2 # Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
13 # This module may be used under the terms of either the GNU General
14 # Public License version 2 or later, the GNU Lesser General Public
15 # License version 2.1 or later, the Mozilla Public License version
16 # 1.1 or the BSD License. The exact terms of either license are
17 # distributed along with this module. For further details see
18 # http://www.openssl.org/~appro/camellia/.
19 # ====================================================================
21 # Performance in cycles per processed byte (less is better) in
22 # 'openssl speed ...' benchmark:
25 # -evp camellia-128-ecb 16.7 21.0 22.7
26 # + over gcc 3.4.6 +25% +5% 0%
28 # camellia-128-cbc 15.7 20.4 21.1
30 # 128-bit key setup 128 216 205 cycles/key
31 # + over gcc 3.4.6 +54% +39% +15%
33 # Numbers in "+" rows represent performance improvement over compiler
34 # generated code. Key setup timings are impressive on AMD and Core2
35 # thanks to 64-bit operations being covertly deployed. Improvement on
36 # EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it
37 # apparently emulates some of 64-bit operations in [32-bit] microcode.
39 # $output is the last argument if it looks like a file (it has an extension)
40 # $flavour is the first argument if it doesn't look like a file
41 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
42 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
44 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
46 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
47 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
48 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
49 die "can't locate x86_64-xlate.pl";
51 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
52 or die "can't call $xlate: $!";
55 sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
56 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
57 $r =~ s/%[er]([sd]i)/%\1l/;
58 $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
60 $t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx";
61 @S=("%r8d","%r9d","%r10d","%r11d");
64 $Tbl="%rbp"; # size optimization
69 $arg0d=$win64?"%ecx":"%edi";
71 # const unsigned int Camellia_SBOX[4][256];
72 # Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
73 # and [2][] - with [3][]. This is done to minimize code size.
74 $SBOX1_1110=0; # Camellia_SBOX[0]
75 $SBOX4_4404=4; # Camellia_SBOX[1]
76 $SBOX2_0222=2048; # Camellia_SBOX[2]
77 $SBOX3_3033=2052; # Camellia_SBOX[3]
79 sub Camellia_Feistel {
81 my $seed=defined(@_[1])?@_[1]:0;
82 my $scale=$seed<0?-8:8;
84 my ($s0,$s1,$s2,$s3)=(@S[($j)%4],@S[($j+1)%4],@S[($j+2)%4],@S[($j+3)%4]);
87 xor $s0,$t0 # t0^=key[0]
88 xor $s1,$t1 # t1^=key[1]
89 movz `&hi("$t0")`,$i0 # (t0>>8)&0xff
90 movz `&lo("$t1")`,$i1 # (t1>>0)&0xff
91 mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0]
92 mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1]
93 movz `&lo("$t0")`,$i0 # (t0>>0)&0xff
95 movz `&hi("$t1")`,$i1 # (t1>>8)&0xff
96 xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0]
98 xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1]
99 movz `&hi("$t0")`,$i0 # (t0>>24)&0xff
100 movz `&lo("$t1")`,$i1 # (t1>>16)&0xff
101 xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0]
102 xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1]
103 movz `&lo("$t0")`,$i0 # (t0>>16)&0xff
104 movz `&hi("$t1")`,$i1 # (t1>>24)&0xff
105 xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0]
106 xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1]
107 mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1]
108 mov `$seed+($i+1)*$scale+4`($key),$t0
110 ror \$8,$t3 # t3=RightRotate(t3,8)
117 # void Camellia_EncryptBlock_Rounds(
119 # const Byte plaintext[],
120 # const KEY_TABLE_TYPE keyTable,
126 .globl Camellia_EncryptBlock
127 .type Camellia_EncryptBlock,\@abi-omnipotent
129 Camellia_EncryptBlock:
134 adcl \$0,$arg0d # keyBitLength==128?3:4
137 .size Camellia_EncryptBlock,.-Camellia_EncryptBlock
139 .globl Camellia_EncryptBlock_Rounds
140 .type Camellia_EncryptBlock_Rounds,\@function,4
143 Camellia_EncryptBlock_Rounds:
157 #mov %rsi,$inp # put away arguments
161 shl \$6,%edi # process grandRounds
162 lea .LCamellia_SBOX(%rip),$Tbl
163 lea ($key,%rdi),$keyend
165 mov 0(%rsi),@S[0] # load plaintext
174 call _x86_64_Camellia_encrypt
196 .cfi_adjust_cfa_offset -40
200 .size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
202 .type _x86_64_Camellia_encrypt,\@abi-omnipotent
204 _x86_64_Camellia_encrypt:
207 xor 4($key),@S[0] # ^=key[0-3]
212 mov 16($key),$t1 # prefetch key[4-5]
216 for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); }
220 mov 8($key),$t3 # prefetch key[2-3]
227 xor $t3,@S[2] # s2^=s3|key[3];
228 xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
232 xor $t1,@S[0] # s0^=s1|key[1];
233 xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
238 xor @S[2],$t0 # SwapHalf
248 .byte 0xf3,0xc3 # rep ret
250 .size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
253 .globl Camellia_DecryptBlock
254 .type Camellia_DecryptBlock,\@abi-omnipotent
256 Camellia_DecryptBlock:
261 adcl \$0,$arg0d # keyBitLength==128?3:4
264 .size Camellia_DecryptBlock,.-Camellia_DecryptBlock
266 .globl Camellia_DecryptBlock_Rounds
267 .type Camellia_DecryptBlock_Rounds,\@function,4
270 Camellia_DecryptBlock_Rounds:
284 #mov %rsi,$inp # put away arguments
288 shl \$6,%edi # process grandRounds
289 lea .LCamellia_SBOX(%rip),$Tbl
290 lea ($keyend,%rdi),$key
292 mov 0(%rsi),@S[0] # load plaintext
301 call _x86_64_Camellia_decrypt
323 .cfi_adjust_cfa_offset -40
327 .size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
329 .type _x86_64_Camellia_decrypt,\@abi-omnipotent
331 _x86_64_Camellia_decrypt:
334 xor 4($key),@S[0] # ^=key[0-3]
339 mov -8($key),$t1 # prefetch key[4-5]
343 for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); }
347 mov 0($key),$t3 # prefetch key[2-3]
354 xor $t3,@S[2] # s2^=s3|key[3];
355 xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
359 xor $t1,@S[0] # s0^=s1|key[1];
360 xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
371 mov $t2,@S[0] # SwapHalf
376 .byte 0xf3,0xc3 # rep ret
378 .size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
382 my ($rnd,$key,@T)=@_;
383 my $bias=int(@T[0])?shift(@T):0;
387 mov @T[1],`$bias+$rnd*8+0`($key)
388 mov @T[0],`$bias+$rnd*8+4`($key)
389 mov @T[3],`$bias+$rnd*8+8`($key)
390 mov @T[2],`$bias+$rnd*8+12`($key)
393 $code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n";
394 $code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1);
399 my ($rnd,$key,@T)=@_;
400 my $bias=int(@T[0])?shift(@T):0;
402 $code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n";
403 $code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1);
406 # shld is very slow on Intel EM64T family. Even on AMD it limits
407 # instruction decode rate [because it's VectorPath] and consequently
410 my ($i0,$i1,$rot)=@_;
421 # ... Implementing 128-bit rotate without shld gives 80% better
422 # performance EM64T, +15% on AMD64 and only ~7% degradation on
423 # Core2. This is therefore preferred.
425 my ($i0,$i1,$rot)=@_;
444 .globl Camellia_Ekeygen
445 .type Camellia_Ekeygen,\@function,3
461 mov %edi,${keyend}d # put away arguments, keyBitLength
462 mov %rdx,$out # keyTable
464 mov 0(%rsi),@S[0] # load 0-127 bits
474 &_saveround (0,$out,@S); # KL<<<0
476 cmp \$128,$keyend # check keyBitLength
479 mov 16(%rsi),@S[0] # load 128-191 bits
483 mov 24(%rsi),@S[2] # load 192-255 bits
497 &_saveround (4,$out,@S); # temp storage for KR!
499 xor 0($out),@S[1] # KR^KL
505 lea .LCamellia_SIGMA(%rip),$key
506 lea .LCamellia_SBOX(%rip),$Tbl
511 &Camellia_Feistel($step++);
512 &Camellia_Feistel($step++);
514 xor 0($out),@S[1] # ^KL
519 &Camellia_Feistel($step++);
520 &Camellia_Feistel($step++);
525 lea 128($out),$out # size optimization
526 shl \$32,%r8 # @S[0]||
527 shl \$32,%r10 # @S[2]||
529 or %r11,%r10 # ||@S[3]
531 &_loadround (0,$out,-128,"%rax","%rbx"); # KL
532 &_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0
533 &_rotl128 ("%rax","%rbx",15);
534 &_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15
535 &_rotl128 ("%r8","%r10",15);
536 &_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15
537 &_rotl128 ("%r8","%r10",15); # 15+15=30
538 &_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30
539 &_rotl128 ("%rax","%rbx",30); # 15+30=45
540 &_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45
541 &_rotl128 ("%r8","%r10",15); # 30+15=45
542 &_saveround (12,$out,-128,"%r8"); # KA<<<45
543 &_rotl128 ("%rax","%rbx",15); # 45+15=60
544 &_saveround (13,$out,-128,"%rbx"); # KL<<<60
545 &_rotl128 ("%r8","%r10",15); # 45+15=60
546 &_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60
547 &_rotl128 ("%rax","%rbx",17); # 60+17=77
548 &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77
549 &_rotl128 ("%rax","%rbx",17); # 77+17=94
550 &_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94
551 &_rotl128 ("%r8","%r10",34); # 60+34=94
552 &_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94
553 &_rotl128 ("%rax","%rbx",17); # 94+17=111
554 &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111
555 &_rotl128 ("%r8","%r10",17); # 94+17=111
556 &_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111
563 &_saveround (6,$out,@S); # temp storage for KA!
565 xor `4*8+0`($out),@S[1] # KA^KR
566 xor `4*8+4`($out),@S[0]
567 xor `5*8+0`($out),@S[3]
568 xor `5*8+4`($out),@S[2]
570 &Camellia_Feistel($step++);
571 &Camellia_Feistel($step++);
573 &_loadround (0,$out,"%rax","%rbx"); # KL
574 &_loadround (4,$out,"%rcx","%rdx"); # KR
575 &_loadround (6,$out,"%r14","%r15"); # KA
577 lea 128($out),$out # size optimization
578 shl \$32,%r8 # @S[0]||
579 shl \$32,%r10 # @S[2]||
581 or %r11,%r10 # ||@S[3]
583 &_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0
584 &_rotl128 ("%rcx","%rdx",15);
585 &_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15
586 &_rotl128 ("%r14","%r15",15);
587 &_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15
588 &_rotl128 ("%rcx","%rdx",15); # 15+15=30
589 &_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30
590 &_rotl128 ("%r8","%r10",30);
591 &_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30
592 &_rotl128 ("%rax","%rbx",45);
593 &_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45
594 &_rotl128 ("%r14","%r15",30); # 15+30=45
595 &_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45
596 &_rotl128 ("%rax","%rbx",15); # 45+15=60
597 &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60
598 &_rotl128 ("%rcx","%rdx",30); # 30+30=60
599 &_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60
600 &_rotl128 ("%r8","%r10",30); # 30+30=60
601 &_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60
602 &_rotl128 ("%rax","%rbx",17); # 60+17=77
603 &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77
604 &_rotl128 ("%r14","%r15",32); # 45+32=77
605 &_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77
606 &_rotl128 ("%rcx","%rdx",34); # 60+34=94
607 &_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94
608 &_rotl128 ("%r14","%r15",17); # 77+17=94
609 &_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77
610 &_rotl128 ("%rax","%rbx",34); # 77+34=111
611 &_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111
612 &_rotl128 ("%r8","%r10",51); # 60+51=111
613 &_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111
628 .cfi_adjust_cfa_offset -40
632 .size Camellia_Ekeygen,.-Camellia_Ekeygen
637 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
638 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
639 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
640 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
641 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
642 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
643 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
644 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
645 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
646 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
647 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
648 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
649 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
650 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
651 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
652 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
654 sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }
655 sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }
656 sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }
657 sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
662 .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
663 .long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
664 .long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
668 # tables are interleaved, remember?
669 sub data_word { $code.=".long\t".join(',',@_)."\n"; }
670 for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
671 for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
673 # void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
674 # size_t length, const CAMELLIA_KEY *key,
675 # unsigned char *ivp,const int enc);
678 $_end="8(%rsp)"; # inp+len&~15
679 $_res="16(%rsp)"; # len&15
685 .globl Camellia_cbc_encrypt
686 .type Camellia_cbc_encrypt,\@function,6
688 Camellia_cbc_encrypt:
708 .cfi_def_cfa_register %rbp
712 # place stack frame just "above mod 1024" the key schedule,
713 # this ensures that cache associativity suffices
714 lea -64-63(%rcx),%r10
719 #add \$8,%rsp # 8 is reserved for callee's ra
721 mov %rdi,$inp # inp argument
722 mov %rsi,$out # out argument
723 mov %r8,%rbx # ivp argument
724 mov %rcx,$key # key argument
725 mov 272(%rcx),${keyend}d # grandRounds
729 .cfi_cfa_expression $_rsp,deref,+56
732 lea .LCamellia_SBOX(%rip),$Tbl
742 loop .Lcbc_prefetch_sbox
745 mov %rdx,%rcx # len argument
746 lea ($key,$keyend),$keyend
748 cmp \$0,%r9d # enc argument
752 and \$15,%rcx # length residue
759 mov 0(%rbx),@S[0] # load IV
777 call _x86_64_Camellia_encrypt
779 mov $_key,$key # "rewind" the key
799 mov @S[0],0($out) # write out IV residue
817 .long 0x9066A4F3 # rep movsb
824 jmp .Lcbc_eloop # one more time
830 and \$15,%rcx # length residue
837 mov (%rbx),%rax # load IV
848 mov %rax,0+$ivec # save IV to temporary storage
853 call _x86_64_Camellia_decrypt
855 mov $_key,$key # "rewind" the key
860 mov ($inp),%rax # load IV for next iteration
892 mov %rax,(%rdx) # write out IV residue
907 .long 0x9066A4F3 # rep movsb
911 mov %rax,(%rdx) # write out IV residue
936 .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
938 .asciz "Camellia for x86_64 by <appro\@openssl.org>"
942 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
943 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
951 .extern __imp_RtlVirtualUnwind
952 .type common_se_handler,\@abi-omnipotent
966 mov 120($context),%rax # pull context->Rax
967 mov 248($context),%rbx # pull context->Rip
969 mov 8($disp),%rsi # disp->ImageBase
970 mov 56($disp),%r11 # disp->HandlerData
972 mov 0(%r11),%r10d # HandlerData[0]
973 lea (%rsi,%r10),%r10 # prologue label
974 cmp %r10,%rbx # context->Rip<prologue label
977 mov 152($context),%rax # pull context->Rsp
979 mov 4(%r11),%r10d # HandlerData[1]
980 lea (%rsi,%r10),%r10 # epilogue label
981 cmp %r10,%rbx # context->Rip>=epilogue label
990 mov %rbx,144($context) # restore context->Rbx
991 mov %rbp,160($context) # restore context->Rbp
992 mov %r13,224($context) # restore context->R13
993 mov %r14,232($context) # restore context->R14
994 mov %r15,240($context) # restore context->R15
999 mov %rax,152($context) # restore context->Rsp
1000 mov %rsi,168($context) # restore context->Rsi
1001 mov %rdi,176($context) # restore context->Rdi
1003 jmp .Lcommon_seh_exit
1004 .size common_se_handler,.-common_se_handler
1006 .type cbc_se_handler,\@abi-omnipotent
1020 mov 120($context),%rax # pull context->Rax
1021 mov 248($context),%rbx # pull context->Rip
1023 lea .Lcbc_prologue(%rip),%r10
1024 cmp %r10,%rbx # context->Rip<.Lcbc_prologue
1025 jb .Lin_cbc_prologue
1027 lea .Lcbc_body(%rip),%r10
1028 cmp %r10,%rbx # context->Rip<.Lcbc_body
1029 jb .Lin_cbc_frame_setup
1031 mov 152($context),%rax # pull context->Rsp
1033 lea .Lcbc_abort(%rip),%r10
1034 cmp %r10,%rbx # context->Rip>=.Lcbc_abort
1035 jae .Lin_cbc_prologue
1037 # handle pushf/popf in Camellia_cbc_encrypt
1038 lea .Lcbc_enc_pushf(%rip),%r10
1039 cmp %r10,%rbx # context->Rip<=.Lcbc_enc_pushf
1040 jbe .Lin_cbc_no_flag
1042 lea .Lcbc_enc_popf(%rip),%r10
1043 cmp %r10,%rbx # context->Rip<.Lcbc_enc_popf
1046 lea .Lcbc_dec_pushf(%rip),%r10
1047 cmp %r10,%rbx # context->Rip<=.Lcbc_dec_pushf
1048 jbe .Lin_cbc_no_flag
1050 lea .Lcbc_dec_popf(%rip),%r10
1051 cmp %r10,%rbx # context->Rip<.Lcbc_dec_popf
1056 mov 48(%rax),%rax # $_rsp
1059 .Lin_cbc_frame_setup:
1066 mov %rbx,144($context) # restore context->Rbx
1067 mov %rbp,160($context) # restore context->Rbp
1068 mov %r12,216($context) # restore context->R12
1069 mov %r13,224($context) # restore context->R13
1070 mov %r14,232($context) # restore context->R14
1071 mov %r15,240($context) # restore context->R15
1076 mov %rax,152($context) # restore context->Rsp
1077 mov %rsi,168($context) # restore context->Rsi
1078 mov %rdi,176($context) # restore context->Rdi
1083 mov 40($disp),%rdi # disp->ContextRecord
1084 mov $context,%rsi # context
1085 mov \$`1232/8`,%ecx # sizeof(CONTEXT)
1086 .long 0xa548f3fc # cld; rep movsq
1089 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1090 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1091 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1092 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1093 mov 40(%rsi),%r10 # disp->ContextRecord
1094 lea 56(%rsi),%r11 # &disp->HandlerData
1095 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1096 mov %r10,32(%rsp) # arg5
1097 mov %r11,40(%rsp) # arg6
1098 mov %r12,48(%rsp) # arg7
1099 mov %rcx,56(%rsp) # arg8, (NULL)
1100 call *__imp_RtlVirtualUnwind(%rip)
1102 mov \$1,%eax # ExceptionContinueSearch
1114 .size cbc_se_handler,.-cbc_se_handler
1118 .rva .LSEH_begin_Camellia_EncryptBlock_Rounds
1119 .rva .LSEH_end_Camellia_EncryptBlock_Rounds
1120 .rva .LSEH_info_Camellia_EncryptBlock_Rounds
1122 .rva .LSEH_begin_Camellia_DecryptBlock_Rounds
1123 .rva .LSEH_end_Camellia_DecryptBlock_Rounds
1124 .rva .LSEH_info_Camellia_DecryptBlock_Rounds
1126 .rva .LSEH_begin_Camellia_Ekeygen
1127 .rva .LSEH_end_Camellia_Ekeygen
1128 .rva .LSEH_info_Camellia_Ekeygen
1130 .rva .LSEH_begin_Camellia_cbc_encrypt
1131 .rva .LSEH_end_Camellia_cbc_encrypt
1132 .rva .LSEH_info_Camellia_cbc_encrypt
1136 .LSEH_info_Camellia_EncryptBlock_Rounds:
1138 .rva common_se_handler
1139 .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[]
1140 .LSEH_info_Camellia_DecryptBlock_Rounds:
1142 .rva common_se_handler
1143 .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[]
1144 .LSEH_info_Camellia_Ekeygen:
1146 .rva common_se_handler
1147 .rva .Lkey_prologue,.Lkey_epilogue # HandlerData[]
1148 .LSEH_info_Camellia_cbc_encrypt:
1154 $code =~ s/\`([^\`]*)\`/eval $1/gem;
1156 close STDOUT or die "error closing STDOUT: $!";