3 # ====================================================================
4 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
14 # Code uses single 1K S-box and is >2 times faster than code generated
15 # by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
16 # allows to merge logical or arithmetic operation with shift or rotate
17 # in one instruction and emit combined result every cycle. The module
18 # is endian-neutral. The performance is ~42 cycles/byte for 128-bit
19 # key [on single-issue Xscale PXA250 core].
23 # AES_set_[en|de]crypt_key is added.
27 # Rescheduling for dual-issue pipeline resulted in 12% improvement on
28 # Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
32 # Profiler-assisted and platform-specific optimization resulted in 16%
33 # improvement on Cortex A8 core and ~21.5 cycles per byte.
35 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
36 open STDOUT,">$output";
61 .word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
62 .word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
63 .word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
64 .word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
65 .word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
66 .word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
67 .word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
68 .word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
69 .word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
70 .word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
71 .word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
72 .word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
73 .word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
74 .word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
75 .word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
76 .word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
77 .word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
78 .word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
79 .word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
80 .word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
81 .word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
82 .word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
83 .word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
84 .word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
85 .word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
86 .word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
87 .word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
88 .word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
89 .word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
90 .word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
91 .word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
92 .word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
93 .word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
94 .word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
95 .word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
96 .word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
97 .word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
98 .word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
99 .word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
100 .word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
101 .word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
102 .word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
103 .word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
104 .word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
105 .word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
106 .word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
107 .word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
108 .word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
109 .word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
110 .word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
111 .word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
112 .word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
113 .word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
114 .word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
115 .word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
116 .word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
117 .word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
118 .word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
119 .word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
120 .word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
121 .word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
122 .word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
123 .word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
124 .word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
126 .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
127 .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
128 .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
129 .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
130 .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
131 .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
132 .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
133 .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
134 .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
135 .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
136 .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
137 .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
138 .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
139 .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
140 .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
141 .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
142 .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
143 .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
144 .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
145 .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
146 .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
147 .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
148 .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
149 .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
150 .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
151 .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
152 .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
153 .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
154 .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
155 .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
156 .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
157 .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
159 .word 0x01000000, 0x02000000, 0x04000000, 0x08000000
160 .word 0x10000000, 0x20000000, 0x40000000, 0x80000000
161 .word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
162 .size AES_Te,.-AES_Te
164 @ void AES_encrypt(const unsigned char *in, unsigned char *out,
165 @ const AES_KEY *key) {
167 .type AES_encrypt,%function
170 sub r3,pc,#8 @ AES_encrypt
171 stmdb sp!,{r1,r4-r12,lr}
174 sub $tbl,r3,#AES_encrypt-AES_Te @ Te
176 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
177 ldrb $t1,[$rounds,#2] @ manner...
178 ldrb $t2,[$rounds,#1]
179 ldrb $t3,[$rounds,#0]
180 orr $s0,$s0,$t1,lsl#8
181 ldrb $s1,[$rounds,#7]
182 orr $s0,$s0,$t2,lsl#16
183 ldrb $t1,[$rounds,#6]
184 orr $s0,$s0,$t3,lsl#24
185 ldrb $t2,[$rounds,#5]
186 ldrb $t3,[$rounds,#4]
187 orr $s1,$s1,$t1,lsl#8
188 ldrb $s2,[$rounds,#11]
189 orr $s1,$s1,$t2,lsl#16
190 ldrb $t1,[$rounds,#10]
191 orr $s1,$s1,$t3,lsl#24
192 ldrb $t2,[$rounds,#9]
193 ldrb $t3,[$rounds,#8]
194 orr $s2,$s2,$t1,lsl#8
195 ldrb $s3,[$rounds,#15]
196 orr $s2,$s2,$t2,lsl#16
197 ldrb $t1,[$rounds,#14]
198 orr $s2,$s2,$t3,lsl#24
199 ldrb $t2,[$rounds,#13]
200 ldrb $t3,[$rounds,#12]
201 orr $s3,$s3,$t1,lsl#8
202 orr $s3,$s3,$t2,lsl#16
203 orr $s3,$s3,$t3,lsl#24
208 ldr $s3,[$rounds,#12]
216 bl _armv4_AES_encrypt
218 ldr $rounds,[sp],#4 @ pop out
229 str $s3,[$rounds,#12]
231 mov $t1,$s0,lsr#24 @ write output in endian-neutral
232 mov $t2,$s0,lsr#16 @ manner...
234 strb $t1,[$rounds,#0]
235 strb $t2,[$rounds,#1]
237 strb $t3,[$rounds,#2]
239 strb $s0,[$rounds,#3]
241 strb $t1,[$rounds,#4]
242 strb $t2,[$rounds,#5]
244 strb $t3,[$rounds,#6]
246 strb $s1,[$rounds,#7]
248 strb $t1,[$rounds,#8]
249 strb $t2,[$rounds,#9]
251 strb $t3,[$rounds,#10]
253 strb $s2,[$rounds,#11]
255 strb $t1,[$rounds,#12]
256 strb $t2,[$rounds,#13]
257 strb $t3,[$rounds,#14]
258 strb $s3,[$rounds,#15]
261 ldmia sp!,{r4-r12,pc}
263 ldmia sp!,{r4-r12,lr}
265 moveq pc,lr @ be binary compatible with V4, yet
266 bx lr @ interoperable with Thumb ISA:-)
268 .size AES_encrypt,.-AES_encrypt
270 .type _armv4_AES_encrypt,%function
273 str lr,[sp,#-4]! @ push lr
274 ldmia $key!,{$t1-$i1}
276 ldr $rounds,[$key,#240-16]
280 sub $rounds,$rounds,#1
285 and $i3,lr,$s0,lsr#16
288 ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0]
289 and $i1,lr,$s1,lsr#16 @ i0
290 ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8]
292 ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16]
294 ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24]
297 ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16]
298 ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0]
299 ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8]
300 eor $s0,$s0,$i1,ror#8
301 ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24]
302 and $i1,lr,$s2,lsr#8 @ i0
303 eor $t2,$t2,$i2,ror#8
304 and $i2,lr,$s2,lsr#16 @ i1
305 eor $t3,$t3,$i3,ror#8
307 ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8]
308 eor $s1,$s1,$t1,ror#24
309 ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16]
312 ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0]
313 eor $s0,$s0,$i1,ror#16
314 ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24]
316 eor $s1,$s1,$i2,ror#8
317 and $i2,lr,$s3,lsr#8 @ i1
318 eor $t3,$t3,$i3,ror#16
319 and $i3,lr,$s3,lsr#16 @ i2
320 ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0]
321 eor $s2,$s2,$t2,ror#16
322 ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8]
325 ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16]
326 eor $s0,$s0,$i1,ror#24
328 eor $s1,$s1,$i2,ror#16
329 ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24]
330 eor $s2,$s2,$i3,ror#8
332 eor $s3,$s3,$t3,ror#8
341 and $i3,lr,$s0,lsr#16
345 subs $rounds,$rounds,#1
350 ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0]
351 and $i1,lr,$s1,lsr#16 @ i0
352 ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8]
354 ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16]
356 ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24]
359 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16]
360 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0]
361 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8]
362 eor $s0,$i1,$s0,lsl#8
363 ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24]
364 and $i1,lr,$s2,lsr#8 @ i0
365 eor $t2,$i2,$t2,lsl#8
366 and $i2,lr,$s2,lsr#16 @ i1
367 eor $t3,$i3,$t3,lsl#8
369 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8]
370 eor $s1,$t1,$s1,lsl#24
371 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16]
374 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0]
375 eor $s0,$i1,$s0,lsl#8
376 ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24]
378 eor $s1,$s1,$i2,lsl#16
379 and $i2,lr,$s3,lsr#8 @ i1
380 eor $t3,$i3,$t3,lsl#8
381 and $i3,lr,$s3,lsr#16 @ i2
382 ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0]
383 eor $s2,$t2,$s2,lsl#24
384 ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8]
387 ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16]
388 eor $s0,$i1,$s0,lsl#8
390 ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24]
391 eor $s1,$s1,$i2,lsl#8
393 eor $s2,$s2,$i3,lsl#16
395 eor $s3,$t3,$s3,lsl#24
404 ldr pc,[sp],#4 @ pop and return
405 .size _armv4_AES_encrypt,.-_armv4_AES_encrypt
407 .global private_AES_set_encrypt_key
408 .type private_AES_set_encrypt_key,%function
410 private_AES_set_encrypt_key:
411 sub r3,pc,#8 @ AES_set_encrypt_key
427 .Lok: stmdb sp!,{r4-r12,lr}
428 sub $tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024 @ Te4
435 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
436 ldrb $t1,[$rounds,#2] @ manner...
437 ldrb $t2,[$rounds,#1]
438 ldrb $t3,[$rounds,#0]
439 orr $s0,$s0,$t1,lsl#8
440 ldrb $s1,[$rounds,#7]
441 orr $s0,$s0,$t2,lsl#16
442 ldrb $t1,[$rounds,#6]
443 orr $s0,$s0,$t3,lsl#24
444 ldrb $t2,[$rounds,#5]
445 ldrb $t3,[$rounds,#4]
446 orr $s1,$s1,$t1,lsl#8
447 ldrb $s2,[$rounds,#11]
448 orr $s1,$s1,$t2,lsl#16
449 ldrb $t1,[$rounds,#10]
450 orr $s1,$s1,$t3,lsl#24
451 ldrb $t2,[$rounds,#9]
452 ldrb $t3,[$rounds,#8]
453 orr $s2,$s2,$t1,lsl#8
454 ldrb $s3,[$rounds,#15]
455 orr $s2,$s2,$t2,lsl#16
456 ldrb $t1,[$rounds,#14]
457 orr $s2,$s2,$t3,lsl#24
458 ldrb $t2,[$rounds,#13]
459 ldrb $t3,[$rounds,#12]
460 orr $s3,$s3,$t1,lsl#8
462 orr $s3,$s3,$t2,lsl#16
464 orr $s3,$s3,$t3,lsl#24
471 ldr $s3,[$rounds,#12]
487 str $rounds,[$key,#240-16]
488 add $t3,$tbl,#256 @ rcon
492 and $t2,lr,$s3,lsr#24
493 and $i1,lr,$s3,lsr#16
499 orr $t2,$t2,$i1,lsl#24
501 orr $t2,$t2,$i2,lsl#16
502 ldr $t1,[$t3],#4 @ rcon[i++]
503 orr $t2,$t2,$i3,lsl#8
505 eor $s0,$s0,$t2 @ rk[4]=rk[0]^...
506 eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4]
508 eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5]
510 eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6]
512 subs $rounds,$rounds,#1
520 ldrb $i2,[$rounds,#19]
521 ldrb $t1,[$rounds,#18]
522 ldrb $t2,[$rounds,#17]
523 ldrb $t3,[$rounds,#16]
524 orr $i2,$i2,$t1,lsl#8
525 ldrb $i3,[$rounds,#23]
526 orr $i2,$i2,$t2,lsl#16
527 ldrb $t1,[$rounds,#22]
528 orr $i2,$i2,$t3,lsl#24
529 ldrb $t2,[$rounds,#21]
530 ldrb $t3,[$rounds,#20]
531 orr $i3,$i3,$t1,lsl#8
532 orr $i3,$i3,$t2,lsl#16
534 orr $i3,$i3,$t3,lsl#24
537 ldr $i2,[$rounds,#16]
538 ldr $i3,[$rounds,#20]
550 str $rounds,[$key,#240-24]
551 add $t3,$tbl,#256 @ rcon
556 and $t2,lr,$i3,lsr#24
557 and $i1,lr,$i3,lsr#16
563 orr $t2,$t2,$i1,lsl#24
565 orr $t2,$t2,$i2,lsl#16
566 ldr $t1,[$t3],#4 @ rcon[i++]
567 orr $t2,$t2,$i3,lsl#8
569 eor $s0,$s0,$i3 @ rk[6]=rk[0]^...
570 eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6]
572 eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7]
574 eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8]
576 subs $rounds,$rounds,#1
583 eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9]
584 eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10]
591 ldrb $i2,[$rounds,#27]
592 ldrb $t1,[$rounds,#26]
593 ldrb $t2,[$rounds,#25]
594 ldrb $t3,[$rounds,#24]
595 orr $i2,$i2,$t1,lsl#8
596 ldrb $i3,[$rounds,#31]
597 orr $i2,$i2,$t2,lsl#16
598 ldrb $t1,[$rounds,#30]
599 orr $i2,$i2,$t3,lsl#24
600 ldrb $t2,[$rounds,#29]
601 ldrb $t3,[$rounds,#28]
602 orr $i3,$i3,$t1,lsl#8
603 orr $i3,$i3,$t2,lsl#16
605 orr $i3,$i3,$t3,lsl#24
608 ldr $i2,[$rounds,#24]
609 ldr $i3,[$rounds,#28]
619 str $rounds,[$key,#240-32]
620 add $t3,$tbl,#256 @ rcon
625 and $t2,lr,$i3,lsr#24
626 and $i1,lr,$i3,lsr#16
632 orr $t2,$t2,$i1,lsl#24
634 orr $t2,$t2,$i2,lsl#16
635 ldr $t1,[$t3],#4 @ rcon[i++]
636 orr $t2,$t2,$i3,lsl#8
638 eor $s0,$s0,$i3 @ rk[8]=rk[0]^...
639 eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8]
641 eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9]
643 eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10]
645 subs $rounds,$rounds,#1
653 and $i2,lr,$s3,lsr#16
655 and $i3,lr,$s3,lsr#24
657 orr $t2,$t2,$i1,lsl#8
659 orr $t2,$t2,$i2,lsl#16
661 orr $t2,$t2,$i3,lsl#24
665 eor $t1,$t1,$t2 @ rk[12]=rk[4]^...
667 eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12]
669 eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13]
671 eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14]
677 ldmia sp!,{r4-r12,lr}
679 moveq pc,lr @ be binary compatible with V4, yet
680 bx lr @ interoperable with Thumb ISA:-)
681 .size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
683 .global private_AES_set_decrypt_key
684 .type private_AES_set_decrypt_key,%function
686 private_AES_set_decrypt_key:
687 str lr,[sp,#-4]! @ push lr
688 bl private_AES_set_encrypt_key
690 ldrne lr,[sp],#4 @ pop lr
695 ldr $rounds,[r2,#240] @ AES_set_encrypt_key preserves r2,
696 mov $key,r2 @ which is AES_KEY *key
698 add $i2,r2,$rounds,lsl#4
723 ldr $s0,[$key,#16]! @ prefetch tp1
726 orr $mask80,$mask80,#0x8000
727 orr $mask1b,$mask1b,#0x1b00
728 orr $mask80,$mask80,$mask80,lsl#16
729 orr $mask1b,$mask1b,$mask1b,lsl#16
730 sub $rounds,$rounds,#1
732 mov $rounds,$rounds,lsl#2 @ (rounds-1)*4
734 .Lmix: and $t1,$s0,$mask80
736 sub $t1,$t1,$t1,lsr#7
738 eor $s1,$t1,$s1,lsl#1 @ tp2
742 sub $t1,$t1,$t1,lsr#7
744 eor $s2,$t1,$s2,lsl#1 @ tp4
748 sub $t1,$t1,$t1,lsr#7
750 eor $s3,$t1,$s3,lsl#1 @ tp8
753 eor $t2,$s0,$s3 @ tp9
754 eor $t1,$t1,$s3 @ tpe
755 eor $t1,$t1,$s1,ror#24
756 eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8)
757 eor $t1,$t1,$s2,ror#16
758 eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16)
759 eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24)
761 ldr $s0,[$key,#4] @ prefetch tp1
763 subs $rounds,$rounds,#1
768 ldmia sp!,{r4-r12,pc}
770 ldmia sp!,{r4-r12,lr}
772 moveq pc,lr @ be binary compatible with V4, yet
773 bx lr @ interoperable with Thumb ISA:-)
775 .size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
780 .word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
781 .word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
782 .word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
783 .word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
784 .word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
785 .word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
786 .word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
787 .word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
788 .word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
789 .word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
790 .word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
791 .word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
792 .word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
793 .word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
794 .word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
795 .word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
796 .word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
797 .word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
798 .word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
799 .word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
800 .word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
801 .word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
802 .word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
803 .word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
804 .word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
805 .word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
806 .word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
807 .word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
808 .word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
809 .word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
810 .word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
811 .word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
812 .word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
813 .word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
814 .word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
815 .word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
816 .word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
817 .word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
818 .word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
819 .word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
820 .word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
821 .word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
822 .word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
823 .word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
824 .word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
825 .word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
826 .word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
827 .word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
828 .word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
829 .word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
830 .word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
831 .word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
832 .word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
833 .word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
834 .word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
835 .word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
836 .word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
837 .word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
838 .word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
839 .word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
840 .word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
841 .word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
842 .word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
843 .word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
845 .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
846 .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
847 .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
848 .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
849 .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
850 .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
851 .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
852 .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
853 .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
854 .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
855 .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
856 .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
857 .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
858 .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
859 .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
860 .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
861 .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
862 .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
863 .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
864 .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
865 .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
866 .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
867 .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
868 .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
869 .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
870 .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
871 .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
872 .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
873 .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
874 .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
875 .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
876 .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
877 .size AES_Td,.-AES_Td
879 @ void AES_decrypt(const unsigned char *in, unsigned char *out,
880 @ const AES_KEY *key) {
882 .type AES_decrypt,%function
885 sub r3,pc,#8 @ AES_decrypt
886 stmdb sp!,{r1,r4-r12,lr}
889 sub $tbl,r3,#AES_decrypt-AES_Td @ Td
891 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
892 ldrb $t1,[$rounds,#2] @ manner...
893 ldrb $t2,[$rounds,#1]
894 ldrb $t3,[$rounds,#0]
895 orr $s0,$s0,$t1,lsl#8
896 ldrb $s1,[$rounds,#7]
897 orr $s0,$s0,$t2,lsl#16
898 ldrb $t1,[$rounds,#6]
899 orr $s0,$s0,$t3,lsl#24
900 ldrb $t2,[$rounds,#5]
901 ldrb $t3,[$rounds,#4]
902 orr $s1,$s1,$t1,lsl#8
903 ldrb $s2,[$rounds,#11]
904 orr $s1,$s1,$t2,lsl#16
905 ldrb $t1,[$rounds,#10]
906 orr $s1,$s1,$t3,lsl#24
907 ldrb $t2,[$rounds,#9]
908 ldrb $t3,[$rounds,#8]
909 orr $s2,$s2,$t1,lsl#8
910 ldrb $s3,[$rounds,#15]
911 orr $s2,$s2,$t2,lsl#16
912 ldrb $t1,[$rounds,#14]
913 orr $s2,$s2,$t3,lsl#24
914 ldrb $t2,[$rounds,#13]
915 ldrb $t3,[$rounds,#12]
916 orr $s3,$s3,$t1,lsl#8
917 orr $s3,$s3,$t2,lsl#16
918 orr $s3,$s3,$t3,lsl#24
923 ldr $s3,[$rounds,#12]
931 bl _armv4_AES_decrypt
933 ldr $rounds,[sp],#4 @ pop out
944 str $s3,[$rounds,#12]
946 mov $t1,$s0,lsr#24 @ write output in endian-neutral
947 mov $t2,$s0,lsr#16 @ manner...
949 strb $t1,[$rounds,#0]
950 strb $t2,[$rounds,#1]
952 strb $t3,[$rounds,#2]
954 strb $s0,[$rounds,#3]
956 strb $t1,[$rounds,#4]
957 strb $t2,[$rounds,#5]
959 strb $t3,[$rounds,#6]
961 strb $s1,[$rounds,#7]
963 strb $t1,[$rounds,#8]
964 strb $t2,[$rounds,#9]
966 strb $t3,[$rounds,#10]
968 strb $s2,[$rounds,#11]
970 strb $t1,[$rounds,#12]
971 strb $t2,[$rounds,#13]
972 strb $t3,[$rounds,#14]
973 strb $s3,[$rounds,#15]
976 ldmia sp!,{r4-r12,pc}
978 ldmia sp!,{r4-r12,lr}
980 moveq pc,lr @ be binary compatible with V4, yet
981 bx lr @ interoperable with Thumb ISA:-)
983 .size AES_decrypt,.-AES_decrypt
985 .type _armv4_AES_decrypt,%function
988 str lr,[sp,#-4]! @ push lr
989 ldmia $key!,{$t1-$i1}
991 ldr $rounds,[$key,#240-16]
995 sub $rounds,$rounds,#1
998 and $i1,lr,$s0,lsr#16
1003 ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16]
1005 ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8]
1006 and $i2,lr,$s1,lsr#16
1007 ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0]
1008 and $i3,lr,$s1,lsr#8
1009 ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24]
1012 ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0]
1013 ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16]
1014 ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8]
1015 eor $s0,$s0,$i1,ror#24
1016 ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24]
1017 and $i1,lr,$s2,lsr#8 @ i0
1018 eor $t2,$i2,$t2,ror#8
1020 eor $t3,$i3,$t3,ror#8
1021 and $i3,lr,$s2,lsr#16
1022 ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8]
1023 eor $s1,$s1,$t1,ror#8
1024 ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0]
1027 ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16]
1028 eor $s0,$s0,$i1,ror#16
1029 ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24]
1030 and $i1,lr,$s3,lsr#16 @ i0
1031 eor $s1,$s1,$i2,ror#24
1032 and $i2,lr,$s3,lsr#8 @ i1
1033 eor $t3,$i3,$t3,ror#8
1035 ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16]
1036 eor $s2,$s2,$t2,ror#8
1037 ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8]
1040 ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0]
1041 eor $s0,$s0,$i1,ror#8
1043 eor $s1,$s1,$i2,ror#16
1044 ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24]
1045 eor $s2,$s2,$i3,ror#24
1050 eor $s3,$s3,$t3,ror#8
1052 and $i1,lr,$s0,lsr#16
1054 and $i2,lr,$s0,lsr#8
1060 subs $rounds,$rounds,#1
1065 ldr $t2,[$tbl,#0] @ prefetch Td4
1074 ldrb $s0,[$tbl,$s0] @ Td4[s0>>24]
1075 ldrb $t1,[$tbl,$i1] @ Td4[s0>>16]
1077 ldrb $t2,[$tbl,$i2] @ Td4[s0>>8]
1078 and $i2,lr,$s1,lsr#16
1079 ldrb $t3,[$tbl,$i3] @ Td4[s0>>0]
1080 and $i3,lr,$s1,lsr#8
1082 ldrb $i1,[$tbl,$i1] @ Td4[s1>>0]
1083 ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24]
1084 ldrb $i2,[$tbl,$i2] @ Td4[s1>>16]
1085 eor $s0,$i1,$s0,lsl#24
1086 ldrb $i3,[$tbl,$i3] @ Td4[s1>>8]
1087 eor $s1,$t1,$s1,lsl#8
1088 and $i1,lr,$s2,lsr#8 @ i0
1089 eor $t2,$t2,$i2,lsl#8
1091 ldrb $i1,[$tbl,$i1] @ Td4[s2>>8]
1092 eor $t3,$t3,$i3,lsl#8
1093 ldrb $i2,[$tbl,$i2] @ Td4[s2>>0]
1094 and $i3,lr,$s2,lsr#16
1096 ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24]
1097 eor $s0,$s0,$i1,lsl#8
1098 ldrb $i3,[$tbl,$i3] @ Td4[s2>>16]
1099 eor $s1,$i2,$s1,lsl#16
1100 and $i1,lr,$s3,lsr#16 @ i0
1101 eor $s2,$t2,$s2,lsl#16
1102 and $i2,lr,$s3,lsr#8 @ i1
1103 ldrb $i1,[$tbl,$i1] @ Td4[s3>>16]
1104 eor $t3,$t3,$i3,lsl#16
1105 ldrb $i2,[$tbl,$i2] @ Td4[s3>>8]
1108 ldrb $i3,[$tbl,$i3] @ Td4[s3>>0]
1109 ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24]
1110 eor $s0,$s0,$i1,lsl#16
1112 eor $s1,$s1,$i2,lsl#8
1114 eor $s2,$i3,$s2,lsl#8
1116 eor $s3,$t3,$s3,lsl#24
1125 ldr pc,[sp],#4 @ pop and return
1126 .size _armv4_AES_decrypt,.-_armv4_AES_decrypt
1127 .asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
1131 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4
1133 close STDOUT; # enforce flush