3
# ====================================================================
4
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5
# project. The module is, however, dual licensed under OpenSSL and
6
# CRYPTOGAMS licenses depending on where you obtain it. For further
7
# details see http://www.openssl.org/~appro/cryptogams/.
8
# ====================================================================
14
# Code uses single 1K S-box and is >2 times faster than code generated
15
# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
16
# allows to merge logical or arithmetic operation with shift or rotate
17
# in one instruction and emit combined result every cycle. The module
18
# is endian-neutral. The performance is ~42 cycles/byte for 128-bit
19
# key [on single-issue Xscale PXA250 core].
23
# AES_set_[en|de]crypt_key is added.
27
# Rescheduling for dual-issue pipeline resulted in 12% improvement on
28
# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
30
while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
31
open STDOUT,">$output";
55
.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
56
.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
57
.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
58
.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
59
.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
60
.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
61
.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
62
.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
63
.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
64
.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
65
.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
66
.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
67
.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
68
.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
69
.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
70
.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
71
.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
72
.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
73
.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
74
.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
75
.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
76
.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
77
.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
78
.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
79
.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
80
.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
81
.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
82
.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
83
.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
84
.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
85
.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
86
.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
87
.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
88
.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
89
.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
90
.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
91
.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
92
.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
93
.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
94
.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
95
.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
96
.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
97
.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
98
.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
99
.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
100
.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
101
.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
102
.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
103
.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
104
.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
105
.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
106
.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
107
.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
108
.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
109
.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
110
.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
111
.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
112
.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
113
.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
114
.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
115
.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
116
.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
117
.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
118
.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
120
.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
121
.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
122
.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
123
.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
124
.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
125
.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
126
.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
127
.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
128
.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
129
.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
130
.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
131
.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
132
.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
133
.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
134
.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
135
.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
136
.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
137
.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
138
.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
139
.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
140
.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
141
.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
142
.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
143
.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
144
.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
145
.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
146
.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
147
.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
148
.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
149
.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
150
.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
151
.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
153
.word 0x01000000, 0x02000000, 0x04000000, 0x08000000
154
.word 0x10000000, 0x20000000, 0x40000000, 0x80000000
155
.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
156
.size AES_Te,.-AES_Te
158
@ void AES_encrypt(const unsigned char *in, unsigned char *out,
159
@ const AES_KEY *key) {
161
.type AES_encrypt,%function
164
sub r3,pc,#8 @ AES_encrypt
165
stmdb sp!,{r1,r4-r12,lr}
168
sub $tbl,r3,#AES_encrypt-AES_Te @ Te
170
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
171
ldrb $t1,[$rounds,#2] @ manner...
172
ldrb $t2,[$rounds,#1]
173
ldrb $t3,[$rounds,#0]
174
orr $s0,$s0,$t1,lsl#8
175
ldrb $s1,[$rounds,#7]
176
orr $s0,$s0,$t2,lsl#16
177
ldrb $t1,[$rounds,#6]
178
orr $s0,$s0,$t3,lsl#24
179
ldrb $t2,[$rounds,#5]
180
ldrb $t3,[$rounds,#4]
181
orr $s1,$s1,$t1,lsl#8
182
ldrb $s2,[$rounds,#11]
183
orr $s1,$s1,$t2,lsl#16
184
ldrb $t1,[$rounds,#10]
185
orr $s1,$s1,$t3,lsl#24
186
ldrb $t2,[$rounds,#9]
187
ldrb $t3,[$rounds,#8]
188
orr $s2,$s2,$t1,lsl#8
189
ldrb $s3,[$rounds,#15]
190
orr $s2,$s2,$t2,lsl#16
191
ldrb $t1,[$rounds,#14]
192
orr $s2,$s2,$t3,lsl#24
193
ldrb $t2,[$rounds,#13]
194
ldrb $t3,[$rounds,#12]
195
orr $s3,$s3,$t1,lsl#8
196
orr $s3,$s3,$t2,lsl#16
197
orr $s3,$s3,$t3,lsl#24
199
bl _armv4_AES_encrypt
201
ldr $rounds,[sp],#4 @ pop out
202
mov $t1,$s0,lsr#24 @ write output in endian-neutral
203
mov $t2,$s0,lsr#16 @ manner...
205
strb $t1,[$rounds,#0]
206
strb $t2,[$rounds,#1]
208
strb $t3,[$rounds,#2]
210
strb $s0,[$rounds,#3]
212
strb $t1,[$rounds,#4]
213
strb $t2,[$rounds,#5]
215
strb $t3,[$rounds,#6]
217
strb $s1,[$rounds,#7]
219
strb $t1,[$rounds,#8]
220
strb $t2,[$rounds,#9]
222
strb $t3,[$rounds,#10]
224
strb $s2,[$rounds,#11]
226
strb $t1,[$rounds,#12]
227
strb $t2,[$rounds,#13]
228
strb $t3,[$rounds,#14]
229
strb $s3,[$rounds,#15]
231
ldmia sp!,{r4-r12,lr}
233
moveq pc,lr @ be binary compatible with V4, yet
234
bx lr @ interoperable with Thumb ISA:-)
235
.size AES_encrypt,.-AES_encrypt
237
.type _armv4_AES_encrypt,%function
240
str lr,[sp,#-4]! @ push lr
241
ldmia $key!,{$t1-$i1}
243
ldr $rounds,[$key,#240-16]
247
sub $rounds,$rounds,#1
252
and $i3,lr,$s0,lsr#16
255
ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0]
256
and $i1,lr,$s1,lsr#16 @ i0
257
ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8]
259
ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16]
261
ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24]
264
ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16]
265
ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0]
266
ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8]
267
eor $s0,$s0,$i1,ror#8
268
ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24]
269
and $i1,lr,$s2,lsr#8 @ i0
270
eor $t2,$t2,$i2,ror#8
271
and $i2,lr,$s2,lsr#16 @ i1
272
eor $t3,$t3,$i3,ror#8
274
eor $s1,$s1,$t1,ror#24
275
ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8]
278
ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16]
279
ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0]
280
eor $s0,$s0,$i1,ror#16
281
ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24]
283
eor $s1,$s1,$i2,ror#8
284
and $i2,lr,$s3,lsr#8 @ i1
285
eor $t3,$t3,$i3,ror#16
286
and $i3,lr,$s3,lsr#16 @ i2
287
eor $s2,$s2,$t2,ror#16
288
ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0]
291
ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8]
292
ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16]
293
eor $s0,$s0,$i1,ror#24
294
ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24]
295
eor $s1,$s1,$i2,ror#16
297
eor $s2,$s2,$i3,ror#8
299
eor $s3,$s3,$t3,ror#8
308
and $i3,lr,$s0,lsr#16
312
subs $rounds,$rounds,#1
317
ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0]
318
and $i1,lr,$s1,lsr#16 @ i0
319
ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8]
321
ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16]
323
ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24]
326
ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16]
327
ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0]
328
ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8]
329
eor $s0,$i1,$s0,lsl#8
330
ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24]
331
and $i1,lr,$s2,lsr#8 @ i0
332
eor $t2,$i2,$t2,lsl#8
333
and $i2,lr,$s2,lsr#16 @ i1
334
eor $t3,$i3,$t3,lsl#8
336
eor $s1,$t1,$s1,lsl#24
337
ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8]
340
ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16]
341
ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0]
342
eor $s0,$i1,$s0,lsl#8
343
ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24]
345
eor $s1,$s1,$i2,lsl#16
346
and $i2,lr,$s3,lsr#8 @ i1
347
eor $t3,$i3,$t3,lsl#8
348
and $i3,lr,$s3,lsr#16 @ i2
349
eor $s2,$t2,$s2,lsl#24
350
ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0]
353
ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8]
354
ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16]
355
eor $s0,$i1,$s0,lsl#8
356
ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24]
358
eor $s1,$s1,$i2,lsl#8
360
eor $s2,$s2,$i3,lsl#16
362
eor $s3,$t3,$s3,lsl#24
371
ldr pc,[sp],#4 @ pop and return
372
.size _armv4_AES_encrypt,.-_armv4_AES_encrypt
374
.global AES_set_encrypt_key
375
.type AES_set_encrypt_key,%function
378
sub r3,pc,#8 @ AES_set_encrypt_key
394
.Lok: stmdb sp!,{r4-r12,lr}
395
sub $tbl,r3,#AES_set_encrypt_key-AES_Te-1024 @ Te4
401
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
402
ldrb $t1,[$rounds,#2] @ manner...
403
ldrb $t2,[$rounds,#1]
404
ldrb $t3,[$rounds,#0]
405
orr $s0,$s0,$t1,lsl#8
406
ldrb $s1,[$rounds,#7]
407
orr $s0,$s0,$t2,lsl#16
408
ldrb $t1,[$rounds,#6]
409
orr $s0,$s0,$t3,lsl#24
410
ldrb $t2,[$rounds,#5]
411
ldrb $t3,[$rounds,#4]
412
orr $s1,$s1,$t1,lsl#8
413
ldrb $s2,[$rounds,#11]
414
orr $s1,$s1,$t2,lsl#16
415
ldrb $t1,[$rounds,#10]
416
orr $s1,$s1,$t3,lsl#24
417
ldrb $t2,[$rounds,#9]
418
ldrb $t3,[$rounds,#8]
419
orr $s2,$s2,$t1,lsl#8
420
ldrb $s3,[$rounds,#15]
421
orr $s2,$s2,$t2,lsl#16
422
ldrb $t1,[$rounds,#14]
423
orr $s2,$s2,$t3,lsl#24
424
ldrb $t2,[$rounds,#13]
425
ldrb $t3,[$rounds,#12]
426
orr $s3,$s3,$t1,lsl#8
428
orr $s3,$s3,$t2,lsl#16
430
orr $s3,$s3,$t3,lsl#24
437
str $rounds,[$key,#240-16]
438
add $t3,$tbl,#256 @ rcon
442
and $t2,lr,$s3,lsr#24
443
and $i1,lr,$s3,lsr#16
449
orr $t2,$t2,$i1,lsl#24
451
orr $t2,$t2,$i2,lsl#16
452
ldr $t1,[$t3],#4 @ rcon[i++]
453
orr $t2,$t2,$i3,lsl#8
455
eor $s0,$s0,$t2 @ rk[4]=rk[0]^...
456
eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4]
458
eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5]
460
eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6]
462
subs $rounds,$rounds,#1
469
ldrb $i2,[$rounds,#19]
470
ldrb $t1,[$rounds,#18]
471
ldrb $t2,[$rounds,#17]
472
ldrb $t3,[$rounds,#16]
473
orr $i2,$i2,$t1,lsl#8
474
ldrb $i3,[$rounds,#23]
475
orr $i2,$i2,$t2,lsl#16
476
ldrb $t1,[$rounds,#22]
477
orr $i2,$i2,$t3,lsl#24
478
ldrb $t2,[$rounds,#21]
479
ldrb $t3,[$rounds,#20]
480
orr $i3,$i3,$t1,lsl#8
481
orr $i3,$i3,$t2,lsl#16
483
orr $i3,$i3,$t3,lsl#24
489
str $rounds,[$key,#240-24]
490
add $t3,$tbl,#256 @ rcon
495
and $t2,lr,$i3,lsr#24
496
and $i1,lr,$i3,lsr#16
502
orr $t2,$t2,$i1,lsl#24
504
orr $t2,$t2,$i2,lsl#16
505
ldr $t1,[$t3],#4 @ rcon[i++]
506
orr $t2,$t2,$i3,lsl#8
508
eor $s0,$s0,$i3 @ rk[6]=rk[0]^...
509
eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6]
511
eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7]
513
eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8]
515
subs $rounds,$rounds,#1
522
eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9]
523
eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10]
529
ldrb $i2,[$rounds,#27]
530
ldrb $t1,[$rounds,#26]
531
ldrb $t2,[$rounds,#25]
532
ldrb $t3,[$rounds,#24]
533
orr $i2,$i2,$t1,lsl#8
534
ldrb $i3,[$rounds,#31]
535
orr $i2,$i2,$t2,lsl#16
536
ldrb $t1,[$rounds,#30]
537
orr $i2,$i2,$t3,lsl#24
538
ldrb $t2,[$rounds,#29]
539
ldrb $t3,[$rounds,#28]
540
orr $i3,$i3,$t1,lsl#8
541
orr $i3,$i3,$t2,lsl#16
543
orr $i3,$i3,$t3,lsl#24
547
str $rounds,[$key,#240-32]
548
add $t3,$tbl,#256 @ rcon
553
and $t2,lr,$i3,lsr#24
554
and $i1,lr,$i3,lsr#16
560
orr $t2,$t2,$i1,lsl#24
562
orr $t2,$t2,$i2,lsl#16
563
ldr $t1,[$t3],#4 @ rcon[i++]
564
orr $t2,$t2,$i3,lsl#8
566
eor $s0,$s0,$i3 @ rk[8]=rk[0]^...
567
eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8]
569
eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9]
571
eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10]
573
subs $rounds,$rounds,#1
581
and $i2,lr,$s3,lsr#16
583
and $i3,lr,$s3,lsr#24
585
orr $t2,$t2,$i1,lsl#8
587
orr $t2,$t2,$i2,lsl#16
589
orr $t2,$t2,$i3,lsl#24
593
eor $t1,$t1,$t2 @ rk[12]=rk[4]^...
595
eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12]
597
eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13]
599
eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14]
605
ldmia sp!,{r4-r12,lr}
607
moveq pc,lr @ be binary compatible with V4, yet
608
bx lr @ interoperable with Thumb ISA:-)
609
.size AES_set_encrypt_key,.-AES_set_encrypt_key
611
.global AES_set_decrypt_key
612
.type AES_set_decrypt_key,%function
615
str lr,[sp,#-4]! @ push lr
616
bl AES_set_encrypt_key
618
ldrne lr,[sp],#4 @ pop lr
623
ldr $rounds,[r2,#240] @ AES_set_encrypt_key preserves r2,
624
mov $key,r2 @ which is AES_KEY *key
626
add $i2,r2,$rounds,lsl#4
651
ldr $s0,[$key,#16]! @ prefetch tp1
654
orr $mask80,$mask80,#0x8000
655
orr $mask1b,$mask1b,#0x1b00
656
orr $mask80,$mask80,$mask80,lsl#16
657
orr $mask1b,$mask1b,$mask1b,lsl#16
658
sub $rounds,$rounds,#1
660
mov $rounds,$rounds,lsl#2 @ (rounds-1)*4
662
.Lmix: and $t1,$s0,$mask80
664
sub $t1,$t1,$t1,lsr#7
666
eor $s1,$t1,$s1,lsl#1 @ tp2
670
sub $t1,$t1,$t1,lsr#7
672
eor $s2,$t1,$s2,lsl#1 @ tp4
676
sub $t1,$t1,$t1,lsr#7
678
eor $s3,$t1,$s3,lsl#1 @ tp8
681
eor $t2,$s0,$s3 @ tp9
682
eor $t1,$t1,$s3 @ tpe
683
eor $t1,$t1,$s1,ror#24
684
eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8)
685
eor $t1,$t1,$s2,ror#16
686
eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16)
687
eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24)
689
ldr $s0,[$key,#4] @ prefetch tp1
691
subs $rounds,$rounds,#1
695
ldmia sp!,{r4-r12,lr}
697
moveq pc,lr @ be binary compatible with V4, yet
698
bx lr @ interoperable with Thumb ISA:-)
699
.size AES_set_decrypt_key,.-AES_set_decrypt_key
704
.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
705
.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
706
.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
707
.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
708
.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
709
.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
710
.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
711
.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
712
.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
713
.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
714
.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
715
.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
716
.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
717
.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
718
.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
719
.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
720
.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
721
.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
722
.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
723
.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
724
.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
725
.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
726
.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
727
.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
728
.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
729
.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
730
.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
731
.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
732
.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
733
.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
734
.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
735
.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
736
.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
737
.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
738
.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
739
.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
740
.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
741
.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
742
.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
743
.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
744
.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
745
.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
746
.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
747
.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
748
.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
749
.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
750
.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
751
.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
752
.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
753
.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
754
.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
755
.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
756
.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
757
.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
758
.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
759
.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
760
.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
761
.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
762
.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
763
.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
764
.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
765
.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
766
.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
767
.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
769
.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
770
.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
771
.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
772
.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
773
.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
774
.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
775
.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
776
.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
777
.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
778
.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
779
.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
780
.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
781
.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
782
.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
783
.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
784
.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
785
.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
786
.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
787
.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
788
.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
789
.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
790
.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
791
.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
792
.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
793
.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
794
.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
795
.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
796
.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
797
.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
798
.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
799
.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
800
.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
801
.size AES_Td,.-AES_Td
803
@ void AES_decrypt(const unsigned char *in, unsigned char *out,
804
@ const AES_KEY *key) {
806
.type AES_decrypt,%function
809
sub r3,pc,#8 @ AES_decrypt
810
stmdb sp!,{r1,r4-r12,lr}
813
sub $tbl,r3,#AES_decrypt-AES_Td @ Td
815
ldrb $s0,[$rounds,#3] @ load input data in endian-neutral
816
ldrb $t1,[$rounds,#2] @ manner...
817
ldrb $t2,[$rounds,#1]
818
ldrb $t3,[$rounds,#0]
819
orr $s0,$s0,$t1,lsl#8
820
ldrb $s1,[$rounds,#7]
821
orr $s0,$s0,$t2,lsl#16
822
ldrb $t1,[$rounds,#6]
823
orr $s0,$s0,$t3,lsl#24
824
ldrb $t2,[$rounds,#5]
825
ldrb $t3,[$rounds,#4]
826
orr $s1,$s1,$t1,lsl#8
827
ldrb $s2,[$rounds,#11]
828
orr $s1,$s1,$t2,lsl#16
829
ldrb $t1,[$rounds,#10]
830
orr $s1,$s1,$t3,lsl#24
831
ldrb $t2,[$rounds,#9]
832
ldrb $t3,[$rounds,#8]
833
orr $s2,$s2,$t1,lsl#8
834
ldrb $s3,[$rounds,#15]
835
orr $s2,$s2,$t2,lsl#16
836
ldrb $t1,[$rounds,#14]
837
orr $s2,$s2,$t3,lsl#24
838
ldrb $t2,[$rounds,#13]
839
ldrb $t3,[$rounds,#12]
840
orr $s3,$s3,$t1,lsl#8
841
orr $s3,$s3,$t2,lsl#16
842
orr $s3,$s3,$t3,lsl#24
844
bl _armv4_AES_decrypt
846
ldr $rounds,[sp],#4 @ pop out
847
mov $t1,$s0,lsr#24 @ write output in endian-neutral
848
mov $t2,$s0,lsr#16 @ manner...
850
strb $t1,[$rounds,#0]
851
strb $t2,[$rounds,#1]
853
strb $t3,[$rounds,#2]
855
strb $s0,[$rounds,#3]
857
strb $t1,[$rounds,#4]
858
strb $t2,[$rounds,#5]
860
strb $t3,[$rounds,#6]
862
strb $s1,[$rounds,#7]
864
strb $t1,[$rounds,#8]
865
strb $t2,[$rounds,#9]
867
strb $t3,[$rounds,#10]
869
strb $s2,[$rounds,#11]
871
strb $t1,[$rounds,#12]
872
strb $t2,[$rounds,#13]
873
strb $t3,[$rounds,#14]
874
strb $s3,[$rounds,#15]
876
ldmia sp!,{r4-r12,lr}
878
moveq pc,lr @ be binary compatible with V4, yet
879
bx lr @ interoperable with Thumb ISA:-)
880
.size AES_decrypt,.-AES_decrypt
882
.type _armv4_AES_decrypt,%function
885
str lr,[sp,#-4]! @ push lr
886
ldmia $key!,{$t1-$i1}
888
ldr $rounds,[$key,#240-16]
892
sub $rounds,$rounds,#1
895
and $i1,lr,$s0,lsr#16
900
ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16]
902
ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8]
903
and $i2,lr,$s1,lsr#16
904
ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0]
906
ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24]
909
ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0]
910
ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16]
911
ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8]
912
eor $s0,$s0,$i1,ror#24
913
ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24]
914
and $i1,lr,$s2,lsr#8 @ i0
915
eor $t2,$i2,$t2,ror#8
917
eor $t3,$i3,$t3,ror#8
918
and $i3,lr,$s2,lsr#16
919
eor $s1,$s1,$t1,ror#8
920
ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8]
923
ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0]
924
ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16]
925
eor $s0,$s0,$i1,ror#16
926
ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24]
927
and $i1,lr,$s3,lsr#16 @ i0
928
eor $s1,$s1,$i2,ror#24
929
and $i2,lr,$s3,lsr#8 @ i1
930
eor $t3,$i3,$t3,ror#8
932
eor $s2,$s2,$t2,ror#8
933
ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16]
936
ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8]
937
ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0]
938
eor $s0,$s0,$i1,ror#8
939
ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24]
940
eor $s1,$s1,$i2,ror#16
941
eor $s2,$s2,$i3,ror#24
943
eor $s3,$s3,$t3,ror#8
949
and $i1,lr,$s0,lsr#16
957
subs $rounds,$rounds,#1
962
ldr $t2,[$tbl,#0] @ prefetch Td4
971
ldrb $s0,[$tbl,$s0] @ Td4[s0>>24]
972
ldrb $t1,[$tbl,$i1] @ Td4[s0>>16]
974
ldrb $t2,[$tbl,$i2] @ Td4[s0>>8]
975
and $i2,lr,$s1,lsr#16
976
ldrb $t3,[$tbl,$i3] @ Td4[s0>>0]
979
ldrb $i1,[$tbl,$i1] @ Td4[s1>>0]
980
ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24]
981
ldrb $i2,[$tbl,$i2] @ Td4[s1>>16]
982
eor $s0,$i1,$s0,lsl#24
983
ldrb $i3,[$tbl,$i3] @ Td4[s1>>8]
984
eor $s1,$t1,$s1,lsl#8
985
and $i1,lr,$s2,lsr#8 @ i0
986
eor $t2,$t2,$i2,lsl#8
988
eor $t3,$t3,$i3,lsl#8
989
ldrb $i1,[$tbl,$i1] @ Td4[s2>>8]
990
and $i3,lr,$s2,lsr#16
992
ldrb $i2,[$tbl,$i2] @ Td4[s2>>0]
993
ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24]
994
eor $s0,$s0,$i1,lsl#8
995
ldrb $i3,[$tbl,$i3] @ Td4[s2>>16]
996
eor $s1,$i2,$s1,lsl#16
997
and $i1,lr,$s3,lsr#16 @ i0
998
eor $s2,$t2,$s2,lsl#16
999
and $i2,lr,$s3,lsr#8 @ i1
1000
eor $t3,$t3,$i3,lsl#16
1001
ldrb $i1,[$tbl,$i1] @ Td4[s3>>16]
1004
ldrb $i2,[$tbl,$i2] @ Td4[s3>>8]
1005
ldrb $i3,[$tbl,$i3] @ Td4[s3>>0]
1006
ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24]
1007
eor $s0,$s0,$i1,lsl#16
1009
eor $s1,$s1,$i2,lsl#8
1011
eor $s2,$i3,$s2,lsl#8
1013
eor $s3,$t3,$s3,lsl#24
1022
ldr pc,[sp],#4 @ pop and return
1023
.size _armv4_AES_decrypt,.-_armv4_AES_decrypt
1024
.asciz "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
1028
$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4
1030
close STDOUT; # enforce flush
added
removed
crypto/aes/asm/aes-armv4.pl
