~ubuntu-branches/ubuntu/trusty/openssl/trusty : contents of crypto/aes/asm/aes-x86

~ubuntu-branches/ubuntu/trusty/openssl/trusty : (revision 94)

1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1	#!/usr/bin/env perl
	2	#
	3	# ====================================================================
	4	# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	5	# project. The module is, however, dual licensed under OpenSSL and
	6	# CRYPTOGAMS licenses depending on where you obtain it. For further
	7	# details see http://www.openssl.org/~appro/cryptogams/.
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	8	# ====================================================================
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	9	#
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	10	# Version 2.1.
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	11	#
	12	# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on
	13	# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version
	14	# [you'll notice a lot of resemblance], such as compressed S-boxes
	15	# in little-endian byte order, prefetch of these tables in CBC mode,
	16	# as well as avoiding L1 cache aliasing between stack frame and key
	17	# schedule and already mentioned tables, compressed Td4...
	18	#
	19	# Performance in number of cycles per processed byte for 128-bit key:
	20	#
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	21	# ECB encrypt ECB decrypt CBC large chunk
	22	# AMD64 33 41 13.0
	23	# EM64T 38 59 18.6(*)
	24	# Core 2 30 43 14.5(*)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	25	#
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	26	# (*) with hyper-threading off
	27
	28	$flavour = shift;
	29	$output = shift;
	30	if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
	31
	32	$win64=0; $win64=1 if ($flavour =~ /[nm]asm\|mingw64/ \|\| $output =~ /\.asm$/);
	33
	34	$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
	35	( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
	36	( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
	37	die "can't locate x86_64-xlate.pl";
	38
1.2.10 by Kurt Roeckx Import upstream version 1.0.1e	39	open OUT,"\| \"$^X\" $xlate $flavour $output";
1.2.10 by Kurt Roeckx Import upstream version 1.0.1e	40	STDOUT=OUT;
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	41
	42	$verticalspin=1; # unlike 32-bit version $verticalspin performs
	43	# ~15% better on both AMD and Intel cores
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	44	$speed_limit=512; # see aes-586.pl for details
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	45
	46	$code=".text\n";
	47
	48	$s0="%eax";
	49	$s1="%ebx";
	50	$s2="%ecx";
	51	$s3="%edx";
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	52	$acc0="%esi"; $mask80="%rsi";
	53	$acc1="%edi"; $maskfe="%rdi";
	54	$acc2="%ebp"; $mask1b="%rbp";
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	55	$inp="%r8";
	56	$out="%r9";
	57	$t0="%r10d";
	58	$t1="%r11d";
	59	$t2="%r12d";
	60	$rnds="%r13d";
	61	$sbox="%r14";
	62	$key="%r15";
	63
	64	sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
	65	sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
	66	$r =~ s/%[er]([sd]i)/%\1l/;
	67	$r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	68	sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/;
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	69	$r =~ s/%r([0-9]+)/%r\1d/; $r; }
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	70	sub _data_word()
	71	{ my $i;
	72	while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
	73	}
	74	sub data_word()
	75	{ my $i;
	76	my $last=pop(@_);
	77	$code.=".long\t";
	78	while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; }
	79	$code.=sprintf"0x%08x\n",$last;
	80	}
	81
	82	sub data_byte()
	83	{ my $i;
	84	my $last=pop(@_);
	85	$code.=".byte\t";
	86	while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; }
	87	$code.=sprintf"0x%02x\n",$last&0xff;
	88	}
	89
	90	sub encvert()
	91	{ my $t3="%r8d"; # zaps $inp!
	92
	93	$code.=<<___;
	94	# favor 3-way issue Opteron pipeline...
	95	movzb `&lo("$s0")`,$acc0
	96	movzb `&lo("$s1")`,$acc1
	97	movzb `&lo("$s2")`,$acc2
	98	mov 0($sbox,$acc0,8),$t0
	99	mov 0($sbox,$acc1,8),$t1
	100	mov 0($sbox,$acc2,8),$t2
	101
	102	movzb `&hi("$s1")`,$acc0
	103	movzb `&hi("$s2")`,$acc1
	104	movzb `&lo("$s3")`,$acc2
	105	xor 3($sbox,$acc0,8),$t0
	106	xor 3($sbox,$acc1,8),$t1
	107	mov 0($sbox,$acc2,8),$t3
	108
	109	movzb `&hi("$s3")`,$acc0
	110	shr \$16,$s2
	111	movzb `&hi("$s0")`,$acc2
	112	xor 3($sbox,$acc0,8),$t2
	113	shr \$16,$s3
	114	xor 3($sbox,$acc2,8),$t3
	115
	116	shr \$16,$s1
	117	lea 16($key),$key
	118	shr \$16,$s0
	119
	120	movzb `&lo("$s2")`,$acc0
	121	movzb `&lo("$s3")`,$acc1
	122	movzb `&lo("$s0")`,$acc2
	123	xor 2($sbox,$acc0,8),$t0
	124	xor 2($sbox,$acc1,8),$t1
	125	xor 2($sbox,$acc2,8),$t2
	126
	127	movzb `&hi("$s3")`,$acc0
	128	movzb `&hi("$s0")`,$acc1
	129	movzb `&lo("$s1")`,$acc2
	130	xor 1($sbox,$acc0,8),$t0
	131	xor 1($sbox,$acc1,8),$t1
	132	xor 2($sbox,$acc2,8),$t3
	133
134	mov 12($key),$s3
135	movzb `&hi("$s1")`,$acc1
136	movzb `&hi("$s2")`,$acc2
137	mov 0($key),$s0
138	xor 1($sbox,$acc1,8),$t2
139	xor 1($sbox,$acc2,8),$t3
140
141	mov 4($key),$s1
142	mov 8($key),$s2
143	xor $t0,$s0
144	xor $t1,$s1
145	xor $t2,$s2
146	xor $t3,$s3
147	___
148	}
149
150	sub enclastvert()
151	{ my $t3="%r8d"; # zaps $inp!
152
153	$code.=<<___;
154	movzb `&lo("$s0")`,$acc0
155	movzb `&lo("$s1")`,$acc1
156	movzb `&lo("$s2")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	157	movzb 2($sbox,$acc0,8),$t0
	158	movzb 2($sbox,$acc1,8),$t1
	159	movzb 2($sbox,$acc2,8),$t2
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	160
	161	movzb `&lo("$s3")`,$acc0
	162	movzb `&hi("$s1")`,$acc1
	163	movzb `&hi("$s2")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	164	movzb 2($sbox,$acc0,8),$t3
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	165	mov 0($sbox,$acc1,8),$acc1 #$t0
	166	mov 0($sbox,$acc2,8),$acc2 #$t1
	167
	168	and \$0x0000ff00,$acc1
	169	and \$0x0000ff00,$acc2
	170
	171	xor $acc1,$t0
	172	xor $acc2,$t1
	173	shr \$16,$s2
	174
	175	movzb `&hi("$s3")`,$acc0
	176	movzb `&hi("$s0")`,$acc1
	177	shr \$16,$s3
	178	mov 0($sbox,$acc0,8),$acc0 #$t2
	179	mov 0($sbox,$acc1,8),$acc1 #$t3
	180
	181	and \$0x0000ff00,$acc0
	182	and \$0x0000ff00,$acc1
	183	shr \$16,$s1
	184	xor $acc0,$t2
	185	xor $acc1,$t3
	186	shr \$16,$s0
	187
	188	movzb `&lo("$s2")`,$acc0
	189	movzb `&lo("$s3")`,$acc1
	190	movzb `&lo("$s0")`,$acc2
	191	mov 0($sbox,$acc0,8),$acc0 #$t0
	192	mov 0($sbox,$acc1,8),$acc1 #$t1
	193	mov 0($sbox,$acc2,8),$acc2 #$t2
	194
	195	and \$0x00ff0000,$acc0
	196	and \$0x00ff0000,$acc1
	197	and \$0x00ff0000,$acc2
	198
	199	xor $acc0,$t0
	200	xor $acc1,$t1
	201	xor $acc2,$t2
	202
	203	movzb `&lo("$s1")`,$acc0
	204	movzb `&hi("$s3")`,$acc1
	205	movzb `&hi("$s0")`,$acc2
	206	mov 0($sbox,$acc0,8),$acc0 #$t3
	207	mov 2($sbox,$acc1,8),$acc1 #$t0
	208	mov 2($sbox,$acc2,8),$acc2 #$t1
	209
	210	and \$0x00ff0000,$acc0
	211	and \$0xff000000,$acc1
	212	and \$0xff000000,$acc2
	213
	214	xor $acc0,$t3
	215	xor $acc1,$t0
	216	xor $acc2,$t1
	217
	218	movzb `&hi("$s1")`,$acc0
	219	movzb `&hi("$s2")`,$acc1
	220	mov 16+12($key),$s3
	221	mov 2($sbox,$acc0,8),$acc0 #$t2
	222	mov 2($sbox,$acc1,8),$acc1 #$t3
	223	mov 16+0($key),$s0
	224
	225	and \$0xff000000,$acc0
	226	and \$0xff000000,$acc1
	227
	228	xor $acc0,$t2
229	xor $acc1,$t3
230
231	mov 16+4($key),$s1
232	mov 16+8($key),$s2
233	xor $t0,$s0
234	xor $t1,$s1
235	xor $t2,$s2
236	xor $t3,$s3
237	___
238	}
239
240	sub encstep()
241	{ my ($i,@s) = @_;
242	my $tmp0=$acc0;
243	my $tmp1=$acc1;
244	my $tmp2=$acc2;
245	my $out=($t0,$t1,$t2,$s[0])[$i];
246
247	if ($i==3) {
248	$tmp0=$s[1];
249	$tmp1=$s[2];
250	$tmp2=$s[3];
251	}
252	$code.=" movzb ".&lo($s[0]).",$out\n";
253	$code.=" mov $s[2],$tmp1\n" if ($i!=3);
254	$code.=" lea 16($key),$key\n" if ($i==0);
255
256	$code.=" movzb ".&hi($s[1]).",$tmp0\n";
257	$code.=" mov 0($sbox,$out,8),$out\n";
258
259	$code.=" shr \$16,$tmp1\n";
260	$code.=" mov $s[3],$tmp2\n" if ($i!=3);
261	$code.=" xor 3($sbox,$tmp0,8),$out\n";
262
263	$code.=" movzb ".&lo($tmp1).",$tmp1\n";
264	$code.=" shr \$24,$tmp2\n";
265	$code.=" xor 4*$i($key),$out\n";
266
267	$code.=" xor 2($sbox,$tmp1,8),$out\n";
268	$code.=" xor 1($sbox,$tmp2,8),$out\n";
269
270	$code.=" mov $t0,$s[1]\n" if ($i==3);
271	$code.=" mov $t1,$s[2]\n" if ($i==3);
272	$code.=" mov $t2,$s[3]\n" if ($i==3);
273	$code.="\n";
274	}
275
276	sub enclast()
277	{ my ($i,@s)=@_;
278	my $tmp0=$acc0;
279	my $tmp1=$acc1;
280	my $tmp2=$acc2;
281	my $out=($t0,$t1,$t2,$s[0])[$i];
282
283	if ($i==3) {
284	$tmp0=$s[1];
285	$tmp1=$s[2];
286	$tmp2=$s[3];
287	}
288	$code.=" movzb ".&lo($s[0]).",$out\n";
289	$code.=" mov $s[2],$tmp1\n" if ($i!=3);
290
291	$code.=" mov 2($sbox,$out,8),$out\n";
292	$code.=" shr \$16,$tmp1\n";
293	$code.=" mov $s[3],$tmp2\n" if ($i!=3);
294
295	$code.=" and \$0x000000ff,$out\n";
296	$code.=" movzb ".&hi($s[1]).",$tmp0\n";
297	$code.=" movzb ".&lo($tmp1).",$tmp1\n";
298	$code.=" shr \$24,$tmp2\n";
299
300	$code.=" mov 0($sbox,$tmp0,8),$tmp0\n";
301	$code.=" mov 0($sbox,$tmp1,8),$tmp1\n";
302	$code.=" mov 2($sbox,$tmp2,8),$tmp2\n";
303
304	$code.=" and \$0x0000ff00,$tmp0\n";
305	$code.=" and \$0x00ff0000,$tmp1\n";
306	$code.=" and \$0xff000000,$tmp2\n";
307
308	$code.=" xor $tmp0,$out\n";
309	$code.=" mov $t0,$s[1]\n" if ($i==3);
310	$code.=" xor $tmp1,$out\n";
311	$code.=" mov $t1,$s[2]\n" if ($i==3);
312	$code.=" xor $tmp2,$out\n";
313	$code.=" mov $t2,$s[3]\n" if ($i==3);
314	$code.="\n";
315	}
316
317	$code.=<<___;
318	.type _x86_64_AES_encrypt,\@abi-omnipotent
319	.align 16
320	_x86_64_AES_encrypt:
321	xor 0($key),$s0 # xor with key
322	xor 4($key),$s1
323	xor 8($key),$s2
324	xor 12($key),$s3
325
326	mov 240($key),$rnds # load key->rounds
327	sub \$1,$rnds
328	jmp .Lenc_loop
329	.align 16
330	.Lenc_loop:
331	___
332	if ($verticalspin) { &encvert(); }
333	else { &encstep(0,$s0,$s1,$s2,$s3);
334	&encstep(1,$s1,$s2,$s3,$s0);
335	&encstep(2,$s2,$s3,$s0,$s1);
336	&encstep(3,$s3,$s0,$s1,$s2);
337	}
338	$code.=<<___;
339	sub \$1,$rnds
340	jnz .Lenc_loop
341	___
342	if ($verticalspin) { &enclastvert(); }
343	else { &enclast(0,$s0,$s1,$s2,$s3);
344	&enclast(1,$s1,$s2,$s3,$s0);
345	&enclast(2,$s2,$s3,$s0,$s1);
346	&enclast(3,$s3,$s0,$s1,$s2);
347	$code.=<<___;
348	xor 16+0($key),$s0 # xor with key
349	xor 16+4($key),$s1
350	xor 16+8($key),$s2
351	xor 16+12($key),$s3
352	___
353	}
354	$code.=<<___;
355	.byte 0xf3,0xc3 # rep ret
356	.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt
357	___
358
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	359	# it's possible to implement this by shifting tN by 8, filling least
	360	# significant byte with byte load and finally bswap-ing at the end,
	361	# but such partial register load kills Core 2...
	362	sub enccompactvert()
	363	{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
	364
	365	$code.=<<___;
	366	movzb `&lo("$s0")`,$t0
	367	movzb `&lo("$s1")`,$t1
	368	movzb `&lo("$s2")`,$t2
	369	movzb ($sbox,$t0,1),$t0
	370	movzb ($sbox,$t1,1),$t1
	371	movzb ($sbox,$t2,1),$t2
	372
	373	movzb `&lo("$s3")`,$t3
	374	movzb `&hi("$s1")`,$acc0
	375	movzb `&hi("$s2")`,$acc1
	376	movzb ($sbox,$t3,1),$t3
	377	movzb ($sbox,$acc0,1),$t4 #$t0
	378	movzb ($sbox,$acc1,1),$t5 #$t1
	379
	380	movzb `&hi("$s3")`,$acc2
	381	movzb `&hi("$s0")`,$acc0
	382	shr \$16,$s2
	383	movzb ($sbox,$acc2,1),$acc2 #$t2
	384	movzb ($sbox,$acc0,1),$acc0 #$t3
	385	shr \$16,$s3
	386
	387	movzb `&lo("$s2")`,$acc1
	388	shl \$8,$t4
	389	shl \$8,$t5
	390	movzb ($sbox,$acc1,1),$acc1 #$t0
	391	xor $t4,$t0
	392	xor $t5,$t1
	393
	394	movzb `&lo("$s3")`,$t4
	395	shr \$16,$s0
	396	shr \$16,$s1
	397	movzb `&lo("$s0")`,$t5
	398	shl \$8,$acc2
	399	shl \$8,$acc0
	400	movzb ($sbox,$t4,1),$t4 #$t1
	401	movzb ($sbox,$t5,1),$t5 #$t2
	402	xor $acc2,$t2
	403	xor $acc0,$t3
	404
	405	movzb `&lo("$s1")`,$acc2
	406	movzb `&hi("$s3")`,$acc0
	407	shl \$16,$acc1
	408	movzb ($sbox,$acc2,1),$acc2 #$t3
	409	movzb ($sbox,$acc0,1),$acc0 #$t0
	410	xor $acc1,$t0
	411
	412	movzb `&hi("$s0")`,$acc1
	413	shr \$8,$s2
	414	shr \$8,$s1
	415	movzb ($sbox,$acc1,1),$acc1 #$t1
	416	movzb ($sbox,$s2,1),$s3 #$t3
	417	movzb ($sbox,$s1,1),$s2 #$t2
	418	shl \$16,$t4
	419	shl \$16,$t5
	420	shl \$16,$acc2
	421	xor $t4,$t1
	422	xor $t5,$t2
423	xor $acc2,$t3
424
425	shl \$24,$acc0
426	shl \$24,$acc1
427	shl \$24,$s3
428	xor $acc0,$t0
429	shl \$24,$s2
430	xor $acc1,$t1
431	mov $t0,$s0
432	mov $t1,$s1
433	xor $t2,$s2
434	xor $t3,$s3
435	___
436	}
437
438	sub enctransform_ref()
439	{ my $sn = shift;
440	my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d");
441
442	$code.=<<___;
443	mov $sn,$acc
444	and \$0x80808080,$acc
445	mov $acc,$tmp
446	shr \$7,$tmp
447	lea ($sn,$sn),$r2
448	sub $tmp,$acc
449	and \$0xfefefefe,$r2
450	and \$0x1b1b1b1b,$acc
451	mov $sn,$tmp
452	xor $acc,$r2
453
454	xor $r2,$sn
455	rol \$24,$sn
456	xor $r2,$sn
457	ror \$16,$tmp
458	xor $tmp,$sn
459	ror \$8,$tmp
460	xor $tmp,$sn
461	___
462	}
463
464	# unlike decrypt case it does not pay off to parallelize enctransform
465	sub enctransform()
466	{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d");
467
468	$code.=<<___;
469	mov $s0,$acc0
470	mov $s1,$acc1
471	and \$0x80808080,$acc0
472	and \$0x80808080,$acc1
473	mov $acc0,$t0
474	mov $acc1,$t1
475	shr \$7,$t0
476	lea ($s0,$s0),$r20
477	shr \$7,$t1
478	lea ($s1,$s1),$r21
479	sub $t0,$acc0
480	sub $t1,$acc1
481	and \$0xfefefefe,$r20
482	and \$0xfefefefe,$r21
483	and \$0x1b1b1b1b,$acc0
484	and \$0x1b1b1b1b,$acc1
485	mov $s0,$t0
486	mov $s1,$t1
487	xor $acc0,$r20
488	xor $acc1,$r21
489
490	xor $r20,$s0
491	xor $r21,$s1
492	mov $s2,$acc0
493	mov $s3,$acc1
494	rol \$24,$s0
495	rol \$24,$s1
496	and \$0x80808080,$acc0
497	and \$0x80808080,$acc1
498	xor $r20,$s0
499	xor $r21,$s1
500	mov $acc0,$t2
501	mov $acc1,$t3
502	ror \$16,$t0
503	ror \$16,$t1
504	shr \$7,$t2
505	lea ($s2,$s2),$r20
506	xor $t0,$s0
507	xor $t1,$s1
508	shr \$7,$t3
509	lea ($s3,$s3),$r21
510	ror \$8,$t0
511	ror \$8,$t1
512	sub $t2,$acc0
513	sub $t3,$acc1
514	xor $t0,$s0
515	xor $t1,$s1
516
517	and \$0xfefefefe,$r20
518	and \$0xfefefefe,$r21
519	and \$0x1b1b1b1b,$acc0
520	and \$0x1b1b1b1b,$acc1
521	mov $s2,$t2
522	mov $s3,$t3
523	xor $acc0,$r20
524	xor $acc1,$r21
525
526	xor $r20,$s2
527	xor $r21,$s3
528	rol \$24,$s2
529	rol \$24,$s3
530	xor $r20,$s2
531	xor $r21,$s3
532	mov 0($sbox),$acc0 # prefetch Te4
533	ror \$16,$t2
534	ror \$16,$t3
535	mov 64($sbox),$acc1
536	xor $t2,$s2
537	xor $t3,$s3
538	mov 128($sbox),$r20
539	ror \$8,$t2
540	ror \$8,$t3
541	mov 192($sbox),$r21
542	xor $t2,$s2
543	xor $t3,$s3
544	___
545	}
546
547	$code.=<<___;
548	.type _x86_64_AES_encrypt_compact,\@abi-omnipotent
549	.align 16
550	_x86_64_AES_encrypt_compact:
551	lea 128($sbox),$inp # size optimization
552	mov 0-128($inp),$acc1 # prefetch Te4
553	mov 32-128($inp),$acc2
554	mov 64-128($inp),$t0
555	mov 96-128($inp),$t1
556	mov 128-128($inp),$acc1
557	mov 160-128($inp),$acc2
558	mov 192-128($inp),$t0
559	mov 224-128($inp),$t1
560	jmp .Lenc_loop_compact
561	.align 16
562	.Lenc_loop_compact:
563	xor 0($key),$s0 # xor with key
564	xor 4($key),$s1
565	xor 8($key),$s2
566	xor 12($key),$s3
567	lea 16($key),$key
568	___
569	&enccompactvert();
570	$code.=<<___;
571	cmp 16(%rsp),$key
572	je .Lenc_compact_done
573	___
574	&enctransform();
575	$code.=<<___;
576	jmp .Lenc_loop_compact
577	.align 16
578	.Lenc_compact_done:
579	xor 0($key),$s0
580	xor 4($key),$s1
581	xor 8($key),$s2
582	xor 12($key),$s3
583	.byte 0xf3,0xc3 # rep ret
584	.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
585	___
586
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	587	# void AES_encrypt (const void inp,void out,const AES_KEY *key);
	588	$code.=<<___;
	589	.globl AES_encrypt
	590	.type AES_encrypt,\@function,3
	591	.align 16
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	592	.globl asm_AES_encrypt
	593	.hidden asm_AES_encrypt
	594	asm_AES_encrypt:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	595	AES_encrypt:
	596	push %rbx
	597	push %rbp
	598	push %r12
	599	push %r13
	600	push %r14
	601	push %r15
	602
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	603	# allocate frame "above" key schedule
	604	mov %rsp,%r10
	605	lea -63(%rdx),%rcx # %rdx is key argument
	606	and \$-64,%rsp
	607	sub %rsp,%rcx
	608	neg %rcx
	609	and \$0x3c0,%rcx
	610	sub %rcx,%rsp
	611	sub \$32,%rsp
	612
	613	mov %rsi,16(%rsp) # save out
	614	mov %r10,24(%rsp) # save real stack pointer
	615	.Lenc_prologue:
	616
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	617	mov %rdx,$key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	618	mov 240($key),$rnds # load rounds
	619
	620	mov 0(%rdi),$s0 # load input vector
	621	mov 4(%rdi),$s1
	622	mov 8(%rdi),$s2
	623	mov 12(%rdi),$s3
	624
	625	shl \$4,$rnds
	626	lea ($key,$rnds),%rbp
	627	mov $key,(%rsp) # key schedule
	628	mov %rbp,8(%rsp) # end of key schedule
	629
	630	# pick Te4 copy which can't "overlap" with stack frame or key schedule
	631	lea .LAES_Te+2048(%rip),$sbox
	632	lea 768(%rsp),%rbp
	633	sub $sbox,%rbp
	634	and \$0x300,%rbp
	635	lea ($sbox,%rbp),$sbox
	636
	637	call _x86_64_AES_encrypt_compact
	638
	639	mov 16(%rsp),$out # restore out
	640	mov 24(%rsp),%rsi # restore saved stack pointer
	641	mov $s0,0($out) # write output vector
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	642	mov $s1,4($out)
	643	mov $s2,8($out)
	644	mov $s3,12($out)
	645
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	646	mov (%rsi),%r15
	647	mov 8(%rsi),%r14
	648	mov 16(%rsi),%r13
	649	mov 24(%rsi),%r12
	650	mov 32(%rsi),%rbp
	651	mov 40(%rsi),%rbx
	652	lea 48(%rsi),%rsp
	653	.Lenc_epilogue:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	654	ret
	655	.size AES_encrypt,.-AES_encrypt
	656	___
	657
	658	#------------------------------------------------------------------#
	659
	660	sub decvert()
	661	{ my $t3="%r8d"; # zaps $inp!
	662
	663	$code.=<<___;
	664	# favor 3-way issue Opteron pipeline...
	665	movzb `&lo("$s0")`,$acc0
	666	movzb `&lo("$s1")`,$acc1
	667	movzb `&lo("$s2")`,$acc2
	668	mov 0($sbox,$acc0,8),$t0
	669	mov 0($sbox,$acc1,8),$t1
	670	mov 0($sbox,$acc2,8),$t2
	671
	672	movzb `&hi("$s3")`,$acc0
	673	movzb `&hi("$s0")`,$acc1
	674	movzb `&lo("$s3")`,$acc2
	675	xor 3($sbox,$acc0,8),$t0
	676	xor 3($sbox,$acc1,8),$t1
	677	mov 0($sbox,$acc2,8),$t3
	678
	679	movzb `&hi("$s1")`,$acc0
	680	shr \$16,$s0
	681	movzb `&hi("$s2")`,$acc2
	682	xor 3($sbox,$acc0,8),$t2
	683	shr \$16,$s3
	684	xor 3($sbox,$acc2,8),$t3
	685
	686	shr \$16,$s1
	687	lea 16($key),$key
	688	shr \$16,$s2
	689
	690	movzb `&lo("$s2")`,$acc0
	691	movzb `&lo("$s3")`,$acc1
	692	movzb `&lo("$s0")`,$acc2
	693	xor 2($sbox,$acc0,8),$t0
	694	xor 2($sbox,$acc1,8),$t1
	695	xor 2($sbox,$acc2,8),$t2
	696
	697	movzb `&hi("$s1")`,$acc0
	698	movzb `&hi("$s2")`,$acc1
	699	movzb `&lo("$s1")`,$acc2
	700	xor 1($sbox,$acc0,8),$t0
	701	xor 1($sbox,$acc1,8),$t1
	702	xor 2($sbox,$acc2,8),$t3
	703
	704	movzb `&hi("$s3")`,$acc0
	705	mov 12($key),$s3
	706	movzb `&hi("$s0")`,$acc2
	707	xor 1($sbox,$acc0,8),$t2
	708	mov 0($key),$s0
	709	xor 1($sbox,$acc2,8),$t3
	710
	711	xor $t0,$s0
	712	mov 4($key),$s1
	713	mov 8($key),$s2
	714	xor $t2,$s2
	715	xor $t1,$s1
	716	xor $t3,$s3
	717	___
718	}
719
720	sub declastvert()
721	{ my $t3="%r8d"; # zaps $inp!
722
723	$code.=<<___;
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	724	lea 2048($sbox),$sbox # size optimization
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	725	movzb `&lo("$s0")`,$acc0
	726	movzb `&lo("$s1")`,$acc1
	727	movzb `&lo("$s2")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	728	movzb ($sbox,$acc0,1),$t0
	729	movzb ($sbox,$acc1,1),$t1
	730	movzb ($sbox,$acc2,1),$t2
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	731
	732	movzb `&lo("$s3")`,$acc0
	733	movzb `&hi("$s3")`,$acc1
	734	movzb `&hi("$s0")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	735	movzb ($sbox,$acc0,1),$t3
	736	movzb ($sbox,$acc1,1),$acc1 #$t0
	737	movzb ($sbox,$acc2,1),$acc2 #$t1
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	738
	739	shl \$8,$acc1
	740	shl \$8,$acc2
	741
	742	xor $acc1,$t0
	743	xor $acc2,$t1
	744	shr \$16,$s3
	745
	746	movzb `&hi("$s1")`,$acc0
	747	movzb `&hi("$s2")`,$acc1
	748	shr \$16,$s0
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	749	movzb ($sbox,$acc0,1),$acc0 #$t2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	750	movzb ($sbox,$acc1,1),$acc1 #$t3
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	751
	752	shl \$8,$acc0
	753	shl \$8,$acc1
	754	shr \$16,$s1
	755	xor $acc0,$t2
	756	xor $acc1,$t3
	757	shr \$16,$s2
	758
	759	movzb `&lo("$s2")`,$acc0
	760	movzb `&lo("$s3")`,$acc1
	761	movzb `&lo("$s0")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	762	movzb ($sbox,$acc0,1),$acc0 #$t0
	763	movzb ($sbox,$acc1,1),$acc1 #$t1
	764	movzb ($sbox,$acc2,1),$acc2 #$t2
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	765
	766	shl \$16,$acc0
	767	shl \$16,$acc1
	768	shl \$16,$acc2
	769
	770	xor $acc0,$t0
	771	xor $acc1,$t1
	772	xor $acc2,$t2
	773
	774	movzb `&lo("$s1")`,$acc0
	775	movzb `&hi("$s1")`,$acc1
	776	movzb `&hi("$s2")`,$acc2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	777	movzb ($sbox,$acc0,1),$acc0 #$t3
	778	movzb ($sbox,$acc1,1),$acc1 #$t0
	779	movzb ($sbox,$acc2,1),$acc2 #$t1
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	780
	781	shl \$16,$acc0
	782	shl \$24,$acc1
	783	shl \$24,$acc2
	784
	785	xor $acc0,$t3
	786	xor $acc1,$t0
	787	xor $acc2,$t1
	788
	789	movzb `&hi("$s3")`,$acc0
	790	movzb `&hi("$s0")`,$acc1
	791	mov 16+12($key),$s3
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	792	movzb ($sbox,$acc0,1),$acc0 #$t2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	793	movzb ($sbox,$acc1,1),$acc1 #$t3
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	794	mov 16+0($key),$s0
	795
	796	shl \$24,$acc0
	797	shl \$24,$acc1
	798
	799	xor $acc0,$t2
	800	xor $acc1,$t3
	801
	802	mov 16+4($key),$s1
	803	mov 16+8($key),$s2
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	804	lea -2048($sbox),$sbox
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	805	xor $t0,$s0
	806	xor $t1,$s1
	807	xor $t2,$s2
	808	xor $t3,$s3
	809	___
	810	}
	811
	812	sub decstep()
	813	{ my ($i,@s) = @_;
	814	my $tmp0=$acc0;
	815	my $tmp1=$acc1;
	816	my $tmp2=$acc2;
	817	my $out=($t0,$t1,$t2,$s[0])[$i];
	818
	819	$code.=" mov $s[0],$out\n" if ($i!=3);
	820	$tmp1=$s[2] if ($i==3);
	821	$code.=" mov $s[2],$tmp1\n" if ($i!=3);
	822	$code.=" and \$0xFF,$out\n";
	823
	824	$code.=" mov 0($sbox,$out,8),$out\n";
	825	$code.=" shr \$16,$tmp1\n";
	826	$tmp2=$s[3] if ($i==3);
	827	$code.=" mov $s[3],$tmp2\n" if ($i!=3);
	828
	829	$tmp0=$s[1] if ($i==3);
	830	$code.=" movzb ".&hi($s[1]).",$tmp0\n";
	831	$code.=" and \$0xFF,$tmp1\n";
	832	$code.=" shr \$24,$tmp2\n";
	833
	834	$code.=" xor 3($sbox,$tmp0,8),$out\n";
	835	$code.=" xor 2($sbox,$tmp1,8),$out\n";
	836	$code.=" xor 1($sbox,$tmp2,8),$out\n";
	837
	838	$code.=" mov $t2,$s[1]\n" if ($i==3);
	839	$code.=" mov $t1,$s[2]\n" if ($i==3);
	840	$code.=" mov $t0,$s[3]\n" if ($i==3);
	841	$code.="\n";
	842	}
	843
	844	sub declast()
	845	{ my ($i,@s)=@_;
	846	my $tmp0=$acc0;
	847	my $tmp1=$acc1;
	848	my $tmp2=$acc2;
	849	my $out=($t0,$t1,$t2,$s[0])[$i];
	850
	851	$code.=" mov $s[0],$out\n" if ($i!=3);
	852	$tmp1=$s[2] if ($i==3);
	853	$code.=" mov $s[2],$tmp1\n" if ($i!=3);
	854	$code.=" and \$0xFF,$out\n";
	855
	856	$code.=" movzb 2048($sbox,$out,1),$out\n";
	857	$code.=" shr \$16,$tmp1\n";
	858	$tmp2=$s[3] if ($i==3);
	859	$code.=" mov $s[3],$tmp2\n" if ($i!=3);
	860
	861	$tmp0=$s[1] if ($i==3);
	862	$code.=" movzb ".&hi($s[1]).",$tmp0\n";
	863	$code.=" and \$0xFF,$tmp1\n";
	864	$code.=" shr \$24,$tmp2\n";
	865
	866	$code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n";
	867	$code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n";
	868	$code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n";
869
870	$code.=" shl \$8,$tmp0\n";
871	$code.=" shl \$16,$tmp1\n";
872	$code.=" shl \$24,$tmp2\n";
873
874	$code.=" xor $tmp0,$out\n";
875	$code.=" mov $t2,$s[1]\n" if ($i==3);
876	$code.=" xor $tmp1,$out\n";
877	$code.=" mov $t1,$s[2]\n" if ($i==3);
878	$code.=" xor $tmp2,$out\n";
879	$code.=" mov $t0,$s[3]\n" if ($i==3);
880	$code.="\n";
881	}
882
883	$code.=<<___;
884	.type _x86_64_AES_decrypt,\@abi-omnipotent
885	.align 16
886	_x86_64_AES_decrypt:
887	xor 0($key),$s0 # xor with key
888	xor 4($key),$s1
889	xor 8($key),$s2
890	xor 12($key),$s3
891
892	mov 240($key),$rnds # load key->rounds
893	sub \$1,$rnds
894	jmp .Ldec_loop
895	.align 16
896	.Ldec_loop:
897	___
898	if ($verticalspin) { &decvert(); }
899	else { &decstep(0,$s0,$s3,$s2,$s1);
900	&decstep(1,$s1,$s0,$s3,$s2);
901	&decstep(2,$s2,$s1,$s0,$s3);
902	&decstep(3,$s3,$s2,$s1,$s0);
903	$code.=<<___;
904	lea 16($key),$key
905	xor 0($key),$s0 # xor with key
906	xor 4($key),$s1
907	xor 8($key),$s2
908	xor 12($key),$s3
909	___
910	}
911	$code.=<<___;
912	sub \$1,$rnds
913	jnz .Ldec_loop
914	___
915	if ($verticalspin) { &declastvert(); }
916	else { &declast(0,$s0,$s3,$s2,$s1);
917	&declast(1,$s1,$s0,$s3,$s2);
918	&declast(2,$s2,$s1,$s0,$s3);
919	&declast(3,$s3,$s2,$s1,$s0);
920	$code.=<<___;
921	xor 16+0($key),$s0 # xor with key
922	xor 16+4($key),$s1
923	xor 16+8($key),$s2
924	xor 16+12($key),$s3
925	___
926	}
927	$code.=<<___;
928	.byte 0xf3,0xc3 # rep ret
929	.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt
930	___
931
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	932	sub deccompactvert()
	933	{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d");
	934
	935	$code.=<<___;
	936	movzb `&lo("$s0")`,$t0
	937	movzb `&lo("$s1")`,$t1
	938	movzb `&lo("$s2")`,$t2
	939	movzb ($sbox,$t0,1),$t0
	940	movzb ($sbox,$t1,1),$t1
	941	movzb ($sbox,$t2,1),$t2
	942
	943	movzb `&lo("$s3")`,$t3
	944	movzb `&hi("$s3")`,$acc0
	945	movzb `&hi("$s0")`,$acc1
	946	movzb ($sbox,$t3,1),$t3
	947	movzb ($sbox,$acc0,1),$t4 #$t0
	948	movzb ($sbox,$acc1,1),$t5 #$t1
	949
	950	movzb `&hi("$s1")`,$acc2
	951	movzb `&hi("$s2")`,$acc0
	952	shr \$16,$s2
	953	movzb ($sbox,$acc2,1),$acc2 #$t2
	954	movzb ($sbox,$acc0,1),$acc0 #$t3
	955	shr \$16,$s3
	956
	957	movzb `&lo("$s2")`,$acc1
	958	shl \$8,$t4
	959	shl \$8,$t5
	960	movzb ($sbox,$acc1,1),$acc1 #$t0
	961	xor $t4,$t0
	962	xor $t5,$t1
	963
	964	movzb `&lo("$s3")`,$t4
	965	shr \$16,$s0
	966	shr \$16,$s1
	967	movzb `&lo("$s0")`,$t5
	968	shl \$8,$acc2
	969	shl \$8,$acc0
	970	movzb ($sbox,$t4,1),$t4 #$t1
	971	movzb ($sbox,$t5,1),$t5 #$t2
	972	xor $acc2,$t2
	973	xor $acc0,$t3
	974
	975	movzb `&lo("$s1")`,$acc2
	976	movzb `&hi("$s1")`,$acc0
	977	shl \$16,$acc1
	978	movzb ($sbox,$acc2,1),$acc2 #$t3
	979	movzb ($sbox,$acc0,1),$acc0 #$t0
	980	xor $acc1,$t0
	981
	982	movzb `&hi("$s2")`,$acc1
	983	shl \$16,$t4
	984	shl \$16,$t5
	985	movzb ($sbox,$acc1,1),$s1 #$t1
	986	xor $t4,$t1
	987	xor $t5,$t2
	988
	989	movzb `&hi("$s3")`,$acc1
	990	shr \$8,$s0
	991	shl \$16,$acc2
	992	movzb ($sbox,$acc1,1),$s2 #$t2
	993	movzb ($sbox,$s0,1),$s3 #$t3
	994	xor $acc2,$t3
	995
996	shl \$24,$acc0
997	shl \$24,$s1
998	shl \$24,$s2
999	xor $acc0,$t0
1000	shl \$24,$s3
1001	xor $t1,$s1
1002	mov $t0,$s0
1003	xor $t2,$s2
1004	xor $t3,$s3
1005	___
1006	}
1007
1008	# parallelized version! input is pair of 64-bit values: %rax=s1.s0
1009	# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1,
1010	# %ecx=s2 and %edx=s3.
1011	sub dectransform()
1012	{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx");
1013	my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx");
1014	my $prefetch = shift;
1015
1016	$code.=<<___;
1017	mov $tp10,$acc0
1018	mov $tp18,$acc8
1019	and $mask80,$acc0
1020	and $mask80,$acc8
1021	mov $acc0,$tp40
1022	mov $acc8,$tp48
1023	shr \$7,$tp40
1024	lea ($tp10,$tp10),$tp20
1025	shr \$7,$tp48
1026	lea ($tp18,$tp18),$tp28
1027	sub $tp40,$acc0
1028	sub $tp48,$acc8
1029	and $maskfe,$tp20
1030	and $maskfe,$tp28
1031	and $mask1b,$acc0
1032	and $mask1b,$acc8
1033	xor $tp20,$acc0
1034	xor $tp28,$acc8
1035	mov $acc0,$tp20
1036	mov $acc8,$tp28
1037
1038	and $mask80,$acc0
1039	and $mask80,$acc8
1040	mov $acc0,$tp80
1041	mov $acc8,$tp88
1042	shr \$7,$tp80
1043	lea ($tp20,$tp20),$tp40
1044	shr \$7,$tp88
1045	lea ($tp28,$tp28),$tp48
1046	sub $tp80,$acc0
1047	sub $tp88,$acc8
1048	and $maskfe,$tp40
1049	and $maskfe,$tp48
1050	and $mask1b,$acc0
1051	and $mask1b,$acc8
1052	xor $tp40,$acc0
1053	xor $tp48,$acc8
1054	mov $acc0,$tp40
1055	mov $acc8,$tp48
1056
1057	and $mask80,$acc0
1058	and $mask80,$acc8
1059	mov $acc0,$tp80
1060	mov $acc8,$tp88
1061	shr \$7,$tp80
1062	xor $tp10,$tp20 # tp2^=tp1
1063	shr \$7,$tp88
1064	xor $tp18,$tp28 # tp2^=tp1
1065	sub $tp80,$acc0
1066	sub $tp88,$acc8
1067	lea ($tp40,$tp40),$tp80
1068	lea ($tp48,$tp48),$tp88
1069	xor $tp10,$tp40 # tp4^=tp1
1070	xor $tp18,$tp48 # tp4^=tp1
1071	and $maskfe,$tp80
1072	and $maskfe,$tp88
1073	and $mask1b,$acc0
1074	and $mask1b,$acc8
1075	xor $acc0,$tp80
1076	xor $acc8,$tp88
1077
1078	xor $tp80,$tp10 # tp1^=tp8
1079	xor $tp88,$tp18 # tp1^=tp8
1080	xor $tp80,$tp20 # tp2^tp1^=tp8
1081	xor $tp88,$tp28 # tp2^tp1^=tp8
1082	mov $tp10,$acc0
1083	mov $tp18,$acc8
1084	xor $tp80,$tp40 # tp4^tp1^=tp8
1085	xor $tp88,$tp48 # tp4^tp1^=tp8
1086	shr \$32,$acc0
1087	shr \$32,$acc8
1088	xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1
1089	xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1
1090	rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8)
1091	rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8)
1092	xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
1093	xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2
1094
1095	rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8)
1096	rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8)
1097	xor `&LO("$tp80")`,`&LO("$tp10")`
1098	xor `&LO("$tp88")`,`&LO("$tp18")`
1099	shr \$32,$tp80
1100	shr \$32,$tp88
1101	xor `&LO("$tp80")`,`&LO("$acc0")`
1102	xor `&LO("$tp88")`,`&LO("$acc8")`
1103
1104	mov $tp20,$tp80
1105	mov $tp28,$tp88
1106	shr \$32,$tp80
1107	shr \$32,$tp88
1108	rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24)
1109	rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24)
1110	rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24)
1111	rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24)
1112	xor `&LO("$tp20")`,`&LO("$tp10")`
1113	xor `&LO("$tp28")`,`&LO("$tp18")`
1114	mov $tp40,$tp20
1115	mov $tp48,$tp28
1116	xor `&LO("$tp80")`,`&LO("$acc0")`
1117	xor `&LO("$tp88")`,`&LO("$acc8")`
1118
1119	`"mov 0($sbox),$mask80" if ($prefetch)`
1120	shr \$32,$tp20
1121	shr \$32,$tp28
1122	`"mov 64($sbox),$maskfe" if ($prefetch)`
1123	rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16)
1124	rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16)
1125	`"mov 128($sbox),$mask1b" if ($prefetch)`
1126	rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16)
1127	rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16)
1128	`"mov 192($sbox),$tp80" if ($prefetch)`
1129	xor `&LO("$tp40")`,`&LO("$tp10")`
1130	xor `&LO("$tp48")`,`&LO("$tp18")`
1131	`"mov 256($sbox),$tp88" if ($prefetch)`
1132	xor `&LO("$tp20")`,`&LO("$acc0")`
1133	xor `&LO("$tp28")`,`&LO("$acc8")`
1134	___
1135	}
1136
1137	$code.=<<___;
1138	.type _x86_64_AES_decrypt_compact,\@abi-omnipotent
1139	.align 16
1140	_x86_64_AES_decrypt_compact:
1141	lea 128($sbox),$inp # size optimization
1142	mov 0-128($inp),$acc1 # prefetch Td4
1143	mov 32-128($inp),$acc2
1144	mov 64-128($inp),$t0
1145	mov 96-128($inp),$t1
1146	mov 128-128($inp),$acc1
1147	mov 160-128($inp),$acc2
1148	mov 192-128($inp),$t0
1149	mov 224-128($inp),$t1
1150	jmp .Ldec_loop_compact
1151
1152	.align 16
1153	.Ldec_loop_compact:
1154	xor 0($key),$s0 # xor with key
1155	xor 4($key),$s1
1156	xor 8($key),$s2
1157	xor 12($key),$s3
1158	lea 16($key),$key
1159	___
1160	&deccompactvert();
1161	$code.=<<___;
1162	cmp 16(%rsp),$key
1163	je .Ldec_compact_done
1164
1165	mov 256+0($sbox),$mask80
1166	shl \$32,%rbx
1167	shl \$32,%rdx
1168	mov 256+8($sbox),$maskfe
1169	or %rbx,%rax
1170	or %rdx,%rcx
1171	mov 256+16($sbox),$mask1b
1172	___
1173	&dectransform(1);
1174	$code.=<<___;
1175	jmp .Ldec_loop_compact
1176	.align 16
1177	.Ldec_compact_done:
1178	xor 0($key),$s0
1179	xor 4($key),$s1
1180	xor 8($key),$s2
1181	xor 12($key),$s3
1182	.byte 0xf3,0xc3 # rep ret
1183	.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
1184	___
1185
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1186	# void AES_decrypt (const void inp,void out,const AES_KEY *key);
	1187	$code.=<<___;
	1188	.globl AES_decrypt
	1189	.type AES_decrypt,\@function,3
	1190	.align 16
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1191	.globl asm_AES_decrypt
	1192	.hidden asm_AES_decrypt
	1193	asm_AES_decrypt:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1194	AES_decrypt:
	1195	push %rbx
	1196	push %rbp
	1197	push %r12
	1198	push %r13
	1199	push %r14
	1200	push %r15
	1201
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1202	# allocate frame "above" key schedule
	1203	mov %rsp,%r10
	1204	lea -63(%rdx),%rcx # %rdx is key argument
	1205	and \$-64,%rsp
	1206	sub %rsp,%rcx
	1207	neg %rcx
	1208	and \$0x3c0,%rcx
	1209	sub %rcx,%rsp
	1210	sub \$32,%rsp
	1211
	1212	mov %rsi,16(%rsp) # save out
	1213	mov %r10,24(%rsp) # save real stack pointer
	1214	.Ldec_prologue:
	1215
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1216	mov %rdx,$key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1217	mov 240($key),$rnds # load rounds
	1218
	1219	mov 0(%rdi),$s0 # load input vector
	1220	mov 4(%rdi),$s1
	1221	mov 8(%rdi),$s2
	1222	mov 12(%rdi),$s3
	1223
	1224	shl \$4,$rnds
	1225	lea ($key,$rnds),%rbp
	1226	mov $key,(%rsp) # key schedule
	1227	mov %rbp,8(%rsp) # end of key schedule
	1228
	1229	# pick Td4 copy which can't "overlap" with stack frame or key schedule
	1230	lea .LAES_Td+2048(%rip),$sbox
	1231	lea 768(%rsp),%rbp
	1232	sub $sbox,%rbp
	1233	and \$0x300,%rbp
	1234	lea ($sbox,%rbp),$sbox
	1235	shr \$3,%rbp # recall "magic" constants!
	1236	add %rbp,$sbox
	1237
	1238	call _x86_64_AES_decrypt_compact
	1239
	1240	mov 16(%rsp),$out # restore out
	1241	mov 24(%rsp),%rsi # restore saved stack pointer
	1242	mov $s0,0($out) # write output vector
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1243	mov $s1,4($out)
	1244	mov $s2,8($out)
	1245	mov $s3,12($out)
	1246
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1247	mov (%rsi),%r15
	1248	mov 8(%rsi),%r14
	1249	mov 16(%rsi),%r13
	1250	mov 24(%rsi),%r12
	1251	mov 32(%rsi),%rbp
	1252	mov 40(%rsi),%rbx
	1253	lea 48(%rsi),%rsp
	1254	.Ldec_epilogue:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1255	ret
	1256	.size AES_decrypt,.-AES_decrypt
	1257	___
	1258	#------------------------------------------------------------------#
	1259
	1260	sub enckey()
	1261	{
	1262	$code.=<<___;
	1263	movz %dl,%esi # rk[i]>>0
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1264	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1265	movz %dh,%esi # rk[i]>>8
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1266	shl \$24,%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1267	xor %ebx,%eax
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1268
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1269	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1270	shr \$16,%edx
	1271	movz %dl,%esi # rk[i]>>16
	1272	xor %ebx,%eax
	1273
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1274	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1275	movz %dh,%esi # rk[i]>>24
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1276	shl \$8,%ebx
	1277	xor %ebx,%eax
	1278
	1279	movzb -128(%rbp,%rsi),%ebx
	1280	shl \$16,%ebx
	1281	xor %ebx,%eax
	1282
	1283	xor 1024-128(%rbp,%rcx,4),%eax # rcon
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1284	___
	1285	}
	1286
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1287	# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1288	# AES_KEY *key)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1289	$code.=<<___;
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1290	.globl private_AES_set_encrypt_key
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1291	.type private_AES_set_encrypt_key,\@function,3
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1292	.align 16
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1293	private_AES_set_encrypt_key:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1294	push %rbx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1295	push %rbp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1296	push %r12 # redundant, but allows to share
	1297	push %r13 # exception handler...
	1298	push %r14
	1299	push %r15
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1300	sub \$8,%rsp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1301	.Lenc_key_prologue:
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1302
	1303	call _x86_64_AES_set_encrypt_key
	1304
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1305	mov 8(%rsp),%r15
	1306	mov 16(%rsp),%r14
	1307	mov 24(%rsp),%r13
	1308	mov 32(%rsp),%r12
	1309	mov 40(%rsp),%rbp
	1310	mov 48(%rsp),%rbx
	1311	add \$56,%rsp
	1312	.Lenc_key_epilogue:
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1313	ret
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1314	.size private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1315
	1316	.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent
	1317	.align 16
	1318	_x86_64_AES_set_encrypt_key:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1319	mov %esi,%ecx # %ecx=bits
	1320	mov %rdi,%rsi # %rsi=userKey
	1321	mov %rdx,%rdi # %rdi=key
	1322
	1323	test \$-1,%rsi
	1324	jz .Lbadpointer
	1325	test \$-1,%rdi
	1326	jz .Lbadpointer
	1327
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1328	lea .LAES_Te(%rip),%rbp
	1329	lea 2048+128(%rbp),%rbp
	1330
	1331	# prefetch Te4
	1332	mov 0-128(%rbp),%eax
	1333	mov 32-128(%rbp),%ebx
	1334	mov 64-128(%rbp),%r8d
	1335	mov 96-128(%rbp),%edx
	1336	mov 128-128(%rbp),%eax
	1337	mov 160-128(%rbp),%ebx
	1338	mov 192-128(%rbp),%r8d
	1339	mov 224-128(%rbp),%edx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1340
	1341	cmp \$128,%ecx
	1342	je .L10rounds
	1343	cmp \$192,%ecx
	1344	je .L12rounds
	1345	cmp \$256,%ecx
	1346	je .L14rounds
	1347	mov \$-2,%rax # invalid number of bits
	1348	jmp .Lexit
	1349
	1350	.L10rounds:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1351	mov 0(%rsi),%rax # copy first 4 dwords
	1352	mov 8(%rsi),%rdx
	1353	mov %rax,0(%rdi)
	1354	mov %rdx,8(%rdi)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1355
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1356	shr \$32,%rdx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1357	xor %ecx,%ecx
	1358	jmp .L10shortcut
	1359	.align 4
	1360	.L10loop:
	1361	mov 0(%rdi),%eax # rk[0]
	1362	mov 12(%rdi),%edx # rk[3]
	1363	.L10shortcut:
	1364	___
	1365	&enckey ();
	1366	$code.=<<___;
	1367	mov %eax,16(%rdi) # rk[4]
	1368	xor 4(%rdi),%eax
	1369	mov %eax,20(%rdi) # rk[5]
	1370	xor 8(%rdi),%eax
	1371	mov %eax,24(%rdi) # rk[6]
	1372	xor 12(%rdi),%eax
	1373	mov %eax,28(%rdi) # rk[7]
	1374	add \$1,%ecx
	1375	lea 16(%rdi),%rdi
	1376	cmp \$10,%ecx
	1377	jl .L10loop
	1378
	1379	movl \$10,80(%rdi) # setup number of rounds
	1380	xor %rax,%rax
	1381	jmp .Lexit
	1382
	1383	.L12rounds:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1384	mov 0(%rsi),%rax # copy first 6 dwords
	1385	mov 8(%rsi),%rbx
	1386	mov 16(%rsi),%rdx
	1387	mov %rax,0(%rdi)
	1388	mov %rbx,8(%rdi)
	1389	mov %rdx,16(%rdi)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1390
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1391	shr \$32,%rdx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1392	xor %ecx,%ecx
	1393	jmp .L12shortcut
	1394	.align 4
	1395	.L12loop:
	1396	mov 0(%rdi),%eax # rk[0]
	1397	mov 20(%rdi),%edx # rk[5]
	1398	.L12shortcut:
	1399	___
	1400	&enckey ();
	1401	$code.=<<___;
	1402	mov %eax,24(%rdi) # rk[6]
	1403	xor 4(%rdi),%eax
	1404	mov %eax,28(%rdi) # rk[7]
	1405	xor 8(%rdi),%eax
	1406	mov %eax,32(%rdi) # rk[8]
	1407	xor 12(%rdi),%eax
	1408	mov %eax,36(%rdi) # rk[9]
	1409
	1410	cmp \$7,%ecx
	1411	je .L12break
	1412	add \$1,%ecx
	1413
	1414	xor 16(%rdi),%eax
	1415	mov %eax,40(%rdi) # rk[10]
	1416	xor 20(%rdi),%eax
	1417	mov %eax,44(%rdi) # rk[11]
	1418
	1419	lea 24(%rdi),%rdi
	1420	jmp .L12loop
	1421	.L12break:
	1422	movl \$12,72(%rdi) # setup number of rounds
	1423	xor %rax,%rax
	1424	jmp .Lexit
	1425
	1426	.L14rounds:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1427	mov 0(%rsi),%rax # copy first 8 dwords
	1428	mov 8(%rsi),%rbx
	1429	mov 16(%rsi),%rcx
	1430	mov 24(%rsi),%rdx
	1431	mov %rax,0(%rdi)
	1432	mov %rbx,8(%rdi)
	1433	mov %rcx,16(%rdi)
	1434	mov %rdx,24(%rdi)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1435
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1436	shr \$32,%rdx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1437	xor %ecx,%ecx
	1438	jmp .L14shortcut
	1439	.align 4
	1440	.L14loop:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1441	mov 0(%rdi),%eax # rk[0]
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1442	mov 28(%rdi),%edx # rk[4]
	1443	.L14shortcut:
	1444	___
	1445	&enckey ();
	1446	$code.=<<___;
	1447	mov %eax,32(%rdi) # rk[8]
	1448	xor 4(%rdi),%eax
	1449	mov %eax,36(%rdi) # rk[9]
	1450	xor 8(%rdi),%eax
	1451	mov %eax,40(%rdi) # rk[10]
	1452	xor 12(%rdi),%eax
	1453	mov %eax,44(%rdi) # rk[11]
	1454
	1455	cmp \$6,%ecx
	1456	je .L14break
	1457	add \$1,%ecx
	1458
	1459	mov %eax,%edx
	1460	mov 16(%rdi),%eax # rk[4]
	1461	movz %dl,%esi # rk[11]>>0
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1462	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1463	movz %dh,%esi # rk[11]>>8
	1464	xor %ebx,%eax
	1465
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1466	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1467	shr \$16,%edx
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1468	shl \$8,%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1469	movz %dl,%esi # rk[11]>>16
	1470	xor %ebx,%eax
	1471
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1472	movzb -128(%rbp,%rsi),%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1473	movz %dh,%esi # rk[11]>>24
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1474	shl \$16,%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1475	xor %ebx,%eax
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1476
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1477	movzb -128(%rbp,%rsi),%ebx
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1478	shl \$24,%ebx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1479	xor %ebx,%eax
	1480
	1481	mov %eax,48(%rdi) # rk[12]
	1482	xor 20(%rdi),%eax
	1483	mov %eax,52(%rdi) # rk[13]
	1484	xor 24(%rdi),%eax
	1485	mov %eax,56(%rdi) # rk[14]
	1486	xor 28(%rdi),%eax
	1487	mov %eax,60(%rdi) # rk[15]
	1488
	1489	lea 32(%rdi),%rdi
	1490	jmp .L14loop
	1491	.L14break:
	1492	movl \$14,48(%rdi) # setup number of rounds
	1493	xor %rax,%rax
	1494	jmp .Lexit
	1495
	1496	.Lbadpointer:
	1497	mov \$-1,%rax
	1498	.Lexit:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1499	.byte 0xf3,0xc3 # rep ret
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1500	.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1501	___
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1502
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1503	sub deckey_ref()
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1504	{ my ($i,$ptr,$te,$td) = @_;
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1505	my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d");
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1506	$code.=<<___;
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1507	mov $i($ptr),$tp1
	1508	mov $tp1,$acc
	1509	and \$0x80808080,$acc
	1510	mov $acc,$tp4
	1511	shr \$7,$tp4
	1512	lea 0($tp1,$tp1),$tp2
	1513	sub $tp4,$acc
	1514	and \$0xfefefefe,$tp2
	1515	and \$0x1b1b1b1b,$acc
	1516	xor $tp2,$acc
	1517	mov $acc,$tp2
	1518
	1519	and \$0x80808080,$acc
	1520	mov $acc,$tp8
	1521	shr \$7,$tp8
	1522	lea 0($tp2,$tp2),$tp4
	1523	sub $tp8,$acc
	1524	and \$0xfefefefe,$tp4
	1525	and \$0x1b1b1b1b,$acc
	1526	xor $tp1,$tp2 # tp2^tp1
	1527	xor $tp4,$acc
	1528	mov $acc,$tp4
	1529
	1530	and \$0x80808080,$acc
	1531	mov $acc,$tp8
	1532	shr \$7,$tp8
	1533	sub $tp8,$acc
	1534	lea 0($tp4,$tp4),$tp8
	1535	xor $tp1,$tp4 # tp4^tp1
	1536	and \$0xfefefefe,$tp8
	1537	and \$0x1b1b1b1b,$acc
	1538	xor $acc,$tp8
	1539
	1540	xor $tp8,$tp1 # tp1^tp8
	1541	rol \$8,$tp1 # ROTATE(tp1^tp8,8)
	1542	xor $tp8,$tp2 # tp2^tp1^tp8
	1543	xor $tp8,$tp4 # tp4^tp1^tp8
	1544	xor $tp2,$tp8
	1545	xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2
	1546
	1547	xor $tp8,$tp1
	1548	rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24)
	1549	xor $tp2,$tp1
	1550	rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16)
	1551	xor $tp4,$tp1
	1552
	1553	mov $tp1,$i($ptr)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1554	___
	1555	}
	1556
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1557	# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1558	# AES_KEY *key)
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1559	$code.=<<___;
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1560	.globl private_AES_set_decrypt_key
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1561	.type private_AES_set_decrypt_key,\@function,3
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1562	.align 16
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1563	private_AES_set_decrypt_key:
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1564	push %rbx
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1565	push %rbp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1566	push %r12
	1567	push %r13
	1568	push %r14
	1569	push %r15
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1570	push %rdx # save key schedule
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1571	.Ldec_key_prologue:
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1572
	1573	call _x86_64_AES_set_encrypt_key
	1574	mov (%rsp),%r8 # restore key schedule
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1575	cmp \$0,%eax
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1576	jne .Labort
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1577
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1578	mov 240(%r8),%r14d # pull number of rounds
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1579	xor %rdi,%rdi
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1580	lea (%rdi,%r14d,4),%rcx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1581	mov %r8,%rsi
	1582	lea (%r8,%rcx,4),%rdi # pointer to last chunk
	1583	.align 4
	1584	.Linvert:
	1585	mov 0(%rsi),%rax
	1586	mov 8(%rsi),%rbx
	1587	mov 0(%rdi),%rcx
	1588	mov 8(%rdi),%rdx
	1589	mov %rax,0(%rdi)
	1590	mov %rbx,8(%rdi)
	1591	mov %rcx,0(%rsi)
	1592	mov %rdx,8(%rsi)
	1593	lea 16(%rsi),%rsi
	1594	lea -16(%rdi),%rdi
	1595	cmp %rsi,%rdi
	1596	jne .Linvert
	1597
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1598	lea .LAES_Te+2048+1024(%rip),%rax # rcon
	1599
	1600	mov 40(%rax),$mask80
	1601	mov 48(%rax),$maskfe
	1602	mov 56(%rax),$mask1b
	1603
	1604	mov %r8,$key
	1605	sub \$1,%r14d
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1606	.align 4
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1607	.Lpermute:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1608	lea 16($key),$key
	1609	mov 0($key),%rax
	1610	mov 8($key),%rcx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1611	___
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1612	&dectransform ();
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1613	$code.=<<___;
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1614	mov %eax,0($key)
	1615	mov %ebx,4($key)
	1616	mov %ecx,8($key)
	1617	mov %edx,12($key)
	1618	sub \$1,%r14d
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1619	jnz .Lpermute
	1620
	1621	xor %rax,%rax
1.1.10 by Kurt Roeckx Import upstream version 0.9.8o	1622	.Labort:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1623	mov 8(%rsp),%r15
	1624	mov 16(%rsp),%r14
	1625	mov 24(%rsp),%r13
	1626	mov 32(%rsp),%r12
	1627	mov 40(%rsp),%rbp
	1628	mov 48(%rsp),%rbx
	1629	add \$56,%rsp
	1630	.Ldec_key_epilogue:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1631	ret
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1632	.size private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1633	___
	1634
	1635	# void AES_cbc_encrypt (const void char inp, unsigned char out,
	1636	# size_t length, const AES_KEY *key,
	1637	# unsigned char *ivp,const int enc);
	1638	{
	1639	# stack frame layout
	1640	# -8(%rsp) return address
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1641	my $keyp="0(%rsp)"; # one to pass as $key
	1642	my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds])
	1643	my $_rsp="16(%rsp)"; # saved %rsp
	1644	my $_inp="24(%rsp)"; # copy of 1st parameter, inp
	1645	my $_out="32(%rsp)"; # copy of 2nd parameter, out
	1646	my $_len="40(%rsp)"; # copy of 3rd parameter, length
	1647	my $_key="48(%rsp)"; # copy of 4th parameter, key
	1648	my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp
	1649	my $ivec="64(%rsp)"; # ivec[16]
	1650	my $aes_key="80(%rsp)"; # copy of aes_key
	1651	my $mark="80+240(%rsp)"; # copy of aes_key->rounds
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1652
	1653	$code.=<<___;
	1654	.globl AES_cbc_encrypt
	1655	.type AES_cbc_encrypt,\@function,6
	1656	.align 16
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1657	.extern OPENSSL_ia32cap_P
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	1658	.globl asm_AES_cbc_encrypt
	1659	.hidden asm_AES_cbc_encrypt
	1660	asm_AES_cbc_encrypt:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1661	AES_cbc_encrypt:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1662	cmp \$0,%rdx # check length
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1663	je .Lcbc_epilogue
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1664	pushfq
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1665	push %rbx
	1666	push %rbp
	1667	push %r12
	1668	push %r13
	1669	push %r14
	1670	push %r15
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1671	.Lcbc_prologue:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1672
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1673	cld
	1674	mov %r9d,%r9d # clear upper half of enc
	1675
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1676	lea .LAES_Te(%rip),$sbox
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1677	cmp \$0,%r9
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1678	jne .Lcbc_picked_te
	1679	lea .LAES_Td(%rip),$sbox
	1680	.Lcbc_picked_te:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1681
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1682	mov OPENSSL_ia32cap_P(%rip),%r10d
	1683	cmp \$$speed_limit,%rdx
	1684	jb .Lcbc_slow_prologue
	1685	test \$15,%rdx
	1686	jnz .Lcbc_slow_prologue
	1687	bt \$28,%r10d
	1688	jc .Lcbc_slow_prologue
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1689
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1690	# allocate aligned stack frame...
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1691	lea -88-248(%rsp),$key
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1692	and \$-64,$key
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1693
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1694	# ... and make sure it doesn't alias with AES_T[ed] modulo 4096
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1695	mov $sbox,%r10
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1696	lea 2304($sbox),%r11
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1697	mov $key,%r12
	1698	and \$0xFFF,%r10 # s = $sbox&0xfff
	1699	and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff
	1700	and \$0xFFF,%r12 # p = %rsp&0xfff
	1701
	1702	cmp %r11,%r12 # if (p=>e) %rsp =- (p-e);
	1703	jb .Lcbc_te_break_out
	1704	sub %r11,%r12
	1705	sub %r12,$key
	1706	jmp .Lcbc_te_ok
	1707	.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz
	1708	sub %r10,%r12
	1709	and \$0xFFF,%r12
	1710	add \$320,%r12
	1711	sub %r12,$key
	1712	.align 4
	1713	.Lcbc_te_ok:
	1714
	1715	xchg %rsp,$key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1716	#add \$8,%rsp # reserve for return address!
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1717	mov $key,$_rsp # save %rsp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1718	.Lcbc_fast_body:
	1719	mov %rdi,$_inp # save copy of inp
	1720	mov %rsi,$_out # save copy of out
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1721	mov %rdx,$_len # save copy of len
	1722	mov %rcx,$_key # save copy of key
	1723	mov %r8,$_ivp # save copy of ivp
	1724	movl \$0,$mark # copy of aes_key->rounds = 0;
	1725	mov %r8,%rbp # rearrange input arguments
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1726	mov %r9,%rbx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1727	mov %rsi,$out
	1728	mov %rdi,$inp
	1729	mov %rcx,$key
	1730
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1731	mov 240($key),%eax # key->rounds
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1732	# do we copy key schedule to stack?
	1733	mov $key,%r10
	1734	sub $sbox,%r10
	1735	and \$0xfff,%r10
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1736	cmp \$2304,%r10
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1737	jb .Lcbc_do_ecopy
	1738	cmp \$4096-248,%r10
	1739	jb .Lcbc_skip_ecopy
	1740	.align 4
	1741	.Lcbc_do_ecopy:
	1742	mov $key,%rsi
	1743	lea $aes_key,%rdi
	1744	lea $aes_key,$key
	1745	mov \$240/8,%ecx
	1746	.long 0x90A548F3 # rep movsq
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1747	mov %eax,(%rdi) # copy aes_key->rounds
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1748	.Lcbc_skip_ecopy:
	1749	mov $key,$keyp # save key pointer
	1750
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1751	mov \$18,%ecx
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1752	.align 4
	1753	.Lcbc_prefetch_te:
	1754	mov 0($sbox),%r10
	1755	mov 32($sbox),%r11
	1756	mov 64($sbox),%r12
	1757	mov 96($sbox),%r13
	1758	lea 128($sbox),$sbox
	1759	sub \$1,%ecx
	1760	jnz .Lcbc_prefetch_te
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1761	lea -2304($sbox),$sbox
	1762
	1763	cmp \$0,%rbx
	1764	je .LFAST_DECRYPT
	1765
	1766	#----------------------------- ENCRYPT -----------------------------#
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1767	mov 0(%rbp),$s0 # load iv
	1768	mov 4(%rbp),$s1
	1769	mov 8(%rbp),$s2
	1770	mov 12(%rbp),$s3
	1771
	1772	.align 4
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1773	.Lcbc_fast_enc_loop:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1774	xor 0($inp),$s0
	1775	xor 4($inp),$s1
	1776	xor 8($inp),$s2
	1777	xor 12($inp),$s3
	1778	mov $keyp,$key # restore key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1779	mov $inp,$_inp # if ($verticalspin) save inp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1780
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1781	call _x86_64_AES_encrypt
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1782
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1783	mov $_inp,$inp # if ($verticalspin) restore inp
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1784	mov $_len,%r10
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1785	mov $s0,0($out)
	1786	mov $s1,4($out)
	1787	mov $s2,8($out)
	1788	mov $s3,12($out)
	1789
	1790	lea 16($inp),$inp
	1791	lea 16($out),$out
	1792	sub \$16,%r10
	1793	test \$-16,%r10
	1794	mov %r10,$_len
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1795	jnz .Lcbc_fast_enc_loop
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1796	mov $_ivp,%rbp # restore ivp
	1797	mov $s0,0(%rbp) # save ivec
	1798	mov $s1,4(%rbp)
	1799	mov $s2,8(%rbp)
	1800	mov $s3,12(%rbp)
	1801
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1802	jmp .Lcbc_fast_cleanup
	1803
	1804	#----------------------------- DECRYPT -----------------------------#
	1805	.align 16
	1806	.LFAST_DECRYPT:
	1807	cmp $inp,$out
	1808	je .Lcbc_fast_dec_in_place
	1809
	1810	mov %rbp,$ivec
	1811	.align 4
	1812	.Lcbc_fast_dec_loop:
	1813	mov 0($inp),$s0 # read input
	1814	mov 4($inp),$s1
	1815	mov 8($inp),$s2
	1816	mov 12($inp),$s3
	1817	mov $keyp,$key # restore key
	1818	mov $inp,$_inp # if ($verticalspin) save inp
	1819
	1820	call _x86_64_AES_decrypt
	1821
	1822	mov $ivec,%rbp # load ivp
	1823	mov $_inp,$inp # if ($verticalspin) restore inp
	1824	mov $_len,%r10 # load len
	1825	xor 0(%rbp),$s0 # xor iv
	1826	xor 4(%rbp),$s1
	1827	xor 8(%rbp),$s2
	1828	xor 12(%rbp),$s3
	1829	mov $inp,%rbp # current input, next iv
	1830
	1831	sub \$16,%r10
	1832	mov %r10,$_len # update len
	1833	mov %rbp,$ivec # update ivp
	1834
	1835	mov $s0,0($out) # write output
	1836	mov $s1,4($out)
	1837	mov $s2,8($out)
	1838	mov $s3,12($out)
	1839
	1840	lea 16($inp),$inp
	1841	lea 16($out),$out
	1842	jnz .Lcbc_fast_dec_loop
	1843	mov $_ivp,%r12 # load user ivp
	1844	mov 0(%rbp),%r10 # load iv
	1845	mov 8(%rbp),%r11
	1846	mov %r10,0(%r12) # copy back to user
	1847	mov %r11,8(%r12)
	1848	jmp .Lcbc_fast_cleanup
	1849
	1850	.align 16
	1851	.Lcbc_fast_dec_in_place:
	1852	mov 0(%rbp),%r10 # copy iv to stack
	1853	mov 8(%rbp),%r11
	1854	mov %r10,0+$ivec
	1855	mov %r11,8+$ivec
	1856	.align 4
	1857	.Lcbc_fast_dec_in_place_loop:
	1858	mov 0($inp),$s0 # load input
	1859	mov 4($inp),$s1
	1860	mov 8($inp),$s2
	1861	mov 12($inp),$s3
	1862	mov $keyp,$key # restore key
	1863	mov $inp,$_inp # if ($verticalspin) save inp
	1864
	1865	call _x86_64_AES_decrypt
1866
1867	mov $_inp,$inp # if ($verticalspin) restore inp
1868	mov $_len,%r10
1869	xor 0+$ivec,$s0
1870	xor 4+$ivec,$s1
1871	xor 8+$ivec,$s2
1872	xor 12+$ivec,$s3
1873
1874	mov 0($inp),%r11 # load input
1875	mov 8($inp),%r12
1876	sub \$16,%r10
1877	jz .Lcbc_fast_dec_in_place_done
1878
1879	mov %r11,0+$ivec # copy input to iv
1880	mov %r12,8+$ivec
1881
1882	mov $s0,0($out) # save output [zaps input]
1883	mov $s1,4($out)
1884	mov $s2,8($out)
1885	mov $s3,12($out)
1886
1887	lea 16($inp),$inp
1888	lea 16($out),$out
1889	mov %r10,$_len
1890	jmp .Lcbc_fast_dec_in_place_loop
1891	.Lcbc_fast_dec_in_place_done:
1892	mov $_ivp,%rdi
1893	mov %r11,0(%rdi) # copy iv back to user
1894	mov %r12,8(%rdi)
1895
1896	mov $s0,0($out) # save output [zaps input]
1897	mov $s1,4($out)
1898	mov $s2,8($out)
1899	mov $s3,12($out)
1900
1901	.align 4
1902	.Lcbc_fast_cleanup:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	1903	cmpl \$0,$mark # was the key schedule copied?
	1904	lea $aes_key,%rdi
	1905	je .Lcbc_exit
	1906	mov \$240/8,%ecx
	1907	xor %rax,%rax
	1908	.long 0x90AB48F3 # rep stosq
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	1909
	1910	jmp .Lcbc_exit
	1911
	1912	#--------------------------- SLOW ROUTINE ---------------------------#
	1913	.align 16
	1914	.Lcbc_slow_prologue:
	1915	# allocate aligned stack frame...
	1916	lea -88(%rsp),%rbp
	1917	and \$-64,%rbp
	1918	# ... just "above" key schedule
	1919	lea -88-63(%rcx),%r10
	1920	sub %rbp,%r10
	1921	neg %r10
	1922	and \$0x3c0,%r10
	1923	sub %r10,%rbp
	1924
	1925	xchg %rsp,%rbp
	1926	#add \$8,%rsp # reserve for return address!
	1927	mov %rbp,$_rsp # save %rsp
	1928	.Lcbc_slow_body:
	1929	#mov %rdi,$_inp # save copy of inp
	1930	#mov %rsi,$_out # save copy of out
	1931	#mov %rdx,$_len # save copy of len
	1932	#mov %rcx,$_key # save copy of key
	1933	mov %r8,$_ivp # save copy of ivp
	1934	mov %r8,%rbp # rearrange input arguments
	1935	mov %r9,%rbx
	1936	mov %rsi,$out
	1937	mov %rdi,$inp
	1938	mov %rcx,$key
	1939	mov %rdx,%r10
	1940
	1941	mov 240($key),%eax
	1942	mov $key,$keyp # save key pointer
	1943	shl \$4,%eax
	1944	lea ($key,%rax),%rax
	1945	mov %rax,$keyend
	1946
	1947	# pick Te4 copy which can't "overlap" with stack frame or key scdedule
	1948	lea 2048($sbox),$sbox
	1949	lea 768-8(%rsp),%rax
	1950	sub $sbox,%rax
	1951	and \$0x300,%rax
	1952	lea ($sbox,%rax),$sbox
	1953
	1954	cmp \$0,%rbx
	1955	je .LSLOW_DECRYPT
	1956
	1957	#--------------------------- SLOW ENCRYPT ---------------------------#
	1958	test \$-16,%r10 # check upon length
	1959	mov 0(%rbp),$s0 # load iv
	1960	mov 4(%rbp),$s1
	1961	mov 8(%rbp),$s2
	1962	mov 12(%rbp),$s3
	1963	jz .Lcbc_slow_enc_tail # short input...
	1964
	1965	.align 4
	1966	.Lcbc_slow_enc_loop:
	1967	xor 0($inp),$s0
	1968	xor 4($inp),$s1
	1969	xor 8($inp),$s2
	1970	xor 12($inp),$s3
	1971	mov $keyp,$key # restore key
	1972	mov $inp,$_inp # save inp
1973	mov $out,$_out # save out
1974	mov %r10,$_len # save len
1975
1976	call _x86_64_AES_encrypt_compact
1977
1978	mov $_inp,$inp # restore inp
1979	mov $_out,$out # restore out
1980	mov $_len,%r10 # restore len
1981	mov $s0,0($out)
1982	mov $s1,4($out)
1983	mov $s2,8($out)
1984	mov $s3,12($out)
1985
1986	lea 16($inp),$inp
1987	lea 16($out),$out
1988	sub \$16,%r10
1989	test \$-16,%r10
1990	jnz .Lcbc_slow_enc_loop
1991	test \$15,%r10
1992	jnz .Lcbc_slow_enc_tail
1993	mov $_ivp,%rbp # restore ivp
1994	mov $s0,0(%rbp) # save ivec
1995	mov $s1,4(%rbp)
1996	mov $s2,8(%rbp)
1997	mov $s3,12(%rbp)
1998
1999	jmp .Lcbc_exit
2000
2001	.align 4
2002	.Lcbc_slow_enc_tail:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2003	mov %rax,%r11
	2004	mov %rcx,%r12
	2005	mov %r10,%rcx
	2006	mov $inp,%rsi
	2007	mov $out,%rdi
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2008	.long 0x9066A4F3 # rep movsb
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2009	mov \$16,%rcx # zero tail
	2010	sub %r10,%rcx
	2011	xor %rax,%rax
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2012	.long 0x9066AAF3 # rep stosb
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2013	mov $out,$inp # this is not a mistake!
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2014	mov \$16,%r10 # len=16
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2015	mov %r11,%rax
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2016	mov %r12,%rcx
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2017	jmp .Lcbc_slow_enc_loop # one more spin...
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2018	#--------------------------- SLOW DECRYPT ---------------------------#
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2019	.align 16
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2020	.LSLOW_DECRYPT:
	2021	shr \$3,%rax
	2022	add %rax,$sbox # recall "magic" constants!
	2023
	2024	mov 0(%rbp),%r11 # copy iv to stack
	2025	mov 8(%rbp),%r12
	2026	mov %r11,0+$ivec
	2027	mov %r12,8+$ivec
	2028
	2029	.align 4
	2030	.Lcbc_slow_dec_loop:
	2031	mov 0($inp),$s0 # load input
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2032	mov 4($inp),$s1
	2033	mov 8($inp),$s2
	2034	mov 12($inp),$s3
	2035	mov $keyp,$key # restore key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2036	mov $inp,$_inp # save inp
	2037	mov $out,$_out # save out
	2038	mov %r10,$_len # save len
	2039
	2040	call _x86_64_AES_decrypt_compact
	2041
	2042	mov $_inp,$inp # restore inp
	2043	mov $_out,$out # restore out
	2044	mov $_len,%r10
	2045	xor 0+$ivec,$s0
	2046	xor 4+$ivec,$s1
	2047	xor 8+$ivec,$s2
	2048	xor 12+$ivec,$s3
	2049
	2050	mov 0($inp),%r11 # load input
	2051	mov 8($inp),%r12
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2052	sub \$16,%r10
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2053	jc .Lcbc_slow_dec_partial
	2054	jz .Lcbc_slow_dec_done
	2055
	2056	mov %r11,0+$ivec # copy input to iv
	2057	mov %r12,8+$ivec
	2058
	2059	mov $s0,0($out) # save output [can zap input]
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2060	mov $s1,4($out)
	2061	mov $s2,8($out)
	2062	mov $s3,12($out)
	2063
	2064	lea 16($inp),$inp
	2065	lea 16($out),$out
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2066	jmp .Lcbc_slow_dec_loop
	2067	.Lcbc_slow_dec_done:
	2068	mov $_ivp,%rdi
	2069	mov %r11,0(%rdi) # copy iv back to user
	2070	mov %r12,8(%rdi)
	2071
	2072	mov $s0,0($out) # save output [can zap input]
	2073	mov $s1,4($out)
	2074	mov $s2,8($out)
	2075	mov $s3,12($out)
	2076
	2077	jmp .Lcbc_exit
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2078
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2079	.align 4
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2080	.Lcbc_slow_dec_partial:
	2081	mov $_ivp,%rdi
	2082	mov %r11,0(%rdi) # copy iv back to user
	2083	mov %r12,8(%rdi)
	2084
	2085	mov $s0,0+$ivec # save output to stack
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2086	mov $s1,4+$ivec
	2087	mov $s2,8+$ivec
	2088	mov $s3,12+$ivec
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2089
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2090	mov $out,%rdi
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2091	lea $ivec,%rsi
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2092	lea 16(%r10),%rcx
	2093	.long 0x9066A4F3 # rep movsb
	2094	jmp .Lcbc_exit
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2095
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2096	.align 16
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2097	.Lcbc_exit:
	2098	mov $_rsp,%rsi
	2099	mov (%rsi),%r15
	2100	mov 8(%rsi),%r14
	2101	mov 16(%rsi),%r13
	2102	mov 24(%rsi),%r12
	2103	mov 32(%rsi),%rbp
	2104	mov 40(%rsi),%rbx
	2105	lea 48(%rsi),%rsp
	2106	.Lcbc_popfq:
	2107	popfq
	2108	.Lcbc_epilogue:
	2109	ret
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2110	.size AES_cbc_encrypt,.-AES_cbc_encrypt
	2111	___
	2112	}
	2113
	2114	$code.=<<___;
	2115	.align 64
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2116	.LAES_Te:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2117	___
	2118	&_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
	2119	&_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
	2120	&_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
	2121	&_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
	2122	&_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
	2123	&_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
	2124	&_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
	2125	&_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
	2126	&_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
	2127	&_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
	2128	&_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
	2129	&_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
	2130	&_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
	2131	&_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
	2132	&_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
	2133	&_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
	2134	&_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
	2135	&_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
	2136	&_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
	2137	&_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
	2138	&_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
	2139	&_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
	2140	&_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
	2141	&_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
	2142	&_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
	2143	&_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
	2144	&_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
	2145	&_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
	2146	&_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
	2147	&_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
	2148	&_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
	2149	&_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
	2150	&_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
	2151	&_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
	2152	&_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
	2153	&_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
	2154	&_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
	2155	&_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
	2156	&_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
	2157	&_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
	2158	&_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
	2159	&_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
	2160	&_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
	2161	&_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
	2162	&_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
	2163	&_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
	2164	&_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
	2165	&_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
	2166	&_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
	2167	&_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
	2168	&_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
	2169	&_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
	2170	&_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
	2171	&_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
	2172	&_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
	2173	&_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
	2174	&_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
	2175	&_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
	2176	&_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
	2177	&_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
	2178	&_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
	2179	&_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
	2180	&_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
2181	&_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2182
	2183	#Te4 # four copies of Te4 to choose from to avoid L1 aliasing
	2184	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
	2185	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
	2186	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
	2187	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
	2188	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
	2189	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
	2190	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
	2191	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
	2192	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
	2193	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
	2194	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
	2195	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
	2196	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
	2197	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
	2198	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
	2199	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
	2200	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
	2201	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
	2202	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
	2203	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
	2204	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
	2205	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
	2206	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
	2207	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
	2208	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
	2209	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
	2210	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
	2211	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
	2212	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
	2213	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
	2214	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
	2215	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
	2216
	2217	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
	2218	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
	2219	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
	2220	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
	2221	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
	2222	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
	2223	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
	2224	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
	2225	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
	2226	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
	2227	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
	2228	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
	2229	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
	2230	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
	2231	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
	2232	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
	2233	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
	2234	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
	2235	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
	2236	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
	2237	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
	2238	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
	2239	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
	2240	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
	2241	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
	2242	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
	2243	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
	2244	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
	2245	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
2246	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
2247	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
2248	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
2249
2250	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
2251	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
2252	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
2253	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
2254	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
2255	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
2256	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
2257	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
2258	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
2259	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
2260	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
2261	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
2262	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
2263	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
2264	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
2265	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
2266	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
2267	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
2268	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
2269	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
2270	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
2271	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
2272	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
2273	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
2274	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
2275	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
2276	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
2277	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
2278	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
2279	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
2280	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
2281	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
2282
2283	&data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5);
2284	&data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76);
2285	&data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0);
2286	&data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0);
2287	&data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc);
2288	&data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15);
2289	&data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a);
2290	&data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75);
2291	&data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0);
2292	&data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84);
2293	&data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b);
2294	&data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf);
2295	&data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85);
2296	&data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8);
2297	&data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5);
2298	&data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2);
2299	&data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17);
2300	&data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73);
2301	&data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88);
2302	&data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb);
2303	&data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c);
2304	&data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79);
2305	&data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9);
2306	&data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08);
2307	&data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6);
2308	&data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a);
2309	&data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e);
2310	&data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e);
2311	&data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94);
2312	&data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf);
2313	&data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68);
2314	&data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16);
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2315	#rcon:
	2316	$code.=<<___;
	2317	.long 0x00000001, 0x00000002, 0x00000004, 0x00000008
	2318	.long 0x00000010, 0x00000020, 0x00000040, 0x00000080
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2319	.long 0x0000001b, 0x00000036, 0x80808080, 0x80808080
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2320	.long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2321	___
	2322	$code.=<<___;
	2323	.align 64
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2324	.LAES_Td:
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2325	___
	2326	&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
	2327	&_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
	2328	&_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
	2329	&_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
	2330	&_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
	2331	&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
	2332	&_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
	2333	&_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
	2334	&_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
	2335	&_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
	2336	&_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
	2337	&_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
	2338	&_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
	2339	&_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
	2340	&_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
	2341	&_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
	2342	&_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
	2343	&_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
	2344	&_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
	2345	&_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
	2346	&_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
	2347	&_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
	2348	&_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
	2349	&_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
	2350	&_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
	2351	&_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
	2352	&_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
	2353	&_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
	2354	&_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
	2355	&_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
	2356	&_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
	2357	&_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
	2358	&_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
	2359	&_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
	2360	&_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
	2361	&_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
	2362	&_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
	2363	&_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
	2364	&_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
	2365	&_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
	2366	&_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
	2367	&_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
	2368	&_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
	2369	&_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
	2370	&_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
	2371	&_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
	2372	&_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
	2373	&_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
	2374	&_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
	2375	&_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
	2376	&_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
	2377	&_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
	2378	&_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
	2379	&_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
	2380	&_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
	2381	&_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
	2382	&_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
	2383	&_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
	2384	&_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
	2385	&_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
	2386	&_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
	2387	&_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
	2388	&_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
2389	&_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2390
	2391	#Td4: # four copies of Td4 to choose from to avoid L1 aliasing
	2392	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
	2393	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
	2394	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
	2395	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
	2396	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
	2397	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
	2398	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
	2399	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
	2400	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
	2401	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
	2402	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
	2403	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
	2404	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
	2405	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
	2406	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
	2407	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
	2408	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
	2409	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
	2410	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
	2411	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
	2412	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
	2413	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
	2414	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
	2415	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
	2416	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
	2417	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
	2418	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
	2419	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
	2420	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
	2421	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
	2422	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
	2423	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
	2424	$code.=<<___;
	2425	.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
	2426	.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
	2427	___
	2428	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
	2429	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
	2430	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
	2431	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
	2432	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
	2433	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
	2434	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
	2435	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
	2436	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
	2437	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
	2438	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
	2439	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
	2440	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
	2441	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
	2442	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
	2443	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
	2444	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
	2445	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
	2446	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
	2447	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
	2448	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
	2449	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
	2450	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
	2451	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
	2452	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
	2453	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
2454	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
2455	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
2456	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
2457	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
2458	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
2459	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
2460	$code.=<<___;
2461	.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
2462	.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
2463	___
2464	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
2465	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
2466	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
2467	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
2468	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
2469	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
2470	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
2471	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
2472	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
2473	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
2474	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
2475	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
2476	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
2477	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
2478	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
2479	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
2480	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
2481	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
2482	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
2483	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
2484	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
2485	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
2486	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
2487	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
2488	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
2489	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
2490	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
2491	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
2492	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
2493	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
2494	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
2495	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
2496	$code.=<<___;
2497	.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
2498	.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
2499	___
2500	&data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
2501	&data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
2502	&data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
2503	&data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
2504	&data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
2505	&data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
2506	&data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
2507	&data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
2508	&data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
2509	&data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
2510	&data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
2511	&data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
2512	&data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
2513	&data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
2514	&data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
2515	&data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
2516	&data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
2517	&data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
2518	&data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
2519	&data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
2520	&data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
2521	&data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
2522	&data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
2523	&data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
2524	&data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
2525	&data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
2526	&data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
2527	&data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
2528	&data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
2529	&data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
2530	&data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
2531	&data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
2532	$code.=<<___;
2533	.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
2534	.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
2535	.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
2536	.align 64
2537	___
2538
2539	# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
2540	# CONTEXT context,DISPATCHER_CONTEXT disp)
2541	if ($win64) {
2542	$rec="%rcx";
2543	$frame="%rdx";
2544	$context="%r8";
2545	$disp="%r9";
2546
2547	$code.=<<___;
2548	.extern __imp_RtlVirtualUnwind
2549	.type block_se_handler,\@abi-omnipotent
2550	.align 16
2551	block_se_handler:
2552	push %rsi
2553	push %rdi
2554	push %rbx
2555	push %rbp
2556	push %r12
2557	push %r13
2558	push %r14
2559	push %r15
2560	pushfq
2561	sub \$64,%rsp
2562
2563	mov 120($context),%rax # pull context->Rax
2564	mov 248($context),%rbx # pull context->Rip
2565
2566	mov 8($disp),%rsi # disp->ImageBase
2567	mov 56($disp),%r11 # disp->HandlerData
2568
2569	mov 0(%r11),%r10d # HandlerData[0]
2570	lea (%rsi,%r10),%r10 # prologue label
2571	cmp %r10,%rbx # context->Rip<prologue label
2572	jb .Lin_block_prologue
2573
2574	mov 152($context),%rax # pull context->Rsp
2575
2576	mov 4(%r11),%r10d # HandlerData[1]
2577	lea (%rsi,%r10),%r10 # epilogue label
2578	cmp %r10,%rbx # context->Rip>=epilogue label
2579	jae .Lin_block_prologue
2580
2581	mov 24(%rax),%rax # pull saved real stack pointer
2582	lea 48(%rax),%rax # adjust...
2583
2584	mov -8(%rax),%rbx
2585	mov -16(%rax),%rbp
2586	mov -24(%rax),%r12
2587	mov -32(%rax),%r13
2588	mov -40(%rax),%r14
2589	mov -48(%rax),%r15
2590	mov %rbx,144($context) # restore context->Rbx
2591	mov %rbp,160($context) # restore context->Rbp
2592	mov %r12,216($context) # restore context->R12
2593	mov %r13,224($context) # restore context->R13
2594	mov %r14,232($context) # restore context->R14
2595	mov %r15,240($context) # restore context->R15
2596
2597	.Lin_block_prologue:
2598	mov 8(%rax),%rdi
2599	mov 16(%rax),%rsi
2600	mov %rax,152($context) # restore context->Rsp
2601	mov %rsi,168($context) # restore context->Rsi
2602	mov %rdi,176($context) # restore context->Rdi
2603
2604	jmp .Lcommon_seh_exit
2605	.size block_se_handler,.-block_se_handler
2606
2607	.type key_se_handler,\@abi-omnipotent
2608	.align 16
2609	key_se_handler:
2610	push %rsi
2611	push %rdi
2612	push %rbx
2613	push %rbp
2614	push %r12
2615	push %r13
2616	push %r14
2617	push %r15
2618	pushfq
2619	sub \$64,%rsp
2620
2621	mov 120($context),%rax # pull context->Rax
2622	mov 248($context),%rbx # pull context->Rip
2623
2624	mov 8($disp),%rsi # disp->ImageBase
2625	mov 56($disp),%r11 # disp->HandlerData
2626
2627	mov 0(%r11),%r10d # HandlerData[0]
2628	lea (%rsi,%r10),%r10 # prologue label
2629	cmp %r10,%rbx # context->Rip<prologue label
2630	jb .Lin_key_prologue
2631
2632	mov 152($context),%rax # pull context->Rsp
2633
2634	mov 4(%r11),%r10d # HandlerData[1]
2635	lea (%rsi,%r10),%r10 # epilogue label
2636	cmp %r10,%rbx # context->Rip>=epilogue label
2637	jae .Lin_key_prologue
2638
2639	lea 56(%rax),%rax
2640
2641	mov -8(%rax),%rbx
2642	mov -16(%rax),%rbp
2643	mov -24(%rax),%r12
2644	mov -32(%rax),%r13
2645	mov -40(%rax),%r14
2646	mov -48(%rax),%r15
2647	mov %rbx,144($context) # restore context->Rbx
2648	mov %rbp,160($context) # restore context->Rbp
2649	mov %r12,216($context) # restore context->R12
2650	mov %r13,224($context) # restore context->R13
2651	mov %r14,232($context) # restore context->R14
2652	mov %r15,240($context) # restore context->R15
2653
2654	.Lin_key_prologue:
2655	mov 8(%rax),%rdi
2656	mov 16(%rax),%rsi
2657	mov %rax,152($context) # restore context->Rsp
2658	mov %rsi,168($context) # restore context->Rsi
2659	mov %rdi,176($context) # restore context->Rdi
2660
2661	jmp .Lcommon_seh_exit
2662	.size key_se_handler,.-key_se_handler
2663
2664	.type cbc_se_handler,\@abi-omnipotent
2665	.align 16
2666	cbc_se_handler:
2667	push %rsi
2668	push %rdi
2669	push %rbx
2670	push %rbp
2671	push %r12
2672	push %r13
2673	push %r14
2674	push %r15
2675	pushfq
2676	sub \$64,%rsp
2677
2678	mov 120($context),%rax # pull context->Rax
2679	mov 248($context),%rbx # pull context->Rip
2680
2681	lea .Lcbc_prologue(%rip),%r10
2682	cmp %r10,%rbx # context->Rip<.Lcbc_prologue
2683	jb .Lin_cbc_prologue
2684
2685	lea .Lcbc_fast_body(%rip),%r10
2686	cmp %r10,%rbx # context->Rip<.Lcbc_fast_body
2687	jb .Lin_cbc_frame_setup
2688
2689	lea .Lcbc_slow_prologue(%rip),%r10
2690	cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue
2691	jb .Lin_cbc_body
2692
2693	lea .Lcbc_slow_body(%rip),%r10
2694	cmp %r10,%rbx # context->Rip<.Lcbc_slow_body
2695	jb .Lin_cbc_frame_setup
2696
2697	.Lin_cbc_body:
2698	mov 152($context),%rax # pull context->Rsp
2699
2700	lea .Lcbc_epilogue(%rip),%r10
2701	cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue
2702	jae .Lin_cbc_prologue
2703
2704	lea 8(%rax),%rax
2705
2706	lea .Lcbc_popfq(%rip),%r10
2707	cmp %r10,%rbx # context->Rip>=.Lcbc_popfq
2708	jae .Lin_cbc_prologue
2709
2710	mov `16-8`(%rax),%rax # biased $_rsp
2711	lea 56(%rax),%rax
2712
2713	.Lin_cbc_frame_setup:
2714	mov -16(%rax),%rbx
2715	mov -24(%rax),%rbp
2716	mov -32(%rax),%r12
2717	mov -40(%rax),%r13
2718	mov -48(%rax),%r14
2719	mov -56(%rax),%r15
2720	mov %rbx,144($context) # restore context->Rbx
2721	mov %rbp,160($context) # restore context->Rbp
2722	mov %r12,216($context) # restore context->R12
2723	mov %r13,224($context) # restore context->R13
2724	mov %r14,232($context) # restore context->R14
2725	mov %r15,240($context) # restore context->R15
2726
2727	.Lin_cbc_prologue:
2728	mov 8(%rax),%rdi
2729	mov 16(%rax),%rsi
2730	mov %rax,152($context) # restore context->Rsp
2731	mov %rsi,168($context) # restore context->Rsi
2732	mov %rdi,176($context) # restore context->Rdi
2733
2734	.Lcommon_seh_exit:
2735
2736	mov 40($disp),%rdi # disp->ContextRecord
2737	mov $context,%rsi # context
2738	mov \$`1232/8`,%ecx # sizeof(CONTEXT)
2739	.long 0xa548f3fc # cld; rep movsq
2740
2741	mov $disp,%rsi
2742	xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
2743	mov 8(%rsi),%rdx # arg2, disp->ImageBase
2744	mov 0(%rsi),%r8 # arg3, disp->ControlPc
2745	mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
2746	mov 40(%rsi),%r10 # disp->ContextRecord
2747	lea 56(%rsi),%r11 # &disp->HandlerData
2748	lea 24(%rsi),%r12 # &disp->EstablisherFrame
2749	mov %r10,32(%rsp) # arg5
2750	mov %r11,40(%rsp) # arg6
2751	mov %r12,48(%rsp) # arg7
2752	mov %rcx,56(%rsp) # arg8, (NULL)
2753	call *__imp_RtlVirtualUnwind(%rip)
2754
2755	mov \$1,%eax # ExceptionContinueSearch
2756	add \$64,%rsp
2757	popfq
2758	pop %r15
2759	pop %r14
2760	pop %r13
2761	pop %r12
2762	pop %rbp
2763	pop %rbx
2764	pop %rdi
2765	pop %rsi
2766	ret
2767	.size cbc_se_handler,.-cbc_se_handler
2768
2769	.section .pdata
2770	.align 4
2771	.rva .LSEH_begin_AES_encrypt
2772	.rva .LSEH_end_AES_encrypt
2773	.rva .LSEH_info_AES_encrypt
2774
2775	.rva .LSEH_begin_AES_decrypt
2776	.rva .LSEH_end_AES_decrypt
2777	.rva .LSEH_info_AES_decrypt
2778
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	2779	.rva .LSEH_begin_private_AES_set_encrypt_key
	2780	.rva .LSEH_end_private_AES_set_encrypt_key
	2781	.rva .LSEH_info_private_AES_set_encrypt_key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2782
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	2783	.rva .LSEH_begin_private_AES_set_decrypt_key
	2784	.rva .LSEH_end_private_AES_set_decrypt_key
	2785	.rva .LSEH_info_private_AES_set_decrypt_key
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2786
	2787	.rva .LSEH_begin_AES_cbc_encrypt
	2788	.rva .LSEH_end_AES_cbc_encrypt
	2789	.rva .LSEH_info_AES_cbc_encrypt
	2790
	2791	.section .xdata
	2792	.align 8
	2793	.LSEH_info_AES_encrypt:
	2794	.byte 9,0,0,0
	2795	.rva block_se_handler
	2796	.rva .Lenc_prologue,.Lenc_epilogue # HandlerData[]
	2797	.LSEH_info_AES_decrypt:
	2798	.byte 9,0,0,0
	2799	.rva block_se_handler
	2800	.rva .Ldec_prologue,.Ldec_epilogue # HandlerData[]
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	2801	.LSEH_info_private_AES_set_encrypt_key:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2802	.byte 9,0,0,0
	2803	.rva key_se_handler
	2804	.rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[]
1.2.6 by Kurt Roeckx Import upstream version 1.0.1	2805	.LSEH_info_private_AES_set_decrypt_key:
1.1.11 by Kurt Roeckx Import upstream version 1.0.0c	2806	.byte 9,0,0,0
	2807	.rva key_se_handler
	2808	.rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[]
	2809	.LSEH_info_AES_cbc_encrypt:
	2810	.byte 9,0,0,0
	2811	.rva cbc_se_handler
	2812	___
	2813	}
1.1.7 by Kurt Roeckx Import upstream version 0.9.8k	2814
	2815	$code =~ s/\`([^\`]*)\`/eval($1)/gem;
	2816
	2817	print $code;
	2818
	2819	close STDOUT;