ror, _srm
+ s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/ or
+
+ s/_srm(\s+%r[0-9]+),([0-9]+),/
+ $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2)
+ : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e;
+
+ s/,\*/,/ if ($SIZE_T==4);
+ print $_,"\n";
+}
+close STDOUT;
diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
new file mode 100644
index 0000000000..ce427655ef
--- /dev/null
+++ b/crypto/aes/asm/aes-ppc.pl
@@ -0,0 +1,1176 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# Needs more work: key setup, page boundaries, CBC routine...
+#
+# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
+# 128-bit key, which is ~40% better than 64-bit code generated by gcc
+# 4.0. But these are not the ones currently used! Their "compact"
+# counterparts are, for security reason. ppc_AES_encrypt_compact runs
+# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact -
+# at 1/3 of ppc_AES_decrypt.
+
+$flavour = shift;
+
+if ($flavour =~ /64/) {
+ $SIZE_T =8;
+ $STU ="stdu";
+ $POP ="ld";
+ $PUSH ="std";
+} elsif ($flavour =~ /32/) {
+ $SIZE_T =4;
+ $STU ="stwu";
+ $POP ="lwz";
+ $PUSH ="stw";
+} else { die "nonsense $flavour"; }
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
+
+$FRAME=32*$SIZE_T;
+
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$sp="r1";
+$toc="r2";
+$inp="r3";
+$out="r4";
+$key="r5";
+
+$Tbl0="r3";
+$Tbl1="r6";
+$Tbl2="r7";
+$Tbl3="r2";
+
+$s0="r8";
+$s1="r9";
+$s2="r10";
+$s3="r11";
+
+$t0="r12";
+$t1="r13";
+$t2="r14";
+$t3="r15";
+
+$acc00="r16";
+$acc01="r17";
+$acc02="r18";
+$acc03="r19";
+
+$acc04="r20";
+$acc05="r21";
+$acc06="r22";
+$acc07="r23";
+
+$acc08="r24";
+$acc09="r25";
+$acc10="r26";
+$acc11="r27";
+
+$acc12="r28";
+$acc13="r29";
+$acc14="r30";
+$acc15="r31";
+
+# stay away from TLS pointer
+if ($SIZE_T==8) { die if ($t1 ne "r13"); $t1="r0"; }
+else { die if ($Tbl3 ne "r2"); $Tbl3=$t0; $t0="r0"; }
+$mask80=$Tbl2;
+$mask1b=$Tbl3;
+
+$code.=<<___;
+.machine "any"
+.text
+
+.align 7
+LAES_Te:
+ mflr r0
+ bcl 20,31,\$+4
+ mflr $Tbl0 ; vvvvv "distance" between . and 1st data entry
+ addi $Tbl0,$Tbl0,`128-8`
+ mtlr r0
+ blr
+ .space `32-24`
+LAES_Td:
+ mflr r0
+ bcl 20,31,\$+4
+ mflr $Tbl0 ; vvvvvvvv "distance" between . and 1st data entry
+ addi $Tbl0,$Tbl0,`128-8-32+2048+256`
+ mtlr r0
+ blr
+ .space `128-32-24`
+___
+&_data_word(
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+ 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+ 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+ 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+ 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+ 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+ 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+ 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+ 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+ 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+ 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+ 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+ 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+ 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+ 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+ 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+ 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+ 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+ 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+ 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+ 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+ 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+ 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+ 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+ 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+ 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+ 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+ 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+ 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+ 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+ 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+ 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+ 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+ 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+ 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+ 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+ 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+ 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+ 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+ 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+ 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+ 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+ 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+ 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+ 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+ 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+ 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+ 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+___
+&_data_word(
+ 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+ 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+ 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+ 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+ 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+ 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+ 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+ 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+ 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+ 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+ 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+ 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+ 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+ 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+ 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+ 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+ 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+ 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+ 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+ 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+ 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+ 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+ 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+ 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+ 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+ 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+ 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+ 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+ 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+ 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+ 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+ 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+ 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+ 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+ 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+ 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+ 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+ 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+ 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+ 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+ 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+ 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+ 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+ 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+ 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+ 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+ 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+ 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+ 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+ 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+ 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+ 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+ 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+ 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+ 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+ 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+ 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+ 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+ 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+ 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+ 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+ 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+ 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+ 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+
+
+.globl .AES_encrypt
+.align 7
+.AES_encrypt:
+ mflr r0
+ $STU $sp,-$FRAME($sp)
+
+ $PUSH r0,`$FRAME-$SIZE_T*21`($sp)
+ $PUSH $toc,`$FRAME-$SIZE_T*20`($sp)
+ $PUSH r13,`$FRAME-$SIZE_T*19`($sp)
+ $PUSH r14,`$FRAME-$SIZE_T*18`($sp)
+ $PUSH r15,`$FRAME-$SIZE_T*17`($sp)
+ $PUSH r16,`$FRAME-$SIZE_T*16`($sp)
+ $PUSH r17,`$FRAME-$SIZE_T*15`($sp)
+ $PUSH r18,`$FRAME-$SIZE_T*14`($sp)
+ $PUSH r19,`$FRAME-$SIZE_T*13`($sp)
+ $PUSH r20,`$FRAME-$SIZE_T*12`($sp)
+ $PUSH r21,`$FRAME-$SIZE_T*11`($sp)
+ $PUSH r22,`$FRAME-$SIZE_T*10`($sp)
+ $PUSH r23,`$FRAME-$SIZE_T*9`($sp)
+ $PUSH r24,`$FRAME-$SIZE_T*8`($sp)
+ $PUSH r25,`$FRAME-$SIZE_T*7`($sp)
+ $PUSH r26,`$FRAME-$SIZE_T*6`($sp)
+ $PUSH r27,`$FRAME-$SIZE_T*5`($sp)
+ $PUSH r28,`$FRAME-$SIZE_T*4`($sp)
+ $PUSH r29,`$FRAME-$SIZE_T*3`($sp)
+ $PUSH r30,`$FRAME-$SIZE_T*2`($sp)
+ $PUSH r31,`$FRAME-$SIZE_T*1`($sp)
+
+ lwz $s0,0($inp)
+ lwz $s1,4($inp)
+ lwz $s2,8($inp)
+ lwz $s3,12($inp)
+ bl LAES_Te
+ bl Lppc_AES_encrypt_compact
+ stw $s0,0($out)
+ stw $s1,4($out)
+ stw $s2,8($out)
+ stw $s3,12($out)
+
+ $POP r0,`$FRAME-$SIZE_T*21`($sp)
+ $POP $toc,`$FRAME-$SIZE_T*20`($sp)
+ $POP r13,`$FRAME-$SIZE_T*19`($sp)
+ $POP r14,`$FRAME-$SIZE_T*18`($sp)
+ $POP r15,`$FRAME-$SIZE_T*17`($sp)
+ $POP r16,`$FRAME-$SIZE_T*16`($sp)
+ $POP r17,`$FRAME-$SIZE_T*15`($sp)
+ $POP r18,`$FRAME-$SIZE_T*14`($sp)
+ $POP r19,`$FRAME-$SIZE_T*13`($sp)
+ $POP r20,`$FRAME-$SIZE_T*12`($sp)
+ $POP r21,`$FRAME-$SIZE_T*11`($sp)
+ $POP r22,`$FRAME-$SIZE_T*10`($sp)
+ $POP r23,`$FRAME-$SIZE_T*9`($sp)
+ $POP r24,`$FRAME-$SIZE_T*8`($sp)
+ $POP r25,`$FRAME-$SIZE_T*7`($sp)
+ $POP r26,`$FRAME-$SIZE_T*6`($sp)
+ $POP r27,`$FRAME-$SIZE_T*5`($sp)
+ $POP r28,`$FRAME-$SIZE_T*4`($sp)
+ $POP r29,`$FRAME-$SIZE_T*3`($sp)
+ $POP r30,`$FRAME-$SIZE_T*2`($sp)
+ $POP r31,`$FRAME-$SIZE_T*1`($sp)
+ mtlr r0
+ addi $sp,$sp,$FRAME
+ blr
+
+.align 4
+Lppc_AES_encrypt:
+ lwz $acc00,240($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ addi $Tbl1,$Tbl0,3
+ addi $Tbl2,$Tbl0,2
+ addi $Tbl3,$Tbl0,1
+ addi $acc00,$acc00,-1
+ addi $key,$key,16
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ mtctr $acc00
+.align 4
+Lenc_loop:
+ rlwinm $acc00,$s0,`32-24+3`,21,28
+ rlwinm $acc01,$s1,`32-24+3`,21,28
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ rlwinm $acc02,$s2,`32-24+3`,21,28
+ rlwinm $acc03,$s3,`32-24+3`,21,28
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ rlwinm $acc04,$s1,`32-16+3`,21,28
+ rlwinm $acc05,$s2,`32-16+3`,21,28
+ lwzx $acc00,$Tbl0,$acc00
+ lwzx $acc01,$Tbl0,$acc01
+ rlwinm $acc06,$s3,`32-16+3`,21,28
+ rlwinm $acc07,$s0,`32-16+3`,21,28
+ lwzx $acc02,$Tbl0,$acc02
+ lwzx $acc03,$Tbl0,$acc03
+ rlwinm $acc08,$s2,`32-8+3`,21,28
+ rlwinm $acc09,$s3,`32-8+3`,21,28
+ lwzx $acc04,$Tbl1,$acc04
+ lwzx $acc05,$Tbl1,$acc05
+ rlwinm $acc10,$s0,`32-8+3`,21,28
+ rlwinm $acc11,$s1,`32-8+3`,21,28
+ lwzx $acc06,$Tbl1,$acc06
+ lwzx $acc07,$Tbl1,$acc07
+ rlwinm $acc12,$s3,`0+3`,21,28
+ rlwinm $acc13,$s0,`0+3`,21,28
+ lwzx $acc08,$Tbl2,$acc08
+ lwzx $acc09,$Tbl2,$acc09
+ rlwinm $acc14,$s1,`0+3`,21,28
+ rlwinm $acc15,$s2,`0+3`,21,28
+ lwzx $acc10,$Tbl2,$acc10
+ lwzx $acc11,$Tbl2,$acc11
+ xor $t0,$t0,$acc00
+ xor $t1,$t1,$acc01
+ lwzx $acc12,$Tbl3,$acc12
+ lwzx $acc13,$Tbl3,$acc13
+ xor $t2,$t2,$acc02
+ xor $t3,$t3,$acc03
+ lwzx $acc14,$Tbl3,$acc14
+ lwzx $acc15,$Tbl3,$acc15
+ xor $t0,$t0,$acc04
+ xor $t1,$t1,$acc05
+ xor $t2,$t2,$acc06
+ xor $t3,$t3,$acc07
+ xor $t0,$t0,$acc08
+ xor $t1,$t1,$acc09
+ xor $t2,$t2,$acc10
+ xor $t3,$t3,$acc11
+ xor $s0,$t0,$acc12
+ xor $s1,$t1,$acc13
+ xor $s2,$t2,$acc14
+ xor $s3,$t3,$acc15
+ addi $key,$key,16
+ bdnz- Lenc_loop
+
+ addi $Tbl2,$Tbl0,2048
+ nop
+ lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4
+ lwz $acc09,`2048+32`($Tbl0)
+ lwz $acc10,`2048+64`($Tbl0)
+ lwz $acc11,`2048+96`($Tbl0)
+ lwz $acc08,`2048+128`($Tbl0)
+ lwz $acc09,`2048+160`($Tbl0)
+ lwz $acc10,`2048+192`($Tbl0)
+ lwz $acc11,`2048+224`($Tbl0)
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ rlwinm $acc04,$s1,`32-16`,24,31
+ rlwinm $acc05,$s2,`32-16`,24,31
+ lbzx $acc00,$Tbl2,$acc00
+ lbzx $acc01,$Tbl2,$acc01
+ rlwinm $acc06,$s3,`32-16`,24,31
+ rlwinm $acc07,$s0,`32-16`,24,31
+ lbzx $acc02,$Tbl2,$acc02
+ lbzx $acc03,$Tbl2,$acc03
+ rlwinm $acc08,$s2,`32-8`,24,31
+ rlwinm $acc09,$s3,`32-8`,24,31
+ lbzx $acc04,$Tbl2,$acc04
+ lbzx $acc05,$Tbl2,$acc05
+ rlwinm $acc10,$s0,`32-8`,24,31
+ rlwinm $acc11,$s1,`32-8`,24,31
+ lbzx $acc06,$Tbl2,$acc06
+ lbzx $acc07,$Tbl2,$acc07
+ rlwinm $acc12,$s3,`0`,24,31
+ rlwinm $acc13,$s0,`0`,24,31
+ lbzx $acc08,$Tbl2,$acc08
+ lbzx $acc09,$Tbl2,$acc09
+ rlwinm $acc14,$s1,`0`,24,31
+ rlwinm $acc15,$s2,`0`,24,31
+ lbzx $acc10,$Tbl2,$acc10
+ lbzx $acc11,$Tbl2,$acc11
+ rlwinm $s0,$acc00,24,0,7
+ rlwinm $s1,$acc01,24,0,7
+ lbzx $acc12,$Tbl2,$acc12
+ lbzx $acc13,$Tbl2,$acc13
+ rlwinm $s2,$acc02,24,0,7
+ rlwinm $s3,$acc03,24,0,7
+ lbzx $acc14,$Tbl2,$acc14
+ lbzx $acc15,$Tbl2,$acc15
+ rlwimi $s0,$acc04,16,8,15
+ rlwimi $s1,$acc05,16,8,15
+ rlwimi $s2,$acc06,16,8,15
+ rlwimi $s3,$acc07,16,8,15
+ rlwimi $s0,$acc08,8,16,23
+ rlwimi $s1,$acc09,8,16,23
+ rlwimi $s2,$acc10,8,16,23
+ rlwimi $s3,$acc11,8,16,23
+ or $s0,$s0,$acc12
+ or $s1,$s1,$acc13
+ or $s2,$s2,$acc14
+ or $s3,$s3,$acc15
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ blr
+
+.align 4
+Lppc_AES_encrypt_compact:
+ lwz $acc00,240($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ addi $Tbl1,$Tbl0,2048
+ lis $mask80,0x8080
+ lis $mask1b,0x1b1b
+ addi $key,$key,16
+ ori $mask80,$mask80,0x8080
+ ori $mask1b,$mask1b,0x1b1b
+ mtctr $acc00
+.align 4
+Lenc_compact_loop:
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lbzx $acc00,$Tbl1,$acc00
+ lbzx $acc01,$Tbl1,$acc01
+ rlwinm $acc04,$s1,`32-16`,24,31
+ rlwinm $acc05,$s2,`32-16`,24,31
+ lbzx $acc02,$Tbl1,$acc02
+ lbzx $acc03,$Tbl1,$acc03
+ rlwinm $acc06,$s3,`32-16`,24,31
+ rlwinm $acc07,$s0,`32-16`,24,31
+ lbzx $acc04,$Tbl1,$acc04
+ lbzx $acc05,$Tbl1,$acc05
+ rlwinm $acc08,$s2,`32-8`,24,31
+ rlwinm $acc09,$s3,`32-8`,24,31
+ lbzx $acc06,$Tbl1,$acc06
+ lbzx $acc07,$Tbl1,$acc07
+ rlwinm $acc10,$s0,`32-8`,24,31
+ rlwinm $acc11,$s1,`32-8`,24,31
+ lbzx $acc08,$Tbl1,$acc08
+ lbzx $acc09,$Tbl1,$acc09
+ rlwinm $acc12,$s3,`0`,24,31
+ rlwinm $acc13,$s0,`0`,24,31
+ lbzx $acc10,$Tbl1,$acc10
+ lbzx $acc11,$Tbl1,$acc11
+ rlwinm $acc14,$s1,`0`,24,31
+ rlwinm $acc15,$s2,`0`,24,31
+ lbzx $acc12,$Tbl1,$acc12
+ lbzx $acc13,$Tbl1,$acc13
+ rlwinm $s0,$acc00,24,0,7
+ rlwinm $s1,$acc01,24,0,7
+ lbzx $acc14,$Tbl1,$acc14
+ lbzx $acc15,$Tbl1,$acc15
+ rlwinm $s2,$acc02,24,0,7
+ rlwinm $s3,$acc03,24,0,7
+ rlwimi $s0,$acc04,16,8,15
+ rlwimi $s1,$acc05,16,8,15
+ rlwimi $s2,$acc06,16,8,15
+ rlwimi $s3,$acc07,16,8,15
+ rlwimi $s0,$acc08,8,16,23
+ rlwimi $s1,$acc09,8,16,23
+ rlwimi $s2,$acc10,8,16,23
+ rlwimi $s3,$acc11,8,16,23
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ or $s0,$s0,$acc12
+ or $s1,$s1,$acc13
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ or $s2,$s2,$acc14
+ or $s3,$s3,$acc15
+
+ addi $key,$key,16
+ bdz Lenc_compact_done
+
+ and $acc00,$s0,$mask80 # r1=r0&0x80808080
+ and $acc01,$s1,$mask80
+ and $acc02,$s2,$mask80
+ and $acc03,$s3,$mask80
+ srwi $acc04,$acc00,7 # r1>>7
+ srwi $acc05,$acc01,7
+ srwi $acc06,$acc02,7
+ srwi $acc07,$acc03,7
+ andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f
+ andc $acc09,$s1,$mask80
+ andc $acc10,$s2,$mask80
+ andc $acc11,$s3,$mask80
+ sub $acc00,$acc00,$acc04 # r1-(r1>>7)
+ sub $acc01,$acc01,$acc05
+ sub $acc02,$acc02,$acc06
+ sub $acc03,$acc03,$acc07
+ add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1
+ add $acc09,$acc09,$acc09
+ add $acc10,$acc10,$acc10
+ add $acc11,$acc11,$acc11
+ and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc01,$acc01,$mask1b
+ and $acc02,$acc02,$mask1b
+ and $acc03,$acc03,$mask1b
+ xor $acc00,$acc00,$acc08 # r2
+ xor $acc01,$acc01,$acc09
+ xor $acc02,$acc02,$acc10
+ xor $acc03,$acc03,$acc11
+
+ rotlwi $acc12,$s0,16 # ROTATE(r0,16)
+ rotlwi $acc13,$s1,16
+ rotlwi $acc14,$s2,16
+ rotlwi $acc15,$s3,16
+ xor $s0,$s0,$acc00 # r0^r2
+ xor $s1,$s1,$acc01
+ xor $s2,$s2,$acc02
+ xor $s3,$s3,$acc03
+ rotrwi $s0,$s0,24 # ROTATE(r2^r0,24)
+ rotrwi $s1,$s1,24
+ rotrwi $s2,$s2,24
+ rotrwi $s3,$s3,24
+ xor $s0,$s0,$acc00 # ROTATE(r2^r0,24)^r2
+ xor $s1,$s1,$acc01
+ xor $s2,$s2,$acc02
+ xor $s3,$s3,$acc03
+ rotlwi $acc08,$acc12,8 # ROTATE(r0,24)
+ rotlwi $acc09,$acc13,8
+ rotlwi $acc10,$acc14,8
+ rotlwi $acc11,$acc15,8
+ xor $s0,$s0,$acc12 #
+ xor $s1,$s1,$acc13
+ xor $s2,$s2,$acc14
+ xor $s3,$s3,$acc15
+ xor $s0,$s0,$acc08 #
+ xor $s1,$s1,$acc09
+ xor $s2,$s2,$acc10
+ xor $s3,$s3,$acc11
+
+ b Lenc_compact_loop
+.align 4
+Lenc_compact_done:
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ blr
+
+.globl .AES_decrypt
+.align 7
+.AES_decrypt:
+ mflr r0
+ $STU $sp,-$FRAME($sp)
+
+ $PUSH r0,`$FRAME-$SIZE_T*21`($sp)
+ $PUSH $toc,`$FRAME-$SIZE_T*20`($sp)
+ $PUSH r13,`$FRAME-$SIZE_T*19`($sp)
+ $PUSH r14,`$FRAME-$SIZE_T*18`($sp)
+ $PUSH r15,`$FRAME-$SIZE_T*17`($sp)
+ $PUSH r16,`$FRAME-$SIZE_T*16`($sp)
+ $PUSH r17,`$FRAME-$SIZE_T*15`($sp)
+ $PUSH r18,`$FRAME-$SIZE_T*14`($sp)
+ $PUSH r19,`$FRAME-$SIZE_T*13`($sp)
+ $PUSH r20,`$FRAME-$SIZE_T*12`($sp)
+ $PUSH r21,`$FRAME-$SIZE_T*11`($sp)
+ $PUSH r22,`$FRAME-$SIZE_T*10`($sp)
+ $PUSH r23,`$FRAME-$SIZE_T*9`($sp)
+ $PUSH r24,`$FRAME-$SIZE_T*8`($sp)
+ $PUSH r25,`$FRAME-$SIZE_T*7`($sp)
+ $PUSH r26,`$FRAME-$SIZE_T*6`($sp)
+ $PUSH r27,`$FRAME-$SIZE_T*5`($sp)
+ $PUSH r28,`$FRAME-$SIZE_T*4`($sp)
+ $PUSH r29,`$FRAME-$SIZE_T*3`($sp)
+ $PUSH r30,`$FRAME-$SIZE_T*2`($sp)
+ $PUSH r31,`$FRAME-$SIZE_T*1`($sp)
+
+ lwz $s0,0($inp)
+ lwz $s1,4($inp)
+ lwz $s2,8($inp)
+ lwz $s3,12($inp)
+ bl LAES_Td
+ bl Lppc_AES_decrypt_compact
+ stw $s0,0($out)
+ stw $s1,4($out)
+ stw $s2,8($out)
+ stw $s3,12($out)
+
+ $POP r0,`$FRAME-$SIZE_T*21`($sp)
+ $POP $toc,`$FRAME-$SIZE_T*20`($sp)
+ $POP r13,`$FRAME-$SIZE_T*19`($sp)
+ $POP r14,`$FRAME-$SIZE_T*18`($sp)
+ $POP r15,`$FRAME-$SIZE_T*17`($sp)
+ $POP r16,`$FRAME-$SIZE_T*16`($sp)
+ $POP r17,`$FRAME-$SIZE_T*15`($sp)
+ $POP r18,`$FRAME-$SIZE_T*14`($sp)
+ $POP r19,`$FRAME-$SIZE_T*13`($sp)
+ $POP r20,`$FRAME-$SIZE_T*12`($sp)
+ $POP r21,`$FRAME-$SIZE_T*11`($sp)
+ $POP r22,`$FRAME-$SIZE_T*10`($sp)
+ $POP r23,`$FRAME-$SIZE_T*9`($sp)
+ $POP r24,`$FRAME-$SIZE_T*8`($sp)
+ $POP r25,`$FRAME-$SIZE_T*7`($sp)
+ $POP r26,`$FRAME-$SIZE_T*6`($sp)
+ $POP r27,`$FRAME-$SIZE_T*5`($sp)
+ $POP r28,`$FRAME-$SIZE_T*4`($sp)
+ $POP r29,`$FRAME-$SIZE_T*3`($sp)
+ $POP r30,`$FRAME-$SIZE_T*2`($sp)
+ $POP r31,`$FRAME-$SIZE_T*1`($sp)
+ mtlr r0
+ addi $sp,$sp,$FRAME
+ blr
+
+.align 4
+Lppc_AES_decrypt:
+ lwz $acc00,240($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ addi $Tbl1,$Tbl0,3
+ addi $Tbl2,$Tbl0,2
+ addi $Tbl3,$Tbl0,1
+ addi $acc00,$acc00,-1
+ addi $key,$key,16
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ mtctr $acc00
+.align 4
+Ldec_loop:
+ rlwinm $acc00,$s0,`32-24+3`,21,28
+ rlwinm $acc01,$s1,`32-24+3`,21,28
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ rlwinm $acc02,$s2,`32-24+3`,21,28
+ rlwinm $acc03,$s3,`32-24+3`,21,28
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ rlwinm $acc04,$s3,`32-16+3`,21,28
+ rlwinm $acc05,$s0,`32-16+3`,21,28
+ lwzx $acc00,$Tbl0,$acc00
+ lwzx $acc01,$Tbl0,$acc01
+ rlwinm $acc06,$s1,`32-16+3`,21,28
+ rlwinm $acc07,$s2,`32-16+3`,21,28
+ lwzx $acc02,$Tbl0,$acc02
+ lwzx $acc03,$Tbl0,$acc03
+ rlwinm $acc08,$s2,`32-8+3`,21,28
+ rlwinm $acc09,$s3,`32-8+3`,21,28
+ lwzx $acc04,$Tbl1,$acc04
+ lwzx $acc05,$Tbl1,$acc05
+ rlwinm $acc10,$s0,`32-8+3`,21,28
+ rlwinm $acc11,$s1,`32-8+3`,21,28
+ lwzx $acc06,$Tbl1,$acc06
+ lwzx $acc07,$Tbl1,$acc07
+ rlwinm $acc12,$s1,`0+3`,21,28
+ rlwinm $acc13,$s2,`0+3`,21,28
+ lwzx $acc08,$Tbl2,$acc08
+ lwzx $acc09,$Tbl2,$acc09
+ rlwinm $acc14,$s3,`0+3`,21,28
+ rlwinm $acc15,$s0,`0+3`,21,28
+ lwzx $acc10,$Tbl2,$acc10
+ lwzx $acc11,$Tbl2,$acc11
+ xor $t0,$t0,$acc00
+ xor $t1,$t1,$acc01
+ lwzx $acc12,$Tbl3,$acc12
+ lwzx $acc13,$Tbl3,$acc13
+ xor $t2,$t2,$acc02
+ xor $t3,$t3,$acc03
+ lwzx $acc14,$Tbl3,$acc14
+ lwzx $acc15,$Tbl3,$acc15
+ xor $t0,$t0,$acc04
+ xor $t1,$t1,$acc05
+ xor $t2,$t2,$acc06
+ xor $t3,$t3,$acc07
+ xor $t0,$t0,$acc08
+ xor $t1,$t1,$acc09
+ xor $t2,$t2,$acc10
+ xor $t3,$t3,$acc11
+ xor $s0,$t0,$acc12
+ xor $s1,$t1,$acc13
+ xor $s2,$t2,$acc14
+ xor $s3,$t3,$acc15
+ addi $key,$key,16
+ bdnz- Ldec_loop
+
+ addi $Tbl2,$Tbl0,2048
+ nop
+ lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4
+ lwz $acc09,`2048+32`($Tbl0)
+ lwz $acc10,`2048+64`($Tbl0)
+ lwz $acc11,`2048+96`($Tbl0)
+ lwz $acc08,`2048+128`($Tbl0)
+ lwz $acc09,`2048+160`($Tbl0)
+ lwz $acc10,`2048+192`($Tbl0)
+ lwz $acc11,`2048+224`($Tbl0)
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ rlwinm $acc04,$s3,`32-16`,24,31
+ rlwinm $acc05,$s0,`32-16`,24,31
+ lbzx $acc00,$Tbl2,$acc00
+ lbzx $acc01,$Tbl2,$acc01
+ rlwinm $acc06,$s1,`32-16`,24,31
+ rlwinm $acc07,$s2,`32-16`,24,31
+ lbzx $acc02,$Tbl2,$acc02
+ lbzx $acc03,$Tbl2,$acc03
+ rlwinm $acc08,$s2,`32-8`,24,31
+ rlwinm $acc09,$s3,`32-8`,24,31
+ lbzx $acc04,$Tbl2,$acc04
+ lbzx $acc05,$Tbl2,$acc05
+ rlwinm $acc10,$s0,`32-8`,24,31
+ rlwinm $acc11,$s1,`32-8`,24,31
+ lbzx $acc06,$Tbl2,$acc06
+ lbzx $acc07,$Tbl2,$acc07
+ rlwinm $acc12,$s1,`0`,24,31
+ rlwinm $acc13,$s2,`0`,24,31
+ lbzx $acc08,$Tbl2,$acc08
+ lbzx $acc09,$Tbl2,$acc09
+ rlwinm $acc14,$s3,`0`,24,31
+ rlwinm $acc15,$s0,`0`,24,31
+ lbzx $acc10,$Tbl2,$acc10
+ lbzx $acc11,$Tbl2,$acc11
+ rlwinm $s0,$acc00,24,0,7
+ rlwinm $s1,$acc01,24,0,7
+ lbzx $acc12,$Tbl2,$acc12
+ lbzx $acc13,$Tbl2,$acc13
+ rlwinm $s2,$acc02,24,0,7
+ rlwinm $s3,$acc03,24,0,7
+ lbzx $acc14,$Tbl2,$acc14
+ lbzx $acc15,$Tbl2,$acc15
+ rlwimi $s0,$acc04,16,8,15
+ rlwimi $s1,$acc05,16,8,15
+ rlwimi $s2,$acc06,16,8,15
+ rlwimi $s3,$acc07,16,8,15
+ rlwimi $s0,$acc08,8,16,23
+ rlwimi $s1,$acc09,8,16,23
+ rlwimi $s2,$acc10,8,16,23
+ rlwimi $s3,$acc11,8,16,23
+ or $s0,$s0,$acc12
+ or $s1,$s1,$acc13
+ or $s2,$s2,$acc14
+ or $s3,$s3,$acc15
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ blr
+
+.align 4
+Lppc_AES_decrypt_compact:
+ lwz $acc00,240($key)
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ addi $Tbl1,$Tbl0,2048
+ lis $mask80,0x8080
+ lis $mask1b,0x1b1b
+ addi $key,$key,16
+ ori $mask80,$mask80,0x8080
+ ori $mask1b,$mask1b,0x1b1b
+___
+$code.=<<___ if ($SIZE_T==8);
+ insrdi $mask80,$mask80,32,0
+ insrdi $mask1b,$mask1b,32,0
+___
+$code.=<<___;
+ mtctr $acc00
+.align 4
+Ldec_compact_loop:
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ rlwinm $acc00,$s0,`32-24`,24,31
+ rlwinm $acc01,$s1,`32-24`,24,31
+ rlwinm $acc02,$s2,`32-24`,24,31
+ rlwinm $acc03,$s3,`32-24`,24,31
+ lbzx $acc00,$Tbl1,$acc00
+ lbzx $acc01,$Tbl1,$acc01
+ rlwinm $acc04,$s3,`32-16`,24,31
+ rlwinm $acc05,$s0,`32-16`,24,31
+ lbzx $acc02,$Tbl1,$acc02
+ lbzx $acc03,$Tbl1,$acc03
+ rlwinm $acc06,$s1,`32-16`,24,31
+ rlwinm $acc07,$s2,`32-16`,24,31
+ lbzx $acc04,$Tbl1,$acc04
+ lbzx $acc05,$Tbl1,$acc05
+ rlwinm $acc08,$s2,`32-8`,24,31
+ rlwinm $acc09,$s3,`32-8`,24,31
+ lbzx $acc06,$Tbl1,$acc06
+ lbzx $acc07,$Tbl1,$acc07
+ rlwinm $acc10,$s0,`32-8`,24,31
+ rlwinm $acc11,$s1,`32-8`,24,31
+ lbzx $acc08,$Tbl1,$acc08
+ lbzx $acc09,$Tbl1,$acc09
+ rlwinm $acc12,$s1,`0`,24,31
+ rlwinm $acc13,$s2,`0`,24,31
+ lbzx $acc10,$Tbl1,$acc10
+ lbzx $acc11,$Tbl1,$acc11
+ rlwinm $acc14,$s3,`0`,24,31
+ rlwinm $acc15,$s0,`0`,24,31
+ lbzx $acc12,$Tbl1,$acc12
+ lbzx $acc13,$Tbl1,$acc13
+ rlwinm $s0,$acc00,24,0,7
+ rlwinm $s1,$acc01,24,0,7
+ lbzx $acc14,$Tbl1,$acc14
+ lbzx $acc15,$Tbl1,$acc15
+ rlwinm $s2,$acc02,24,0,7
+ rlwinm $s3,$acc03,24,0,7
+ rlwimi $s0,$acc04,16,8,15
+ rlwimi $s1,$acc05,16,8,15
+ rlwimi $s2,$acc06,16,8,15
+ rlwimi $s3,$acc07,16,8,15
+ rlwimi $s0,$acc08,8,16,23
+ rlwimi $s1,$acc09,8,16,23
+ rlwimi $s2,$acc10,8,16,23
+ rlwimi $s3,$acc11,8,16,23
+ lwz $t0,0($key)
+ lwz $t1,4($key)
+ or $s0,$s0,$acc12
+ or $s1,$s1,$acc13
+ lwz $t2,8($key)
+ lwz $t3,12($key)
+ or $s2,$s2,$acc14
+ or $s3,$s3,$acc15
+
+ addi $key,$key,16
+ bdz Ldec_compact_done
+___
+$code.=<<___ if ($SIZE_T==8);
+ # vectorized permutation improves decrypt performance by 10%
+ insrdi $s0,$s1,32,0
+ insrdi $s2,$s3,32,0
+
+ and $acc00,$s0,$mask80 # r1=r0&0x80808080
+ and $acc02,$s2,$mask80
+ srdi $acc04,$acc00,7 # r1>>7
+ srdi $acc06,$acc02,7
+ andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f
+ andc $acc10,$s2,$mask80
+ sub $acc00,$acc00,$acc04 # r1-(r1>>7)
+ sub $acc02,$acc02,$acc06
+ add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1
+ add $acc10,$acc10,$acc10
+ and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc02,$acc02,$mask1b
+ xor $acc00,$acc00,$acc08 # r2
+ xor $acc02,$acc02,$acc10
+
+ and $acc04,$acc00,$mask80 # r1=r2&0x80808080
+ and $acc06,$acc02,$mask80
+ srdi $acc08,$acc04,7 # r1>>7
+ srdi $acc10,$acc06,7
+ andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f
+ andc $acc14,$acc02,$mask80
+ sub $acc04,$acc04,$acc08 # r1-(r1>>7)
+ sub $acc06,$acc06,$acc10
+ add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1
+ add $acc14,$acc14,$acc14
+ and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc06,$acc06,$mask1b
+ xor $acc04,$acc04,$acc12 # r4
+ xor $acc06,$acc06,$acc14
+
+ and $acc08,$acc04,$mask80 # r1=r4&0x80808080
+ and $acc10,$acc06,$mask80
+ srdi $acc12,$acc08,7 # r1>>7
+ srdi $acc14,$acc10,7
+ sub $acc08,$acc08,$acc12 # r1-(r1>>7)
+ sub $acc10,$acc10,$acc14
+ andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f
+ andc $acc14,$acc06,$mask80
+ add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1
+ add $acc14,$acc14,$acc14
+ and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc10,$acc10,$mask1b
+ xor $acc08,$acc08,$acc12 # r8
+ xor $acc10,$acc10,$acc14
+
+ xor $acc00,$acc00,$s0 # r2^r0
+ xor $acc02,$acc02,$s2
+ xor $acc04,$acc04,$s0 # r4^r0
+ xor $acc06,$acc06,$s2
+
+ extrdi $acc01,$acc00,32,0
+ extrdi $acc03,$acc02,32,0
+ extrdi $acc05,$acc04,32,0
+ extrdi $acc07,$acc06,32,0
+ extrdi $acc09,$acc08,32,0
+ extrdi $acc11,$acc10,32,0
+___
+$code.=<<___ if ($SIZE_T==4);
+ and $acc00,$s0,$mask80 # r1=r0&0x80808080
+ and $acc01,$s1,$mask80
+ and $acc02,$s2,$mask80
+ and $acc03,$s3,$mask80
+ srwi $acc04,$acc00,7 # r1>>7
+ srwi $acc05,$acc01,7
+ srwi $acc06,$acc02,7
+ srwi $acc07,$acc03,7
+ andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f
+ andc $acc09,$s1,$mask80
+ andc $acc10,$s2,$mask80
+ andc $acc11,$s3,$mask80
+ sub $acc00,$acc00,$acc04 # r1-(r1>>7)
+ sub $acc01,$acc01,$acc05
+ sub $acc02,$acc02,$acc06
+ sub $acc03,$acc03,$acc07
+ add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1
+ add $acc09,$acc09,$acc09
+ add $acc10,$acc10,$acc10
+ add $acc11,$acc11,$acc11
+ and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc01,$acc01,$mask1b
+ and $acc02,$acc02,$mask1b
+ and $acc03,$acc03,$mask1b
+ xor $acc00,$acc00,$acc08 # r2
+ xor $acc01,$acc01,$acc09
+ xor $acc02,$acc02,$acc10
+ xor $acc03,$acc03,$acc11
+
+ and $acc04,$acc00,$mask80 # r1=r2&0x80808080
+ and $acc05,$acc01,$mask80
+ and $acc06,$acc02,$mask80
+ and $acc07,$acc03,$mask80
+ srwi $acc08,$acc04,7 # r1>>7
+ srwi $acc09,$acc05,7
+ srwi $acc10,$acc06,7
+ srwi $acc11,$acc07,7
+ andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f
+ andc $acc13,$acc01,$mask80
+ andc $acc14,$acc02,$mask80
+ andc $acc15,$acc03,$mask80
+ sub $acc04,$acc04,$acc08 # r1-(r1>>7)
+ sub $acc05,$acc05,$acc09
+ sub $acc06,$acc06,$acc10
+ sub $acc07,$acc07,$acc11
+ add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1
+ add $acc13,$acc13,$acc13
+ add $acc14,$acc14,$acc14
+ add $acc15,$acc15,$acc15
+ and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc05,$acc05,$mask1b
+ and $acc06,$acc06,$mask1b
+ and $acc07,$acc07,$mask1b
+ xor $acc04,$acc04,$acc12 # r4
+ xor $acc05,$acc05,$acc13
+ xor $acc06,$acc06,$acc14
+ xor $acc07,$acc07,$acc15
+
+ and $acc08,$acc04,$mask80 # r1=r4&0x80808080
+ and $acc09,$acc05,$mask80
+ and $acc10,$acc06,$mask80
+ and $acc11,$acc07,$mask80
+ srwi $acc12,$acc08,7 # r1>>7
+ srwi $acc13,$acc09,7
+ srwi $acc14,$acc10,7
+ srwi $acc15,$acc11,7
+ sub $acc08,$acc08,$acc12 # r1-(r1>>7)
+ sub $acc09,$acc09,$acc13
+ sub $acc10,$acc10,$acc14
+ sub $acc11,$acc11,$acc15
+ andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f
+ andc $acc13,$acc05,$mask80
+ andc $acc14,$acc06,$mask80
+ andc $acc15,$acc07,$mask80
+ add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1
+ add $acc13,$acc13,$acc13
+ add $acc14,$acc14,$acc14
+ add $acc15,$acc15,$acc15
+ and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b
+ and $acc09,$acc09,$mask1b
+ and $acc10,$acc10,$mask1b
+ and $acc11,$acc11,$mask1b
+ xor $acc08,$acc08,$acc12 # r8
+ xor $acc09,$acc09,$acc13
+ xor $acc10,$acc10,$acc14
+ xor $acc11,$acc11,$acc15
+
+ xor $acc00,$acc00,$s0 # r2^r0
+ xor $acc01,$acc01,$s1
+ xor $acc02,$acc02,$s2
+ xor $acc03,$acc03,$s3
+ xor $acc04,$acc04,$s0 # r4^r0
+ xor $acc05,$acc05,$s1
+ xor $acc06,$acc06,$s2
+ xor $acc07,$acc07,$s3
+___
+$code.=<<___;
+ rotrwi $s0,$s0,8 # = ROTATE(r0,8)
+ rotrwi $s1,$s1,8
+ rotrwi $s2,$s2,8
+ rotrwi $s3,$s3,8
+ xor $s0,$s0,$acc00 # ^= r2^r0
+ xor $s1,$s1,$acc01
+ xor $s2,$s2,$acc02
+ xor $s3,$s3,$acc03
+ xor $acc00,$acc00,$acc08
+ xor $acc01,$acc01,$acc09
+ xor $acc02,$acc02,$acc10
+ xor $acc03,$acc03,$acc11
+ xor $s0,$s0,$acc04 # ^= r4^r0
+ xor $s1,$s1,$acc05
+ xor $s2,$s2,$acc06
+ xor $s3,$s3,$acc07
+ rotrwi $acc00,$acc00,24
+ rotrwi $acc01,$acc01,24
+ rotrwi $acc02,$acc02,24
+ rotrwi $acc03,$acc03,24
+ xor $acc04,$acc04,$acc08
+ xor $acc05,$acc05,$acc09
+ xor $acc06,$acc06,$acc10
+ xor $acc07,$acc07,$acc11
+ xor $s0,$s0,$acc08 # ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
+ xor $s1,$s1,$acc09
+ xor $s2,$s2,$acc10
+ xor $s3,$s3,$acc11
+ rotrwi $acc04,$acc04,16
+ rotrwi $acc05,$acc05,16
+ rotrwi $acc06,$acc06,16
+ rotrwi $acc07,$acc07,16
+ xor $s0,$s0,$acc00 # ^= ROTATE(r8^r2^r0,24)
+ xor $s1,$s1,$acc01
+ xor $s2,$s2,$acc02
+ xor $s3,$s3,$acc03
+ rotrwi $acc08,$acc08,8
+ rotrwi $acc09,$acc09,8
+ rotrwi $acc10,$acc10,8
+ rotrwi $acc11,$acc11,8
+ xor $s0,$s0,$acc04 # ^= ROTATE(r8^r4^r0,16)
+ xor $s1,$s1,$acc05
+ xor $s2,$s2,$acc06
+ xor $s3,$s3,$acc07
+ xor $s0,$s0,$acc08 # ^= ROTATE(r8,8)
+ xor $s1,$s1,$acc09
+ xor $s2,$s2,$acc10
+ xor $s3,$s3,$acc11
+
+ b Ldec_compact_loop
+.align 4
+Ldec_compact_done:
+ xor $s0,$s0,$t0
+ xor $s1,$s1,$t1
+ xor $s2,$s2,$t2
+ xor $s3,$s3,$t3
+ blr
+.long 0
+.asciz "AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
+.align 7
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
new file mode 100644
index 0000000000..7e01889298
--- /dev/null
+++ b/crypto/aes/asm/aes-s390x.pl
@@ -0,0 +1,1339 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+
+# AES for s390x.
+
+# April 2007.
+#
+# Software performance improvement over gcc-generated code is ~70% and
+# in absolute terms is ~73 cycles per byte processed with 128-bit key.
+# You're likely to exclaim "why so slow?" Keep in mind that z-CPUs are
+# *strictly* in-order execution and issued instruction [in this case
+# load value from memory is critical] has to complete before execution
+# flow proceeds. S-boxes are compressed to 2KB[+256B].
+#
+# As for hardware acceleration support. It's basically a "teaser," as
+# it can and should be improved in several ways. Most notably support
+# for CBC is not utilized, nor multiple blocks are ever processed.
+# Then software key schedule can be postponed till hardware support
+# detection... Performance improvement over assembler is reportedly
+# ~2.5x, but can reach >8x [naturally on larger chunks] if proper
+# support is implemented.
+
+# May 2007.
+#
+# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided
+# for 128-bit keys, if hardware support is detected.
+
+# Januray 2009.
+#
+# Add support for hardware AES192/256 and reschedule instructions to
+# minimize/avoid Address Generation Interlock hazard and to favour
+# dual-issue z10 pipeline. This gave ~25% improvement on z10 and
+# almost 50% on z9. The gain is smaller on z10, because being dual-
+# issue z10 makes it improssible to eliminate the interlock condition:
+# critial path is not long enough. Yet it spends ~24 cycles per byte
+# processed with 128-bit key.
+#
+# Unlike previous version hardware support detection takes place only
+# at the moment of key schedule setup, which is denoted in key->rounds.
+# This is done, because deferred key setup can't be made MT-safe, not
+# for key lengthes longer than 128 bits.
+#
+# Add AES_cbc_encrypt, which gives incredible performance improvement,
+# it was measured to be ~6.6x. It's less than previously mentioned 8x,
+# because software implementation was optimized.
+
+$softonly=0; # allow hardware support
+
+$t0="%r0"; $mask="%r0";
+$t1="%r1";
+$t2="%r2"; $inp="%r2";
+$t3="%r3"; $out="%r3"; $bits="%r3";
+$key="%r4";
+$i1="%r5";
+$i2="%r6";
+$i3="%r7";
+$s0="%r8";
+$s1="%r9";
+$s2="%r10";
+$s3="%r11";
+$tbl="%r12";
+$rounds="%r13";
+$ra="%r14";
+$sp="%r15";
+
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code=<<___;
+.text
+
+.type AES_Te,\@object
+.align 256
+AES_Te:
+___
+&_data_word(
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+ 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+ 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+ 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+ 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+ 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+ 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+ 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+ 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+ 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+ 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+ 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+ 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+ 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+ 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+ 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+ 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+ 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+ 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+ 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+ 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+ 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+ 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+ 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+ 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+ 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+ 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+ 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+ 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+ 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+ 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+ 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+ 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+ 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+ 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+ 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+ 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+ 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+ 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+ 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+ 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+ 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+ 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+ 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+ 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+ 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+ 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+ 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+# Te4[256]
+.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+# rcon[]
+.long 0x01000000, 0x02000000, 0x04000000, 0x08000000
+.long 0x10000000, 0x20000000, 0x40000000, 0x80000000
+.long 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
+.align 256
+.size AES_Te,.-AES_Te
+
+# void AES_encrypt(const unsigned char *inp, unsigned char *out,
+# const AES_KEY *key) {
+.globl AES_encrypt
+.type AES_encrypt,\@function
+AES_encrypt:
+___
+$code.=<<___ if (!$softonly);
+ l %r0,240($key)
+ lhi %r1,16
+ clr %r0,%r1
+ jl .Lesoft
+
+ la %r1,0($key)
+ #la %r2,0($inp)
+ la %r4,0($out)
+ lghi %r3,16 # single block length
+ .long 0xb92e0042 # km %r4,%r2
+ brc 1,.-4 # can this happen?
+ br %r14
+.align 64
+.Lesoft:
+___
+$code.=<<___;
+ stmg %r3,$ra,24($sp)
+
+ llgf $s0,0($inp)
+ llgf $s1,4($inp)
+ llgf $s2,8($inp)
+ llgf $s3,12($inp)
+
+ larl $tbl,AES_Te
+ bras $ra,_s390x_AES_encrypt
+
+ lg $out,24($sp)
+ st $s0,0($out)
+ st $s1,4($out)
+ st $s2,8($out)
+ st $s3,12($out)
+
+ lmg %r6,$ra,48($sp)
+ br $ra
+.size AES_encrypt,.-AES_encrypt
+
+.type _s390x_AES_encrypt,\@function
+.align 16
+_s390x_AES_encrypt:
+ stg $ra,152($sp)
+ x $s0,0($key)
+ x $s1,4($key)
+ x $s2,8($key)
+ x $s3,12($key)
+ l $rounds,240($key)
+ llill $mask,`0xff<<3`
+ aghi $rounds,-1
+ j .Lenc_loop
+.align 16
+.Lenc_loop:
+ sllg $t1,$s0,`0+3`
+ srlg $t2,$s0,`8-3`
+ srlg $t3,$s0,`16-3`
+ srl $s0,`24-3`
+ nr $s0,$mask
+ ngr $t1,$mask
+ nr $t2,$mask
+ nr $t3,$mask
+
+ srlg $i1,$s1,`16-3` # i0
+ sllg $i2,$s1,`0+3`
+ srlg $i3,$s1,`8-3`
+ srl $s1,`24-3`
+ nr $i1,$mask
+ nr $s1,$mask
+ ngr $i2,$mask
+ nr $i3,$mask
+
+ l $s0,0($s0,$tbl) # Te0[s0>>24]
+ l $t1,1($t1,$tbl) # Te3[s0>>0]
+ l $t2,2($t2,$tbl) # Te2[s0>>8]
+ l $t3,3($t3,$tbl) # Te1[s0>>16]
+
+ x $s0,3($i1,$tbl) # Te1[s1>>16]
+ l $s1,0($s1,$tbl) # Te0[s1>>24]
+ x $t2,1($i2,$tbl) # Te3[s1>>0]
+ x $t3,2($i3,$tbl) # Te2[s1>>8]
+
+ srlg $i1,$s2,`8-3` # i0
+ srlg $i2,$s2,`16-3` # i1
+ nr $i1,$mask
+ nr $i2,$mask
+ sllg $i3,$s2,`0+3`
+ srl $s2,`24-3`
+ nr $s2,$mask
+ ngr $i3,$mask
+
+ xr $s1,$t1
+ srlg $ra,$s3,`8-3` # i1
+ sllg $t1,$s3,`0+3` # i0
+ nr $ra,$mask
+ la $key,16($key)
+ ngr $t1,$mask
+
+ x $s0,2($i1,$tbl) # Te2[s2>>8]
+ x $s1,3($i2,$tbl) # Te1[s2>>16]
+ l $s2,0($s2,$tbl) # Te0[s2>>24]
+ x $t3,1($i3,$tbl) # Te3[s2>>0]
+
+ srlg $i3,$s3,`16-3` # i2
+ xr $s2,$t2
+ srl $s3,`24-3`
+ nr $i3,$mask
+ nr $s3,$mask
+
+ x $s0,0($key)
+ x $s1,4($key)
+ x $s2,8($key)
+ x $t3,12($key)
+
+ x $s0,1($t1,$tbl) # Te3[s3>>0]
+ x $s1,2($ra,$tbl) # Te2[s3>>8]
+ x $s2,3($i3,$tbl) # Te1[s3>>16]
+ l $s3,0($s3,$tbl) # Te0[s3>>24]
+ xr $s3,$t3
+
+ brct $rounds,.Lenc_loop
+ .align 16
+
+ sllg $t1,$s0,`0+3`
+ srlg $t2,$s0,`8-3`
+ ngr $t1,$mask
+ srlg $t3,$s0,`16-3`
+ srl $s0,`24-3`
+ nr $s0,$mask
+ nr $t2,$mask
+ nr $t3,$mask
+
+ srlg $i1,$s1,`16-3` # i0
+ sllg $i2,$s1,`0+3`
+ ngr $i2,$mask
+ srlg $i3,$s1,`8-3`
+ srl $s1,`24-3`
+ nr $i1,$mask
+ nr $s1,$mask
+ nr $i3,$mask
+
+ llgc $s0,2($s0,$tbl) # Te4[s0>>24]
+ llgc $t1,2($t1,$tbl) # Te4[s0>>0]
+ sll $s0,24
+ llgc $t2,2($t2,$tbl) # Te4[s0>>8]
+ llgc $t3,2($t3,$tbl) # Te4[s0>>16]
+ sll $t2,8
+ sll $t3,16
+
+ llgc $i1,2($i1,$tbl) # Te4[s1>>16]
+ llgc $s1,2($s1,$tbl) # Te4[s1>>24]
+ llgc $i2,2($i2,$tbl) # Te4[s1>>0]
+ llgc $i3,2($i3,$tbl) # Te4[s1>>8]
+ sll $i1,16
+ sll $s1,24
+ sll $i3,8
+ or $s0,$i1
+ or $s1,$t1
+ or $t2,$i2
+ or $t3,$i3
+
+ srlg $i1,$s2,`8-3` # i0
+ srlg $i2,$s2,`16-3` # i1
+ nr $i1,$mask
+ nr $i2,$mask
+ sllg $i3,$s2,`0+3`
+ srl $s2,`24-3`
+ ngr $i3,$mask
+ nr $s2,$mask
+
+ sllg $t1,$s3,`0+3` # i0
+ srlg $ra,$s3,`8-3` # i1
+ ngr $t1,$mask
+
+ llgc $i1,2($i1,$tbl) # Te4[s2>>8]
+ llgc $i2,2($i2,$tbl) # Te4[s2>>16]
+ sll $i1,8
+ llgc $s2,2($s2,$tbl) # Te4[s2>>24]
+ llgc $i3,2($i3,$tbl) # Te4[s2>>0]
+ sll $i2,16
+ nr $ra,$mask
+ sll $s2,24
+ or $s0,$i1
+ or $s1,$i2
+ or $s2,$t2
+ or $t3,$i3
+
+ srlg $i3,$s3,`16-3` # i2
+ srl $s3,`24-3`
+ nr $i3,$mask
+ nr $s3,$mask
+
+ l $t0,16($key)
+ l $t2,20($key)
+
+ llgc $i1,2($t1,$tbl) # Te4[s3>>0]
+ llgc $i2,2($ra,$tbl) # Te4[s3>>8]
+ llgc $i3,2($i3,$tbl) # Te4[s3>>16]
+ llgc $s3,2($s3,$tbl) # Te4[s3>>24]
+ sll $i2,8
+ sll $i3,16
+ sll $s3,24
+ or $s0,$i1
+ or $s1,$i2
+ or $s2,$i3
+ or $s3,$t3
+
+ lg $ra,152($sp)
+ xr $s0,$t0
+ xr $s1,$t2
+ x $s2,24($key)
+ x $s3,28($key)
+
+ br $ra
+.size _s390x_AES_encrypt,.-_s390x_AES_encrypt
+___
+
+$code.=<<___;
+.type AES_Td,\@object
+.align 256
+AES_Td:
+___
+&_data_word(
+ 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+ 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+ 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+ 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+ 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+ 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+ 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+ 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+ 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+ 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+ 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+ 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+ 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+ 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+ 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+ 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+ 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+ 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+ 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+ 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+ 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+ 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+ 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+ 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+ 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+ 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+ 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+ 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+ 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+ 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+ 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+ 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+ 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+ 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+ 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+ 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+ 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+ 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+ 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+ 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+ 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+ 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+ 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+ 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+ 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+ 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+ 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+ 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+ 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+ 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+ 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+ 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+ 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+ 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+ 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+ 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+ 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+ 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+ 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+ 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+ 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+ 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+ 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+ 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+# Td4[256]
+.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.size AES_Td,.-AES_Td
+
+# void AES_decrypt(const unsigned char *inp, unsigned char *out,
+# const AES_KEY *key) {
+.globl AES_decrypt
+.type AES_decrypt,\@function
+AES_decrypt:
+___
+$code.=<<___ if (!$softonly);
+ l %r0,240($key)
+ lhi %r1,16
+ clr %r0,%r1
+ jl .Ldsoft
+
+ la %r1,0($key)
+ #la %r2,0($inp)
+ la %r4,0($out)
+ lghi %r3,16 # single block length
+ .long 0xb92e0042 # km %r4,%r2
+ brc 1,.-4 # can this happen?
+ br %r14
+.align 64
+.Ldsoft:
+___
+$code.=<<___;
+ stmg %r3,$ra,24($sp)
+
+ llgf $s0,0($inp)
+ llgf $s1,4($inp)
+ llgf $s2,8($inp)
+ llgf $s3,12($inp)
+
+ larl $tbl,AES_Td
+ bras $ra,_s390x_AES_decrypt
+
+ lg $out,24($sp)
+ st $s0,0($out)
+ st $s1,4($out)
+ st $s2,8($out)
+ st $s3,12($out)
+
+ lmg %r6,$ra,48($sp)
+ br $ra
+.size AES_decrypt,.-AES_decrypt
+
+.type _s390x_AES_decrypt,\@function
+.align 16
+_s390x_AES_decrypt:
+ stg $ra,152($sp)
+ x $s0,0($key)
+ x $s1,4($key)
+ x $s2,8($key)
+ x $s3,12($key)
+ l $rounds,240($key)
+ llill $mask,`0xff<<3`
+ aghi $rounds,-1
+ j .Ldec_loop
+.align 16
+.Ldec_loop:
+ srlg $t1,$s0,`16-3`
+ srlg $t2,$s0,`8-3`
+ sllg $t3,$s0,`0+3`
+ srl $s0,`24-3`
+ nr $s0,$mask
+ nr $t1,$mask
+ nr $t2,$mask
+ ngr $t3,$mask
+
+ sllg $i1,$s1,`0+3` # i0
+ srlg $i2,$s1,`16-3`
+ srlg $i3,$s1,`8-3`
+ srl $s1,`24-3`
+ ngr $i1,$mask
+ nr $s1,$mask
+ nr $i2,$mask
+ nr $i3,$mask
+
+ l $s0,0($s0,$tbl) # Td0[s0>>24]
+ l $t1,3($t1,$tbl) # Td1[s0>>16]
+ l $t2,2($t2,$tbl) # Td2[s0>>8]
+ l $t3,1($t3,$tbl) # Td3[s0>>0]
+
+ x $s0,1($i1,$tbl) # Td3[s1>>0]
+ l $s1,0($s1,$tbl) # Td0[s1>>24]
+ x $t2,3($i2,$tbl) # Td1[s1>>16]
+ x $t3,2($i3,$tbl) # Td2[s1>>8]
+
+ srlg $i1,$s2,`8-3` # i0
+ sllg $i2,$s2,`0+3` # i1
+ srlg $i3,$s2,`16-3`
+ srl $s2,`24-3`
+ nr $i1,$mask
+ ngr $i2,$mask
+ nr $s2,$mask
+ nr $i3,$mask
+
+ xr $s1,$t1
+ srlg $ra,$s3,`8-3` # i1
+ srlg $t1,$s3,`16-3` # i0
+ nr $ra,$mask
+ la $key,16($key)
+ nr $t1,$mask
+
+ x $s0,2($i1,$tbl) # Td2[s2>>8]
+ x $s1,1($i2,$tbl) # Td3[s2>>0]
+ l $s2,0($s2,$tbl) # Td0[s2>>24]
+ x $t3,3($i3,$tbl) # Td1[s2>>16]
+
+ sllg $i3,$s3,`0+3` # i2
+ srl $s3,`24-3`
+ ngr $i3,$mask
+ nr $s3,$mask
+
+ xr $s2,$t2
+ x $s0,0($key)
+ x $s1,4($key)
+ x $s2,8($key)
+ x $t3,12($key)
+
+ x $s0,3($t1,$tbl) # Td1[s3>>16]
+ x $s1,2($ra,$tbl) # Td2[s3>>8]
+ x $s2,1($i3,$tbl) # Td3[s3>>0]
+ l $s3,0($s3,$tbl) # Td0[s3>>24]
+ xr $s3,$t3
+
+ brct $rounds,.Ldec_loop
+ .align 16
+
+ l $t1,`2048+0`($tbl) # prefetch Td4
+ l $t2,`2048+64`($tbl)
+ l $t3,`2048+128`($tbl)
+ l $i1,`2048+192`($tbl)
+ llill $mask,0xff
+
+ srlg $i3,$s0,24 # i0
+ srlg $t1,$s0,16
+ srlg $t2,$s0,8
+ nr $s0,$mask # i3
+ nr $t1,$mask
+
+ srlg $i1,$s1,24
+ nr $t2,$mask
+ srlg $i2,$s1,16
+ srlg $ra,$s1,8
+ nr $s1,$mask # i0
+ nr $i2,$mask
+ nr $ra,$mask
+
+ llgc $i3,2048($i3,$tbl) # Td4[s0>>24]
+ llgc $t1,2048($t1,$tbl) # Td4[s0>>16]
+ llgc $t2,2048($t2,$tbl) # Td4[s0>>8]
+ sll $t1,16
+ llgc $t3,2048($s0,$tbl) # Td4[s0>>0]
+ sllg $s0,$i3,24
+ sll $t2,8
+
+ llgc $s1,2048($s1,$tbl) # Td4[s1>>0]
+ llgc $i1,2048($i1,$tbl) # Td4[s1>>24]
+ llgc $i2,2048($i2,$tbl) # Td4[s1>>16]
+ sll $i1,24
+ llgc $i3,2048($ra,$tbl) # Td4[s1>>8]
+ sll $i2,16
+ sll $i3,8
+ or $s0,$s1
+ or $t1,$i1
+ or $t2,$i2
+ or $t3,$i3
+
+ srlg $i1,$s2,8 # i0
+ srlg $i2,$s2,24
+ srlg $i3,$s2,16
+ nr $s2,$mask # i1
+ nr $i1,$mask
+ nr $i3,$mask
+ llgc $i1,2048($i1,$tbl) # Td4[s2>>8]
+ llgc $s1,2048($s2,$tbl) # Td4[s2>>0]
+ llgc $i2,2048($i2,$tbl) # Td4[s2>>24]
+ llgc $i3,2048($i3,$tbl) # Td4[s2>>16]
+ sll $i1,8
+ sll $i2,24
+ or $s0,$i1
+ sll $i3,16
+ or $t2,$i2
+ or $t3,$i3
+
+ srlg $i1,$s3,16 # i0
+ srlg $i2,$s3,8 # i1
+ srlg $i3,$s3,24
+ nr $s3,$mask # i2
+ nr $i1,$mask
+ nr $i2,$mask
+
+ lg $ra,152($sp)
+ or $s1,$t1
+ l $t0,16($key)
+ l $t1,20($key)
+
+ llgc $i1,2048($i1,$tbl) # Td4[s3>>16]
+ llgc $i2,2048($i2,$tbl) # Td4[s3>>8]
+ sll $i1,16
+ llgc $s2,2048($s3,$tbl) # Td4[s3>>0]
+ llgc $s3,2048($i3,$tbl) # Td4[s3>>24]
+ sll $i2,8
+ sll $s3,24
+ or $s0,$i1
+ or $s1,$i2
+ or $s2,$t2
+ or $s3,$t3
+
+ xr $s0,$t0
+ xr $s1,$t1
+ x $s2,24($key)
+ x $s3,28($key)
+
+ br $ra
+.size _s390x_AES_decrypt,.-_s390x_AES_decrypt
+___
+
+$code.=<<___;
+# void AES_set_encrypt_key(const unsigned char *in, int bits,
+# AES_KEY *key) {
+.globl AES_set_encrypt_key
+.type AES_set_encrypt_key,\@function
+.align 16
+AES_set_encrypt_key:
+ lghi $t0,0
+ clgr $inp,$t0
+ je .Lminus1
+ clgr $key,$t0
+ je .Lminus1
+
+ lghi $t0,128
+ clr $bits,$t0
+ je .Lproceed
+ lghi $t0,192
+ clr $bits,$t0
+ je .Lproceed
+ lghi $t0,256
+ clr $bits,$t0
+ je .Lproceed
+ lghi %r2,-2
+ br %r14
+
+.align 16
+.Lproceed:
+___
+$code.=<<___ if (!$softonly);
+ # convert bits to km code, [128,192,256]->[18,19,20]
+ lhi %r5,-128
+ lhi %r0,18
+ ar %r5,$bits
+ srl %r5,6
+ ar %r5,%r0
+
+ larl %r1,OPENSSL_s390xcap_P
+ lg %r0,0(%r1)
+ tmhl %r0,0x4000 # check for message-security assist
+ jz .Lekey_internal
+
+ lghi %r0,0 # query capability vector
+ la %r1,16($sp)
+ .long 0xb92f0042 # kmc %r4,%r2
+
+ llihh %r1,0x8000
+ srlg %r1,%r1,0(%r5)
+ ng %r1,16($sp)
+ jz .Lekey_internal
+
+ lmg %r0,%r1,0($inp) # just copy 128 bits...
+ stmg %r0,%r1,0($key)
+ lhi %r0,192
+ cr $bits,%r0
+ jl 1f
+ lg %r1,16($inp)
+ stg %r1,16($key)
+ je 1f
+ lg %r1,24($inp)
+ stg %r1,24($key)
+1: st $bits,236($key) # save bits
+ st %r5,240($key) # save km code
+ lghi %r2,0
+ br %r14
+___
+$code.=<<___;
+.align 16
+.Lekey_internal:
+ stmg %r6,%r13,48($sp) # all non-volatile regs
+
+ larl $tbl,AES_Te+2048
+
+ llgf $s0,0($inp)
+ llgf $s1,4($inp)
+ llgf $s2,8($inp)
+ llgf $s3,12($inp)
+ st $s0,0($key)
+ st $s1,4($key)
+ st $s2,8($key)
+ st $s3,12($key)
+ lghi $t0,128
+ cr $bits,$t0
+ jne .Lnot128
+
+ llill $mask,0xff
+ lghi $t3,0 # i=0
+ lghi $rounds,10
+ st $rounds,240($key)
+
+ llgfr $t2,$s3 # temp=rk[3]
+ srlg $i1,$s3,8
+ srlg $i2,$s3,16
+ srlg $i3,$s3,24
+ nr $t2,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+
+.align 16
+.L128_loop:
+ la $t2,0($t2,$tbl)
+ la $i1,0($i1,$tbl)
+ la $i2,0($i2,$tbl)
+ la $i3,0($i3,$tbl)
+ icm $t2,2,0($t2) # Te4[rk[3]>>0]<<8
+ icm $t2,4,0($i1) # Te4[rk[3]>>8]<<16
+ icm $t2,8,0($i2) # Te4[rk[3]>>16]<<24
+ icm $t2,1,0($i3) # Te4[rk[3]>>24]
+ x $t2,256($t3,$tbl) # rcon[i]
+ xr $s0,$t2 # rk[4]=rk[0]^...
+ xr $s1,$s0 # rk[5]=rk[1]^rk[4]
+ xr $s2,$s1 # rk[6]=rk[2]^rk[5]
+ xr $s3,$s2 # rk[7]=rk[3]^rk[6]
+
+ llgfr $t2,$s3 # temp=rk[3]
+ srlg $i1,$s3,8
+ srlg $i2,$s3,16
+ nr $t2,$mask
+ nr $i1,$mask
+ srlg $i3,$s3,24
+ nr $i2,$mask
+
+ st $s0,16($key)
+ st $s1,20($key)
+ st $s2,24($key)
+ st $s3,28($key)
+ la $key,16($key) # key+=4
+ la $t3,4($t3) # i++
+ brct $rounds,.L128_loop
+ lghi %r2,0
+ lmg %r6,%r13,48($sp)
+ br $ra
+
+.align 16
+.Lnot128:
+ llgf $t0,16($inp)
+ llgf $t1,20($inp)
+ st $t0,16($key)
+ st $t1,20($key)
+ lghi $t0,192
+ cr $bits,$t0
+ jne .Lnot192
+
+ llill $mask,0xff
+ lghi $t3,0 # i=0
+ lghi $rounds,12
+ st $rounds,240($key)
+ lghi $rounds,8
+
+ srlg $i1,$t1,8
+ srlg $i2,$t1,16
+ srlg $i3,$t1,24
+ nr $t1,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+
+.align 16
+.L192_loop:
+ la $t1,0($t1,$tbl)
+ la $i1,0($i1,$tbl)
+ la $i2,0($i2,$tbl)
+ la $i3,0($i3,$tbl)
+ icm $t1,2,0($t1) # Te4[rk[5]>>0]<<8
+ icm $t1,4,0($i1) # Te4[rk[5]>>8]<<16
+ icm $t1,8,0($i2) # Te4[rk[5]>>16]<<24
+ icm $t1,1,0($i3) # Te4[rk[5]>>24]
+ x $t1,256($t3,$tbl) # rcon[i]
+ xr $s0,$t1 # rk[6]=rk[0]^...
+ xr $s1,$s0 # rk[7]=rk[1]^rk[6]
+ xr $s2,$s1 # rk[8]=rk[2]^rk[7]
+ xr $s3,$s2 # rk[9]=rk[3]^rk[8]
+
+ st $s0,24($key)
+ st $s1,28($key)
+ st $s2,32($key)
+ st $s3,36($key)
+ brct $rounds,.L192_continue
+ lghi %r2,0
+ lmg %r6,%r13,48($sp)
+ br $ra
+
+.align 16
+.L192_continue:
+ lgr $t1,$s3
+ x $t1,16($key) # rk[10]=rk[4]^rk[9]
+ st $t1,40($key)
+ x $t1,20($key) # rk[11]=rk[5]^rk[10]
+ st $t1,44($key)
+
+ srlg $i1,$t1,8
+ srlg $i2,$t1,16
+ srlg $i3,$t1,24
+ nr $t1,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+
+ la $key,24($key) # key+=6
+ la $t3,4($t3) # i++
+ j .L192_loop
+
+.align 16
+.Lnot192:
+ llgf $t0,24($inp)
+ llgf $t1,28($inp)
+ st $t0,24($key)
+ st $t1,28($key)
+ llill $mask,0xff
+ lghi $t3,0 # i=0
+ lghi $rounds,14
+ st $rounds,240($key)
+ lghi $rounds,7
+
+ srlg $i1,$t1,8
+ srlg $i2,$t1,16
+ srlg $i3,$t1,24
+ nr $t1,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+
+.align 16
+.L256_loop:
+ la $t1,0($t1,$tbl)
+ la $i1,0($i1,$tbl)
+ la $i2,0($i2,$tbl)
+ la $i3,0($i3,$tbl)
+ icm $t1,2,0($t1) # Te4[rk[7]>>0]<<8
+ icm $t1,4,0($i1) # Te4[rk[7]>>8]<<16
+ icm $t1,8,0($i2) # Te4[rk[7]>>16]<<24
+ icm $t1,1,0($i3) # Te4[rk[7]>>24]
+ x $t1,256($t3,$tbl) # rcon[i]
+ xr $s0,$t1 # rk[8]=rk[0]^...
+ xr $s1,$s0 # rk[9]=rk[1]^rk[8]
+ xr $s2,$s1 # rk[10]=rk[2]^rk[9]
+ xr $s3,$s2 # rk[11]=rk[3]^rk[10]
+ st $s0,32($key)
+ st $s1,36($key)
+ st $s2,40($key)
+ st $s3,44($key)
+ brct $rounds,.L256_continue
+ lghi %r2,0
+ lmg %r6,%r13,48($sp)
+ br $ra
+
+.align 16
+.L256_continue:
+ lgr $t1,$s3 # temp=rk[11]
+ srlg $i1,$s3,8
+ srlg $i2,$s3,16
+ srlg $i3,$s3,24
+ nr $t1,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+ la $t1,0($t1,$tbl)
+ la $i1,0($i1,$tbl)
+ la $i2,0($i2,$tbl)
+ la $i3,0($i3,$tbl)
+ llgc $t1,0($t1) # Te4[rk[11]>>0]
+ icm $t1,2,0($i1) # Te4[rk[11]>>8]<<8
+ icm $t1,4,0($i2) # Te4[rk[11]>>16]<<16
+ icm $t1,8,0($i3) # Te4[rk[11]>>24]<<24
+ x $t1,16($key) # rk[12]=rk[4]^...
+ st $t1,48($key)
+ x $t1,20($key) # rk[13]=rk[5]^rk[12]
+ st $t1,52($key)
+ x $t1,24($key) # rk[14]=rk[6]^rk[13]
+ st $t1,56($key)
+ x $t1,28($key) # rk[15]=rk[7]^rk[14]
+ st $t1,60($key)
+
+ srlg $i1,$t1,8
+ srlg $i2,$t1,16
+ srlg $i3,$t1,24
+ nr $t1,$mask
+ nr $i1,$mask
+ nr $i2,$mask
+
+ la $key,32($key) # key+=8
+ la $t3,4($t3) # i++
+ j .L256_loop
+
+.Lminus1:
+ lghi %r2,-1
+ br $ra
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+
+# void AES_set_decrypt_key(const unsigned char *in, int bits,
+# AES_KEY *key) {
+.globl AES_set_decrypt_key
+.type AES_set_decrypt_key,\@function
+.align 16
+AES_set_decrypt_key:
+ stg $key,32($sp) # I rely on AES_set_encrypt_key to
+ stg $ra,112($sp) # save non-volatile registers!
+ bras $ra,AES_set_encrypt_key
+ lg $key,32($sp)
+ lg $ra,112($sp)
+ ltgr %r2,%r2
+ bnzr $ra
+___
+$code.=<<___ if (!$softonly);
+ l $t0,240($key)
+ lhi $t1,16
+ cr $t0,$t1
+ jl .Lgo
+ oill $t0,0x80 # set "decrypt" bit
+ st $t0,240($key)
+ br $ra
+
+.align 16
+.Ldkey_internal:
+ stg $key,32($sp)
+ stg $ra,40($sp)
+ bras $ra,.Lekey_internal
+ lg $key,32($sp)
+ lg $ra,40($sp)
+___
+$code.=<<___;
+
+.Lgo: llgf $rounds,240($key)
+ la $i1,0($key)
+ sllg $i2,$rounds,4
+ la $i2,0($i2,$key)
+ srl $rounds,1
+ lghi $t1,-16
+
+.align 16
+.Linv: lmg $s0,$s1,0($i1)
+ lmg $s2,$s3,0($i2)
+ stmg $s0,$s1,0($i2)
+ stmg $s2,$s3,0($i1)
+ la $i1,16($i1)
+ la $i2,0($t1,$i2)
+ brct $rounds,.Linv
+___
+$mask80=$i1;
+$mask1b=$i2;
+$maskfe=$i3;
+$code.=<<___;
+ llgf $rounds,240($key)
+ aghi $rounds,-1
+ sll $rounds,2 # (rounds-1)*4
+ llilh $mask80,0x8080
+ llilh $mask1b,0x1b1b
+ llilh $maskfe,0xfefe
+ oill $mask80,0x8080
+ oill $mask1b,0x1b1b
+ oill $maskfe,0xfefe
+
+.align 16
+.Lmix: l $s0,16($key) # tp1
+ lr $s1,$s0
+ ngr $s1,$mask80
+ srlg $t1,$s1,7
+ slr $s1,$t1
+ nr $s1,$mask1b
+ sllg $t1,$s0,1
+ nr $t1,$maskfe
+ xr $s1,$t1 # tp2
+
+ lr $s2,$s1
+ ngr $s2,$mask80
+ srlg $t1,$s2,7
+ slr $s2,$t1
+ nr $s2,$mask1b
+ sllg $t1,$s1,1
+ nr $t1,$maskfe
+ xr $s2,$t1 # tp4
+
+ lr $s3,$s2
+ ngr $s3,$mask80
+ srlg $t1,$s3,7
+ slr $s3,$t1
+ nr $s3,$mask1b
+ sllg $t1,$s2,1
+ nr $t1,$maskfe
+ xr $s3,$t1 # tp8
+
+ xr $s1,$s0 # tp2^tp1
+ xr $s2,$s0 # tp4^tp1
+ rll $s0,$s0,24 # = ROTATE(tp1,8)
+ xr $s2,$s3 # ^=tp8
+ xr $s0,$s1 # ^=tp2^tp1
+ xr $s1,$s3 # tp2^tp1^tp8
+ xr $s0,$s2 # ^=tp4^tp1^tp8
+ rll $s1,$s1,8
+ rll $s2,$s2,16
+ xr $s0,$s1 # ^= ROTATE(tp8^tp2^tp1,24)
+ rll $s3,$s3,24
+ xr $s0,$s2 # ^= ROTATE(tp8^tp4^tp1,16)
+ xr $s0,$s3 # ^= ROTATE(tp8,8)
+
+ st $s0,16($key)
+ la $key,4($key)
+ brct $rounds,.Lmix
+
+ lmg %r6,%r13,48($sp)# as was saved by AES_set_encrypt_key!
+ lghi %r2,0
+ br $ra
+.size AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+#void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivec, const int enc)
+{
+my $inp="%r2";
+my $out="%r4"; # length and out are swapped
+my $len="%r3";
+my $key="%r5";
+my $ivp="%r6";
+
+$code.=<<___;
+.globl AES_cbc_encrypt
+.type AES_cbc_encrypt,\@function
+.align 16
+AES_cbc_encrypt:
+ xgr %r3,%r4 # flip %r3 and %r4, out and len
+ xgr %r4,%r3
+ xgr %r3,%r4
+___
+$code.=<<___ if (!$softonly);
+ lhi %r0,16
+ cl %r0,240($key)
+ jh .Lcbc_software
+
+ lg %r0,0($ivp) # copy ivec
+ lg %r1,8($ivp)
+ stmg %r0,%r1,16($sp)
+ lmg %r0,%r1,0($key) # copy key, cover 256 bit
+ stmg %r0,%r1,32($sp)
+ lmg %r0,%r1,16($key)
+ stmg %r0,%r1,48($sp)
+ l %r0,240($key) # load kmc code
+ lghi $key,15 # res=len%16, len-=res;
+ ngr $key,$len
+ slgr $len,$key
+ la %r1,16($sp) # parameter block - ivec || key
+ jz .Lkmc_truncated
+ .long 0xb92f0042 # kmc %r4,%r2
+ brc 1,.-4 # pay attention to "partial completion"
+ ltr $key,$key
+ jnz .Lkmc_truncated
+.Lkmc_done:
+ lmg %r0,%r1,16($sp) # copy ivec to caller
+ stg %r0,0($ivp)
+ stg %r1,8($ivp)
+ br $ra
+.align 16
+.Lkmc_truncated:
+ ahi $key,-1 # it's the way it's encoded in mvc
+ tmll %r0,0x80
+ jnz .Lkmc_truncated_dec
+ lghi %r1,0
+ stg %r1,128($sp)
+ stg %r1,136($sp)
+ bras %r1,1f
+ mvc 128(1,$sp),0($inp)
+1: ex $key,0(%r1)
+ la %r1,16($sp) # restore parameter block
+ la $inp,128($sp)
+ lghi $len,16
+ .long 0xb92f0042 # kmc %r4,%r2
+ j .Lkmc_done
+.align 16
+.Lkmc_truncated_dec:
+ stg $out,64($sp)
+ la $out,128($sp)
+ lghi $len,16
+ .long 0xb92f0042 # kmc %r4,%r2
+ lg $out,64($sp)
+ bras %r1,2f
+ mvc 0(1,$out),128($sp)
+2: ex $key,0(%r1)
+ j .Lkmc_done
+.align 16
+.Lcbc_software:
+___
+$code.=<<___;
+ stmg $key,$ra,40($sp)
+ lhi %r0,0
+ cl %r0,164($sp)
+ je .Lcbc_decrypt
+
+ larl $tbl,AES_Te
+
+ llgf $s0,0($ivp)
+ llgf $s1,4($ivp)
+ llgf $s2,8($ivp)
+ llgf $s3,12($ivp)
+
+ lghi $t0,16
+ slgr $len,$t0
+ brc 4,.Lcbc_enc_tail # if borrow
+.Lcbc_enc_loop:
+ stmg $inp,$out,16($sp)
+ x $s0,0($inp)
+ x $s1,4($inp)
+ x $s2,8($inp)
+ x $s3,12($inp)
+ lgr %r4,$key
+
+ bras $ra,_s390x_AES_encrypt
+
+ lmg $inp,$key,16($sp)
+ st $s0,0($out)
+ st $s1,4($out)
+ st $s2,8($out)
+ st $s3,12($out)
+
+ la $inp,16($inp)
+ la $out,16($out)
+ lghi $t0,16
+ ltgr $len,$len
+ jz .Lcbc_enc_done
+ slgr $len,$t0
+ brc 4,.Lcbc_enc_tail # if borrow
+ j .Lcbc_enc_loop
+.align 16
+.Lcbc_enc_done:
+ lg $ivp,48($sp)
+ st $s0,0($ivp)
+ st $s1,4($ivp)
+ st $s2,8($ivp)
+ st $s3,12($ivp)
+
+ lmg %r7,$ra,56($sp)
+ br $ra
+
+.align 16
+.Lcbc_enc_tail:
+ aghi $len,15
+ lghi $t0,0
+ stg $t0,128($sp)
+ stg $t0,136($sp)
+ bras $t1,3f
+ mvc 128(1,$sp),0($inp)
+3: ex $len,0($t1)
+ lghi $len,0
+ la $inp,128($sp)
+ j .Lcbc_enc_loop
+
+.align 16
+.Lcbc_decrypt:
+ larl $tbl,AES_Td
+
+ lg $t0,0($ivp)
+ lg $t1,8($ivp)
+ stmg $t0,$t1,128($sp)
+
+.Lcbc_dec_loop:
+ stmg $inp,$out,16($sp)
+ llgf $s0,0($inp)
+ llgf $s1,4($inp)
+ llgf $s2,8($inp)
+ llgf $s3,12($inp)
+ lgr %r4,$key
+
+ bras $ra,_s390x_AES_decrypt
+
+ lmg $inp,$key,16($sp)
+ sllg $s0,$s0,32
+ sllg $s2,$s2,32
+ lr $s0,$s1
+ lr $s2,$s3
+
+ lg $t0,0($inp)
+ lg $t1,8($inp)
+ xg $s0,128($sp)
+ xg $s2,136($sp)
+ lghi $s1,16
+ slgr $len,$s1
+ brc 4,.Lcbc_dec_tail # if borrow
+ brc 2,.Lcbc_dec_done # if zero
+ stg $s0,0($out)
+ stg $s2,8($out)
+ stmg $t0,$t1,128($sp)
+
+ la $inp,16($inp)
+ la $out,16($out)
+ j .Lcbc_dec_loop
+
+.Lcbc_dec_done:
+ stg $s0,0($out)
+ stg $s2,8($out)
+.Lcbc_dec_exit:
+ lmg $ivp,$ra,48($sp)
+ stmg $t0,$t1,0($ivp)
+
+ br $ra
+
+.align 16
+.Lcbc_dec_tail:
+ aghi $len,15
+ stg $s0,128($sp)
+ stg $s2,136($sp)
+ bras $s1,4f
+ mvc 0(1,$out),128($sp)
+4: ex $len,0($s1)
+ j .Lcbc_dec_exit
+.size AES_cbc_encrypt,.-AES_cbc_encrypt
+.comm OPENSSL_s390xcap_P,8,8
+___
+}
+$code.=<<___;
+.string "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl
new file mode 100755
index 0000000000..c57b3a2d6d
--- /dev/null
+++ b/crypto/aes/asm/aes-sparcv9.pl
@@ -0,0 +1,1181 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# Version 1.1
+#
+# The major reason for undertaken effort was to mitigate the hazard of
+# cache-timing attack. This is [currently and initially!] addressed in
+# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each.
+# 2. References to them are scheduled for L2 cache latency, meaning
+# that the tables don't have to reside in L1 cache. Once again, this
+# is an initial draft and one should expect more countermeasures to
+# be implemented...
+#
+# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last
+# round.
+#
+# Even though performance was not the primary goal [on the contrary,
+# extra shifts "induced" by compressed S-box and longer loop epilogue
+# "induced" by scheduling for L2 have negative effect on performance],
+# the code turned out to run in ~23 cycles per processed byte en-/
+# decrypted with 128-bit key. This is pretty good result for code
+# with mentioned qualities and UltraSPARC core. Compared to Sun C
+# generated code my encrypt procedure runs just few percents faster,
+# while decrypt one - whole 50% faster [yes, Sun C failed to generate
+# optimal decrypt procedure]. Compared to GNU C generated code both
+# procedures are more than 60% faster:-)
+
+$bits=32;
+for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); }
+if ($bits==64) { $bias=2047; $frame=192; }
+else { $bias=0; $frame=112; }
+$locals=16;
+
+$acc0="%l0";
+$acc1="%o0";
+$acc2="%o1";
+$acc3="%o2";
+
+$acc4="%l1";
+$acc5="%o3";
+$acc6="%o4";
+$acc7="%o5";
+
+$acc8="%l2";
+$acc9="%o7";
+$acc10="%g1";
+$acc11="%g2";
+
+$acc12="%l3";
+$acc13="%g3";
+$acc14="%g4";
+$acc15="%g5";
+
+$t0="%l4";
+$t1="%l5";
+$t2="%l6";
+$t3="%l7";
+
+$s0="%i0";
+$s1="%i1";
+$s2="%i2";
+$s3="%i3";
+$tbl="%i4";
+$key="%i5";
+$rounds="%i7"; # aliases with return address, which is off-loaded to stack
+
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; }
+}
+
+$code.=<<___ if ($bits==64);
+.register %g2,#scratch
+.register %g3,#scratch
+___
+$code.=<<___;
+.section ".text",#alloc,#execinstr
+
+.align 256
+AES_Te:
+___
+&_data_word(
+ 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
+ 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554,
+ 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d,
+ 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a,
+ 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87,
+ 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b,
+ 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea,
+ 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b,
+ 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a,
+ 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f,
+ 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108,
+ 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f,
+ 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e,
+ 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5,
+ 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d,
+ 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f,
+ 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e,
+ 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb,
+ 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce,
+ 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497,
+ 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c,
+ 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed,
+ 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b,
+ 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a,
+ 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16,
+ 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594,
+ 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81,
+ 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3,
+ 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a,
+ 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504,
+ 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163,
+ 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d,
+ 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f,
+ 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739,
+ 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47,
+ 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395,
+ 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f,
+ 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883,
+ 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c,
+ 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76,
+ 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e,
+ 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4,
+ 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6,
+ 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b,
+ 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7,
+ 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0,
+ 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25,
+ 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818,
+ 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72,
+ 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651,
+ 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21,
+ 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85,
+ 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa,
+ 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12,
+ 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0,
+ 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9,
+ 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133,
+ 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7,
+ 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920,
+ 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a,
+ 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17,
+ 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8,
+ 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11,
+ 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a);
+$code.=<<___;
+ .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
+ .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+ .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
+ .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+ .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
+ .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+ .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
+ .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+ .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
+ .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+ .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
+ .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+ .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
+ .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+ .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
+ .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+ .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
+ .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+ .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
+ .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+ .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
+ .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+ .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
+ .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+ .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
+ .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+ .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
+ .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+ .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
+ .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+ .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
+ .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+.type AES_Te,#object
+.size AES_Te,(.-AES_Te)
+
+.align 64
+.skip 16
+_sparcv9_AES_encrypt:
+ save %sp,-$frame-$locals,%sp
+ stx %i7,[%sp+$bias+$frame+0] ! off-load return address
+ ld [$key+240],$rounds
+ ld [$key+0],$t0
+ ld [$key+4],$t1 !
+ ld [$key+8],$t2
+ srl $rounds,1,$rounds
+ xor $t0,$s0,$s0
+ ld [$key+12],$t3
+ srl $s0,21,$acc0
+ xor $t1,$s1,$s1
+ ld [$key+16],$t0
+ srl $s1,13,$acc1 !
+ xor $t2,$s2,$s2
+ ld [$key+20],$t1
+ xor $t3,$s3,$s3
+ ld [$key+24],$t2
+ and $acc0,2040,$acc0
+ ld [$key+28],$t3
+ nop
+.Lenc_loop:
+ srl $s2,5,$acc2 !
+ and $acc1,2040,$acc1
+ ldx [$tbl+$acc0],$acc0
+ sll $s3,3,$acc3
+ and $acc2,2040,$acc2
+ ldx [$tbl+$acc1],$acc1
+ srl $s1,21,$acc4
+ and $acc3,2040,$acc3
+ ldx [$tbl+$acc2],$acc2 !
+ srl $s2,13,$acc5
+ and $acc4,2040,$acc4
+ ldx [$tbl+$acc3],$acc3
+ srl $s3,5,$acc6
+ and $acc5,2040,$acc5
+ ldx [$tbl+$acc4],$acc4
+ fmovs %f0,%f0
+ sll $s0,3,$acc7 !
+ and $acc6,2040,$acc6
+ ldx [$tbl+$acc5],$acc5
+ srl $s2,21,$acc8
+ and $acc7,2040,$acc7
+ ldx [$tbl+$acc6],$acc6
+ srl $s3,13,$acc9
+ and $acc8,2040,$acc8
+ ldx [$tbl+$acc7],$acc7 !
+ srl $s0,5,$acc10
+ and $acc9,2040,$acc9
+ ldx [$tbl+$acc8],$acc8
+ sll $s1,3,$acc11
+ and $acc10,2040,$acc10
+ ldx [$tbl+$acc9],$acc9
+ fmovs %f0,%f0
+ srl $s3,21,$acc12 !
+ and $acc11,2040,$acc11
+ ldx [$tbl+$acc10],$acc10
+ srl $s0,13,$acc13
+ and $acc12,2040,$acc12
+ ldx [$tbl+$acc11],$acc11
+ srl $s1,5,$acc14
+ and $acc13,2040,$acc13
+ ldx [$tbl+$acc12],$acc12 !
+ sll $s2,3,$acc15
+ and $acc14,2040,$acc14
+ ldx [$tbl+$acc13],$acc13
+ and $acc15,2040,$acc15
+ add $key,32,$key
+ ldx [$tbl+$acc14],$acc14
+ fmovs %f0,%f0
+ subcc $rounds,1,$rounds !
+ ldx [$tbl+$acc15],$acc15
+ bz,a,pn %icc,.Lenc_last
+ add $tbl,2048,$rounds
+
+ srlx $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ld [$key+0],$s0
+ fmovs %f0,%f0
+ srlx $acc2,16,$acc2 !
+ xor $acc1,$t0,$t0
+ ld [$key+4],$s1
+ srlx $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ld [$key+8],$s2
+ srlx $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ld [$key+12],$s3 !
+ srlx $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ fmovs %f0,%f0
+ srlx $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ srlx $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ srlx $acc10,16,$acc10 !
+ xor $acc7,$t1,$t1
+ srlx $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ srlx $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ srlx $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ srlx $acc15,24,$acc15 !
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ srl $t0,21,$acc0
+ xor $acc14,$t3,$t3
+ srl $t1,13,$acc1
+ xor $acc15,$t3,$t3
+
+ and $acc0,2040,$acc0 !
+ srl $t2,5,$acc2
+ and $acc1,2040,$acc1
+ ldx [$tbl+$acc0],$acc0
+ sll $t3,3,$acc3
+ and $acc2,2040,$acc2
+ ldx [$tbl+$acc1],$acc1
+ fmovs %f0,%f0
+ srl $t1,21,$acc4 !
+ and $acc3,2040,$acc3
+ ldx [$tbl+$acc2],$acc2
+ srl $t2,13,$acc5
+ and $acc4,2040,$acc4
+ ldx [$tbl+$acc3],$acc3
+ srl $t3,5,$acc6
+ and $acc5,2040,$acc5
+ ldx [$tbl+$acc4],$acc4 !
+ sll $t0,3,$acc7
+ and $acc6,2040,$acc6
+ ldx [$tbl+$acc5],$acc5
+ srl $t2,21,$acc8
+ and $acc7,2040,$acc7
+ ldx [$tbl+$acc6],$acc6
+ fmovs %f0,%f0
+ srl $t3,13,$acc9 !
+ and $acc8,2040,$acc8
+ ldx [$tbl+$acc7],$acc7
+ srl $t0,5,$acc10
+ and $acc9,2040,$acc9
+ ldx [$tbl+$acc8],$acc8
+ sll $t1,3,$acc11
+ and $acc10,2040,$acc10
+ ldx [$tbl+$acc9],$acc9 !
+ srl $t3,21,$acc12
+ and $acc11,2040,$acc11
+ ldx [$tbl+$acc10],$acc10
+ srl $t0,13,$acc13
+ and $acc12,2040,$acc12
+ ldx [$tbl+$acc11],$acc11
+ fmovs %f0,%f0
+ srl $t1,5,$acc14 !
+ and $acc13,2040,$acc13
+ ldx [$tbl+$acc12],$acc12
+ sll $t2,3,$acc15
+ and $acc14,2040,$acc14
+ ldx [$tbl+$acc13],$acc13
+ srlx $acc1,8,$acc1
+ and $acc15,2040,$acc15
+ ldx [$tbl+$acc14],$acc14 !
+
+ srlx $acc2,16,$acc2
+ xor $acc0,$s0,$s0
+ ldx [$tbl+$acc15],$acc15
+ srlx $acc3,24,$acc3
+ xor $acc1,$s0,$s0
+ ld [$key+16],$t0
+ fmovs %f0,%f0
+ srlx $acc5,8,$acc5 !
+ xor $acc2,$s0,$s0
+ ld [$key+20],$t1
+ srlx $acc6,16,$acc6
+ xor $acc3,$s0,$s0
+ ld [$key+24],$t2
+ srlx $acc7,24,$acc7
+ xor $acc4,$s1,$s1
+ ld [$key+28],$t3 !
+ srlx $acc9,8,$acc9
+ xor $acc5,$s1,$s1
+ ldx [$tbl+2048+0],%g0 ! prefetch te4
+ srlx $acc10,16,$acc10
+ xor $acc6,$s1,$s1
+ ldx [$tbl+2048+32],%g0 ! prefetch te4
+ srlx $acc11,24,$acc11
+ xor $acc7,$s1,$s1
+ ldx [$tbl+2048+64],%g0 ! prefetch te4
+ srlx $acc13,8,$acc13
+ xor $acc8,$s2,$s2
+ ldx [$tbl+2048+96],%g0 ! prefetch te4
+ srlx $acc14,16,$acc14 !
+ xor $acc9,$s2,$s2
+ ldx [$tbl+2048+128],%g0 ! prefetch te4
+ srlx $acc15,24,$acc15
+ xor $acc10,$s2,$s2
+ ldx [$tbl+2048+160],%g0 ! prefetch te4
+ srl $s0,21,$acc0
+ xor $acc11,$s2,$s2
+ ldx [$tbl+2048+192],%g0 ! prefetch te4
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ ldx [$tbl+2048+224],%g0 ! prefetch te4
+ srl $s1,13,$acc1 !
+ xor $acc14,$s3,$s3
+ xor $acc15,$s3,$s3
+ ba .Lenc_loop
+ and $acc0,2040,$acc0
+
+.align 32
+.Lenc_last:
+ srlx $acc1,8,$acc1 !
+ xor $acc0,$t0,$t0
+ ld [$key+0],$s0
+ srlx $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ld [$key+4],$s1
+ srlx $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ld [$key+8],$s2 !
+ srlx $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ld [$key+12],$s3
+ srlx $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ srlx $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ srlx $acc9,8,$acc9 !
+ xor $acc6,$t1,$t1
+ srlx $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ srlx $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ srlx $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ srlx $acc14,16,$acc14 !
+ xor $acc10,$t2,$t2
+ srlx $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ srl $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ srl $t1,16,$acc1 !
+ xor $acc15,$t3,$t3
+
+ srl $t2,8,$acc2
+ and $acc1,255,$acc1
+ ldub [$rounds+$acc0],$acc0
+ srl $t1,24,$acc4
+ and $acc2,255,$acc2
+ ldub [$rounds+$acc1],$acc1
+ srl $t2,16,$acc5 !
+ and $t3,255,$acc3
+ ldub [$rounds+$acc2],$acc2
+ ldub [$rounds+$acc3],$acc3
+ srl $t3,8,$acc6
+ and $acc5,255,$acc5
+ ldub [$rounds+$acc4],$acc4
+ fmovs %f0,%f0
+ srl $t2,24,$acc8 !
+ and $acc6,255,$acc6
+ ldub [$rounds+$acc5],$acc5
+ srl $t3,16,$acc9
+ and $t0,255,$acc7
+ ldub [$rounds+$acc6],$acc6
+ ldub [$rounds+$acc7],$acc7
+ fmovs %f0,%f0
+ srl $t0,8,$acc10 !
+ and $acc9,255,$acc9
+ ldub [$rounds+$acc8],$acc8
+ srl $t3,24,$acc12
+ and $acc10,255,$acc10
+ ldub [$rounds+$acc9],$acc9
+ srl $t0,16,$acc13
+ and $t1,255,$acc11
+ ldub [$rounds+$acc10],$acc10 !
+ srl $t1,8,$acc14
+ and $acc13,255,$acc13
+ ldub [$rounds+$acc11],$acc11
+ ldub [$rounds+$acc12],$acc12
+ and $acc14,255,$acc14
+ ldub [$rounds+$acc13],$acc13
+ and $t2,255,$acc15
+ ldub [$rounds+$acc14],$acc14 !
+
+ sll $acc0,24,$acc0
+ xor $acc3,$s0,$s0
+ ldub [$rounds+$acc15],$acc15
+ sll $acc1,16,$acc1
+ xor $acc0,$s0,$s0
+ ldx [%sp+$bias+$frame+0],%i7 ! restore return address
+ fmovs %f0,%f0
+ sll $acc2,8,$acc2 !
+ xor $acc1,$s0,$s0
+ sll $acc4,24,$acc4
+ xor $acc2,$s0,$s0
+ sll $acc5,16,$acc5
+ xor $acc7,$s1,$s1
+ sll $acc6,8,$acc6
+ xor $acc4,$s1,$s1
+ sll $acc8,24,$acc8 !
+ xor $acc5,$s1,$s1
+ sll $acc9,16,$acc9
+ xor $acc11,$s2,$s2
+ sll $acc10,8,$acc10
+ xor $acc6,$s1,$s1
+ sll $acc12,24,$acc12
+ xor $acc8,$s2,$s2
+ sll $acc13,16,$acc13 !
+ xor $acc9,$s2,$s2
+ sll $acc14,8,$acc14
+ xor $acc10,$s2,$s2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ xor $acc14,$s3,$s3
+ xor $acc15,$s3,$s3
+
+ ret
+ restore
+.type _sparcv9_AES_encrypt,#function
+.size _sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt)
+
+.align 32
+.globl AES_encrypt
+AES_encrypt:
+ or %o0,%o1,%g1
+ andcc %g1,3,%g0
+ bnz,pn %xcc,.Lunaligned_enc
+ save %sp,-$frame,%sp
+
+ ld [%i0+0],%o0
+ ld [%i0+4],%o1
+ ld [%i0+8],%o2
+ ld [%i0+12],%o3
+
+1: call .+8
+ add %o7,AES_Te-1b,%o4
+ call _sparcv9_AES_encrypt
+ mov %i2,%o5
+
+ st %o0,[%i1+0]
+ st %o1,[%i1+4]
+ st %o2,[%i1+8]
+ st %o3,[%i1+12]
+
+ ret
+ restore
+
+.align 32
+.Lunaligned_enc:
+ ldub [%i0+0],%l0
+ ldub [%i0+1],%l1
+ ldub [%i0+2],%l2
+
+ sll %l0,24,%l0
+ ldub [%i0+3],%l3
+ sll %l1,16,%l1
+ ldub [%i0+4],%l4
+ sll %l2,8,%l2
+ or %l1,%l0,%l0
+ ldub [%i0+5],%l5
+ sll %l4,24,%l4
+ or %l3,%l2,%l2
+ ldub [%i0+6],%l6
+ sll %l5,16,%l5
+ or %l0,%l2,%o0
+ ldub [%i0+7],%l7
+
+ sll %l6,8,%l6
+ or %l5,%l4,%l4
+ ldub [%i0+8],%l0
+ or %l7,%l6,%l6
+ ldub [%i0+9],%l1
+ or %l4,%l6,%o1
+ ldub [%i0+10],%l2
+
+ sll %l0,24,%l0
+ ldub [%i0+11],%l3
+ sll %l1,16,%l1
+ ldub [%i0+12],%l4
+ sll %l2,8,%l2
+ or %l1,%l0,%l0
+ ldub [%i0+13],%l5
+ sll %l4,24,%l4
+ or %l3,%l2,%l2
+ ldub [%i0+14],%l6
+ sll %l5,16,%l5
+ or %l0,%l2,%o2
+ ldub [%i0+15],%l7
+
+ sll %l6,8,%l6
+ or %l5,%l4,%l4
+ or %l7,%l6,%l6
+ or %l4,%l6,%o3
+
+1: call .+8
+ add %o7,AES_Te-1b,%o4
+ call _sparcv9_AES_encrypt
+ mov %i2,%o5
+
+ srl %o0,24,%l0
+ srl %o0,16,%l1
+ stb %l0,[%i1+0]
+ srl %o0,8,%l2
+ stb %l1,[%i1+1]
+ stb %l2,[%i1+2]
+ srl %o1,24,%l4
+ stb %o0,[%i1+3]
+
+ srl %o1,16,%l5
+ stb %l4,[%i1+4]
+ srl %o1,8,%l6
+ stb %l5,[%i1+5]
+ stb %l6,[%i1+6]
+ srl %o2,24,%l0
+ stb %o1,[%i1+7]
+
+ srl %o2,16,%l1
+ stb %l0,[%i1+8]
+ srl %o2,8,%l2
+ stb %l1,[%i1+9]
+ stb %l2,[%i1+10]
+ srl %o3,24,%l4
+ stb %o2,[%i1+11]
+
+ srl %o3,16,%l5
+ stb %l4,[%i1+12]
+ srl %o3,8,%l6
+ stb %l5,[%i1+13]
+ stb %l6,[%i1+14]
+ stb %o3,[%i1+15]
+
+ ret
+ restore
+.type AES_encrypt,#function
+.size AES_encrypt,(.-AES_encrypt)
+
+___
+
+$code.=<<___;
+.align 256
+AES_Td:
+___
+&_data_word(
+ 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96,
+ 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393,
+ 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25,
+ 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f,
+ 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1,
+ 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6,
+ 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da,
+ 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844,
+ 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd,
+ 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4,
+ 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45,
+ 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94,
+ 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7,
+ 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a,
+ 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5,
+ 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c,
+ 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1,
+ 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a,
+ 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75,
+ 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051,
+ 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46,
+ 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff,
+ 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77,
+ 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb,
+ 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000,
+ 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e,
+ 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927,
+ 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a,
+ 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e,
+ 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16,
+ 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d,
+ 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8,
+ 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd,
+ 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34,
+ 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163,
+ 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120,
+ 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d,
+ 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0,
+ 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422,
+ 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef,
+ 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36,
+ 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4,
+ 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662,
+ 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5,
+ 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3,
+ 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b,
+ 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8,
+ 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6,
+ 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6,
+ 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0,
+ 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815,
+ 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f,
+ 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df,
+ 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f,
+ 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e,
+ 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713,
+ 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89,
+ 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c,
+ 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf,
+ 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86,
+ 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f,
+ 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541,
+ 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190,
+ 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742);
+$code.=<<___;
+ .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
+ .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+ .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
+ .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+ .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
+ .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+ .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
+ .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+ .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
+ .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+ .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
+ .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+ .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
+ .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+ .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
+ .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+ .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
+ .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+ .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
+ .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+ .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
+ .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+ .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
+ .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+ .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
+ .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+ .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
+ .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+ .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
+ .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+ .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
+ .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+.type AES_Td,#object
+.size AES_Td,(.-AES_Td)
+
+.align 64
+.skip 16
+_sparcv9_AES_decrypt:
+ save %sp,-$frame-$locals,%sp
+ stx %i7,[%sp+$bias+$frame+0] ! off-load return address
+ ld [$key+240],$rounds
+ ld [$key+0],$t0
+ ld [$key+4],$t1 !
+ ld [$key+8],$t2
+ ld [$key+12],$t3
+ srl $rounds,1,$rounds
+ xor $t0,$s0,$s0
+ ld [$key+16],$t0
+ xor $t1,$s1,$s1
+ ld [$key+20],$t1
+ srl $s0,21,$acc0 !
+ xor $t2,$s2,$s2
+ ld [$key+24],$t2
+ xor $t3,$s3,$s3
+ and $acc0,2040,$acc0
+ ld [$key+28],$t3
+ srl $s3,13,$acc1
+ nop
+.Ldec_loop:
+ srl $s2,5,$acc2 !
+ and $acc1,2040,$acc1
+ ldx [$tbl+$acc0],$acc0
+ sll $s1,3,$acc3
+ and $acc2,2040,$acc2
+ ldx [$tbl+$acc1],$acc1
+ srl $s1,21,$acc4
+ and $acc3,2040,$acc3
+ ldx [$tbl+$acc2],$acc2 !
+ srl $s0,13,$acc5
+ and $acc4,2040,$acc4
+ ldx [$tbl+$acc3],$acc3
+ srl $s3,5,$acc6
+ and $acc5,2040,$acc5
+ ldx [$tbl+$acc4],$acc4
+ fmovs %f0,%f0
+ sll $s2,3,$acc7 !
+ and $acc6,2040,$acc6
+ ldx [$tbl+$acc5],$acc5
+ srl $s2,21,$acc8
+ and $acc7,2040,$acc7
+ ldx [$tbl+$acc6],$acc6
+ srl $s1,13,$acc9
+ and $acc8,2040,$acc8
+ ldx [$tbl+$acc7],$acc7 !
+ srl $s0,5,$acc10
+ and $acc9,2040,$acc9
+ ldx [$tbl+$acc8],$acc8
+ sll $s3,3,$acc11
+ and $acc10,2040,$acc10
+ ldx [$tbl+$acc9],$acc9
+ fmovs %f0,%f0
+ srl $s3,21,$acc12 !
+ and $acc11,2040,$acc11
+ ldx [$tbl+$acc10],$acc10
+ srl $s2,13,$acc13
+ and $acc12,2040,$acc12
+ ldx [$tbl+$acc11],$acc11
+ srl $s1,5,$acc14
+ and $acc13,2040,$acc13
+ ldx [$tbl+$acc12],$acc12 !
+ sll $s0,3,$acc15
+ and $acc14,2040,$acc14
+ ldx [$tbl+$acc13],$acc13
+ and $acc15,2040,$acc15
+ add $key,32,$key
+ ldx [$tbl+$acc14],$acc14
+ fmovs %f0,%f0
+ subcc $rounds,1,$rounds !
+ ldx [$tbl+$acc15],$acc15
+ bz,a,pn %icc,.Ldec_last
+ add $tbl,2048,$rounds
+
+ srlx $acc1,8,$acc1
+ xor $acc0,$t0,$t0
+ ld [$key+0],$s0
+ fmovs %f0,%f0
+ srlx $acc2,16,$acc2 !
+ xor $acc1,$t0,$t0
+ ld [$key+4],$s1
+ srlx $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ld [$key+8],$s2
+ srlx $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ld [$key+12],$s3 !
+ srlx $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ fmovs %f0,%f0
+ srlx $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ srlx $acc9,8,$acc9
+ xor $acc6,$t1,$t1
+ srlx $acc10,16,$acc10 !
+ xor $acc7,$t1,$t1
+ srlx $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ srlx $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ srlx $acc14,16,$acc14
+ xor $acc10,$t2,$t2
+ srlx $acc15,24,$acc15 !
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ srl $t0,21,$acc0
+ xor $acc14,$t3,$t3
+ xor $acc15,$t3,$t3
+ srl $t3,13,$acc1
+
+ and $acc0,2040,$acc0 !
+ srl $t2,5,$acc2
+ and $acc1,2040,$acc1
+ ldx [$tbl+$acc0],$acc0
+ sll $t1,3,$acc3
+ and $acc2,2040,$acc2
+ ldx [$tbl+$acc1],$acc1
+ fmovs %f0,%f0
+ srl $t1,21,$acc4 !
+ and $acc3,2040,$acc3
+ ldx [$tbl+$acc2],$acc2
+ srl $t0,13,$acc5
+ and $acc4,2040,$acc4
+ ldx [$tbl+$acc3],$acc3
+ srl $t3,5,$acc6
+ and $acc5,2040,$acc5
+ ldx [$tbl+$acc4],$acc4 !
+ sll $t2,3,$acc7
+ and $acc6,2040,$acc6
+ ldx [$tbl+$acc5],$acc5
+ srl $t2,21,$acc8
+ and $acc7,2040,$acc7
+ ldx [$tbl+$acc6],$acc6
+ fmovs %f0,%f0
+ srl $t1,13,$acc9 !
+ and $acc8,2040,$acc8
+ ldx [$tbl+$acc7],$acc7
+ srl $t0,5,$acc10
+ and $acc9,2040,$acc9
+ ldx [$tbl+$acc8],$acc8
+ sll $t3,3,$acc11
+ and $acc10,2040,$acc10
+ ldx [$tbl+$acc9],$acc9 !
+ srl $t3,21,$acc12
+ and $acc11,2040,$acc11
+ ldx [$tbl+$acc10],$acc10
+ srl $t2,13,$acc13
+ and $acc12,2040,$acc12
+ ldx [$tbl+$acc11],$acc11
+ fmovs %f0,%f0
+ srl $t1,5,$acc14 !
+ and $acc13,2040,$acc13
+ ldx [$tbl+$acc12],$acc12
+ sll $t0,3,$acc15
+ and $acc14,2040,$acc14
+ ldx [$tbl+$acc13],$acc13
+ srlx $acc1,8,$acc1
+ and $acc15,2040,$acc15
+ ldx [$tbl+$acc14],$acc14 !
+
+ srlx $acc2,16,$acc2
+ xor $acc0,$s0,$s0
+ ldx [$tbl+$acc15],$acc15
+ srlx $acc3,24,$acc3
+ xor $acc1,$s0,$s0
+ ld [$key+16],$t0
+ fmovs %f0,%f0
+ srlx $acc5,8,$acc5 !
+ xor $acc2,$s0,$s0
+ ld [$key+20],$t1
+ srlx $acc6,16,$acc6
+ xor $acc3,$s0,$s0
+ ld [$key+24],$t2
+ srlx $acc7,24,$acc7
+ xor $acc4,$s1,$s1
+ ld [$key+28],$t3 !
+ srlx $acc9,8,$acc9
+ xor $acc5,$s1,$s1
+ ldx [$tbl+2048+0],%g0 ! prefetch td4
+ srlx $acc10,16,$acc10
+ xor $acc6,$s1,$s1
+ ldx [$tbl+2048+32],%g0 ! prefetch td4
+ srlx $acc11,24,$acc11
+ xor $acc7,$s1,$s1
+ ldx [$tbl+2048+64],%g0 ! prefetch td4
+ srlx $acc13,8,$acc13
+ xor $acc8,$s2,$s2
+ ldx [$tbl+2048+96],%g0 ! prefetch td4
+ srlx $acc14,16,$acc14 !
+ xor $acc9,$s2,$s2
+ ldx [$tbl+2048+128],%g0 ! prefetch td4
+ srlx $acc15,24,$acc15
+ xor $acc10,$s2,$s2
+ ldx [$tbl+2048+160],%g0 ! prefetch td4
+ srl $s0,21,$acc0
+ xor $acc11,$s2,$s2
+ ldx [$tbl+2048+192],%g0 ! prefetch td4
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ ldx [$tbl+2048+224],%g0 ! prefetch td4
+ and $acc0,2040,$acc0 !
+ xor $acc14,$s3,$s3
+ xor $acc15,$s3,$s3
+ ba .Ldec_loop
+ srl $s3,13,$acc1
+
+.align 32
+.Ldec_last:
+ srlx $acc1,8,$acc1 !
+ xor $acc0,$t0,$t0
+ ld [$key+0],$s0
+ srlx $acc2,16,$acc2
+ xor $acc1,$t0,$t0
+ ld [$key+4],$s1
+ srlx $acc3,24,$acc3
+ xor $acc2,$t0,$t0
+ ld [$key+8],$s2 !
+ srlx $acc5,8,$acc5
+ xor $acc3,$t0,$t0
+ ld [$key+12],$s3
+ srlx $acc6,16,$acc6
+ xor $acc4,$t1,$t1
+ srlx $acc7,24,$acc7
+ xor $acc5,$t1,$t1
+ srlx $acc9,8,$acc9 !
+ xor $acc6,$t1,$t1
+ srlx $acc10,16,$acc10
+ xor $acc7,$t1,$t1
+ srlx $acc11,24,$acc11
+ xor $acc8,$t2,$t2
+ srlx $acc13,8,$acc13
+ xor $acc9,$t2,$t2
+ srlx $acc14,16,$acc14 !
+ xor $acc10,$t2,$t2
+ srlx $acc15,24,$acc15
+ xor $acc11,$t2,$t2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$t3,$t3
+ srl $t0,24,$acc0
+ xor $acc14,$t3,$t3
+ xor $acc15,$t3,$t3 !
+ srl $t3,16,$acc1
+
+ srl $t2,8,$acc2
+ and $acc1,255,$acc1
+ ldub [$rounds+$acc0],$acc0
+ srl $t1,24,$acc4
+ and $acc2,255,$acc2
+ ldub [$rounds+$acc1],$acc1
+ srl $t0,16,$acc5 !
+ and $t1,255,$acc3
+ ldub [$rounds+$acc2],$acc2
+ ldub [$rounds+$acc3],$acc3
+ srl $t3,8,$acc6
+ and $acc5,255,$acc5
+ ldub [$rounds+$acc4],$acc4
+ fmovs %f0,%f0
+ srl $t2,24,$acc8 !
+ and $acc6,255,$acc6
+ ldub [$rounds+$acc5],$acc5
+ srl $t1,16,$acc9
+ and $t2,255,$acc7
+ ldub [$rounds+$acc6],$acc6
+ ldub [$rounds+$acc7],$acc7
+ fmovs %f0,%f0
+ srl $t0,8,$acc10 !
+ and $acc9,255,$acc9
+ ldub [$rounds+$acc8],$acc8
+ srl $t3,24,$acc12
+ and $acc10,255,$acc10
+ ldub [$rounds+$acc9],$acc9
+ srl $t2,16,$acc13
+ and $t3,255,$acc11
+ ldub [$rounds+$acc10],$acc10 !
+ srl $t1,8,$acc14
+ and $acc13,255,$acc13
+ ldub [$rounds+$acc11],$acc11
+ ldub [$rounds+$acc12],$acc12
+ and $acc14,255,$acc14
+ ldub [$rounds+$acc13],$acc13
+ and $t0,255,$acc15
+ ldub [$rounds+$acc14],$acc14 !
+
+ sll $acc0,24,$acc0
+ xor $acc3,$s0,$s0
+ ldub [$rounds+$acc15],$acc15
+ sll $acc1,16,$acc1
+ xor $acc0,$s0,$s0
+ ldx [%sp+$bias+$frame+0],%i7 ! restore return address
+ fmovs %f0,%f0
+ sll $acc2,8,$acc2 !
+ xor $acc1,$s0,$s0
+ sll $acc4,24,$acc4
+ xor $acc2,$s0,$s0
+ sll $acc5,16,$acc5
+ xor $acc7,$s1,$s1
+ sll $acc6,8,$acc6
+ xor $acc4,$s1,$s1
+ sll $acc8,24,$acc8 !
+ xor $acc5,$s1,$s1
+ sll $acc9,16,$acc9
+ xor $acc11,$s2,$s2
+ sll $acc10,8,$acc10
+ xor $acc6,$s1,$s1
+ sll $acc12,24,$acc12
+ xor $acc8,$s2,$s2
+ sll $acc13,16,$acc13 !
+ xor $acc9,$s2,$s2
+ sll $acc14,8,$acc14
+ xor $acc10,$s2,$s2
+ xor $acc12,$acc14,$acc14
+ xor $acc13,$s3,$s3
+ xor $acc14,$s3,$s3
+ xor $acc15,$s3,$s3
+
+ ret
+ restore
+.type _sparcv9_AES_decrypt,#function
+.size _sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt)
+
+.align 32
+.globl AES_decrypt
+AES_decrypt:
+ or %o0,%o1,%g1
+ andcc %g1,3,%g0
+ bnz,pn %xcc,.Lunaligned_dec
+ save %sp,-$frame,%sp
+
+ ld [%i0+0],%o0
+ ld [%i0+4],%o1
+ ld [%i0+8],%o2
+ ld [%i0+12],%o3
+
+1: call .+8
+ add %o7,AES_Td-1b,%o4
+ call _sparcv9_AES_decrypt
+ mov %i2,%o5
+
+ st %o0,[%i1+0]
+ st %o1,[%i1+4]
+ st %o2,[%i1+8]
+ st %o3,[%i1+12]
+
+ ret
+ restore
+
+.align 32
+.Lunaligned_dec:
+ ldub [%i0+0],%l0
+ ldub [%i0+1],%l1
+ ldub [%i0+2],%l2
+
+ sll %l0,24,%l0
+ ldub [%i0+3],%l3
+ sll %l1,16,%l1
+ ldub [%i0+4],%l4
+ sll %l2,8,%l2
+ or %l1,%l0,%l0
+ ldub [%i0+5],%l5
+ sll %l4,24,%l4
+ or %l3,%l2,%l2
+ ldub [%i0+6],%l6
+ sll %l5,16,%l5
+ or %l0,%l2,%o0
+ ldub [%i0+7],%l7
+
+ sll %l6,8,%l6
+ or %l5,%l4,%l4
+ ldub [%i0+8],%l0
+ or %l7,%l6,%l6
+ ldub [%i0+9],%l1
+ or %l4,%l6,%o1
+ ldub [%i0+10],%l2
+
+ sll %l0,24,%l0
+ ldub [%i0+11],%l3
+ sll %l1,16,%l1
+ ldub [%i0+12],%l4
+ sll %l2,8,%l2
+ or %l1,%l0,%l0
+ ldub [%i0+13],%l5
+ sll %l4,24,%l4
+ or %l3,%l2,%l2
+ ldub [%i0+14],%l6
+ sll %l5,16,%l5
+ or %l0,%l2,%o2
+ ldub [%i0+15],%l7
+
+ sll %l6,8,%l6
+ or %l5,%l4,%l4
+ or %l7,%l6,%l6
+ or %l4,%l6,%o3
+
+1: call .+8
+ add %o7,AES_Td-1b,%o4
+ call _sparcv9_AES_decrypt
+ mov %i2,%o5
+
+ srl %o0,24,%l0
+ srl %o0,16,%l1
+ stb %l0,[%i1+0]
+ srl %o0,8,%l2
+ stb %l1,[%i1+1]
+ stb %l2,[%i1+2]
+ srl %o1,24,%l4
+ stb %o0,[%i1+3]
+
+ srl %o1,16,%l5
+ stb %l4,[%i1+4]
+ srl %o1,8,%l6
+ stb %l5,[%i1+5]
+ stb %l6,[%i1+6]
+ srl %o2,24,%l0
+ stb %o1,[%i1+7]
+
+ srl %o2,16,%l1
+ stb %l0,[%i1+8]
+ srl %o2,8,%l2
+ stb %l1,[%i1+9]
+ stb %l2,[%i1+10]
+ srl %o3,24,%l4
+ stb %o2,[%i1+11]
+
+ srl %o3,16,%l5
+ stb %l4,[%i1+12]
+ srl %o3,8,%l6
+ stb %l5,[%i1+13]
+ stb %l6,[%i1+14]
+ stb %o3,[%i1+15]
+
+ ret
+ restore
+.type AES_decrypt,#function
+.size AES_decrypt,(.-AES_decrypt)
+___
+
+# fmovs instructions substituting for FP nops were originally added
+# to meet specific instruction alignment requirements to maximize ILP.
+# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
+# undesired effect, so just omit them and sacrifice some portion of
+# percent in performance...
+$code =~ s/fmovs.*$//gem;
+
+print $code;
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
new file mode 100755
index 0000000000..a545e892ae
--- /dev/null
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -0,0 +1,2809 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# Version 2.1.
+#
+# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
+# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
+# [you'll notice a lot of resemblance], such as compressed S-boxes
+# in little-endian byte order, prefetch of these tables in CBC mode,
+# as well as avoiding L1 cache aliasing between stack frame and key
+# schedule and already mentioned tables, compressed Td4...
+#
+# Performance in number of cycles per processed byte for 128-bit key:
+#
+# ECB encrypt ECB decrypt CBC large chunk
+# AMD64 33 41 13.0
+# EM64T 38 59 18.6(*)
+# Core 2 30 43 14.5(*)
+#
+# (*) with hyper-threading off
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+$verticalspin=1; # unlike 32-bit version $verticalspin performs
+ # ~15% better on both AMD and Intel cores
+$speed_limit=512; # see aes-586.pl for details
+
+$code=".text\n";
+
+$s0="%eax";
+$s1="%ebx";
+$s2="%ecx";
+$s3="%edx";
+$acc0="%esi"; $mask80="%rsi";
+$acc1="%edi"; $maskfe="%rdi";
+$acc2="%ebp"; $mask1b="%rbp";
+$inp="%r8";
+$out="%r9";
+$t0="%r10d";
+$t1="%r11d";
+$t2="%r12d";
+$rnds="%r13d";
+$sbox="%r14";
+$key="%r15";
+
+sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
+sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
+ $r =~ s/%[er]([sd]i)/%\1l/;
+ $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
+sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
+ $r =~ s/%r([0-9]+)/%r\1d/; $r; }
+sub _data_word()
+{ my $i;
+ while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
+}
+sub data_word()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".long\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
+ $code.=sprintf"0x%08x\n",$last;
+}
+
+sub data_byte()
+{ my $i;
+ my $last=pop(@_);
+ $code.=".byte\t";
+ while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
+ $code.=sprintf"0x%02x\n",$last&0xff;
+}
+
+sub encvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ shr \$16,$s2
+ movzb `&hi("$s0")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ mov 12($key),$s3
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ mov 0($key),$s0
+ xor 1($sbox,$acc1,8),$t2
+ xor 1($sbox,$acc2,8),$t3
+
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub enclastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ movzb 2($sbox,$acc0,8),$t0
+ movzb 2($sbox,$acc1,8),$t1
+ movzb 2($sbox,$acc2,8),$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ movzb 2($sbox,$acc0,8),$t3
+ mov 0($sbox,$acc1,8),$acc1 #$t0
+ mov 0($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x0000ff00,$acc1
+ and \$0x0000ff00,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ shr \$16,$s3
+ mov 0($sbox,$acc0,8),$acc0 #$t2
+ mov 0($sbox,$acc1,8),$acc1 #$t3
+
+ and \$0x0000ff00,$acc0
+ and \$0x0000ff00,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s0
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t0
+ mov 0($sbox,$acc1,8),$acc1 #$t1
+ mov 0($sbox,$acc2,8),$acc2 #$t2
+
+ and \$0x00ff0000,$acc0
+ and \$0x00ff0000,$acc1
+ and \$0x00ff0000,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ mov 0($sbox,$acc0,8),$acc0 #$t3
+ mov 2($sbox,$acc1,8),$acc1 #$t0
+ mov 2($sbox,$acc2,8),$acc2 #$t1
+
+ and \$0x00ff0000,$acc0
+ and \$0xff000000,$acc1
+ and \$0xff000000,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ mov 16+12($key),$s3
+ mov 2($sbox,$acc0,8),$acc0 #$t2
+ mov 2($sbox,$acc1,8),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ and \$0xff000000,$acc0
+ and \$0xff000000,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub encstep()
+{ my ($i,@s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" lea 16($key),$key\n" if ($i==0);
+
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" mov 0($sbox,$out,8),$out\n";
+
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+ $code.=" xor 4*$i($key),$out\n";
+
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub enclast()
+{ my ($i,@s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ if ($i==3) {
+ $tmp0=$s[1];
+ $tmp1=$s[2];
+ $tmp2=$s[3];
+ }
+ $code.=" movzb ".&lo($s[0]).",$out\n";
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+
+ $code.=" mov 2($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $code.=" and \$0x000000ff,$out\n";
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" movzb ".&lo($tmp1).",$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" mov 0($sbox,$tmp0,8),$tmp0\n";
+ $code.=" mov 0($sbox,$tmp1,8),$tmp1\n";
+ $code.=" mov 2($sbox,$tmp2,8),$tmp2\n";
+
+ $code.=" and \$0x0000ff00,$tmp0\n";
+ $code.=" and \$0x00ff0000,$tmp1\n";
+ $code.=" and \$0xff000000,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t0,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t2,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_encrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_encrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Lenc_loop
+.align 16
+.Lenc_loop:
+___
+ if ($verticalspin) { &encvert(); }
+ else { &encstep(0,$s0,$s1,$s2,$s3);
+ &encstep(1,$s1,$s2,$s3,$s0);
+ &encstep(2,$s2,$s3,$s0,$s1);
+ &encstep(3,$s3,$s0,$s1,$s2);
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Lenc_loop
+___
+ if ($verticalspin) { &enclastvert(); }
+ else { &enclast(0,$s0,$s1,$s2,$s3);
+ &enclast(1,$s1,$s2,$s3,$s0);
+ &enclast(2,$s2,$s3,$s0,$s1);
+ &enclast(3,$s3,$s0,$s1,$s2);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
+___
+
+# it's possible to implement this by shifting tN by 8, filling least
+# significant byte with byte load and finally bswap-ing at the end,
+# but such partial register load kills Core 2...
+sub enccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$t0
+ movzb `&lo("$s1")`,$t1
+ movzb `&lo("$s2")`,$t2
+ movzb ($sbox,$t0,1),$t0
+ movzb ($sbox,$t1,1),$t1
+ movzb ($sbox,$t2,1),$t2
+
+ movzb `&lo("$s3")`,$t3
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb ($sbox,$t3,1),$t3
+ movzb ($sbox,$acc0,1),$t4 #$t0
+ movzb ($sbox,$acc1,1),$t5 #$t1
+
+ movzb `&hi("$s3")`,$acc2
+ movzb `&hi("$s0")`,$acc0
+ shr \$16,$s2
+ movzb ($sbox,$acc2,1),$acc2 #$t2
+ movzb ($sbox,$acc0,1),$acc0 #$t3
+ shr \$16,$s3
+
+ movzb `&lo("$s2")`,$acc1
+ shl \$8,$t4
+ shl \$8,$t5
+ movzb ($sbox,$acc1,1),$acc1 #$t0
+ xor $t4,$t0
+ xor $t5,$t1
+
+ movzb `&lo("$s3")`,$t4
+ shr \$16,$s0
+ shr \$16,$s1
+ movzb `&lo("$s0")`,$t5
+ shl \$8,$acc2
+ shl \$8,$acc0
+ movzb ($sbox,$t4,1),$t4 #$t1
+ movzb ($sbox,$t5,1),$t5 #$t2
+ xor $acc2,$t2
+ xor $acc0,$t3
+
+ movzb `&lo("$s1")`,$acc2
+ movzb `&hi("$s3")`,$acc0
+ shl \$16,$acc1
+ movzb ($sbox,$acc2,1),$acc2 #$t3
+ movzb ($sbox,$acc0,1),$acc0 #$t0
+ xor $acc1,$t0
+
+ movzb `&hi("$s0")`,$acc1
+ shr \$8,$s2
+ shr \$8,$s1
+ movzb ($sbox,$acc1,1),$acc1 #$t1
+ movzb ($sbox,$s2,1),$s3 #$t3
+ movzb ($sbox,$s1,1),$s2 #$t2
+ shl \$16,$t4
+ shl \$16,$t5
+ shl \$16,$acc2
+ xor $t4,$t1
+ xor $t5,$t2
+ xor $acc2,$t3
+
+ shl \$24,$acc0
+ shl \$24,$acc1
+ shl \$24,$s3
+ xor $acc0,$t0
+ shl \$24,$s2
+ xor $acc1,$t1
+ mov $t0,$s0
+ mov $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub enctransform_ref()
+{ my $sn = shift;
+ my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+ mov $sn,$acc
+ and \$0x80808080,$acc
+ mov $acc,$tmp
+ shr \$7,$tmp
+ lea ($sn,$sn),$r2
+ sub $tmp,$acc
+ and \$0xfefefefe,$r2
+ and \$0x1b1b1b1b,$acc
+ mov $sn,$tmp
+ xor $acc,$r2
+
+ xor $r2,$sn
+ rol \$24,$sn
+ xor $r2,$sn
+ ror \$16,$tmp
+ xor $tmp,$sn
+ ror \$8,$tmp
+ xor $tmp,$sn
+___
+}
+
+# unlike decrypt case it does not pay off to parallelize enctransform
+sub enctransform()
+{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
+
+$code.=<<___;
+ mov $s0,$acc0
+ mov $s1,$acc1
+ and \$0x80808080,$acc0
+ and \$0x80808080,$acc1
+ mov $acc0,$t0
+ mov $acc1,$t1
+ shr \$7,$t0
+ lea ($s0,$s0),$r20
+ shr \$7,$t1
+ lea ($s1,$s1),$r21
+ sub $t0,$acc0
+ sub $t1,$acc1
+ and \$0xfefefefe,$r20
+ and \$0xfefefefe,$r21
+ and \$0x1b1b1b1b,$acc0
+ and \$0x1b1b1b1b,$acc1
+ mov $s0,$t0
+ mov $s1,$t1
+ xor $acc0,$r20
+ xor $acc1,$r21
+
+ xor $r20,$s0
+ xor $r21,$s1
+ mov $s2,$acc0
+ mov $s3,$acc1
+ rol \$24,$s0
+ rol \$24,$s1
+ and \$0x80808080,$acc0
+ and \$0x80808080,$acc1
+ xor $r20,$s0
+ xor $r21,$s1
+ mov $acc0,$t2
+ mov $acc1,$t3
+ ror \$16,$t0
+ ror \$16,$t1
+ shr \$7,$t2
+ lea ($s2,$s2),$r20
+ xor $t0,$s0
+ xor $t1,$s1
+ shr \$7,$t3
+ lea ($s3,$s3),$r21
+ ror \$8,$t0
+ ror \$8,$t1
+ sub $t2,$acc0
+ sub $t3,$acc1
+ xor $t0,$s0
+ xor $t1,$s1
+
+ and \$0xfefefefe,$r20
+ and \$0xfefefefe,$r21
+ and \$0x1b1b1b1b,$acc0
+ and \$0x1b1b1b1b,$acc1
+ mov $s2,$t2
+ mov $s3,$t3
+ xor $acc0,$r20
+ xor $acc1,$r21
+
+ xor $r20,$s2
+ xor $r21,$s3
+ rol \$24,$s2
+ rol \$24,$s3
+ xor $r20,$s2
+ xor $r21,$s3
+ mov 0($sbox),$acc0 # prefetch Te4
+ ror \$16,$t2
+ ror \$16,$t3
+ mov 64($sbox),$acc1
+ xor $t2,$s2
+ xor $t3,$s3
+ mov 128($sbox),$r20
+ ror \$8,$t2
+ ror \$8,$t3
+ mov 192($sbox),$r21
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+$code.=<<___;
+.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
+.align 16
+_x86_64_AES_encrypt_compact:
+ lea 128($sbox),$inp # size optimization
+ mov 0-128($inp),$acc1 # prefetch Te4
+ mov 32-128($inp),$acc2
+ mov 64-128($inp),$t0
+ mov 96-128($inp),$t1
+ mov 128-128($inp),$acc1
+ mov 160-128($inp),$acc2
+ mov 192-128($inp),$t0
+ mov 224-128($inp),$t1
+ jmp .Lenc_loop_compact
+.align 16
+.Lenc_loop_compact:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+ lea 16($key),$key
+___
+ &enccompactvert();
+$code.=<<___;
+ cmp 16(%rsp),$key
+ je .Lenc_compact_done
+___
+ &enctransform();
+$code.=<<___;
+ jmp .Lenc_loop_compact
+.align 16
+.Lenc_compact_done:
+ xor 0($key),$s0
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
+___
+
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_encrypt
+.type AES_encrypt,\@function,3
+.align 16
+AES_encrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ # allocate frame "above" key schedule
+ mov %rsp,%r10
+ lea -63(%rdx),%rcx # %rdx is key argument
+ and \$-64,%rsp
+ sub %rsp,%rcx
+ neg %rcx
+ and \$0x3c0,%rcx
+ sub %rcx,%rsp
+ sub \$32,%rsp
+
+ mov %rsi,16(%rsp) # save out
+ mov %r10,24(%rsp) # save real stack pointer
+.Lenc_prologue:
+
+ mov %rdx,$key
+ mov 240($key),$rnds # load rounds
+
+ mov 0(%rdi),$s0 # load input vector
+ mov 4(%rdi),$s1
+ mov 8(%rdi),$s2
+ mov 12(%rdi),$s3
+
+ shl \$4,$rnds
+ lea ($key,$rnds),%rbp
+ mov $key,(%rsp) # key schedule
+ mov %rbp,8(%rsp) # end of key schedule
+
+ # pick Te4 copy which can't "overlap" with stack frame or key schedule
+ lea .LAES_Te+2048(%rip),$sbox
+ lea 768(%rsp),%rbp
+ sub $sbox,%rbp
+ and \$0x300,%rbp
+ lea ($sbox,%rbp),$sbox
+
+ call _x86_64_AES_encrypt_compact
+
+ mov 16(%rsp),$out # restore out
+ mov 24(%rsp),%rsi # restore saved stack pointer
+ mov $s0,0($out) # write output vector
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov (%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+ mov 24(%rsi),%r12
+ mov 32(%rsi),%rbp
+ mov 40(%rsi),%rbx
+ lea 48(%rsi),%rsp
+.Lenc_epilogue:
+ ret
+.size AES_encrypt,.-AES_encrypt
+___
+
+#------------------------------------------------------------------#
+
+sub decvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ # favor 3-way issue Opteron pipeline...
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ mov 0($sbox,$acc0,8),$t0
+ mov 0($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb `&lo("$s3")`,$acc2
+ xor 3($sbox,$acc0,8),$t0
+ xor 3($sbox,$acc1,8),$t1
+ mov 0($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s1")`,$acc0
+ shr \$16,$s0
+ movzb `&hi("$s2")`,$acc2
+ xor 3($sbox,$acc0,8),$t2
+ shr \$16,$s3
+ xor 3($sbox,$acc2,8),$t3
+
+ shr \$16,$s1
+ lea 16($key),$key
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ xor 2($sbox,$acc0,8),$t0
+ xor 2($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t2
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ movzb `&lo("$s1")`,$acc2
+ xor 1($sbox,$acc0,8),$t0
+ xor 1($sbox,$acc1,8),$t1
+ xor 2($sbox,$acc2,8),$t3
+
+ movzb `&hi("$s3")`,$acc0
+ mov 12($key),$s3
+ movzb `&hi("$s0")`,$acc2
+ xor 1($sbox,$acc0,8),$t2
+ mov 0($key),$s0
+ xor 1($sbox,$acc2,8),$t3
+
+ xor $t0,$s0
+ mov 4($key),$s1
+ mov 8($key),$s2
+ xor $t2,$s2
+ xor $t1,$s1
+ xor $t3,$s3
+___
+}
+
+sub declastvert()
+{ my $t3="%r8d"; # zaps $inp!
+
+$code.=<<___;
+ lea 2048($sbox),$sbox # size optimization
+ movzb `&lo("$s0")`,$acc0
+ movzb `&lo("$s1")`,$acc1
+ movzb `&lo("$s2")`,$acc2
+ movzb ($sbox,$acc0,1),$t0
+ movzb ($sbox,$acc1,1),$t1
+ movzb ($sbox,$acc2,1),$t2
+
+ movzb `&lo("$s3")`,$acc0
+ movzb `&hi("$s3")`,$acc1
+ movzb `&hi("$s0")`,$acc2
+ movzb ($sbox,$acc0,1),$t3
+ movzb ($sbox,$acc1,1),$acc1 #$t0
+ movzb ($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$8,$acc1
+ shl \$8,$acc2
+
+ xor $acc1,$t0
+ xor $acc2,$t1
+ shr \$16,$s3
+
+ movzb `&hi("$s1")`,$acc0
+ movzb `&hi("$s2")`,$acc1
+ shr \$16,$s0
+ movzb ($sbox,$acc0,1),$acc0 #$t2
+ movzb ($sbox,$acc1,1),$acc1 #$t3
+
+ shl \$8,$acc0
+ shl \$8,$acc1
+ shr \$16,$s1
+ xor $acc0,$t2
+ xor $acc1,$t3
+ shr \$16,$s2
+
+ movzb `&lo("$s2")`,$acc0
+ movzb `&lo("$s3")`,$acc1
+ movzb `&lo("$s0")`,$acc2
+ movzb ($sbox,$acc0,1),$acc0 #$t0
+ movzb ($sbox,$acc1,1),$acc1 #$t1
+ movzb ($sbox,$acc2,1),$acc2 #$t2
+
+ shl \$16,$acc0
+ shl \$16,$acc1
+ shl \$16,$acc2
+
+ xor $acc0,$t0
+ xor $acc1,$t1
+ xor $acc2,$t2
+
+ movzb `&lo("$s1")`,$acc0
+ movzb `&hi("$s1")`,$acc1
+ movzb `&hi("$s2")`,$acc2
+ movzb ($sbox,$acc0,1),$acc0 #$t3
+ movzb ($sbox,$acc1,1),$acc1 #$t0
+ movzb ($sbox,$acc2,1),$acc2 #$t1
+
+ shl \$16,$acc0
+ shl \$24,$acc1
+ shl \$24,$acc2
+
+ xor $acc0,$t3
+ xor $acc1,$t0
+ xor $acc2,$t1
+
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ mov 16+12($key),$s3
+ movzb ($sbox,$acc0,1),$acc0 #$t2
+ movzb ($sbox,$acc1,1),$acc1 #$t3
+ mov 16+0($key),$s0
+
+ shl \$24,$acc0
+ shl \$24,$acc1
+
+ xor $acc0,$t2
+ xor $acc1,$t3
+
+ mov 16+4($key),$s1
+ mov 16+8($key),$s2
+ lea -2048($sbox),$sbox
+ xor $t0,$s0
+ xor $t1,$s1
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+sub decstep()
+{ my ($i,@s) = @_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" mov 0($sbox,$out,8),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" xor 3($sbox,$tmp0,8),$out\n";
+ $code.=" xor 2($sbox,$tmp1,8),$out\n";
+ $code.=" xor 1($sbox,$tmp2,8),$out\n";
+
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+sub declast()
+{ my ($i,@s)=@_;
+ my $tmp0=$acc0;
+ my $tmp1=$acc1;
+ my $tmp2=$acc2;
+ my $out=($t0,$t1,$t2,$s[0])[$i];
+
+ $code.=" mov $s[0],$out\n" if ($i!=3);
+ $tmp1=$s[2] if ($i==3);
+ $code.=" mov $s[2],$tmp1\n" if ($i!=3);
+ $code.=" and \$0xFF,$out\n";
+
+ $code.=" movzb 2048($sbox,$out,1),$out\n";
+ $code.=" shr \$16,$tmp1\n";
+ $tmp2=$s[3] if ($i==3);
+ $code.=" mov $s[3],$tmp2\n" if ($i!=3);
+
+ $tmp0=$s[1] if ($i==3);
+ $code.=" movzb ".&hi($s[1]).",$tmp0\n";
+ $code.=" and \$0xFF,$tmp1\n";
+ $code.=" shr \$24,$tmp2\n";
+
+ $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n";
+ $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n";
+ $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n";
+
+ $code.=" shl \$8,$tmp0\n";
+ $code.=" shl \$16,$tmp1\n";
+ $code.=" shl \$24,$tmp2\n";
+
+ $code.=" xor $tmp0,$out\n";
+ $code.=" mov $t2,$s[1]\n" if ($i==3);
+ $code.=" xor $tmp1,$out\n";
+ $code.=" mov $t1,$s[2]\n" if ($i==3);
+ $code.=" xor $tmp2,$out\n";
+ $code.=" mov $t0,$s[3]\n" if ($i==3);
+ $code.="\n";
+}
+
+$code.=<<___;
+.type _x86_64_AES_decrypt,\@abi-omnipotent
+.align 16
+_x86_64_AES_decrypt:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+
+ mov 240($key),$rnds # load key->rounds
+ sub \$1,$rnds
+ jmp .Ldec_loop
+.align 16
+.Ldec_loop:
+___
+ if ($verticalspin) { &decvert(); }
+ else { &decstep(0,$s0,$s3,$s2,$s1);
+ &decstep(1,$s1,$s0,$s3,$s2);
+ &decstep(2,$s2,$s1,$s0,$s3);
+ &decstep(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ lea 16($key),$key
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+___
+ }
+$code.=<<___;
+ sub \$1,$rnds
+ jnz .Ldec_loop
+___
+ if ($verticalspin) { &declastvert(); }
+ else { &declast(0,$s0,$s3,$s2,$s1);
+ &declast(1,$s1,$s0,$s3,$s2);
+ &declast(2,$s2,$s1,$s0,$s3);
+ &declast(3,$s3,$s2,$s1,$s0);
+ $code.=<<___;
+ xor 16+0($key),$s0 # xor with key
+ xor 16+4($key),$s1
+ xor 16+8($key),$s2
+ xor 16+12($key),$s3
+___
+ }
+$code.=<<___;
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
+___
+
+sub deccompactvert()
+{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
+
+$code.=<<___;
+ movzb `&lo("$s0")`,$t0
+ movzb `&lo("$s1")`,$t1
+ movzb `&lo("$s2")`,$t2
+ movzb ($sbox,$t0,1),$t0
+ movzb ($sbox,$t1,1),$t1
+ movzb ($sbox,$t2,1),$t2
+
+ movzb `&lo("$s3")`,$t3
+ movzb `&hi("$s3")`,$acc0
+ movzb `&hi("$s0")`,$acc1
+ movzb ($sbox,$t3,1),$t3
+ movzb ($sbox,$acc0,1),$t4 #$t0
+ movzb ($sbox,$acc1,1),$t5 #$t1
+
+ movzb `&hi("$s1")`,$acc2
+ movzb `&hi("$s2")`,$acc0
+ shr \$16,$s2
+ movzb ($sbox,$acc2,1),$acc2 #$t2
+ movzb ($sbox,$acc0,1),$acc0 #$t3
+ shr \$16,$s3
+
+ movzb `&lo("$s2")`,$acc1
+ shl \$8,$t4
+ shl \$8,$t5
+ movzb ($sbox,$acc1,1),$acc1 #$t0
+ xor $t4,$t0
+ xor $t5,$t1
+
+ movzb `&lo("$s3")`,$t4
+ shr \$16,$s0
+ shr \$16,$s1
+ movzb `&lo("$s0")`,$t5
+ shl \$8,$acc2
+ shl \$8,$acc0
+ movzb ($sbox,$t4,1),$t4 #$t1
+ movzb ($sbox,$t5,1),$t5 #$t2
+ xor $acc2,$t2
+ xor $acc0,$t3
+
+ movzb `&lo("$s1")`,$acc2
+ movzb `&hi("$s1")`,$acc0
+ shl \$16,$acc1
+ movzb ($sbox,$acc2,1),$acc2 #$t3
+ movzb ($sbox,$acc0,1),$acc0 #$t0
+ xor $acc1,$t0
+
+ movzb `&hi("$s2")`,$acc1
+ shl \$16,$t4
+ shl \$16,$t5
+ movzb ($sbox,$acc1,1),$s1 #$t1
+ xor $t4,$t1
+ xor $t5,$t2
+
+ movzb `&hi("$s3")`,$acc1
+ shr \$8,$s0
+ shl \$16,$acc2
+ movzb ($sbox,$acc1,1),$s2 #$t2
+ movzb ($sbox,$s0,1),$s3 #$t3
+ xor $acc2,$t3
+
+ shl \$24,$acc0
+ shl \$24,$s1
+ shl \$24,$s2
+ xor $acc0,$t0
+ shl \$24,$s3
+ xor $t1,$s1
+ mov $t0,$s0
+ xor $t2,$s2
+ xor $t3,$s3
+___
+}
+
+# parallelized version! input is pair of 64-bit values: %rax=s1.s0
+# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
+# %ecx=s2 and %edx=s3.
+sub dectransform()
+{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
+ my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
+ my $prefetch = shift;
+
+$code.=<<___;
+ mov $tp10,$acc0
+ mov $tp18,$acc8
+ and $mask80,$acc0
+ and $mask80,$acc8
+ mov $acc0,$tp40
+ mov $acc8,$tp48
+ shr \$7,$tp40
+ lea ($tp10,$tp10),$tp20
+ shr \$7,$tp48
+ lea ($tp18,$tp18),$tp28
+ sub $tp40,$acc0
+ sub $tp48,$acc8
+ and $maskfe,$tp20
+ and $maskfe,$tp28
+ and $mask1b,$acc0
+ and $mask1b,$acc8
+ xor $tp20,$acc0
+ xor $tp28,$acc8
+ mov $acc0,$tp20
+ mov $acc8,$tp28
+
+ and $mask80,$acc0
+ and $mask80,$acc8
+ mov $acc0,$tp80
+ mov $acc8,$tp88
+ shr \$7,$tp80
+ lea ($tp20,$tp20),$tp40
+ shr \$7,$tp88
+ lea ($tp28,$tp28),$tp48
+ sub $tp80,$acc0
+ sub $tp88,$acc8
+ and $maskfe,$tp40
+ and $maskfe,$tp48
+ and $mask1b,$acc0
+ and $mask1b,$acc8
+ xor $tp40,$acc0
+ xor $tp48,$acc8
+ mov $acc0,$tp40
+ mov $acc8,$tp48
+
+ and $mask80,$acc0
+ and $mask80,$acc8
+ mov $acc0,$tp80
+ mov $acc8,$tp88
+ shr \$7,$tp80
+ xor $tp10,$tp20 # tp2^=tp1
+ shr \$7,$tp88
+ xor $tp18,$tp28 # tp2^=tp1
+ sub $tp80,$acc0
+ sub $tp88,$acc8
+ lea ($tp40,$tp40),$tp80
+ lea ($tp48,$tp48),$tp88
+ xor $tp10,$tp40 # tp4^=tp1
+ xor $tp18,$tp48 # tp4^=tp1
+ and $maskfe,$tp80
+ and $maskfe,$tp88
+ and $mask1b,$acc0
+ and $mask1b,$acc8
+ xor $acc0,$tp80
+ xor $acc8,$tp88
+
+ xor $tp80,$tp10 # tp1^=tp8
+ xor $tp88,$tp18 # tp1^=tp8
+ xor $tp80,$tp20 # tp2^tp1^=tp8
+ xor $tp88,$tp28 # tp2^tp1^=tp8
+ mov $tp10,$acc0
+ mov $tp18,$acc8
+ xor $tp80,$tp40 # tp4^tp1^=tp8
+ xor $tp88,$tp48 # tp4^tp1^=tp8
+ shr \$32,$acc0
+ shr \$32,$acc8
+ xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1
+ xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1
+ rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8)
+ rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8)
+ xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+ xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
+
+ rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8)
+ rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8)
+ xor `&LO("$tp80")`,`&LO("$tp10")`
+ xor `&LO("$tp88")`,`&LO("$tp18")`
+ shr \$32,$tp80
+ shr \$32,$tp88
+ xor `&LO("$tp80")`,`&LO("$acc0")`
+ xor `&LO("$tp88")`,`&LO("$acc8")`
+
+ mov $tp20,$tp80
+ mov $tp28,$tp88
+ shr \$32,$tp80
+ shr \$32,$tp88
+ rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24)
+ rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24)
+ rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24)
+ rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24)
+ xor `&LO("$tp20")`,`&LO("$tp10")`
+ xor `&LO("$tp28")`,`&LO("$tp18")`
+ mov $tp40,$tp20
+ mov $tp48,$tp28
+ xor `&LO("$tp80")`,`&LO("$acc0")`
+ xor `&LO("$tp88")`,`&LO("$acc8")`
+
+ `"mov 0($sbox),$mask80" if ($prefetch)`
+ shr \$32,$tp20
+ shr \$32,$tp28
+ `"mov 64($sbox),$maskfe" if ($prefetch)`
+ rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16)
+ rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16)
+ `"mov 128($sbox),$mask1b" if ($prefetch)`
+ rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16)
+ rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16)
+ `"mov 192($sbox),$tp80" if ($prefetch)`
+ xor `&LO("$tp40")`,`&LO("$tp10")`
+ xor `&LO("$tp48")`,`&LO("$tp18")`
+ `"mov 256($sbox),$tp88" if ($prefetch)`
+ xor `&LO("$tp20")`,`&LO("$acc0")`
+ xor `&LO("$tp28")`,`&LO("$acc8")`
+___
+}
+
+$code.=<<___;
+.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
+.align 16
+_x86_64_AES_decrypt_compact:
+ lea 128($sbox),$inp # size optimization
+ mov 0-128($inp),$acc1 # prefetch Td4
+ mov 32-128($inp),$acc2
+ mov 64-128($inp),$t0
+ mov 96-128($inp),$t1
+ mov 128-128($inp),$acc1
+ mov 160-128($inp),$acc2
+ mov 192-128($inp),$t0
+ mov 224-128($inp),$t1
+ jmp .Ldec_loop_compact
+
+.align 16
+.Ldec_loop_compact:
+ xor 0($key),$s0 # xor with key
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+ lea 16($key),$key
+___
+ &deccompactvert();
+$code.=<<___;
+ cmp 16(%rsp),$key
+ je .Ldec_compact_done
+
+ mov 256+0($sbox),$mask80
+ shl \$32,%rbx
+ shl \$32,%rdx
+ mov 256+8($sbox),$maskfe
+ or %rbx,%rax
+ or %rdx,%rcx
+ mov 256+16($sbox),$mask1b
+___
+ &dectransform(1);
+$code.=<<___;
+ jmp .Ldec_loop_compact
+.align 16
+.Ldec_compact_done:
+ xor 0($key),$s0
+ xor 4($key),$s1
+ xor 8($key),$s2
+ xor 12($key),$s3
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
+___
+
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
+$code.=<<___;
+.globl AES_decrypt
+.type AES_decrypt,\@function,3
+.align 16
+AES_decrypt:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ # allocate frame "above" key schedule
+ mov %rsp,%r10
+ lea -63(%rdx),%rcx # %rdx is key argument
+ and \$-64,%rsp
+ sub %rsp,%rcx
+ neg %rcx
+ and \$0x3c0,%rcx
+ sub %rcx,%rsp
+ sub \$32,%rsp
+
+ mov %rsi,16(%rsp) # save out
+ mov %r10,24(%rsp) # save real stack pointer
+.Ldec_prologue:
+
+ mov %rdx,$key
+ mov 240($key),$rnds # load rounds
+
+ mov 0(%rdi),$s0 # load input vector
+ mov 4(%rdi),$s1
+ mov 8(%rdi),$s2
+ mov 12(%rdi),$s3
+
+ shl \$4,$rnds
+ lea ($key,$rnds),%rbp
+ mov $key,(%rsp) # key schedule
+ mov %rbp,8(%rsp) # end of key schedule
+
+ # pick Td4 copy which can't "overlap" with stack frame or key schedule
+ lea .LAES_Td+2048(%rip),$sbox
+ lea 768(%rsp),%rbp
+ sub $sbox,%rbp
+ and \$0x300,%rbp
+ lea ($sbox,%rbp),$sbox
+ shr \$3,%rbp # recall "magic" constants!
+ add %rbp,$sbox
+
+ call _x86_64_AES_decrypt_compact
+
+ mov 16(%rsp),$out # restore out
+ mov 24(%rsp),%rsi # restore saved stack pointer
+ mov $s0,0($out) # write output vector
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ mov (%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+ mov 24(%rsi),%r12
+ mov 32(%rsi),%rbp
+ mov 40(%rsi),%rbx
+ lea 48(%rsi),%rsp
+.Ldec_epilogue:
+ ret
+.size AES_decrypt,.-AES_decrypt
+___
+#------------------------------------------------------------------#
+
+sub enckey()
+{
+$code.=<<___;
+ movz %dl,%esi # rk[i]>>0
+ movzb -128(%rbp,%rsi),%ebx
+ movz %dh,%esi # rk[i]>>8
+ shl \$24,%ebx
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ shr \$16,%edx
+ movz %dl,%esi # rk[i]>>16
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ movz %dh,%esi # rk[i]>>24
+ shl \$8,%ebx
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ shl \$16,%ebx
+ xor %ebx,%eax
+
+ xor 1024-128(%rbp,%rcx,4),%eax # rcon
+___
+}
+
+# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_encrypt_key
+.type AES_set_encrypt_key,\@function,3
+.align 16
+AES_set_encrypt_key:
+ push %rbx
+ push %rbp
+ push %r12 # redundant, but allows to share
+ push %r13 # exception handler...
+ push %r14
+ push %r15
+ sub \$8,%rsp
+.Lenc_key_prologue:
+
+ call _x86_64_AES_set_encrypt_key
+
+ mov 8(%rsp),%r15
+ mov 16(%rsp),%r14
+ mov 24(%rsp),%r13
+ mov 32(%rsp),%r12
+ mov 40(%rsp),%rbp
+ mov 48(%rsp),%rbx
+ add \$56,%rsp
+.Lenc_key_epilogue:
+ ret
+.size AES_set_encrypt_key,.-AES_set_encrypt_key
+
+.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
+.align 16
+_x86_64_AES_set_encrypt_key:
+ mov %esi,%ecx # %ecx=bits
+ mov %rdi,%rsi # %rsi=userKey
+ mov %rdx,%rdi # %rdi=key
+
+ test \$-1,%rsi
+ jz .Lbadpointer
+ test \$-1,%rdi
+ jz .Lbadpointer
+
+ lea .LAES_Te(%rip),%rbp
+ lea 2048+128(%rbp),%rbp
+
+ # prefetch Te4
+ mov 0-128(%rbp),%eax
+ mov 32-128(%rbp),%ebx
+ mov 64-128(%rbp),%r8d
+ mov 96-128(%rbp),%edx
+ mov 128-128(%rbp),%eax
+ mov 160-128(%rbp),%ebx
+ mov 192-128(%rbp),%r8d
+ mov 224-128(%rbp),%edx
+
+ cmp \$128,%ecx
+ je .L10rounds
+ cmp \$192,%ecx
+ je .L12rounds
+ cmp \$256,%ecx
+ je .L14rounds
+ mov \$-2,%rax # invalid number of bits
+ jmp .Lexit
+
+.L10rounds:
+ mov 0(%rsi),%rax # copy first 4 dwords
+ mov 8(%rsi),%rdx
+ mov %rax,0(%rdi)
+ mov %rdx,8(%rdi)
+
+ shr \$32,%rdx
+ xor %ecx,%ecx
+ jmp .L10shortcut
+.align 4
+.L10loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 12(%rdi),%edx # rk[3]
+.L10shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,16(%rdi) # rk[4]
+ xor 4(%rdi),%eax
+ mov %eax,20(%rdi) # rk[5]
+ xor 8(%rdi),%eax
+ mov %eax,24(%rdi) # rk[6]
+ xor 12(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ add \$1,%ecx
+ lea 16(%rdi),%rdi
+ cmp \$10,%ecx
+ jl .L10loop
+
+ movl \$10,80(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L12rounds:
+ mov 0(%rsi),%rax # copy first 6 dwords
+ mov 8(%rsi),%rbx
+ mov 16(%rsi),%rdx
+ mov %rax,0(%rdi)
+ mov %rbx,8(%rdi)
+ mov %rdx,16(%rdi)
+
+ shr \$32,%rdx
+ xor %ecx,%ecx
+ jmp .L12shortcut
+.align 4
+.L12loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 20(%rdi),%edx # rk[5]
+.L12shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,24(%rdi) # rk[6]
+ xor 4(%rdi),%eax
+ mov %eax,28(%rdi) # rk[7]
+ xor 8(%rdi),%eax
+ mov %eax,32(%rdi) # rk[8]
+ xor 12(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+
+ cmp \$7,%ecx
+ je .L12break
+ add \$1,%ecx
+
+ xor 16(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 20(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ lea 24(%rdi),%rdi
+ jmp .L12loop
+.L12break:
+ movl \$12,72(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.L14rounds:
+ mov 0(%rsi),%rax # copy first 8 dwords
+ mov 8(%rsi),%rbx
+ mov 16(%rsi),%rcx
+ mov 24(%rsi),%rdx
+ mov %rax,0(%rdi)
+ mov %rbx,8(%rdi)
+ mov %rcx,16(%rdi)
+ mov %rdx,24(%rdi)
+
+ shr \$32,%rdx
+ xor %ecx,%ecx
+ jmp .L14shortcut
+.align 4
+.L14loop:
+ mov 0(%rdi),%eax # rk[0]
+ mov 28(%rdi),%edx # rk[4]
+.L14shortcut:
+___
+ &enckey ();
+$code.=<<___;
+ mov %eax,32(%rdi) # rk[8]
+ xor 4(%rdi),%eax
+ mov %eax,36(%rdi) # rk[9]
+ xor 8(%rdi),%eax
+ mov %eax,40(%rdi) # rk[10]
+ xor 12(%rdi),%eax
+ mov %eax,44(%rdi) # rk[11]
+
+ cmp \$6,%ecx
+ je .L14break
+ add \$1,%ecx
+
+ mov %eax,%edx
+ mov 16(%rdi),%eax # rk[4]
+ movz %dl,%esi # rk[11]>>0
+ movzb -128(%rbp,%rsi),%ebx
+ movz %dh,%esi # rk[11]>>8
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ shr \$16,%edx
+ shl \$8,%ebx
+ movz %dl,%esi # rk[11]>>16
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ movz %dh,%esi # rk[11]>>24
+ shl \$16,%ebx
+ xor %ebx,%eax
+
+ movzb -128(%rbp,%rsi),%ebx
+ shl \$24,%ebx
+ xor %ebx,%eax
+
+ mov %eax,48(%rdi) # rk[12]
+ xor 20(%rdi),%eax
+ mov %eax,52(%rdi) # rk[13]
+ xor 24(%rdi),%eax
+ mov %eax,56(%rdi) # rk[14]
+ xor 28(%rdi),%eax
+ mov %eax,60(%rdi) # rk[15]
+
+ lea 32(%rdi),%rdi
+ jmp .L14loop
+.L14break:
+ movl \$14,48(%rdi) # setup number of rounds
+ xor %rax,%rax
+ jmp .Lexit
+
+.Lbadpointer:
+ mov \$-1,%rax
+.Lexit:
+ .byte 0xf3,0xc3 # rep ret
+.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
+___
+
+sub deckey_ref()
+{ my ($i,$ptr,$te,$td) = @_;
+ my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
+$code.=<<___;
+ mov $i($ptr),$tp1
+ mov $tp1,$acc
+ and \$0x80808080,$acc
+ mov $acc,$tp4
+ shr \$7,$tp4
+ lea 0($tp1,$tp1),$tp2
+ sub $tp4,$acc
+ and \$0xfefefefe,$tp2
+ and \$0x1b1b1b1b,$acc
+ xor $tp2,$acc
+ mov $acc,$tp2
+
+ and \$0x80808080,$acc
+ mov $acc,$tp8
+ shr \$7,$tp8
+ lea 0($tp2,$tp2),$tp4
+ sub $tp8,$acc
+ and \$0xfefefefe,$tp4
+ and \$0x1b1b1b1b,$acc
+ xor $tp1,$tp2 # tp2^tp1
+ xor $tp4,$acc
+ mov $acc,$tp4
+
+ and \$0x80808080,$acc
+ mov $acc,$tp8
+ shr \$7,$tp8
+ sub $tp8,$acc
+ lea 0($tp4,$tp4),$tp8
+ xor $tp1,$tp4 # tp4^tp1
+ and \$0xfefefefe,$tp8
+ and \$0x1b1b1b1b,$acc
+ xor $acc,$tp8
+
+ xor $tp8,$tp1 # tp1^tp8
+ rol \$8,$tp1 # ROTATE(tp1^tp8,8)
+ xor $tp8,$tp2 # tp2^tp1^tp8
+ xor $tp8,$tp4 # tp4^tp1^tp8
+ xor $tp2,$tp8
+ xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
+
+ xor $tp8,$tp1
+ rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24)
+ xor $tp2,$tp1
+ rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16)
+ xor $tp4,$tp1
+
+ mov $tp1,$i($ptr)
+___
+}
+
+# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# AES_KEY *key)
+$code.=<<___;
+.globl AES_set_decrypt_key
+.type AES_set_decrypt_key,\@function,3
+.align 16
+AES_set_decrypt_key:
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ push %rdx # save key schedule
+.Ldec_key_prologue:
+
+ call _x86_64_AES_set_encrypt_key
+ mov (%rsp),%r8 # restore key schedule
+ cmp \$0,%eax
+ jne .Labort
+
+ mov 240(%r8),%r14d # pull number of rounds
+ xor %rdi,%rdi
+ lea (%rdi,%r14d,4),%rcx
+ mov %r8,%rsi
+ lea (%r8,%rcx,4),%rdi # pointer to last chunk
+.align 4
+.Linvert:
+ mov 0(%rsi),%rax
+ mov 8(%rsi),%rbx
+ mov 0(%rdi),%rcx
+ mov 8(%rdi),%rdx
+ mov %rax,0(%rdi)
+ mov %rbx,8(%rdi)
+ mov %rcx,0(%rsi)
+ mov %rdx,8(%rsi)
+ lea 16(%rsi),%rsi
+ lea -16(%rdi),%rdi
+ cmp %rsi,%rdi
+ jne .Linvert
+
+ lea .LAES_Te+2048+1024(%rip),%rax # rcon
+
+ mov 40(%rax),$mask80
+ mov 48(%rax),$maskfe
+ mov 56(%rax),$mask1b
+
+ mov %r8,$key
+ sub \$1,%r14d
+.align 4
+.Lpermute:
+ lea 16($key),$key
+ mov 0($key),%rax
+ mov 8($key),%rcx
+___
+ &dectransform ();
+$code.=<<___;
+ mov %eax,0($key)
+ mov %ebx,4($key)
+ mov %ecx,8($key)
+ mov %edx,12($key)
+ sub \$1,%r14d
+ jnz .Lpermute
+
+ xor %rax,%rax
+.Labort:
+ mov 8(%rsp),%r15
+ mov 16(%rsp),%r14
+ mov 24(%rsp),%r13
+ mov 32(%rsp),%r12
+ mov 40(%rsp),%rbp
+ mov 48(%rsp),%rbx
+ add \$56,%rsp
+.Ldec_key_epilogue:
+ ret
+.size AES_set_decrypt_key,.-AES_set_decrypt_key
+___
+
+# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+{
+# stack frame layout
+# -8(%rsp) return address
+my $keyp="0(%rsp)"; # one to pass as $key
+my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds])
+my $_rsp="16(%rsp)"; # saved %rsp
+my $_inp="24(%rsp)"; # copy of 1st parameter, inp
+my $_out="32(%rsp)"; # copy of 2nd parameter, out
+my $_len="40(%rsp)"; # copy of 3rd parameter, length
+my $_key="48(%rsp)"; # copy of 4th parameter, key
+my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp
+my $ivec="64(%rsp)"; # ivec[16]
+my $aes_key="80(%rsp)"; # copy of aes_key
+my $mark="80+240(%rsp)"; # copy of aes_key->rounds
+
+$code.=<<___;
+.globl AES_cbc_encrypt
+.type AES_cbc_encrypt,\@function,6
+.align 16
+.extern OPENSSL_ia32cap_P
+AES_cbc_encrypt:
+ cmp \$0,%rdx # check length
+ je .Lcbc_epilogue
+ pushfq
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+.Lcbc_prologue:
+
+ cld
+ mov %r9d,%r9d # clear upper half of enc
+
+ lea .LAES_Te(%rip),$sbox
+ cmp \$0,%r9
+ jne .Lcbc_picked_te
+ lea .LAES_Td(%rip),$sbox
+.Lcbc_picked_te:
+
+ mov OPENSSL_ia32cap_P(%rip),%r10d
+ cmp \$$speed_limit,%rdx
+ jb .Lcbc_slow_prologue
+ test \$15,%rdx
+ jnz .Lcbc_slow_prologue
+ bt \$28,%r10d
+ jc .Lcbc_slow_prologue
+
+ # allocate aligned stack frame...
+ lea -88-248(%rsp),$key
+ and \$-64,$key
+
+ # ... and make sure it doesn't alias with AES_T[ed] modulo 4096
+ mov $sbox,%r10
+ lea 2304($sbox),%r11
+ mov $key,%r12
+ and \$0xFFF,%r10 # s = $sbox&0xfff
+ and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff
+ and \$0xFFF,%r12 # p = %rsp&0xfff
+
+ cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
+ jb .Lcbc_te_break_out
+ sub %r11,%r12
+ sub %r12,$key
+ jmp .Lcbc_te_ok
+.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz
+ sub %r10,%r12
+ and \$0xFFF,%r12
+ add \$320,%r12
+ sub %r12,$key
+.align 4
+.Lcbc_te_ok:
+
+ xchg %rsp,$key
+ #add \$8,%rsp # reserve for return address!
+ mov $key,$_rsp # save %rsp
+.Lcbc_fast_body:
+ mov %rdi,$_inp # save copy of inp
+ mov %rsi,$_out # save copy of out
+ mov %rdx,$_len # save copy of len
+ mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ movl \$0,$mark # copy of aes_key->rounds = 0;
+ mov %r8,%rbp # rearrange input arguments
+ mov %r9,%rbx
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+
+ mov 240($key),%eax # key->rounds
+ # do we copy key schedule to stack?
+ mov $key,%r10
+ sub $sbox,%r10
+ and \$0xfff,%r10
+ cmp \$2304,%r10
+ jb .Lcbc_do_ecopy
+ cmp \$4096-248,%r10
+ jb .Lcbc_skip_ecopy
+.align 4
+.Lcbc_do_ecopy:
+ mov $key,%rsi
+ lea $aes_key,%rdi
+ lea $aes_key,$key
+ mov \$240/8,%ecx
+ .long 0x90A548F3 # rep movsq
+ mov %eax,(%rdi) # copy aes_key->rounds
+.Lcbc_skip_ecopy:
+ mov $key,$keyp # save key pointer
+
+ mov \$18,%ecx
+.align 4
+.Lcbc_prefetch_te:
+ mov 0($sbox),%r10
+ mov 32($sbox),%r11
+ mov 64($sbox),%r12
+ mov 96($sbox),%r13
+ lea 128($sbox),$sbox
+ sub \$1,%ecx
+ jnz .Lcbc_prefetch_te
+ lea -2304($sbox),$sbox
+
+ cmp \$0,%rbx
+ je .LFAST_DECRYPT
+
+#----------------------------- ENCRYPT -----------------------------#
+ mov 0(%rbp),$s0 # load iv
+ mov 4(%rbp),$s1
+ mov 8(%rbp),$s2
+ mov 12(%rbp),$s3
+
+.align 4
+.Lcbc_fast_enc_loop:
+ xor 0($inp),$s0
+ xor 4($inp),$s1
+ xor 8($inp),$s2
+ xor 12($inp),$s3
+ mov $keyp,$key # restore key
+ mov $inp,$_inp # if ($verticalspin) save inp
+
+ call _x86_64_AES_encrypt
+
+ mov $_inp,$inp # if ($verticalspin) restore inp
+ mov $_len,%r10
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%r10
+ test \$-16,%r10
+ mov %r10,$_len
+ jnz .Lcbc_fast_enc_loop
+ mov $_ivp,%rbp # restore ivp
+ mov $s0,0(%rbp) # save ivec
+ mov $s1,4(%rbp)
+ mov $s2,8(%rbp)
+ mov $s3,12(%rbp)
+
+ jmp .Lcbc_fast_cleanup
+
+#----------------------------- DECRYPT -----------------------------#
+.align 16
+.LFAST_DECRYPT:
+ cmp $inp,$out
+ je .Lcbc_fast_dec_in_place
+
+ mov %rbp,$ivec
+.align 4
+.Lcbc_fast_dec_loop:
+ mov 0($inp),$s0 # read input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+ mov $keyp,$key # restore key
+ mov $inp,$_inp # if ($verticalspin) save inp
+
+ call _x86_64_AES_decrypt
+
+ mov $ivec,%rbp # load ivp
+ mov $_inp,$inp # if ($verticalspin) restore inp
+ mov $_len,%r10 # load len
+ xor 0(%rbp),$s0 # xor iv
+ xor 4(%rbp),$s1
+ xor 8(%rbp),$s2
+ xor 12(%rbp),$s3
+ mov $inp,%rbp # current input, next iv
+
+ sub \$16,%r10
+ mov %r10,$_len # update len
+ mov %rbp,$ivec # update ivp
+
+ mov $s0,0($out) # write output
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ jnz .Lcbc_fast_dec_loop
+ mov $_ivp,%r12 # load user ivp
+ mov 0(%rbp),%r10 # load iv
+ mov 8(%rbp),%r11
+ mov %r10,0(%r12) # copy back to user
+ mov %r11,8(%r12)
+ jmp .Lcbc_fast_cleanup
+
+.align 16
+.Lcbc_fast_dec_in_place:
+ mov 0(%rbp),%r10 # copy iv to stack
+ mov 8(%rbp),%r11
+ mov %r10,0+$ivec
+ mov %r11,8+$ivec
+.align 4
+.Lcbc_fast_dec_in_place_loop:
+ mov 0($inp),$s0 # load input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+ mov $keyp,$key # restore key
+ mov $inp,$_inp # if ($verticalspin) save inp
+
+ call _x86_64_AES_decrypt
+
+ mov $_inp,$inp # if ($verticalspin) restore inp
+ mov $_len,%r10
+ xor 0+$ivec,$s0
+ xor 4+$ivec,$s1
+ xor 8+$ivec,$s2
+ xor 12+$ivec,$s3
+
+ mov 0($inp),%r11 # load input
+ mov 8($inp),%r12
+ sub \$16,%r10
+ jz .Lcbc_fast_dec_in_place_done
+
+ mov %r11,0+$ivec # copy input to iv
+ mov %r12,8+$ivec
+
+ mov $s0,0($out) # save output [zaps input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ mov %r10,$_len
+ jmp .Lcbc_fast_dec_in_place_loop
+.Lcbc_fast_dec_in_place_done:
+ mov $_ivp,%rdi
+ mov %r11,0(%rdi) # copy iv back to user
+ mov %r12,8(%rdi)
+
+ mov $s0,0($out) # save output [zaps input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+.align 4
+.Lcbc_fast_cleanup:
+ cmpl \$0,$mark # was the key schedule copied?
+ lea $aes_key,%rdi
+ je .Lcbc_exit
+ mov \$240/8,%ecx
+ xor %rax,%rax
+ .long 0x90AB48F3 # rep stosq
+
+ jmp .Lcbc_exit
+
+#--------------------------- SLOW ROUTINE ---------------------------#
+.align 16
+.Lcbc_slow_prologue:
+ # allocate aligned stack frame...
+ lea -88(%rsp),%rbp
+ and \$-64,%rbp
+ # ... just "above" key schedule
+ lea -88-63(%rcx),%r10
+ sub %rbp,%r10
+ neg %r10
+ and \$0x3c0,%r10
+ sub %r10,%rbp
+
+ xchg %rsp,%rbp
+ #add \$8,%rsp # reserve for return address!
+ mov %rbp,$_rsp # save %rsp
+.Lcbc_slow_body:
+ #mov %rdi,$_inp # save copy of inp
+ #mov %rsi,$_out # save copy of out
+ #mov %rdx,$_len # save copy of len
+ #mov %rcx,$_key # save copy of key
+ mov %r8,$_ivp # save copy of ivp
+ mov %r8,%rbp # rearrange input arguments
+ mov %r9,%rbx
+ mov %rsi,$out
+ mov %rdi,$inp
+ mov %rcx,$key
+ mov %rdx,%r10
+
+ mov 240($key),%eax
+ mov $key,$keyp # save key pointer
+ shl \$4,%eax
+ lea ($key,%rax),%rax
+ mov %rax,$keyend
+
+ # pick Te4 copy which can't "overlap" with stack frame or key scdedule
+ lea 2048($sbox),$sbox
+ lea 768-8(%rsp),%rax
+ sub $sbox,%rax
+ and \$0x300,%rax
+ lea ($sbox,%rax),$sbox
+
+ cmp \$0,%rbx
+ je .LSLOW_DECRYPT
+
+#--------------------------- SLOW ENCRYPT ---------------------------#
+ test \$-16,%r10 # check upon length
+ mov 0(%rbp),$s0 # load iv
+ mov 4(%rbp),$s1
+ mov 8(%rbp),$s2
+ mov 12(%rbp),$s3
+ jz .Lcbc_slow_enc_tail # short input...
+
+.align 4
+.Lcbc_slow_enc_loop:
+ xor 0($inp),$s0
+ xor 4($inp),$s1
+ xor 8($inp),$s2
+ xor 12($inp),$s3
+ mov $keyp,$key # restore key
+ mov $inp,$_inp # save inp
+ mov $out,$_out # save out
+ mov %r10,$_len # save len
+
+ call _x86_64_AES_encrypt_compact
+
+ mov $_inp,$inp # restore inp
+ mov $_out,$out # restore out
+ mov $_len,%r10 # restore len
+ mov $s0,0($out)
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ sub \$16,%r10
+ test \$-16,%r10
+ jnz .Lcbc_slow_enc_loop
+ test \$15,%r10
+ jnz .Lcbc_slow_enc_tail
+ mov $_ivp,%rbp # restore ivp
+ mov $s0,0(%rbp) # save ivec
+ mov $s1,4(%rbp)
+ mov $s2,8(%rbp)
+ mov $s3,12(%rbp)
+
+ jmp .Lcbc_exit
+
+.align 4
+.Lcbc_slow_enc_tail:
+ mov %rax,%r11
+ mov %rcx,%r12
+ mov %r10,%rcx
+ mov $inp,%rsi
+ mov $out,%rdi
+ .long 0x9066A4F3 # rep movsb
+ mov \$16,%rcx # zero tail
+ sub %r10,%rcx
+ xor %rax,%rax
+ .long 0x9066AAF3 # rep stosb
+ mov $out,$inp # this is not a mistake!
+ mov \$16,%r10 # len=16
+ mov %r11,%rax
+ mov %r12,%rcx
+ jmp .Lcbc_slow_enc_loop # one more spin...
+#--------------------------- SLOW DECRYPT ---------------------------#
+.align 16
+.LSLOW_DECRYPT:
+ shr \$3,%rax
+ add %rax,$sbox # recall "magic" constants!
+
+ mov 0(%rbp),%r11 # copy iv to stack
+ mov 8(%rbp),%r12
+ mov %r11,0+$ivec
+ mov %r12,8+$ivec
+
+.align 4
+.Lcbc_slow_dec_loop:
+ mov 0($inp),$s0 # load input
+ mov 4($inp),$s1
+ mov 8($inp),$s2
+ mov 12($inp),$s3
+ mov $keyp,$key # restore key
+ mov $inp,$_inp # save inp
+ mov $out,$_out # save out
+ mov %r10,$_len # save len
+
+ call _x86_64_AES_decrypt_compact
+
+ mov $_inp,$inp # restore inp
+ mov $_out,$out # restore out
+ mov $_len,%r10
+ xor 0+$ivec,$s0
+ xor 4+$ivec,$s1
+ xor 8+$ivec,$s2
+ xor 12+$ivec,$s3
+
+ mov 0($inp),%r11 # load input
+ mov 8($inp),%r12
+ sub \$16,%r10
+ jc .Lcbc_slow_dec_partial
+ jz .Lcbc_slow_dec_done
+
+ mov %r11,0+$ivec # copy input to iv
+ mov %r12,8+$ivec
+
+ mov $s0,0($out) # save output [can zap input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ lea 16($inp),$inp
+ lea 16($out),$out
+ jmp .Lcbc_slow_dec_loop
+.Lcbc_slow_dec_done:
+ mov $_ivp,%rdi
+ mov %r11,0(%rdi) # copy iv back to user
+ mov %r12,8(%rdi)
+
+ mov $s0,0($out) # save output [can zap input]
+ mov $s1,4($out)
+ mov $s2,8($out)
+ mov $s3,12($out)
+
+ jmp .Lcbc_exit
+
+.align 4
+.Lcbc_slow_dec_partial:
+ mov $_ivp,%rdi
+ mov %r11,0(%rdi) # copy iv back to user
+ mov %r12,8(%rdi)
+
+ mov $s0,0+$ivec # save output to stack
+ mov $s1,4+$ivec
+ mov $s2,8+$ivec
+ mov $s3,12+$ivec
+
+ mov $out,%rdi
+ lea $ivec,%rsi
+ lea 16(%r10),%rcx
+ .long 0x9066A4F3 # rep movsb
+ jmp .Lcbc_exit
+
+.align 16
+.Lcbc_exit:
+ mov $_rsp,%rsi
+ mov (%rsi),%r15
+ mov 8(%rsi),%r14
+ mov 16(%rsi),%r13
+ mov 24(%rsi),%r12
+ mov 32(%rsi),%rbp
+ mov 40(%rsi),%rbx
+ lea 48(%rsi),%rsp
+.Lcbc_popfq:
+ popfq
+.Lcbc_epilogue:
+ ret
+.size AES_cbc_encrypt,.-AES_cbc_encrypt
+___
+}
+
+$code.=<<___;
+.align 64
+.LAES_Te:
+___
+ &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+ &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+ &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+ &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+ &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+ &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+ &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+ &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+ &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+ &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+ &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+ &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+ &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+ &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+ &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+ &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+ &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+ &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+ &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+ &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+ &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+ &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+ &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+ &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+ &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+ &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+ &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+ &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+ &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+ &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+ &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+ &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+ &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+ &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+ &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+ &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+ &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+ &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+ &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+ &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+ &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+ &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+ &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+ &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+ &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+ &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+ &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+ &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+ &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+ &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+ &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+ &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+ &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+ &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+ &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+ &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+ &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+ &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+ &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+ &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+ &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+ &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+ &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+ &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+
+#Te4 # four copies of Te4 to choose from to avoid L1 aliasing
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+
+ &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
+ &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
+ &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
+ &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
+ &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
+ &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
+ &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
+ &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
+ &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
+ &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
+ &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
+ &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
+ &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
+ &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
+ &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
+ &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
+ &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
+ &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
+ &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
+ &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
+ &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
+ &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
+ &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
+ &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
+ &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
+ &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
+ &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
+ &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
+ &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
+ &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
+ &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
+ &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
+#rcon:
+$code.=<<___;
+ .long 0x00000001, 0x00000002, 0x00000004, 0x00000008
+ .long 0x00000010, 0x00000020, 0x00000040, 0x00000080
+ .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080
+ .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
+___
+$code.=<<___;
+.align 64
+.LAES_Td:
+___
+ &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+ &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+ &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+ &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+ &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+ &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+ &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+ &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+ &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+ &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+ &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+ &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+ &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+ &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+ &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+ &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+ &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+ &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+ &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+ &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+ &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+ &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+ &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+ &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+ &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+ &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+ &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+ &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+ &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+ &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+ &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+ &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+ &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+ &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+ &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+ &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+ &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+ &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+ &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+ &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+ &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+ &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+ &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+ &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+ &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+ &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+ &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+ &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+ &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+ &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+ &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+ &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+ &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+ &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+ &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+ &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+ &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+ &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+ &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+ &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+ &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+ &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+ &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+ &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+
+#Td4: # four copies of Td4 to choose from to avoid L1 aliasing
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+ .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+ .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+ .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+ .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+ .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+ .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+___
+ &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
+ &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
+ &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
+ &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
+ &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
+ &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
+ &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
+ &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
+ &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
+ &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
+ &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
+ &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
+ &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
+ &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
+ &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
+ &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
+ &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
+ &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
+ &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
+ &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
+ &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
+ &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
+ &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
+ &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
+ &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
+ &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
+ &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
+ &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
+ &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
+ &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
+ &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
+ &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
+$code.=<<___;
+ .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
+ .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align 64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+# CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type block_se_handler,\@abi-omnipotent
+.align 16
+block_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ mov 8($disp),%rsi # disp->ImageBase
+ mov 56($disp),%r11 # disp->HandlerData
+
+ mov 0(%r11),%r10d # HandlerData[0]
+ lea (%rsi,%r10),%r10 # prologue label
+ cmp %r10,%rbx # context->Rip<prologue label
+ jb .Lin_block_prologue
+
+ mov 152($context),%rax # pull context->Rsp
+
+ mov 4(%r11),%r10d # HandlerData[1]
+ lea (%rsi,%r10),%r10 # epilogue label
+ cmp %r10,%rbx # context->Rip>=epilogue label
+ jae .Lin_block_prologue
+
+ mov 24(%rax),%rax # pull saved real stack pointer
+ lea 48(%rax),%rax # adjust...
+
+ mov -8(%rax),%rbx
+ mov -16(%rax),%rbp
+ mov -24(%rax),%r12
+ mov -32(%rax),%r13
+ mov -40(%rax),%r14
+ mov -48(%rax),%r15
+ mov %rbx,144($context) # restore context->Rbx
+ mov %rbp,160($context) # restore context->Rbp
+ mov %r12,216($context) # restore context->R12
+ mov %r13,224($context) # restore context->R13
+ mov %r14,232($context) # restore context->R14
+ mov %r15,240($context) # restore context->R15
+
+.Lin_block_prologue:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+ jmp .Lcommon_seh_exit
+.size block_se_handler,.-block_se_handler
+
+.type key_se_handler,\@abi-omnipotent
+.align 16
+key_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ mov 8($disp),%rsi # disp->ImageBase
+ mov 56($disp),%r11 # disp->HandlerData
+
+ mov 0(%r11),%r10d # HandlerData[0]
+ lea (%rsi,%r10),%r10 # prologue label
+ cmp %r10,%rbx # context->Rip<prologue label
+ jb .Lin_key_prologue
+
+ mov 152($context),%rax # pull context->Rsp
+
+ mov 4(%r11),%r10d # HandlerData[1]
+ lea (%rsi,%r10),%r10 # epilogue label
+ cmp %r10,%rbx # context->Rip>=epilogue label
+ jae .Lin_key_prologue
+
+ lea 56(%rax),%rax
+
+ mov -8(%rax),%rbx
+ mov -16(%rax),%rbp
+ mov -24(%rax),%r12
+ mov -32(%rax),%r13
+ mov -40(%rax),%r14
+ mov -48(%rax),%r15
+ mov %rbx,144($context) # restore context->Rbx
+ mov %rbp,160($context) # restore context->Rbp
+ mov %r12,216($context) # restore context->R12
+ mov %r13,224($context) # restore context->R13
+ mov %r14,232($context) # restore context->R14
+ mov %r15,240($context) # restore context->R15
+
+.Lin_key_prologue:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+ jmp .Lcommon_seh_exit
+.size key_se_handler,.-key_se_handler
+
+.type cbc_se_handler,\@abi-omnipotent
+.align 16
+cbc_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 120($context),%rax # pull context->Rax
+ mov 248($context),%rbx # pull context->Rip
+
+ lea .Lcbc_prologue(%rip),%r10
+ cmp %r10,%rbx # context->Rip<.Lcbc_prologue
+ jb .Lin_cbc_prologue
+
+ lea .Lcbc_fast_body(%rip),%r10
+ cmp %r10,%rbx # context->Rip<.Lcbc_fast_body
+ jb .Lin_cbc_frame_setup
+
+ lea .Lcbc_slow_prologue(%rip),%r10
+ cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue
+ jb .Lin_cbc_body
+
+ lea .Lcbc_slow_body(%rip),%r10
+ cmp %r10,%rbx # context->Rip<.Lcbc_slow_body
+ jb .Lin_cbc_frame_setup
+
+.Lin_cbc_body:
+ mov 152($context),%rax # pull context->Rsp
+
+ lea .Lcbc_epilogue(%rip),%r10
+ cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue
+ jae .Lin_cbc_prologue
+
+ lea 8(%rax),%rax
+
+ lea .Lcbc_popfq(%rip),%r10
+ cmp %r10,%rbx # context->Rip>=.Lcbc_popfq
+ jae .Lin_cbc_prologue
+
+ mov `16-8`(%rax),%rax # biased $_rsp
+ lea 56(%rax),%rax
+
+.Lin_cbc_frame_setup:
+ mov -16(%rax),%rbx
+ mov -24(%rax),%rbp
+ mov -32(%rax),%r12
+ mov -40(%rax),%r13
+ mov -48(%rax),%r14
+ mov -56(%rax),%r15
+ mov %rbx,144($context) # restore context->Rbx
+ mov %rbp,160($context) # restore context->Rbp
+ mov %r12,216($context) # restore context->R12
+ mov %r13,224($context) # restore context->R13
+ mov %r14,232($context) # restore context->R14
+ mov %r15,240($context) # restore context->R15
+
+.Lin_cbc_prologue:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+.Lcommon_seh_exit:
+
+ mov 40($disp),%rdi # disp->ContextRecord
+ mov $context,%rsi # context
+ mov \$`1232/8`,%ecx # sizeof(CONTEXT)
+ .long 0xa548f3fc # cld; rep movsq
+
+ mov $disp,%rsi
+ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
+ mov 8(%rsi),%rdx # arg2, disp->ImageBase
+ mov 0(%rsi),%r8 # arg3, disp->ControlPc
+ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
+ mov 40(%rsi),%r10 # disp->ContextRecord
+ lea 56(%rsi),%r11 # &disp->HandlerData
+ lea 24(%rsi),%r12 # &disp->EstablisherFrame
+ mov %r10,32(%rsp) # arg5
+ mov %r11,40(%rsp) # arg6
+ mov %r12,48(%rsp) # arg7
+ mov %rcx,56(%rsp) # arg8, (NULL)
+ call *__imp_RtlVirtualUnwind(%rip)
+
+ mov \$1,%eax # ExceptionContinueSearch
+ add \$64,%rsp
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ pop %rdi
+ pop %rsi
+ ret
+.size cbc_se_handler,.-cbc_se_handler
+
+.section .pdata
+.align 4
+ .rva .LSEH_begin_AES_encrypt
+ .rva .LSEH_end_AES_encrypt
+ .rva .LSEH_info_AES_encrypt
+
+ .rva .LSEH_begin_AES_decrypt
+ .rva .LSEH_end_AES_decrypt
+ .rva .LSEH_info_AES_decrypt
+
+ .rva .LSEH_begin_AES_set_encrypt_key
+ .rva .LSEH_end_AES_set_encrypt_key
+ .rva .LSEH_info_AES_set_encrypt_key
+
+ .rva .LSEH_begin_AES_set_decrypt_key
+ .rva .LSEH_end_AES_set_decrypt_key
+ .rva .LSEH_info_AES_set_decrypt_key
+
+ .rva .LSEH_begin_AES_cbc_encrypt
+ .rva .LSEH_end_AES_cbc_encrypt
+ .rva .LSEH_info_AES_cbc_encrypt
+
+.section .xdata
+.align 8
+.LSEH_info_AES_encrypt:
+ .byte 9,0,0,0
+ .rva block_se_handler
+ .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[]
+.LSEH_info_AES_decrypt:
+ .byte 9,0,0,0
+ .rva block_se_handler
+ .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[]
+.LSEH_info_AES_set_encrypt_key:
+ .byte 9,0,0,0
+ .rva key_se_handler
+ .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[]
+.LSEH_info_AES_set_decrypt_key:
+ .byte 9,0,0,0
+ .rva key_se_handler
+ .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[]
+.LSEH_info_AES_cbc_encrypt:
+ .byte 9,0,0,0
+ .rva cbc_se_handler
+___
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+
+print $code;
+
+close STDOUT;
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
new file mode 100644
index 0000000000..72faa78d1f
--- /dev/null
+++ b/crypto/aes/asm/aesni-x86.pl
@@ -0,0 +1,784 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for
+# details].
+
+$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
+ # generates drop-in replacement for
+ # crypto/aes/asm/aes-586.pl:-)
+$inline=1; # inline _aesni_[en|de]crypt
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+push(@INC,"${dir}","${dir}../../perlasm");
+require "x86asm.pl";
+
+&asm_init($ARGV[0],$0);
+
+$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups");
+
+$len="eax";
+$rounds="ecx";
+$key="edx";
+$inp="esi";
+$out="edi";
+$rounds_="ebx"; # backup copy for $rounds
+$key_="ebp"; # backup copy for $key
+
+$inout0="xmm0";
+$inout1="xmm1";
+$inout2="xmm2";
+$rndkey0="xmm3";
+$rndkey1="xmm4";
+$ivec="xmm5";
+$in0="xmm6";
+$in1="xmm7"; $inout3="xmm7";
+
+# Inline version of internal aesni_[en|de]crypt1
+sub aesni_inline_generate1
+{ my $p=shift;
+
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &lea ($key,&DWP(32,$key));
+ &pxor ($inout0,$rndkey0);
+ &set_label("${p}1_loop");
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &dec ($rounds);
+ &$movekey ($rndkey1,&QWP(0,$key));
+ &lea ($key,&DWP(16,$key));
+ &jnz (&label("${p}1_loop"));
+ eval"&aes${p}last ($inout0,$rndkey1)";
+}
+
+sub aesni_generate1 # fully unrolled loop
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt1");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(0x10,$key));
+ &cmp ($rounds,11);
+ &pxor ($inout0,$rndkey0);
+ &$movekey ($rndkey0,&QWP(0x20,$key));
+ &lea ($key,&DWP(0x30,$key));
+ &jb (&label("${p}128"));
+ &lea ($key,&DWP(0x20,$key));
+ &je (&label("${p}192"));
+ &lea ($key,&DWP(0x20,$key));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(-0x40,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(-0x30,$key));
+ &set_label("${p}192");
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(-0x20,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(-0x10,$key));
+ &set_label("${p}128");
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x10,$key));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x20,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x30,$key));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x40,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x50,$key));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(0x60,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &$movekey ($rndkey0,&QWP(0x70,$key));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt1");
+}
+
+# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("enc") if (!$inline);
+&function_begin_B("${PREFIX}_encrypt");
+ &mov ("eax",&wparam(0));
+ &mov ($key,&wparam(2));
+ &movups ($inout0,&QWP(0,"eax"));
+ &mov ($rounds,&DWP(240,$key));
+ &mov ("eax",&wparam(1));
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups (&QWP(0,"eax"),$inout0);
+ &ret ();
+&function_end_B("${PREFIX}_encrypt");
+
+# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key);
+&aesni_generate1("dec") if(!$inline);
+&function_begin_B("${PREFIX}_decrypt");
+ &mov ("eax",&wparam(0));
+ &mov ($key,&wparam(2));
+ &movups ($inout0,&QWP(0,"eax"));
+ &mov ($rounds,&DWP(240,$key));
+ &mov ("eax",&wparam(1));
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &movups (&QWP(0,"eax"),$inout0);
+ &ret ();
+&function_end_B("${PREFIX}_decrypt");
+
+# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
+# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
+# latency is 6, it turned out that it can be scheduled only every
+# *second* cycle. Thus 3x interleave is the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it makes no sense to implement 2x subroutine. As soon
+# as/if Intel improves throughput by making it possible to schedule
+# the instructions in question *every* cycles I would have to
+# implement 6x interleave and use it in loop...
+sub aesni_generate3
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt3");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &shr ($rounds,1);
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &lea ($key,&DWP(32,$key));
+ &pxor ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0);
+ &pxor ($inout2,$rndkey0);
+ &jmp (&label("${p}3_loop"));
+ &set_label("${p}3_loop",16);
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(16,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &lea ($key,&DWP(32,$key));
+ eval"&aes${p} ($inout1,$rndkey0)";
+ eval"&aes${p} ($inout2,$rndkey0)";
+ &jnz (&label("${p}3_loop"));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ eval"&aes${p} ($inout1,$rndkey1)";
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ eval"&aes${p}last ($inout1,$rndkey0)";
+ eval"&aes${p}last ($inout2,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt3");
+}
+
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4
+{ my $p=shift;
+
+ &function_begin_B("_aesni_${p}rypt4");
+ &$movekey ($rndkey0,&QWP(0,$key));
+ &$movekey ($rndkey1,&QWP(16,$key));
+ &shr ($rounds,1);
+ &lea ($key,&DWP(32,$key));
+ &pxor ($inout0,$rndkey0);
+ &pxor ($inout1,$rndkey0);
+ &pxor ($inout2,$rndkey0);
+ &pxor ($inout3,$rndkey0);
+ &jmp (&label("${p}3_loop"));
+ &set_label("${p}3_loop",16);
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ eval"&aes${p} ($inout1,$rndkey1)";
+ &dec ($rounds);
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ &$movekey ($rndkey1,&QWP(16,$key));
+ eval"&aes${p} ($inout0,$rndkey0)";
+ &lea ($key,&DWP(32,$key));
+ eval"&aes${p} ($inout1,$rndkey0)";
+ eval"&aes${p} ($inout2,$rndkey0)";
+ eval"&aes${p} ($inout3,$rndkey0)";
+ &jnz (&label("${p}3_loop"));
+ eval"&aes${p} ($inout0,$rndkey1)";
+ &$movekey ($rndkey0,&QWP(0,$key));
+ eval"&aes${p} ($inout1,$rndkey1)";
+ eval"&aes${p} ($inout2,$rndkey1)";
+ eval"&aes${p} ($inout3,$rndkey1)";
+ eval"&aes${p}last ($inout0,$rndkey0)";
+ eval"&aes${p}last ($inout1,$rndkey0)";
+ eval"&aes${p}last ($inout2,$rndkey0)";
+ eval"&aes${p}last ($inout3,$rndkey0)";
+ &ret();
+ &function_end_B("_aesni_${p}rypt4");
+}
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+
+if ($PREFIX eq "aesni") {
+# void aesni_ecb_encrypt (const void *in, void *out,
+# size_t length, const AES_KEY *key,
+# int enc);
+&function_begin("aesni_ecb_encrypt");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &mov ($rounds,&wparam(4));
+ &cmp ($len,16);
+ &jb (&label("ecb_ret"));
+ &and ($len,-16);
+ &test ($rounds,$rounds)
+ &mov ($rounds,&DWP(240,$key));
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &jz (&label("ecb_decrypt"));
+
+ &sub ($len,0x40);
+ &jbe (&label("ecb_enc_tail"));
+ &jmp (&label("ecb_enc_loop3"));
+
+&set_label("ecb_enc_loop3",16);
+ &movups ($inout0,&QWP(0,$inp));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &call ("_aesni_encrypt3");
+ &sub ($len,0x30);
+ &lea ($inp,&DWP(0x30,$inp));
+ &lea ($out,&DWP(0x30,$out));
+ &movups (&QWP(-0x30,$out),$inout0);
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(-0x20,$out),$inout1);
+ &mov ($rounds,$rounds_); # restore $rounds
+ &movups (&QWP(-0x10,$out),$inout2);
+ &ja (&label("ecb_enc_loop3"));
+
+&set_label("ecb_enc_tail");
+ &add ($len,0x40);
+ &jz (&label("ecb_ret"));
+
+ &cmp ($len,0x10);
+ &movups ($inout0,&QWP(0,$inp));
+ &je (&label("ecb_enc_one"));
+ &cmp ($len,0x20);
+ &movups ($inout1,&QWP(0x10,$inp));
+ &je (&label("ecb_enc_two"));
+ &cmp ($len,0x30);
+ &movups ($inout2,&QWP(0x20,$inp));
+ &je (&label("ecb_enc_three"));
+ &movups ($inout3,&QWP(0x30,$inp));
+ &call ("_aesni_encrypt4");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_one",16);
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_two",16);
+ &call ("_aesni_encrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_enc_three",16);
+ &call ("_aesni_encrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_decrypt",16);
+ &sub ($len,0x40);
+ &jbe (&label("ecb_dec_tail"));
+ &jmp (&label("ecb_dec_loop3"));
+
+&set_label("ecb_dec_loop3",16);
+ &movups ($inout0,&QWP(0,$inp));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &call ("_aesni_decrypt3");
+ &sub ($len,0x30);
+ &lea ($inp,&DWP(0x30,$inp));
+ &lea ($out,&DWP(0x30,$out));
+ &movups (&QWP(-0x30,$out),$inout0);
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(-0x20,$out),$inout1);
+ &mov ($rounds,$rounds_); # restore $rounds
+ &movups (&QWP(-0x10,$out),$inout2);
+ &ja (&label("ecb_dec_loop3"));
+
+&set_label("ecb_dec_tail");
+ &add ($len,0x40);
+ &jz (&label("ecb_ret"));
+
+ &cmp ($len,0x10);
+ &movups ($inout0,&QWP(0,$inp));
+ &je (&label("ecb_dec_one"));
+ &cmp ($len,0x20);
+ &movups ($inout1,&QWP(0x10,$inp));
+ &je (&label("ecb_dec_two"));
+ &cmp ($len,0x30);
+ &movups ($inout2,&QWP(0x20,$inp));
+ &je (&label("ecb_dec_three"));
+ &movups ($inout3,&QWP(0x30,$inp));
+ &call ("_aesni_decrypt4");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movups (&QWP(0x30,$out),$inout3);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_one",16);
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_two",16);
+ &call ("_aesni_decrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &jmp (&label("ecb_ret"));
+
+&set_label("ecb_dec_three",16);
+ &call ("_aesni_decrypt3");
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+
+&set_label("ecb_ret");
+&function_end("aesni_ecb_encrypt");
+}
+
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+&function_begin("${PREFIX}_cbc_encrypt");
+ &mov ($inp,&wparam(0));
+ &mov ($out,&wparam(1));
+ &mov ($len,&wparam(2));
+ &mov ($key,&wparam(3));
+ &test ($len,$len);
+ &mov ($key_,&wparam(4));
+ &jz (&label("cbc_ret"));
+
+ &cmp (&wparam(5),0);
+ &movups ($ivec,&QWP(0,$key_)); # load IV
+ &mov ($rounds,&DWP(240,$key));
+ &mov ($key_,$key); # backup $key
+ &mov ($rounds_,$rounds); # backup $rounds
+ &je (&label("cbc_decrypt"));
+
+ &movaps ($inout0,$ivec);
+ &cmp ($len,16);
+ &jb (&label("cbc_enc_tail"));
+ &sub ($len,16);
+ &jmp (&label("cbc_enc_loop"));
+
+&set_label("cbc_enc_loop",16);
+ &movups ($ivec,&QWP(0,$inp));
+ &lea ($inp,&DWP(16,$inp));
+ &pxor ($inout0,$ivec);
+ if ($inline)
+ { &aesni_inline_generate1("enc"); }
+ else
+ { &call ("_aesni_encrypt1"); }
+ &sub ($len,16);
+ &lea ($out,&DWP(16,$out));
+ &mov ($rounds,$rounds_); # restore $rounds
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(-16,$out),$inout0);
+ &jnc (&label("cbc_enc_loop"));
+ &add ($len,16);
+ &jnz (&label("cbc_enc_tail"));
+ &movaps ($ivec,$inout0);
+ &jmp (&label("cbc_ret"));
+
+&set_label("cbc_enc_tail");
+ &mov ("ecx",$len); # zaps $rounds
+ &data_word(0xA4F3F689); # rep movsb
+ &mov ("ecx",16); # zero tail
+ &sub ("ecx",$len);
+ &xor ("eax","eax"); # zaps $len
+ &data_word(0xAAF3F689); # rep stosb
+ &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block
+ &mov ($rounds,$rounds_); # restore $rounds
+ &mov ($inp,$out); # $inp and $out are the same
+ &mov ($key,$key_); # restore $key
+ &jmp (&label("cbc_enc_loop"));
+
+&set_label("cbc_decrypt",16);
+ &sub ($len,0x40);
+ &jbe (&label("cbc_dec_tail"));
+ &jmp (&label("cbc_dec_loop3"));
+
+&set_label("cbc_dec_loop3",16);
+ &movups ($inout0,&QWP(0,$inp));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &movaps ($in0,$inout0);
+ &movaps ($in1,$inout1);
+ &call ("_aesni_decrypt3");
+ &sub ($len,0x30);
+ &lea ($inp,&DWP(0x30,$inp));
+ &lea ($out,&DWP(0x30,$out));
+ &pxor ($inout0,$ivec);
+ &pxor ($inout1,$in0);
+ &movups ($ivec,&QWP(-0x10,$inp));
+ &pxor ($inout2,$in1);
+ &movups (&QWP(-0x30,$out),$inout0);
+ &mov ($rounds,$rounds_) # restore $rounds
+ &movups (&QWP(-0x20,$out),$inout1);
+ &mov ($key,$key_); # restore $key
+ &movups (&QWP(-0x10,$out),$inout2);
+ &ja (&label("cbc_dec_loop3"));
+
+&set_label("cbc_dec_tail");
+ &add ($len,0x40);
+ &jz (&label("cbc_ret"));
+
+ &movups ($inout0,&QWP(0,$inp));
+ &cmp ($len,0x10);
+ &movaps ($in0,$inout0);
+ &jbe (&label("cbc_dec_one"));
+ &movups ($inout1,&QWP(0x10,$inp));
+ &cmp ($len,0x20);
+ &movaps ($in1,$inout1);
+ &jbe (&label("cbc_dec_two"));
+ &movups ($inout2,&QWP(0x20,$inp));
+ &cmp ($len,0x30);
+ &jbe (&label("cbc_dec_three"));
+ &movups ($inout3,&QWP(0x30,$inp));
+ &call ("_aesni_decrypt4");
+ &movups ($rndkey0,&QWP(0x10,$inp));
+ &movups ($rndkey1,&QWP(0x20,$inp));
+ &pxor ($inout0,$ivec);
+ &pxor ($inout1,$in0);
+ &movups ($ivec,&QWP(0x30,$inp));
+ &movups (&QWP(0,$out),$inout0);
+ &pxor ($inout2,$rndkey0);
+ &pxor ($inout3,$rndkey1);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movups (&QWP(0x20,$out),$inout2);
+ &movaps ($inout0,$inout3);
+ &lea ($out,&DWP(0x30,$out));
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_one");
+ if ($inline)
+ { &aesni_inline_generate1("dec"); }
+ else
+ { &call ("_aesni_decrypt1"); }
+ &pxor ($inout0,$ivec);
+ &movaps ($ivec,$in0);
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_two");
+ &call ("_aesni_decrypt3");
+ &pxor ($inout0,$ivec);
+ &pxor ($inout1,$in0);
+ &movups (&QWP(0,$out),$inout0);
+ &movaps ($inout0,$inout1);
+ &movaps ($ivec,$in1);
+ &lea ($out,&DWP(0x10,$out));
+ &jmp (&label("cbc_dec_tail_collected"));
+
+&set_label("cbc_dec_three");
+ &call ("_aesni_decrypt3");
+ &pxor ($inout0,$ivec);
+ &pxor ($inout1,$in0);
+ &pxor ($inout2,$in1);
+ &movups (&QWP(0,$out),$inout0);
+ &movups (&QWP(0x10,$out),$inout1);
+ &movaps ($inout0,$inout2);
+ &movups ($ivec,&QWP(0x20,$inp));
+ &lea ($out,&DWP(0x20,$out));
+
+&set_label("cbc_dec_tail_collected");
+ &and ($len,15);
+ &jnz (&label("cbc_dec_tail_partial"));
+ &movups (&QWP(0,$out),$inout0);
+ &jmp (&label("cbc_ret"));
+
+&set_label("cbc_dec_tail_partial");
+ &mov ($key_,"esp");
+ &sub ("esp",16);
+ &and ("esp",-16);
+ &movaps (&QWP(0,"esp"),$inout0);
+ &mov ($inp,"esp");
+ &mov ("ecx",$len);
+ &data_word(0xA4F3F689); # rep movsb
+ &mov ("esp",$key_);
+
+&set_label("cbc_ret");
+ &mov ($key_,&wparam(4));
+ &movups (&QWP(0,$key_),$ivec); # output IV
+&function_end("${PREFIX}_cbc_encrypt");
+
+# Mechanical port from aesni-x86_64.pl.
+#
+# _aesni_set_encrypt_key is private interface,
+# input:
+# "eax" const unsigned char *userKey
+# $rounds int bits
+# $key AES_KEY *key
+# output:
+# "eax" return code
+# $round rounds
+
+&function_begin_B("_aesni_set_encrypt_key");
+ &test ("eax","eax");
+ &jz (&label("bad_pointer"));
+ &test ($key,$key);
+ &jz (&label("bad_pointer"));
+
+ &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey
+ &pxor ("xmm4","xmm4"); # low dword of xmm4 is assumed 0
+ &lea ($key,&DWP(16,$key));
+ &cmp ($rounds,256);
+ &je (&label("14rounds"));
+ &cmp ($rounds,192);
+ &je (&label("12rounds"));
+ &cmp ($rounds,128);
+ &jne (&label("bad_keybits"));
+
+&set_label("10rounds",16);
+ &mov ($rounds,9);
+ &$movekey (&QWP(-16,$key),"xmm0"); # round 0
+ &aeskeygenassist("xmm1","xmm0",0x01); # round 1
+ &call (&label("key_128_cold"));
+ &aeskeygenassist("xmm1","xmm0",0x2); # round 2
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x04); # round 3
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x08); # round 4
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x10); # round 5
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x20); # round 6
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x40); # round 7
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x80); # round 8
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x1b); # round 9
+ &call (&label("key_128"));
+ &aeskeygenassist("xmm1","xmm0",0x36); # round 10
+ &call (&label("key_128"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(80,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_128",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_128_cold");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &pxor ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100,);
+ &pxor ("xmm0","xmm4");
+ &pshufd ("xmm1","xmm1",0b11111111); # critical path
+ &pxor ("xmm0","xmm1");
+ &ret();
+
+&set_label("12rounds",16);
+ &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey
+ &mov ($rounds,11);
+ &$movekey (&QWP(-16,$key),"xmm0") # round 0
+ &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2
+ &call (&label("key_192a_cold"));
+ &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9
+ &call (&label("key_192b"));
+ &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11
+ &call (&label("key_192a"));
+ &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12
+ &call (&label("key_192b"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(48,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_192a",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_192a_cold",16);
+ &movaps ("xmm5","xmm2");
+&set_label("key_192b_warm");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &movaps ("xmm3","xmm2");
+ &pxor ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100);
+ &pslldq ("xmm3",4);
+ &pxor ("xmm0","xmm4");
+ &pshufd ("xmm1","xmm1",0b01010101); # critical path
+ &pxor ("xmm2","xmm3");
+ &pxor ("xmm0","xmm1");
+ &pshufd ("xmm3","xmm0",0b11111111);
+ &pxor ("xmm2","xmm3");
+ &ret();
+
+&set_label("key_192b",16);
+ &movaps ("xmm3","xmm0");
+ &shufps ("xmm5","xmm0",0b01000100);
+ &$movekey (&QWP(0,$key),"xmm5");
+ &shufps ("xmm3","xmm2",0b01001110);
+ &$movekey (&QWP(16,$key),"xmm3");
+ &lea ($key,&DWP(32,$key));
+ &jmp (&label("key_192b_warm"));
+
+&set_label("14rounds",16);
+ &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey
+ &mov ($rounds,13);
+ &lea ($key,&DWP(16,$key));
+ &$movekey (&QWP(-32,$key),"xmm0"); # round 0
+ &$movekey (&QWP(-16,$key),"xmm2"); # round 1
+ &aeskeygenassist("xmm1","xmm2",0x01); # round 2
+ &call (&label("key_256a_cold"));
+ &aeskeygenassist("xmm1","xmm0",0x01); # round 3
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x02); # round 4
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x02); # round 5
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x04); # round 6
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x04); # round 7
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x08); # round 8
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x08); # round 9
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x10); # round 10
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x10); # round 11
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x20); # round 12
+ &call (&label("key_256a"));
+ &aeskeygenassist("xmm1","xmm0",0x20); # round 13
+ &call (&label("key_256b"));
+ &aeskeygenassist("xmm1","xmm2",0x40); # round 14
+ &call (&label("key_256a"));
+ &$movekey (&QWP(0,$key),"xmm0");
+ &mov (&DWP(16,$key),$rounds);
+ &xor ("eax","eax");
+ &ret();
+
+&set_label("key_256a",16);
+ &$movekey (&QWP(0,$key),"xmm2");
+ &lea ($key,&DWP(16,$key));
+&set_label("key_256a_cold");
+ &shufps ("xmm4","xmm0",0b00010000);
+ &pxor ("xmm0","xmm4");
+ &shufps ("xmm4","xmm0",0b10001100);
+ &pxor ("xmm0","xmm4");
+ &pshufd ("xmm1","xmm1",0b11111111); # critical path
+ &pxor ("xmm0","xmm1");
+ &ret();
+
+&set_label("key_256b",16);
+ &$movekey (&QWP(0,$key),"xmm0");
+ &lea ($key,&DWP(16,$key));
+
+ &shufps ("xmm4","xmm2",0b00010000);
+ &pxor ("xmm2","xmm4");
+ &shufps ("xmm4","xmm2",0b10001100);
+ &pxor ("xmm2","xmm4");
+ &pshufd ("xmm1","xmm1",0b10101010); # critical path
+ &pxor ("xmm2","xmm1");
+ &ret();
+
+&set_label("bad_pointer",4);
+ &mov ("eax",-1);
+ &ret ();
+&set_label("bad_keybits",4);
+ &mov ("eax",-2);
+ &ret ();
+&function_end_B("_aesni_set_encrypt_key");
+
+# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits,
+# AES_KEY *key)
+&function_begin_B("${PREFIX}_set_encrypt_key");
+ &mov ("eax",&wparam(0));
+ &mov ($rounds,&wparam(1));
+ &mov ($key,&wparam(2));
+ &call ("_aesni_set_encrypt_key");
+ &ret ();
+&function_end_B("${PREFIX}_set_encrypt_key");
+
+# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits,
+# AES_KEY *key)
+&function_begin_B("${PREFIX}_set_decrypt_key");
+ &mov ("eax",&wparam(0));
+ &mov ($rounds,&wparam(1));
+ &mov ($key,&wparam(2));
+ &call ("_aesni_set_encrypt_key");
+ &mov ($key,&wparam(2));
+ &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key
+ &test ("eax","eax");
+ &jnz (&label("dec_key_ret"));
+ &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule
+
+ &$movekey ("xmm0",&QWP(0,$key)); # just swap
+ &$movekey ("xmm1",&QWP(0,"eax"));
+ &$movekey (&QWP(0,"eax"),"xmm0");
+ &$movekey (&QWP(0,$key),"xmm1");
+ &lea ($key,&DWP(16,$key));
+ &lea ("eax",&DWP(-16,"eax"));
+
+&set_label("dec_key_inverse");
+ &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse
+ &$movekey ("xmm1",&QWP(0,"eax"));
+ &aesimc ("xmm0","xmm0");
+ &aesimc ("xmm1","xmm1");
+ &lea ($key,&DWP(16,$key));
+ &lea ("eax",&DWP(-16,"eax"));
+ &cmp ("eax",$key);
+ &$movekey (&QWP(16,"eax"),"xmm0");
+ &$movekey (&QWP(-16,$key),"xmm1");
+ &ja (&label("dec_key_inverse"));
+
+ &$movekey ("xmm0",&QWP(0,$key)); # inverse middle
+ &aesimc ("xmm0","xmm0");
+ &$movekey (&QWP(0,$key),"xmm0");
+
+ &xor ("eax","eax"); # return success
+&set_label("dec_key_ret");
+ &ret ();
+&function_end_B("${PREFIX}_set_decrypt_key");
+&asciz("AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>");
+
+&asm_finish();
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
new file mode 100644
index 0000000000..cdc076e24f
--- /dev/null
+++ b/crypto/aes/asm/aesni-x86_64.pl
@@ -0,0 +1,991 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+#
+# This module implements support for Intel AES-NI extension. In
+# OpenSSL context it's used with Intel engine, but can also be used as
+# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for
+# details].
+
+$PREFIX="aesni"; # if $PREFIX is set to "AES", the script
+ # generates drop-in replacement for
+ # crypto/aes/asm/aes-x86_64.pl:-)
+
+$flavour = shift;
+$output = shift;
+if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
+
+$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output";
+
+$movkey = $PREFIX eq "aesni" ? "movaps" : "movups";
+@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order
+ ("%rdi","%rsi","%rdx","%rcx"); # Unix order
+
+$code=".text\n";
+
+$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!!
+# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ...
+$inp="%rdi";
+$out="%rsi";
+$len="%rdx";
+$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!!
+$ivp="%r8"; # cbc
+
+$rnds_="%r10d"; # backup copy for $rounds
+$key_="%r11"; # backup copy for $key
+
+# %xmm register layout
+$inout0="%xmm0"; $inout1="%xmm1";
+$inout2="%xmm2"; $inout3="%xmm3";
+$rndkey0="%xmm4"; $rndkey1="%xmm5";
+
+$iv="%xmm6"; $in0="%xmm7"; # used in CBC decrypt
+$in1="%xmm8"; $in2="%xmm9";
+
+# Inline version of internal aesni_[en|de]crypt1.
+#
+# Why folded loop? Because aes[enc|dec] is slow enough to accommodate
+# cycles which take care of loop variables...
+{ my $sn;
+sub aesni_generate1 {
+my ($p,$key,$rounds)=@_;
+++$sn;
+$code.=<<___;
+ $movkey ($key),$rndkey0
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ pxor $rndkey0,$inout0
+.Loop_${p}1_$sn:
+ aes${p} $rndkey1,$inout0
+ dec $rounds
+ $movkey ($key),$rndkey1
+ lea 16($key),$key
+ jnz .Loop_${p}1_$sn # loop body is 16 bytes
+ aes${p}last $rndkey1,$inout0
+___
+}}
+# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
+#
+{ my ($inp,$out,$key) = @_4args;
+
+$code.=<<___;
+.globl ${PREFIX}_encrypt
+.type ${PREFIX}_encrypt,\@abi-omnipotent
+.align 16
+${PREFIX}_encrypt:
+ movups ($inp),$inout0 # load input
+ mov 240($key),$rounds # pull $rounds
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out) # output
+ ret
+.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt
+
+.globl ${PREFIX}_decrypt
+.type ${PREFIX}_decrypt,\@abi-omnipotent
+.align 16
+${PREFIX}_decrypt:
+ movups ($inp),$inout0 # load input
+ mov 240($key),$rounds # pull $rounds
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out) # output
+ ret
+.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt
+___
+}
+
+# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave
+# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec]
+# latency is 6, it turned out that it can be scheduled only every
+# *second* cycle. Thus 3x interleave is the one providing optimal
+# utilization, i.e. when subroutine's throughput is virtually same as
+# of non-interleaved subroutine [for number of input blocks up to 3].
+# This is why it makes no sense to implement 2x subroutine. As soon
+# as/if Intel improves throughput by making it possible to schedule
+# the instructions in question *every* cycles I would have to
+# implement 6x interleave and use it in loop...
+sub aesni_generate3 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-2] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt3,\@abi-omnipotent
+.align 16
+_aesni_${dir}rypt3:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ pxor $rndkey0,$inout0
+ pxor $rndkey0,$inout1
+ pxor $rndkey0,$inout2
+
+.L${dir}_loop3:
+ aes${dir} $rndkey1,$inout0
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey0,$inout0
+ $movkey 16($key),$rndkey1
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ jnz .L${dir}_loop3
+
+ aes${dir} $rndkey1,$inout0
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ ret
+.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3
+___
+}
+# 4x interleave is implemented to improve small block performance,
+# most notably [and naturally] 4 block by ~30%. One can argue that one
+# should have implemented 5x as well, but improvement would be <20%,
+# so it's not worth it...
+sub aesni_generate4 {
+my $dir=shift;
+# As already mentioned it takes in $key and $rounds, which are *not*
+# preserved. $inout[0-3] is cipher/clear text...
+$code.=<<___;
+.type _aesni_${dir}rypt4,\@abi-omnipotent
+.align 16
+_aesni_${dir}rypt4:
+ $movkey ($key),$rndkey0
+ shr \$1,$rounds
+ $movkey 16($key),$rndkey1
+ lea 32($key),$key
+ pxor $rndkey0,$inout0
+ pxor $rndkey0,$inout1
+ pxor $rndkey0,$inout2
+ pxor $rndkey0,$inout3
+
+.L${dir}_loop4:
+ aes${dir} $rndkey1,$inout0
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout1
+ dec $rounds
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir} $rndkey0,$inout0
+ $movkey 16($key),$rndkey1
+ aes${dir} $rndkey0,$inout1
+ lea 32($key),$key
+ aes${dir} $rndkey0,$inout2
+ aes${dir} $rndkey0,$inout3
+ jnz .L${dir}_loop4
+
+ aes${dir} $rndkey1,$inout0
+ $movkey ($key),$rndkey0
+ aes${dir} $rndkey1,$inout1
+ aes${dir} $rndkey1,$inout2
+ aes${dir} $rndkey1,$inout3
+ aes${dir}last $rndkey0,$inout0
+ aes${dir}last $rndkey0,$inout1
+ aes${dir}last $rndkey0,$inout2
+ aes${dir}last $rndkey0,$inout3
+ ret
+.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4
+___
+}
+&aesni_generate3("enc") if ($PREFIX eq "aesni");
+&aesni_generate3("dec");
+&aesni_generate4("enc") if ($PREFIX eq "aesni");
+&aesni_generate4("dec");
+
+if ($PREFIX eq "aesni") {
+# void aesni_ecb_encrypt (const void *in, void *out,
+# size_t length, const AES_KEY *key,
+# int enc);
+$code.=<<___;
+.globl aesni_ecb_encrypt
+.type aesni_ecb_encrypt,\@function,5
+.align 16
+aesni_ecb_encrypt:
+ cmp \$16,$len # check length
+ jb .Lecb_ret
+
+ mov 240($key),$rounds # pull $rounds
+ and \$-16,$len
+ mov $key,$key_ # backup $key
+ test %r8d,%r8d # 5th argument
+ mov $rounds,$rnds_ # backup $rounds
+ jz .Lecb_decrypt
+#--------------------------- ECB ENCRYPT ------------------------------#
+ sub \$0x40,$len
+ jbe .Lecb_enc_tail
+ jmp .Lecb_enc_loop3
+.align 16
+.Lecb_enc_loop3:
+ movups ($inp),$inout0
+ movups 0x10($inp),$inout1
+ movups 0x20($inp),$inout2
+ call _aesni_encrypt3
+ sub \$0x30,$len
+ lea 0x30($inp),$inp
+ lea 0x30($out),$out
+ movups $inout0,-0x30($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout1,-0x20($out)
+ mov $key_,$key # restore $key
+ movups $inout2,-0x10($out)
+ ja .Lecb_enc_loop3
+
+.Lecb_enc_tail:
+ add \$0x40,$len
+ jz .Lecb_ret
+
+ cmp \$0x10,$len
+ movups ($inp),$inout0
+ je .Lecb_enc_one
+ cmp \$0x20,$len
+ movups 0x10($inp),$inout1
+ je .Lecb_enc_two
+ cmp \$0x30,$len
+ movups 0x20($inp),$inout2
+ je .Lecb_enc_three
+ movups 0x30($inp),$inout3
+ call _aesni_encrypt4
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_one:
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_two:
+ call _aesni_encrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_enc_three:
+ call _aesni_encrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ jmp .Lecb_ret
+ #--------------------------- ECB DECRYPT ------------------------------#
+.align 16
+.Lecb_decrypt:
+ sub \$0x40,$len
+ jbe .Lecb_dec_tail
+ jmp .Lecb_dec_loop3
+.align 16
+.Lecb_dec_loop3:
+ movups ($inp),$inout0
+ movups 0x10($inp),$inout1
+ movups 0x20($inp),$inout2
+ call _aesni_decrypt3
+ sub \$0x30,$len
+ lea 0x30($inp),$inp
+ lea 0x30($out),$out
+ movups $inout0,-0x30($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout1,-0x20($out)
+ mov $key_,$key # restore $key
+ movups $inout2,-0x10($out)
+ ja .Lecb_dec_loop3
+
+.Lecb_dec_tail:
+ add \$0x40,$len
+ jz .Lecb_ret
+
+ cmp \$0x10,$len
+ movups ($inp),$inout0
+ je .Lecb_dec_one
+ cmp \$0x20,$len
+ movups 0x10($inp),$inout1
+ je .Lecb_dec_two
+ cmp \$0x30,$len
+ movups 0x20($inp),$inout2
+ je .Lecb_dec_three
+ movups 0x30($inp),$inout3
+ call _aesni_decrypt4
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+ movups $inout3,0x30($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_one:
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ movups $inout0,($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_two:
+ call _aesni_decrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ jmp .Lecb_ret
+.align 16
+.Lecb_dec_three:
+ call _aesni_decrypt3
+ movups $inout0,($out)
+ movups $inout1,0x10($out)
+ movups $inout2,0x20($out)
+
+.Lecb_ret:
+ ret
+.size aesni_ecb_encrypt,.-aesni_ecb_encrypt
+___
+}
+
+# void $PREFIX_cbc_encrypt (const void *inp, void *out,
+# size_t length, const AES_KEY *key,
+# unsigned char *ivp,const int enc);
+$reserved = $win64?0x40:-0x18; # used in decrypt
+$code.=<<___;
+.globl ${PREFIX}_cbc_encrypt
+.type ${PREFIX}_cbc_encrypt,\@function,6
+.align 16
+${PREFIX}_cbc_encrypt:
+ test $len,$len # check length
+ jz .Lcbc_ret
+
+ mov 240($key),$rnds_ # pull $rounds
+ mov $key,$key_ # backup $key
+ test %r9d,%r9d # 6th argument
+ jz .Lcbc_decrypt
+#--------------------------- CBC ENCRYPT ------------------------------#
+ movups ($ivp),$inout0 # load iv as initial state
+ cmp \$16,$len
+ mov $rnds_,$rounds
+ jb .Lcbc_enc_tail
+ sub \$16,$len
+ jmp .Lcbc_enc_loop
+.align 16
+.Lcbc_enc_loop:
+ movups ($inp),$inout1 # load input
+ lea 16($inp),$inp
+ pxor $inout1,$inout0
+___
+ &aesni_generate1("enc",$key,$rounds);
+$code.=<<___;
+ sub \$16,$len
+ lea 16($out),$out
+ mov $rnds_,$rounds # restore $rounds
+ mov $key_,$key # restore $key
+ movups $inout0,-16($out) # store output
+ jnc .Lcbc_enc_loop
+ add \$16,$len
+ jnz .Lcbc_enc_tail
+ movups $inout0,($ivp)
+ jmp .Lcbc_ret
+
+.Lcbc_enc_tail:
+ mov $len,%rcx # zaps $key
+ xchg $inp,$out # $inp is %rsi and $out is %rdi now
+ .long 0x9066A4F3 # rep movsb
+ mov \$16,%ecx # zero tail
+ sub $len,%rcx
+ xor %eax,%eax
+ .long 0x9066AAF3 # rep stosb
+ lea -16(%rdi),%rdi # rewind $out by 1 block
+ mov $rnds_,$rounds # restore $rounds
+ mov %rdi,%rsi # $inp and $out are the same
+ mov $key_,$key # restore $key
+ xor $len,$len # len=16
+ jmp .Lcbc_enc_loop # one more spin
+ #--------------------------- CBC DECRYPT ------------------------------#
+.align 16
+.Lcbc_decrypt:
+___
+$code.=<<___ if ($win64);
+ lea -0x58(%rsp),%rsp
+ movaps %xmm6,(%rsp)
+ movaps %xmm7,0x10(%rsp)
+ movaps %xmm8,0x20(%rsp)
+ movaps %xmm9,0x30(%rsp)
+.Lcbc_decrypt_body:
+___
+$code.=<<___;
+ movups ($ivp),$iv
+ sub \$0x40,$len
+ mov $rnds_,$rounds
+ jbe .Lcbc_dec_tail
+ jmp .Lcbc_dec_loop3
+.align 16
+.Lcbc_dec_loop3:
+ movups ($inp),$inout0
+ movups 0x10($inp),$inout1
+ movups 0x20($inp),$inout2
+ movaps $inout0,$in0
+ movaps $inout1,$in1
+ movaps $inout2,$in2
+ call _aesni_decrypt3
+ sub \$0x30,$len
+ lea 0x30($inp),$inp
+ lea 0x30($out),$out
+ pxor $iv,$inout0
+ pxor $in0,$inout1
+ movaps $in2,$iv
+ pxor $in1,$inout2
+ movups $inout0,-0x30($out)
+ mov $rnds_,$rounds # restore $rounds
+ movups $inout1,-0x20($out)
+ mov $key_,$key # restore $key
+ movups $inout2,-0x10($out)
+ ja .Lcbc_dec_loop3
+
+.Lcbc_dec_tail:
+ add \$0x40,$len
+ movups $iv,($ivp)
+ jz .Lcbc_dec_ret
+
+ movups ($inp),$inout0
+ cmp \$0x10,$len
+ movaps $inout0,$in0
+ jbe .Lcbc_dec_one
+ movups 0x10($inp),$inout1
+ cmp \$0x20,$len
+ movaps $inout1,$in1
+ jbe .Lcbc_dec_two
+ movups 0x20($inp),$inout2
+ cmp \$0x30,$len
+ movaps $inout2,$in2
+ jbe .Lcbc_dec_three
+ movups 0x30($inp),$inout3
+ call _aesni_decrypt4
+ pxor $iv,$inout0
+ movups 0x30($inp),$iv
+ pxor $in0,$inout1
+ movups $inout0,($out)
+ pxor $in1,$inout2
+ movups $inout1,0x10($out)
+ pxor $in2,$inout3
+ movups $inout2,0x20($out)
+ movaps $inout3,$inout0
+ lea 0x30($out),$out
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_one:
+___
+ &aesni_generate1("dec",$key,$rounds);
+$code.=<<___;
+ pxor $iv,$inout0
+ movaps $in0,$iv
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_two:
+ call _aesni_decrypt3
+ pxor $iv,$inout0
+ pxor $in0,$inout1
+ movups $inout0,($out)
+ movaps $in1,$iv
+ movaps $inout1,$inout0
+ lea 0x10($out),$out
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_three:
+ call _aesni_decrypt3
+ pxor $iv,$inout0
+ pxor $in0,$inout1
+ movups $inout0,($out)
+ pxor $in1,$inout2
+ movups $inout1,0x10($out)
+ movaps $in2,$iv
+ movaps $inout2,$inout0
+ lea 0x20($out),$out
+ jmp .Lcbc_dec_tail_collected
+.align 16
+.Lcbc_dec_tail_collected:
+ and \$15,$len
+ movups $iv,($ivp)
+ jnz .Lcbc_dec_tail_partial
+ movups $inout0,($out)
+ jmp .Lcbc_dec_ret
+.Lcbc_dec_tail_partial:
+ movaps $inout0,$reserved(%rsp)
+ mov $out,%rdi
+ mov $len,%rcx
+ lea $reserved(%rsp),%rsi
+ .long 0x9066A4F3 # rep movsb
+
+.Lcbc_dec_ret:
+___
+$code.=<<___ if ($win64);
+ movaps (%rsp),%xmm6
+ movaps 0x10(%rsp),%xmm7
+ movaps 0x20(%rsp),%xmm8
+ movaps 0x30(%rsp),%xmm9
+ lea 0x58(%rsp),%rsp
+___
+$code.=<<___;
+.Lcbc_ret:
+ ret
+.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+___
+
+# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey,
+# int bits, AES_KEY *key)
+{ my ($inp,$bits,$key) = @_4args;
+ $bits =~ s/%r/%e/;
+
+$code.=<<___;
+.globl ${PREFIX}_set_decrypt_key
+.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent
+.align 16
+${PREFIX}_set_decrypt_key:
+ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ call _aesni_set_encrypt_key
+ shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key
+ test %eax,%eax
+ jnz .Ldec_key_ret
+ lea 16($key,$bits),$inp # points at the end of key schedule
+
+ $movkey ($key),%xmm0 # just swap
+ $movkey ($inp),%xmm1
+ $movkey %xmm0,($inp)
+ $movkey %xmm1,($key)
+ lea 16($key),$key
+ lea -16($inp),$inp
+
+.Ldec_key_inverse:
+ $movkey ($key),%xmm0 # swap and inverse
+ $movkey ($inp),%xmm1
+ aesimc %xmm0,%xmm0
+ aesimc %xmm1,%xmm1
+ lea 16($key),$key
+ lea -16($inp),$inp
+ cmp $key,$inp
+ $movkey %xmm0,16($inp)
+ $movkey %xmm1,-16($key)
+ ja .Ldec_key_inverse
+
+ $movkey ($key),%xmm0 # inverse middle
+ aesimc %xmm0,%xmm0
+ $movkey %xmm0,($inp)
+.Ldec_key_ret:
+ add \$8,%rsp
+ ret
+.LSEH_end_set_decrypt_key:
+.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
+___
+
+# This is based on submission by
+#
+# Huang Ying <ying.huang@intel.com>
+# Vinodh Gopal <vinodh.gopal@intel.com>
+# Kahraman Akdemir
+#
+# Agressively optimized in respect to aeskeygenassist's critical path
+# and is contained in %xmm0-5 to meet Win64 ABI requirement.
+#
+$code.=<<___;
+.globl ${PREFIX}_set_encrypt_key
+.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent
+.align 16
+${PREFIX}_set_encrypt_key:
+_aesni_set_encrypt_key:
+ .byte 0x48,0x83,0xEC,0x08 # sub rsp,8
+ test $inp,$inp
+ mov \$-1,%rax
+ jz .Lenc_key_ret
+ test $key,$key
+ jz .Lenc_key_ret
+
+ movups ($inp),%xmm0 # pull first 128 bits of *userKey
+ pxor %xmm4,%xmm4 # low dword of xmm4 is assumed 0
+ lea 16($key),%rax
+ cmp \$256,$bits
+ je .L14rounds
+ cmp \$192,$bits
+ je .L12rounds
+ cmp \$128,$bits
+ jne .Lbad_keybits
+
+.L10rounds:
+ mov \$9,$bits # 10 rounds for 128-bit key
+ $movkey %xmm0,($key) # round 0
+ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1
+ call .Lkey_expansion_128_cold
+ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9
+ call .Lkey_expansion_128
+ aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10
+ call .Lkey_expansion_128
+ $movkey %xmm0,(%rax)
+ mov $bits,80(%rax) # 240(%rdx)
+ xor %eax,%eax
+ jmp .Lenc_key_ret
+
+.align 16
+.L12rounds:
+ movq 16($inp),%xmm2 # remaining 1/3 of *userKey
+ mov \$11,$bits # 12 rounds for 192
+ $movkey %xmm0,($key) # round 0
+ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2
+ call .Lkey_expansion_192a_cold
+ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9
+ call .Lkey_expansion_192b
+ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11
+ call .Lkey_expansion_192a
+ aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12
+ call .Lkey_expansion_192b
+ $movkey %xmm0,(%rax)
+ mov $bits,48(%rax) # 240(%rdx)
+ xor %rax, %rax
+ jmp .Lenc_key_ret
+
+.align 16
+.L14rounds:
+ movups 16($inp),%xmm2 # remaning half of *userKey
+ mov \$13,$bits # 14 rounds for 256
+ lea 16(%rax),%rax
+ $movkey %xmm0,($key) # round 0
+ $movkey %xmm2,16($key) # round 1
+ aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2
+ call .Lkey_expansion_256a_cold
+ aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12
+ call .Lkey_expansion_256a
+ aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13
+ call .Lkey_expansion_256b
+ aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14
+ call .Lkey_expansion_256a
+ $movkey %xmm0,(%rax)
+ mov $bits,16(%rax) # 240(%rdx)
+ xor %rax,%rax
+ jmp .Lenc_key_ret
+
+.align 16
+.Lbad_keybits:
+ mov \$-2,%rax
+.Lenc_key_ret:
+ add \$8,%rsp
+ ret
+.LSEH_end_set_encrypt_key:
+
+.align 16
+.Lkey_expansion_128:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_128_cold:
+ shufps \$0b00010000,%xmm0,%xmm4
+ pxor %xmm4, %xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ pxor %xmm4, %xmm0
+ pshufd \$0b11111111,%xmm1,%xmm1 # critical path
+ pxor %xmm1,%xmm0
+ ret
+
+.align 16
+.Lkey_expansion_192a:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_192a_cold:
+ movaps %xmm2, %xmm5
+.Lkey_expansion_192b_warm:
+ shufps \$0b00010000,%xmm0,%xmm4
+ movaps %xmm2,%xmm3
+ pxor %xmm4,%xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ pslldq \$4,%xmm3
+ pxor %xmm4,%xmm0
+ pshufd \$0b01010101,%xmm1,%xmm1 # critical path
+ pxor %xmm3,%xmm2
+ pxor %xmm1,%xmm0
+ pshufd \$0b11111111,%xmm0,%xmm3
+ pxor %xmm3,%xmm2
+ ret
+
+.align 16
+.Lkey_expansion_192b:
+ movaps %xmm0,%xmm3
+ shufps \$0b01000100,%xmm0,%xmm5
+ $movkey %xmm5,(%rax)
+ shufps \$0b01001110,%xmm2,%xmm3
+ $movkey %xmm3,16(%rax)
+ lea 32(%rax),%rax
+ jmp .Lkey_expansion_192b_warm
+
+.align 16
+.Lkey_expansion_256a:
+ $movkey %xmm2,(%rax)
+ lea 16(%rax),%rax
+.Lkey_expansion_256a_cold:
+ shufps \$0b00010000,%xmm0,%xmm4
+ pxor %xmm4,%xmm0
+ shufps \$0b10001100,%xmm0,%xmm4
+ pxor %xmm4,%xmm0
+ pshufd \$0b11111111,%xmm1,%xmm1 # critical path
+ pxor %xmm1,%xmm0
+ ret
+
+.align 16
+.Lkey_expansion_256b:
+ $movkey %xmm0,(%rax)
+ lea 16(%rax),%rax
+
+ shufps \$0b00010000,%xmm2,%xmm4
+ pxor %xmm4,%xmm2
+ shufps \$0b10001100,%xmm2,%xmm4
+ pxor %xmm4,%xmm2
+ pshufd \$0b10101010,%xmm1,%xmm1 # critical path
+ pxor %xmm1,%xmm2
+ ret
+.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
+___
+}
+
+$code.=<<___;
+.asciz "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
+.align 64
+___
+
+# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
+# CONTEXT *context,DISPATCHER_CONTEXT *disp)
+if ($win64) {
+$rec="%rcx";
+$frame="%rdx";
+$context="%r8";
+$disp="%r9";
+
+$code.=<<___;
+.extern __imp_RtlVirtualUnwind
+.type cbc_se_handler,\@abi-omnipotent
+.align 16
+cbc_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 152($context),%rax # pull context->Rsp
+ mov 248($context),%rbx # pull context->Rip
+
+ lea .Lcbc_decrypt(%rip),%r10
+ cmp %r10,%rbx # context->Rip<"prologue" label
+ jb .Lin_prologue
+
+ lea .Lcbc_decrypt_body(%rip),%r10
+ cmp %r10,%rbx # context->Rip<cbc_decrypt_body
+ jb .Lrestore_rax
+
+ lea .Lcbc_ret(%rip),%r10
+ cmp %r10,%rbx # context->Rip>="epilogue" label
+ jae .Lin_prologue
+
+ lea 0(%rax),%rsi # top of stack
+ lea 512($context),%rdi # &context.Xmm6
+ mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax)
+ .long 0xa548f3fc # cld; rep movsq
+ lea 0x58(%rax),%rax # adjust stack pointer
+ jmp .Lin_prologue
+
+.Lrestore_rax:
+ mov 120($context),%rax
+.Lin_prologue:
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rax,152($context) # restore context->Rsp
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+ jmp .Lcommon_seh_exit
+.size cbc_se_handler,.-cbc_se_handler
+
+.type ecb_se_handler,\@abi-omnipotent
+.align 16
+ecb_se_handler:
+ push %rsi
+ push %rdi
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+ pushfq
+ sub \$64,%rsp
+
+ mov 152($context),%rax # pull context->Rsp
+ mov 8(%rax),%rdi
+ mov 16(%rax),%rsi
+ mov %rsi,168($context) # restore context->Rsi
+ mov %rdi,176($context) # restore context->Rdi
+
+.Lcommon_seh_exit:
+
+ mov 40($disp),%rdi # disp->ContextRecord
+ mov $context,%rsi # context
+ mov \$154,%ecx # sizeof(CONTEXT)
+ .long 0xa548f3fc # cld; rep movsq
+
+ mov $disp,%rsi
+ xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
+ mov 8(%rsi),%rdx # arg2, disp->ImageBase
+ mov 0(%rsi),%r8 # arg3, disp->ControlPc
+ mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
+ mov 40(%rsi),%r10 # disp->ContextRecord
+ lea 56(%rsi),%r11 # &disp->HandlerData
+ lea 24(%rsi),%r12 # &disp->EstablisherFrame
+ mov %r10,32(%rsp) # arg5
+ mov %r11,40(%rsp) # arg6
+ mov %r12,48(%rsp) # arg7
+ mov %rcx,56(%rsp) # arg8, (NULL)
+ call *__imp_RtlVirtualUnwind(%rip)
+
+ mov \$1,%eax # ExceptionContinueSearch
+ add \$64,%rsp
+ popfq
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ pop %rdi
+ pop %rsi
+ ret
+.size cbc_se_handler,.-cbc_se_handler
+
+.section .pdata
+.align 4
+ .rva .LSEH_begin_${PREFIX}_ecb_encrypt
+ .rva .LSEH_end_${PREFIX}_ecb_encrypt
+ .rva .LSEH_info_ecb
+
+ .rva .LSEH_begin_${PREFIX}_cbc_encrypt
+ .rva .LSEH_end_${PREFIX}_cbc_encrypt
+ .rva .LSEH_info_cbc
+
+ .rva ${PREFIX}_set_decrypt_key
+ .rva .LSEH_end_set_decrypt_key
+ .rva .LSEH_info_key
+
+ .rva ${PREFIX}_set_encrypt_key
+ .rva .LSEH_end_set_encrypt_key
+ .rva .LSEH_info_key
+.section .xdata
+.align 8
+.LSEH_info_ecb:
+ .byte 9,0,0,0
+ .rva ecb_se_handler
+.LSEH_info_cbc:
+ .byte 9,0,0,0
+ .rva cbc_se_handler
+.LSEH_info_key:
+ .byte 0x01,0x04,0x01,0x00
+ .byte 0x04,0x02,0x00,0x00
+___
+}
+
+sub rex {
+ local *opcode=shift;
+ my ($dst,$src)=@_;
+
+ if ($dst>=8 || $src>=8) {
+ $rex=0x40;
+ $rex|=0x04 if($dst>=8);
+ $rex|=0x01 if($src>=8);
+ push @opcode,$rex;
+ }
+}
+
+sub aesni {
+ my $line=shift;
+ my @opcode=(0x66);
+
+ if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ rex(\@opcode,$4,$3);
+ push @opcode,0x0f,0x3a,0xdf;
+ push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M
+ my $c=$2;
+ push @opcode,$c=~/^0/?oct($c):$c;
+ return ".byte\t".join(',',@opcode);
+ }
+ elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+ my %opcodelet = (
+ "aesimc" => 0xdb,
+ "aesenc" => 0xdc, "aesenclast" => 0xdd,
+ "aesdec" => 0xde, "aesdeclast" => 0xdf
+ );
+ return undef if (!defined($opcodelet{$1}));
+ rex(\@opcode,$3,$2);
+ push @opcode,0x0f,0x38,$opcodelet{$1};
+ push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M
+ return ".byte\t".join(',',@opcode);
+ }
+ return $line;
+}
+
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
+
+print $code;
+
+close STDOUT;
View Lorry Controller Status