1// This file is generated from a similarly-named Perl script in the BoringSSL
2// source tree. Do not edit by hand.
3
4#if !defined(__has_feature)
5#define __has_feature(x) 0
6#endif
7#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
8#define OPENSSL_NO_ASM
9#endif
10
11#if !defined(OPENSSL_NO_ASM)
12#if defined(BORINGSSL_PREFIX)
13#include <boringssl_prefix_symbols_asm.h>
14#endif
15@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
16@
17@ Licensed under the OpenSSL license (the "License").  You may not use
18@ this file except in compliance with the License.  You can obtain a copy
19@ in the file LICENSE in the source distribution or at
20@ https://www.openssl.org/source/license.html
21
22
23@ ====================================================================
24@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
25@ project. The module is, however, dual licensed under OpenSSL and
26@ CRYPTOGAMS licenses depending on where you obtain it. For further
27@ details see http://www.openssl.org/~appro/cryptogams/.
28@ ====================================================================
29
30@ AES for ARMv4
31
32@ January 2007.
33@
34@ Code uses single 1K S-box and is >2 times faster than code generated
35@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
36@ allows to merge logical or arithmetic operation with shift or rotate
37@ in one instruction and emit combined result every cycle. The module
38@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
39@ key [on single-issue Xscale PXA250 core].
40
41@ May 2007.
42@
43@ AES_set_[en|de]crypt_key is added.
44
45@ July 2010.
46@
47@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
48@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
49
50@ February 2011.
51@
52@ Profiler-assisted and platform-specific optimization resulted in 16%
53@ improvement on Cortex A8 core and ~21.5 cycles per byte.
54
55#ifndef __KERNEL__
56# include <openssl/arm_arch.h>
57#else
58# define __ARM_ARCH__ __LINUX_ARM_ARCH__
59#endif
60
61@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
62@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
63@ instructions are in aesv8-armx.pl.)
64
65
66.text
67#if defined(__thumb2__) && !defined(__APPLE__)
68.syntax	unified
69.thumb
70#else
71.code	32
72#undef __thumb2__
73#endif
74
75
76.align	5
77AES_Te:
78.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
79.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
80.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
81.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
82.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
83.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
84.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
85.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
86.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
87.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
88.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
89.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
90.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
91.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
92.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
93.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
94.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
95.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
96.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
97.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
98.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
99.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
100.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
101.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
102.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
103.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
104.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
105.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
106.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
107.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
108.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
109.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
110.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
111.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
112.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
113.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
114.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
115.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
116.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
117.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
118.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
119.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
120.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
121.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
122.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
123.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
124.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
125.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
126.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
127.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
128.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
129.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
130.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
131.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
132.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
133.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
134.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
135.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
136.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
137.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
138.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
139.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
140.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
141.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
142@ Te4[256]
143.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
144.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
145.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
146.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
147.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
148.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
149.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
150.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
151.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
152.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
153.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
154.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
155.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
156.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
157.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
158.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
159.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
160.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
161.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
162.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
163.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
164.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
165.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
166.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
167.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
168.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
169.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
170.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
171.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
172.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
173.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
174.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
175@ rcon[]
176.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
177.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
178.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
179
180
181@ void aes_nohw_encrypt(const unsigned char *in, unsigned char *out,
182@ 		                  const AES_KEY *key) {
183.globl	_aes_nohw_encrypt
184.private_extern	_aes_nohw_encrypt
185#ifdef __thumb2__
186.thumb_func	_aes_nohw_encrypt
187#endif
188.align	5
189_aes_nohw_encrypt:
190#ifndef	__thumb2__
191	sub	r3,pc,#8		@ _aes_nohw_encrypt
192#else
193	adr	r3,.
194#endif
195	stmdb	sp!,{r1,r4-r12,lr}
196#if defined(__thumb2__) || defined(__APPLE__)
197	adr	r10,AES_Te
198#else
199	sub	r10,r3,#_aes_nohw_encrypt-AES_Te	@ Te
200#endif
201	mov	r12,r0		@ inp
202	mov	r11,r2
203#if __ARM_ARCH__<7
204	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
205	ldrb	r4,[r12,#2]	@ manner...
206	ldrb	r5,[r12,#1]
207	ldrb	r6,[r12,#0]
208	orr	r0,r0,r4,lsl#8
209	ldrb	r1,[r12,#7]
210	orr	r0,r0,r5,lsl#16
211	ldrb	r4,[r12,#6]
212	orr	r0,r0,r6,lsl#24
213	ldrb	r5,[r12,#5]
214	ldrb	r6,[r12,#4]
215	orr	r1,r1,r4,lsl#8
216	ldrb	r2,[r12,#11]
217	orr	r1,r1,r5,lsl#16
218	ldrb	r4,[r12,#10]
219	orr	r1,r1,r6,lsl#24
220	ldrb	r5,[r12,#9]
221	ldrb	r6,[r12,#8]
222	orr	r2,r2,r4,lsl#8
223	ldrb	r3,[r12,#15]
224	orr	r2,r2,r5,lsl#16
225	ldrb	r4,[r12,#14]
226	orr	r2,r2,r6,lsl#24
227	ldrb	r5,[r12,#13]
228	ldrb	r6,[r12,#12]
229	orr	r3,r3,r4,lsl#8
230	orr	r3,r3,r5,lsl#16
231	orr	r3,r3,r6,lsl#24
232#else
233	ldr	r0,[r12,#0]
234	ldr	r1,[r12,#4]
235	ldr	r2,[r12,#8]
236	ldr	r3,[r12,#12]
237#ifdef __ARMEL__
238	rev	r0,r0
239	rev	r1,r1
240	rev	r2,r2
241	rev	r3,r3
242#endif
243#endif
244	bl	_armv4_AES_encrypt
245
246	ldr	r12,[sp],#4		@ pop out
247#if __ARM_ARCH__>=7
248#ifdef __ARMEL__
249	rev	r0,r0
250	rev	r1,r1
251	rev	r2,r2
252	rev	r3,r3
253#endif
254	str	r0,[r12,#0]
255	str	r1,[r12,#4]
256	str	r2,[r12,#8]
257	str	r3,[r12,#12]
258#else
259	mov	r4,r0,lsr#24		@ write output in endian-neutral
260	mov	r5,r0,lsr#16		@ manner...
261	mov	r6,r0,lsr#8
262	strb	r4,[r12,#0]
263	strb	r5,[r12,#1]
264	mov	r4,r1,lsr#24
265	strb	r6,[r12,#2]
266	mov	r5,r1,lsr#16
267	strb	r0,[r12,#3]
268	mov	r6,r1,lsr#8
269	strb	r4,[r12,#4]
270	strb	r5,[r12,#5]
271	mov	r4,r2,lsr#24
272	strb	r6,[r12,#6]
273	mov	r5,r2,lsr#16
274	strb	r1,[r12,#7]
275	mov	r6,r2,lsr#8
276	strb	r4,[r12,#8]
277	strb	r5,[r12,#9]
278	mov	r4,r3,lsr#24
279	strb	r6,[r12,#10]
280	mov	r5,r3,lsr#16
281	strb	r2,[r12,#11]
282	mov	r6,r3,lsr#8
283	strb	r4,[r12,#12]
284	strb	r5,[r12,#13]
285	strb	r6,[r12,#14]
286	strb	r3,[r12,#15]
287#endif
288#if __ARM_ARCH__>=5
289	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
290#else
291	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
292	tst	lr,#1
293	moveq	pc,lr			@ be binary compatible with V4, yet
294.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
295#endif
296
297
298#ifdef __thumb2__
299.thumb_func	_armv4_AES_encrypt
300#endif
301.align	2
302_armv4_AES_encrypt:
303	str	lr,[sp,#-4]!		@ push lr
304	ldmia	r11!,{r4,r5,r6,r7}
305	eor	r0,r0,r4
306	ldr	r12,[r11,#240-16]
307	eor	r1,r1,r5
308	eor	r2,r2,r6
309	eor	r3,r3,r7
310	sub	r12,r12,#1
311	mov	lr,#255
312
313	and	r7,lr,r0
314	and	r8,lr,r0,lsr#8
315	and	r9,lr,r0,lsr#16
316	mov	r0,r0,lsr#24
317Lenc_loop:
318	ldr	r4,[r10,r7,lsl#2]	@ Te3[s0>>0]
319	and	r7,lr,r1,lsr#16	@ i0
320	ldr	r5,[r10,r8,lsl#2]	@ Te2[s0>>8]
321	and	r8,lr,r1
322	ldr	r6,[r10,r9,lsl#2]	@ Te1[s0>>16]
323	and	r9,lr,r1,lsr#8
324	ldr	r0,[r10,r0,lsl#2]	@ Te0[s0>>24]
325	mov	r1,r1,lsr#24
326
327	ldr	r7,[r10,r7,lsl#2]	@ Te1[s1>>16]
328	ldr	r8,[r10,r8,lsl#2]	@ Te3[s1>>0]
329	ldr	r9,[r10,r9,lsl#2]	@ Te2[s1>>8]
330	eor	r0,r0,r7,ror#8
331	ldr	r1,[r10,r1,lsl#2]	@ Te0[s1>>24]
332	and	r7,lr,r2,lsr#8	@ i0
333	eor	r5,r5,r8,ror#8
334	and	r8,lr,r2,lsr#16	@ i1
335	eor	r6,r6,r9,ror#8
336	and	r9,lr,r2
337	ldr	r7,[r10,r7,lsl#2]	@ Te2[s2>>8]
338	eor	r1,r1,r4,ror#24
339	ldr	r8,[r10,r8,lsl#2]	@ Te1[s2>>16]
340	mov	r2,r2,lsr#24
341
342	ldr	r9,[r10,r9,lsl#2]	@ Te3[s2>>0]
343	eor	r0,r0,r7,ror#16
344	ldr	r2,[r10,r2,lsl#2]	@ Te0[s2>>24]
345	and	r7,lr,r3		@ i0
346	eor	r1,r1,r8,ror#8
347	and	r8,lr,r3,lsr#8	@ i1
348	eor	r6,r6,r9,ror#16
349	and	r9,lr,r3,lsr#16	@ i2
350	ldr	r7,[r10,r7,lsl#2]	@ Te3[s3>>0]
351	eor	r2,r2,r5,ror#16
352	ldr	r8,[r10,r8,lsl#2]	@ Te2[s3>>8]
353	mov	r3,r3,lsr#24
354
355	ldr	r9,[r10,r9,lsl#2]	@ Te1[s3>>16]
356	eor	r0,r0,r7,ror#24
357	ldr	r7,[r11],#16
358	eor	r1,r1,r8,ror#16
359	ldr	r3,[r10,r3,lsl#2]	@ Te0[s3>>24]
360	eor	r2,r2,r9,ror#8
361	ldr	r4,[r11,#-12]
362	eor	r3,r3,r6,ror#8
363
364	ldr	r5,[r11,#-8]
365	eor	r0,r0,r7
366	ldr	r6,[r11,#-4]
367	and	r7,lr,r0
368	eor	r1,r1,r4
369	and	r8,lr,r0,lsr#8
370	eor	r2,r2,r5
371	and	r9,lr,r0,lsr#16
372	eor	r3,r3,r6
373	mov	r0,r0,lsr#24
374
375	subs	r12,r12,#1
376	bne	Lenc_loop
377
378	add	r10,r10,#2
379
380	ldrb	r4,[r10,r7,lsl#2]	@ Te4[s0>>0]
381	and	r7,lr,r1,lsr#16	@ i0
382	ldrb	r5,[r10,r8,lsl#2]	@ Te4[s0>>8]
383	and	r8,lr,r1
384	ldrb	r6,[r10,r9,lsl#2]	@ Te4[s0>>16]
385	and	r9,lr,r1,lsr#8
386	ldrb	r0,[r10,r0,lsl#2]	@ Te4[s0>>24]
387	mov	r1,r1,lsr#24
388
389	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s1>>16]
390	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s1>>0]
391	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s1>>8]
392	eor	r0,r7,r0,lsl#8
393	ldrb	r1,[r10,r1,lsl#2]	@ Te4[s1>>24]
394	and	r7,lr,r2,lsr#8	@ i0
395	eor	r5,r8,r5,lsl#8
396	and	r8,lr,r2,lsr#16	@ i1
397	eor	r6,r9,r6,lsl#8
398	and	r9,lr,r2
399	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s2>>8]
400	eor	r1,r4,r1,lsl#24
401	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s2>>16]
402	mov	r2,r2,lsr#24
403
404	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s2>>0]
405	eor	r0,r7,r0,lsl#8
406	ldrb	r2,[r10,r2,lsl#2]	@ Te4[s2>>24]
407	and	r7,lr,r3		@ i0
408	eor	r1,r1,r8,lsl#16
409	and	r8,lr,r3,lsr#8	@ i1
410	eor	r6,r9,r6,lsl#8
411	and	r9,lr,r3,lsr#16	@ i2
412	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s3>>0]
413	eor	r2,r5,r2,lsl#24
414	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s3>>8]
415	mov	r3,r3,lsr#24
416
417	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s3>>16]
418	eor	r0,r7,r0,lsl#8
419	ldr	r7,[r11,#0]
420	ldrb	r3,[r10,r3,lsl#2]	@ Te4[s3>>24]
421	eor	r1,r1,r8,lsl#8
422	ldr	r4,[r11,#4]
423	eor	r2,r2,r9,lsl#16
424	ldr	r5,[r11,#8]
425	eor	r3,r6,r3,lsl#24
426	ldr	r6,[r11,#12]
427
428	eor	r0,r0,r7
429	eor	r1,r1,r4
430	eor	r2,r2,r5
431	eor	r3,r3,r6
432
433	sub	r10,r10,#2
434	ldr	pc,[sp],#4		@ pop and return
435
436
437.globl	_aes_nohw_set_encrypt_key
438.private_extern	_aes_nohw_set_encrypt_key
439#ifdef __thumb2__
440.thumb_func	_aes_nohw_set_encrypt_key
441#endif
442.align	5
443_aes_nohw_set_encrypt_key:
444_armv4_AES_set_encrypt_key:
445#ifndef	__thumb2__
446	sub	r3,pc,#8		@ _aes_nohw_set_encrypt_key
447#else
448	adr	r3,.
449#endif
450	teq	r0,#0
451#ifdef	__thumb2__
452	itt	eq			@ Thumb2 thing, sanity check in ARM
453#endif
454	moveq	r0,#-1
455	beq	Labrt
456	teq	r2,#0
457#ifdef	__thumb2__
458	itt	eq			@ Thumb2 thing, sanity check in ARM
459#endif
460	moveq	r0,#-1
461	beq	Labrt
462
463	teq	r1,#128
464	beq	Lok
465	teq	r1,#192
466	beq	Lok
467	teq	r1,#256
468#ifdef	__thumb2__
469	itt	ne			@ Thumb2 thing, sanity check in ARM
470#endif
471	movne	r0,#-1
472	bne	Labrt
473
474Lok:	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
475	mov	r12,r0		@ inp
476	mov	lr,r1			@ bits
477	mov	r11,r2			@ key
478
479#if defined(__thumb2__) || defined(__APPLE__)
480	adr	r10,AES_Te+1024				@ Te4
481#else
482	sub	r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
483#endif
484
485#if __ARM_ARCH__<7
486	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
487	ldrb	r4,[r12,#2]	@ manner...
488	ldrb	r5,[r12,#1]
489	ldrb	r6,[r12,#0]
490	orr	r0,r0,r4,lsl#8
491	ldrb	r1,[r12,#7]
492	orr	r0,r0,r5,lsl#16
493	ldrb	r4,[r12,#6]
494	orr	r0,r0,r6,lsl#24
495	ldrb	r5,[r12,#5]
496	ldrb	r6,[r12,#4]
497	orr	r1,r1,r4,lsl#8
498	ldrb	r2,[r12,#11]
499	orr	r1,r1,r5,lsl#16
500	ldrb	r4,[r12,#10]
501	orr	r1,r1,r6,lsl#24
502	ldrb	r5,[r12,#9]
503	ldrb	r6,[r12,#8]
504	orr	r2,r2,r4,lsl#8
505	ldrb	r3,[r12,#15]
506	orr	r2,r2,r5,lsl#16
507	ldrb	r4,[r12,#14]
508	orr	r2,r2,r6,lsl#24
509	ldrb	r5,[r12,#13]
510	ldrb	r6,[r12,#12]
511	orr	r3,r3,r4,lsl#8
512	str	r0,[r11],#16
513	orr	r3,r3,r5,lsl#16
514	str	r1,[r11,#-12]
515	orr	r3,r3,r6,lsl#24
516	str	r2,[r11,#-8]
517	str	r3,[r11,#-4]
518#else
519	ldr	r0,[r12,#0]
520	ldr	r1,[r12,#4]
521	ldr	r2,[r12,#8]
522	ldr	r3,[r12,#12]
523#ifdef __ARMEL__
524	rev	r0,r0
525	rev	r1,r1
526	rev	r2,r2
527	rev	r3,r3
528#endif
529	str	r0,[r11],#16
530	str	r1,[r11,#-12]
531	str	r2,[r11,#-8]
532	str	r3,[r11,#-4]
533#endif
534
535	teq	lr,#128
536	bne	Lnot128
537	mov	r12,#10
538	str	r12,[r11,#240-16]
539	add	r6,r10,#256			@ rcon
540	mov	lr,#255
541
542L128_loop:
543	and	r5,lr,r3,lsr#24
544	and	r7,lr,r3,lsr#16
545	ldrb	r5,[r10,r5]
546	and	r8,lr,r3,lsr#8
547	ldrb	r7,[r10,r7]
548	and	r9,lr,r3
549	ldrb	r8,[r10,r8]
550	orr	r5,r5,r7,lsl#24
551	ldrb	r9,[r10,r9]
552	orr	r5,r5,r8,lsl#16
553	ldr	r4,[r6],#4			@ rcon[i++]
554	orr	r5,r5,r9,lsl#8
555	eor	r5,r5,r4
556	eor	r0,r0,r5			@ rk[4]=rk[0]^...
557	eor	r1,r1,r0			@ rk[5]=rk[1]^rk[4]
558	str	r0,[r11],#16
559	eor	r2,r2,r1			@ rk[6]=rk[2]^rk[5]
560	str	r1,[r11,#-12]
561	eor	r3,r3,r2			@ rk[7]=rk[3]^rk[6]
562	str	r2,[r11,#-8]
563	subs	r12,r12,#1
564	str	r3,[r11,#-4]
565	bne	L128_loop
566	sub	r2,r11,#176
567	b	Ldone
568
569Lnot128:
570#if __ARM_ARCH__<7
571	ldrb	r8,[r12,#19]
572	ldrb	r4,[r12,#18]
573	ldrb	r5,[r12,#17]
574	ldrb	r6,[r12,#16]
575	orr	r8,r8,r4,lsl#8
576	ldrb	r9,[r12,#23]
577	orr	r8,r8,r5,lsl#16
578	ldrb	r4,[r12,#22]
579	orr	r8,r8,r6,lsl#24
580	ldrb	r5,[r12,#21]
581	ldrb	r6,[r12,#20]
582	orr	r9,r9,r4,lsl#8
583	orr	r9,r9,r5,lsl#16
584	str	r8,[r11],#8
585	orr	r9,r9,r6,lsl#24
586	str	r9,[r11,#-4]
587#else
588	ldr	r8,[r12,#16]
589	ldr	r9,[r12,#20]
590#ifdef __ARMEL__
591	rev	r8,r8
592	rev	r9,r9
593#endif
594	str	r8,[r11],#8
595	str	r9,[r11,#-4]
596#endif
597
598	teq	lr,#192
599	bne	Lnot192
600	mov	r12,#12
601	str	r12,[r11,#240-24]
602	add	r6,r10,#256			@ rcon
603	mov	lr,#255
604	mov	r12,#8
605
606L192_loop:
607	and	r5,lr,r9,lsr#24
608	and	r7,lr,r9,lsr#16
609	ldrb	r5,[r10,r5]
610	and	r8,lr,r9,lsr#8
611	ldrb	r7,[r10,r7]
612	and	r9,lr,r9
613	ldrb	r8,[r10,r8]
614	orr	r5,r5,r7,lsl#24
615	ldrb	r9,[r10,r9]
616	orr	r5,r5,r8,lsl#16
617	ldr	r4,[r6],#4			@ rcon[i++]
618	orr	r5,r5,r9,lsl#8
619	eor	r9,r5,r4
620	eor	r0,r0,r9			@ rk[6]=rk[0]^...
621	eor	r1,r1,r0			@ rk[7]=rk[1]^rk[6]
622	str	r0,[r11],#24
623	eor	r2,r2,r1			@ rk[8]=rk[2]^rk[7]
624	str	r1,[r11,#-20]
625	eor	r3,r3,r2			@ rk[9]=rk[3]^rk[8]
626	str	r2,[r11,#-16]
627	subs	r12,r12,#1
628	str	r3,[r11,#-12]
629#ifdef	__thumb2__
630	itt	eq				@ Thumb2 thing, sanity check in ARM
631#endif
632	subeq	r2,r11,#216
633	beq	Ldone
634
635	ldr	r7,[r11,#-32]
636	ldr	r8,[r11,#-28]
637	eor	r7,r7,r3			@ rk[10]=rk[4]^rk[9]
638	eor	r9,r8,r7			@ rk[11]=rk[5]^rk[10]
639	str	r7,[r11,#-8]
640	str	r9,[r11,#-4]
641	b	L192_loop
642
643Lnot192:
644#if __ARM_ARCH__<7
645	ldrb	r8,[r12,#27]
646	ldrb	r4,[r12,#26]
647	ldrb	r5,[r12,#25]
648	ldrb	r6,[r12,#24]
649	orr	r8,r8,r4,lsl#8
650	ldrb	r9,[r12,#31]
651	orr	r8,r8,r5,lsl#16
652	ldrb	r4,[r12,#30]
653	orr	r8,r8,r6,lsl#24
654	ldrb	r5,[r12,#29]
655	ldrb	r6,[r12,#28]
656	orr	r9,r9,r4,lsl#8
657	orr	r9,r9,r5,lsl#16
658	str	r8,[r11],#8
659	orr	r9,r9,r6,lsl#24
660	str	r9,[r11,#-4]
661#else
662	ldr	r8,[r12,#24]
663	ldr	r9,[r12,#28]
664#ifdef __ARMEL__
665	rev	r8,r8
666	rev	r9,r9
667#endif
668	str	r8,[r11],#8
669	str	r9,[r11,#-4]
670#endif
671
672	mov	r12,#14
673	str	r12,[r11,#240-32]
674	add	r6,r10,#256			@ rcon
675	mov	lr,#255
676	mov	r12,#7
677
678L256_loop:
679	and	r5,lr,r9,lsr#24
680	and	r7,lr,r9,lsr#16
681	ldrb	r5,[r10,r5]
682	and	r8,lr,r9,lsr#8
683	ldrb	r7,[r10,r7]
684	and	r9,lr,r9
685	ldrb	r8,[r10,r8]
686	orr	r5,r5,r7,lsl#24
687	ldrb	r9,[r10,r9]
688	orr	r5,r5,r8,lsl#16
689	ldr	r4,[r6],#4			@ rcon[i++]
690	orr	r5,r5,r9,lsl#8
691	eor	r9,r5,r4
692	eor	r0,r0,r9			@ rk[8]=rk[0]^...
693	eor	r1,r1,r0			@ rk[9]=rk[1]^rk[8]
694	str	r0,[r11],#32
695	eor	r2,r2,r1			@ rk[10]=rk[2]^rk[9]
696	str	r1,[r11,#-28]
697	eor	r3,r3,r2			@ rk[11]=rk[3]^rk[10]
698	str	r2,[r11,#-24]
699	subs	r12,r12,#1
700	str	r3,[r11,#-20]
701#ifdef	__thumb2__
702	itt	eq				@ Thumb2 thing, sanity check in ARM
703#endif
704	subeq	r2,r11,#256
705	beq	Ldone
706
707	and	r5,lr,r3
708	and	r7,lr,r3,lsr#8
709	ldrb	r5,[r10,r5]
710	and	r8,lr,r3,lsr#16
711	ldrb	r7,[r10,r7]
712	and	r9,lr,r3,lsr#24
713	ldrb	r8,[r10,r8]
714	orr	r5,r5,r7,lsl#8
715	ldrb	r9,[r10,r9]
716	orr	r5,r5,r8,lsl#16
717	ldr	r4,[r11,#-48]
718	orr	r5,r5,r9,lsl#24
719
720	ldr	r7,[r11,#-44]
721	ldr	r8,[r11,#-40]
722	eor	r4,r4,r5			@ rk[12]=rk[4]^...
723	ldr	r9,[r11,#-36]
724	eor	r7,r7,r4			@ rk[13]=rk[5]^rk[12]
725	str	r4,[r11,#-16]
726	eor	r8,r8,r7			@ rk[14]=rk[6]^rk[13]
727	str	r7,[r11,#-12]
728	eor	r9,r9,r8			@ rk[15]=rk[7]^rk[14]
729	str	r8,[r11,#-8]
730	str	r9,[r11,#-4]
731	b	L256_loop
732
733.align	2
734Ldone:	mov	r0,#0
735	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
736Labrt:
737#if __ARM_ARCH__>=5
738	bx	lr				@ .word	0xe12fff1e
739#else
740	tst	lr,#1
741	moveq	pc,lr			@ be binary compatible with V4, yet
742.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
743#endif
744
745
746.globl	_aes_nohw_set_decrypt_key
747.private_extern	_aes_nohw_set_decrypt_key
748#ifdef __thumb2__
749.thumb_func	_aes_nohw_set_decrypt_key
750#endif
751.align	5
752_aes_nohw_set_decrypt_key:
753	str	lr,[sp,#-4]!            @ push lr
754	bl	_armv4_AES_set_encrypt_key
755	teq	r0,#0
756	ldr	lr,[sp],#4              @ pop lr
757	bne	Labrt
758
759	mov	r0,r2			@ _aes_nohw_set_encrypt_key preserves r2,
760	mov	r1,r2			@ which is AES_KEY *key
761	b	_armv4_AES_set_enc2dec_key
762
763
764@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
765.globl	_AES_set_enc2dec_key
766.private_extern	_AES_set_enc2dec_key
767#ifdef __thumb2__
768.thumb_func	_AES_set_enc2dec_key
769#endif
770.align	5
771_AES_set_enc2dec_key:
772_armv4_AES_set_enc2dec_key:
773	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
774
775	ldr	r12,[r0,#240]
776	mov	r7,r0			@ input
777	add	r8,r0,r12,lsl#4
778	mov	r11,r1			@ output
779	add	r10,r1,r12,lsl#4
780	str	r12,[r1,#240]
781
782Linv:	ldr	r0,[r7],#16
783	ldr	r1,[r7,#-12]
784	ldr	r2,[r7,#-8]
785	ldr	r3,[r7,#-4]
786	ldr	r4,[r8],#-16
787	ldr	r5,[r8,#16+4]
788	ldr	r6,[r8,#16+8]
789	ldr	r9,[r8,#16+12]
790	str	r0,[r10],#-16
791	str	r1,[r10,#16+4]
792	str	r2,[r10,#16+8]
793	str	r3,[r10,#16+12]
794	str	r4,[r11],#16
795	str	r5,[r11,#-12]
796	str	r6,[r11,#-8]
797	str	r9,[r11,#-4]
798	teq	r7,r8
799	bne	Linv
800
801	ldr	r0,[r7]
802	ldr	r1,[r7,#4]
803	ldr	r2,[r7,#8]
804	ldr	r3,[r7,#12]
805	str	r0,[r11]
806	str	r1,[r11,#4]
807	str	r2,[r11,#8]
808	str	r3,[r11,#12]
809	sub	r11,r11,r12,lsl#3
810	ldr	r0,[r11,#16]!		@ prefetch tp1
811	mov	r7,#0x80
812	mov	r8,#0x1b
813	orr	r7,r7,#0x8000
814	orr	r8,r8,#0x1b00
815	orr	r7,r7,r7,lsl#16
816	orr	r8,r8,r8,lsl#16
817	sub	r12,r12,#1
818	mvn	r9,r7
819	mov	r12,r12,lsl#2	@ (rounds-1)*4
820
821Lmix:	and	r4,r0,r7
822	and	r1,r0,r9
823	sub	r4,r4,r4,lsr#7
824	and	r4,r4,r8
825	eor	r1,r4,r1,lsl#1	@ tp2
826
827	and	r4,r1,r7
828	and	r2,r1,r9
829	sub	r4,r4,r4,lsr#7
830	and	r4,r4,r8
831	eor	r2,r4,r2,lsl#1	@ tp4
832
833	and	r4,r2,r7
834	and	r3,r2,r9
835	sub	r4,r4,r4,lsr#7
836	and	r4,r4,r8
837	eor	r3,r4,r3,lsl#1	@ tp8
838
839	eor	r4,r1,r2
840	eor	r5,r0,r3		@ tp9
841	eor	r4,r4,r3		@ tpe
842	eor	r4,r4,r1,ror#24
843	eor	r4,r4,r5,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
844	eor	r4,r4,r2,ror#16
845	eor	r4,r4,r5,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
846	eor	r4,r4,r5,ror#8	@ ^= ROTATE(tp9,24)
847
848	ldr	r0,[r11,#4]		@ prefetch tp1
849	str	r4,[r11],#4
850	subs	r12,r12,#1
851	bne	Lmix
852
853	mov	r0,#0
854#if __ARM_ARCH__>=5
855	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
856#else
857	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
858	tst	lr,#1
859	moveq	pc,lr			@ be binary compatible with V4, yet
860.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
861#endif
862
863
864
865.align	5
866AES_Td:
867.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
868.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
869.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
870.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
871.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
872.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
873.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
874.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
875.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
876.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
877.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
878.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
879.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
880.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
881.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
882.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
883.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
884.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
885.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
886.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
887.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
888.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
889.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
890.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
891.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
892.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
893.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
894.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
895.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
896.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
897.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
898.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
899.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
900.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
901.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
902.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
903.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
904.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
905.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
906.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
907.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
908.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
909.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
910.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
911.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
912.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
913.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
914.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
915.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
916.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
917.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
918.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
919.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
920.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
921.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
922.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
923.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
924.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
925.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
926.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
927.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
928.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
929.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
930.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
931@ Td4[256]
932.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
933.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
934.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
935.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
936.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
937.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
938.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
939.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
940.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
941.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
942.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
943.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
944.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
945.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
946.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
947.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
948.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
949.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
950.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
951.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
952.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
953.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
954.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
955.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
956.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
957.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
958.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
959.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
960.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
961.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
962.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
963.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
964
965
966@ void aes_nohw_decrypt(const unsigned char *in, unsigned char *out,
967@ 		                  const AES_KEY *key) {
968.globl	_aes_nohw_decrypt
969.private_extern	_aes_nohw_decrypt
970#ifdef __thumb2__
971.thumb_func	_aes_nohw_decrypt
972#endif
973.align	5
974_aes_nohw_decrypt:
975#ifndef	__thumb2__
976	sub	r3,pc,#8		@ _aes_nohw_decrypt
977#else
978	adr	r3,.
979#endif
980	stmdb	sp!,{r1,r4-r12,lr}
981#if defined(__thumb2__) || defined(__APPLE__)
982	adr	r10,AES_Td
983#else
984	sub	r10,r3,#_aes_nohw_decrypt-AES_Td	@ Td
985#endif
986	mov	r12,r0		@ inp
987	mov	r11,r2
988#if __ARM_ARCH__<7
989	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
990	ldrb	r4,[r12,#2]	@ manner...
991	ldrb	r5,[r12,#1]
992	ldrb	r6,[r12,#0]
993	orr	r0,r0,r4,lsl#8
994	ldrb	r1,[r12,#7]
995	orr	r0,r0,r5,lsl#16
996	ldrb	r4,[r12,#6]
997	orr	r0,r0,r6,lsl#24
998	ldrb	r5,[r12,#5]
999	ldrb	r6,[r12,#4]
1000	orr	r1,r1,r4,lsl#8
1001	ldrb	r2,[r12,#11]
1002	orr	r1,r1,r5,lsl#16
1003	ldrb	r4,[r12,#10]
1004	orr	r1,r1,r6,lsl#24
1005	ldrb	r5,[r12,#9]
1006	ldrb	r6,[r12,#8]
1007	orr	r2,r2,r4,lsl#8
1008	ldrb	r3,[r12,#15]
1009	orr	r2,r2,r5,lsl#16
1010	ldrb	r4,[r12,#14]
1011	orr	r2,r2,r6,lsl#24
1012	ldrb	r5,[r12,#13]
1013	ldrb	r6,[r12,#12]
1014	orr	r3,r3,r4,lsl#8
1015	orr	r3,r3,r5,lsl#16
1016	orr	r3,r3,r6,lsl#24
1017#else
1018	ldr	r0,[r12,#0]
1019	ldr	r1,[r12,#4]
1020	ldr	r2,[r12,#8]
1021	ldr	r3,[r12,#12]
1022#ifdef __ARMEL__
1023	rev	r0,r0
1024	rev	r1,r1
1025	rev	r2,r2
1026	rev	r3,r3
1027#endif
1028#endif
1029	bl	_armv4_AES_decrypt
1030
1031	ldr	r12,[sp],#4		@ pop out
1032#if __ARM_ARCH__>=7
1033#ifdef __ARMEL__
1034	rev	r0,r0
1035	rev	r1,r1
1036	rev	r2,r2
1037	rev	r3,r3
1038#endif
1039	str	r0,[r12,#0]
1040	str	r1,[r12,#4]
1041	str	r2,[r12,#8]
1042	str	r3,[r12,#12]
1043#else
1044	mov	r4,r0,lsr#24		@ write output in endian-neutral
1045	mov	r5,r0,lsr#16		@ manner...
1046	mov	r6,r0,lsr#8
1047	strb	r4,[r12,#0]
1048	strb	r5,[r12,#1]
1049	mov	r4,r1,lsr#24
1050	strb	r6,[r12,#2]
1051	mov	r5,r1,lsr#16
1052	strb	r0,[r12,#3]
1053	mov	r6,r1,lsr#8
1054	strb	r4,[r12,#4]
1055	strb	r5,[r12,#5]
1056	mov	r4,r2,lsr#24
1057	strb	r6,[r12,#6]
1058	mov	r5,r2,lsr#16
1059	strb	r1,[r12,#7]
1060	mov	r6,r2,lsr#8
1061	strb	r4,[r12,#8]
1062	strb	r5,[r12,#9]
1063	mov	r4,r3,lsr#24
1064	strb	r6,[r12,#10]
1065	mov	r5,r3,lsr#16
1066	strb	r2,[r12,#11]
1067	mov	r6,r3,lsr#8
1068	strb	r4,[r12,#12]
1069	strb	r5,[r12,#13]
1070	strb	r6,[r12,#14]
1071	strb	r3,[r12,#15]
1072#endif
1073#if __ARM_ARCH__>=5
1074	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
1075#else
1076	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
1077	tst	lr,#1
1078	moveq	pc,lr			@ be binary compatible with V4, yet
1079.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
1080#endif
1081
1082
1083#ifdef __thumb2__
1084.thumb_func	_armv4_AES_decrypt
1085#endif
1086.align	2
1087_armv4_AES_decrypt:
1088	str	lr,[sp,#-4]!		@ push lr
1089	ldmia	r11!,{r4,r5,r6,r7}
1090	eor	r0,r0,r4
1091	ldr	r12,[r11,#240-16]
1092	eor	r1,r1,r5
1093	eor	r2,r2,r6
1094	eor	r3,r3,r7
1095	sub	r12,r12,#1
1096	mov	lr,#255
1097
1098	and	r7,lr,r0,lsr#16
1099	and	r8,lr,r0,lsr#8
1100	and	r9,lr,r0
1101	mov	r0,r0,lsr#24
1102Ldec_loop:
1103	ldr	r4,[r10,r7,lsl#2]	@ Td1[s0>>16]
1104	and	r7,lr,r1		@ i0
1105	ldr	r5,[r10,r8,lsl#2]	@ Td2[s0>>8]
1106	and	r8,lr,r1,lsr#16
1107	ldr	r6,[r10,r9,lsl#2]	@ Td3[s0>>0]
1108	and	r9,lr,r1,lsr#8
1109	ldr	r0,[r10,r0,lsl#2]	@ Td0[s0>>24]
1110	mov	r1,r1,lsr#24
1111
1112	ldr	r7,[r10,r7,lsl#2]	@ Td3[s1>>0]
1113	ldr	r8,[r10,r8,lsl#2]	@ Td1[s1>>16]
1114	ldr	r9,[r10,r9,lsl#2]	@ Td2[s1>>8]
1115	eor	r0,r0,r7,ror#24
1116	ldr	r1,[r10,r1,lsl#2]	@ Td0[s1>>24]
1117	and	r7,lr,r2,lsr#8	@ i0
1118	eor	r5,r8,r5,ror#8
1119	and	r8,lr,r2		@ i1
1120	eor	r6,r9,r6,ror#8
1121	and	r9,lr,r2,lsr#16
1122	ldr	r7,[r10,r7,lsl#2]	@ Td2[s2>>8]
1123	eor	r1,r1,r4,ror#8
1124	ldr	r8,[r10,r8,lsl#2]	@ Td3[s2>>0]
1125	mov	r2,r2,lsr#24
1126
1127	ldr	r9,[r10,r9,lsl#2]	@ Td1[s2>>16]
1128	eor	r0,r0,r7,ror#16
1129	ldr	r2,[r10,r2,lsl#2]	@ Td0[s2>>24]
1130	and	r7,lr,r3,lsr#16	@ i0
1131	eor	r1,r1,r8,ror#24
1132	and	r8,lr,r3,lsr#8	@ i1
1133	eor	r6,r9,r6,ror#8
1134	and	r9,lr,r3		@ i2
1135	ldr	r7,[r10,r7,lsl#2]	@ Td1[s3>>16]
1136	eor	r2,r2,r5,ror#8
1137	ldr	r8,[r10,r8,lsl#2]	@ Td2[s3>>8]
1138	mov	r3,r3,lsr#24
1139
1140	ldr	r9,[r10,r9,lsl#2]	@ Td3[s3>>0]
1141	eor	r0,r0,r7,ror#8
1142	ldr	r7,[r11],#16
1143	eor	r1,r1,r8,ror#16
1144	ldr	r3,[r10,r3,lsl#2]	@ Td0[s3>>24]
1145	eor	r2,r2,r9,ror#24
1146
1147	ldr	r4,[r11,#-12]
1148	eor	r0,r0,r7
1149	ldr	r5,[r11,#-8]
1150	eor	r3,r3,r6,ror#8
1151	ldr	r6,[r11,#-4]
1152	and	r7,lr,r0,lsr#16
1153	eor	r1,r1,r4
1154	and	r8,lr,r0,lsr#8
1155	eor	r2,r2,r5
1156	and	r9,lr,r0
1157	eor	r3,r3,r6
1158	mov	r0,r0,lsr#24
1159
1160	subs	r12,r12,#1
1161	bne	Ldec_loop
1162
1163	add	r10,r10,#1024
1164
1165	ldr	r5,[r10,#0]		@ prefetch Td4
1166	ldr	r6,[r10,#32]
1167	ldr	r4,[r10,#64]
1168	ldr	r5,[r10,#96]
1169	ldr	r6,[r10,#128]
1170	ldr	r4,[r10,#160]
1171	ldr	r5,[r10,#192]
1172	ldr	r6,[r10,#224]
1173
1174	ldrb	r0,[r10,r0]		@ Td4[s0>>24]
1175	ldrb	r4,[r10,r7]		@ Td4[s0>>16]
1176	and	r7,lr,r1		@ i0
1177	ldrb	r5,[r10,r8]		@ Td4[s0>>8]
1178	and	r8,lr,r1,lsr#16
1179	ldrb	r6,[r10,r9]		@ Td4[s0>>0]
1180	and	r9,lr,r1,lsr#8
1181
1182	add	r1,r10,r1,lsr#24
1183	ldrb	r7,[r10,r7]		@ Td4[s1>>0]
1184	ldrb	r1,[r1]		@ Td4[s1>>24]
1185	ldrb	r8,[r10,r8]		@ Td4[s1>>16]
1186	eor	r0,r7,r0,lsl#24
1187	ldrb	r9,[r10,r9]		@ Td4[s1>>8]
1188	eor	r1,r4,r1,lsl#8
1189	and	r7,lr,r2,lsr#8	@ i0
1190	eor	r5,r5,r8,lsl#8
1191	and	r8,lr,r2		@ i1
1192	ldrb	r7,[r10,r7]		@ Td4[s2>>8]
1193	eor	r6,r6,r9,lsl#8
1194	ldrb	r8,[r10,r8]		@ Td4[s2>>0]
1195	and	r9,lr,r2,lsr#16
1196
1197	add	r2,r10,r2,lsr#24
1198	ldrb	r2,[r2]		@ Td4[s2>>24]
1199	eor	r0,r0,r7,lsl#8
1200	ldrb	r9,[r10,r9]		@ Td4[s2>>16]
1201	eor	r1,r8,r1,lsl#16
1202	and	r7,lr,r3,lsr#16	@ i0
1203	eor	r2,r5,r2,lsl#16
1204	and	r8,lr,r3,lsr#8	@ i1
1205	ldrb	r7,[r10,r7]		@ Td4[s3>>16]
1206	eor	r6,r6,r9,lsl#16
1207	ldrb	r8,[r10,r8]		@ Td4[s3>>8]
1208	and	r9,lr,r3		@ i2
1209
1210	add	r3,r10,r3,lsr#24
1211	ldrb	r9,[r10,r9]		@ Td4[s3>>0]
1212	ldrb	r3,[r3]		@ Td4[s3>>24]
1213	eor	r0,r0,r7,lsl#16
1214	ldr	r7,[r11,#0]
1215	eor	r1,r1,r8,lsl#8
1216	ldr	r4,[r11,#4]
1217	eor	r2,r9,r2,lsl#8
1218	ldr	r5,[r11,#8]
1219	eor	r3,r6,r3,lsl#24
1220	ldr	r6,[r11,#12]
1221
1222	eor	r0,r0,r7
1223	eor	r1,r1,r4
1224	eor	r2,r2,r5
1225	eor	r3,r3,r6
1226
1227	sub	r10,r10,#1024
1228	ldr	pc,[sp],#4		@ pop and return
1229
1230.byte	65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1231.align	2
1232.align	2
1233#endif  // !OPENSSL_NO_ASM
1234