| blob | 6012b0ce2847ba62b02a14ce1154efbd7218711b |
1 #if defined(__arm__)
2 #include <openssl/arm_arch.h>
4 #if __ARM_MAX_ARCH__>=7
5 .text
6 .arch armv7-a
7 .fpu neon
8 .code 32
9 .align 5
10 .Lrcon:
11 .long 0x01,0x01,0x01,0x01
12 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat
13 .long 0x1b,0x1b,0x1b,0x1b
15 .globl aes_v8_set_encrypt_key
16 .type aes_v8_set_encrypt_key,%function
17 .align 5
18 aes_v8_set_encrypt_key:
19 .Lenc_key:
20 mov r3,#-1
21 cmp r0,#0
22 beq .Lenc_key_abort
23 cmp r2,#0
24 beq .Lenc_key_abort
25 mov r3,#-2
26 cmp r1,#128
27 blt .Lenc_key_abort
28 cmp r1,#256
29 bgt .Lenc_key_abort
30 tst r1,#0x3f
31 bne .Lenc_key_abort
33 adr r3,.Lrcon
34 cmp r1,#192
36 veor q0,q0,q0
37 vld1.8 {q3},[r0]!
38 mov r1,#8 @ reuse r1
39 vld1.32 {q1,q2},[r3]!
41 blt .Loop128
42 beq .L192
43 b .L256
45 .align 4
46 .Loop128:
47 vtbl.8 d20,{q3},d4
48 vtbl.8 d21,{q3},d5
49 vext.8 q9,q0,q3,#12
50 vst1.32 {q3},[r2]!
51 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
52 subs r1,r1,#1
54 veor q3,q3,q9
55 vext.8 q9,q0,q9,#12
56 veor q3,q3,q9
57 vext.8 q9,q0,q9,#12
58 veor q10,q10,q1
59 veor q3,q3,q9
60 vshl.u8 q1,q1,#1
61 veor q3,q3,q10
62 bne .Loop128
64 vld1.32 {q1},[r3]
66 vtbl.8 d20,{q3},d4
67 vtbl.8 d21,{q3},d5
68 vext.8 q9,q0,q3,#12
69 vst1.32 {q3},[r2]!
70 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
72 veor q3,q3,q9
73 vext.8 q9,q0,q9,#12
74 veor q3,q3,q9
75 vext.8 q9,q0,q9,#12
76 veor q10,q10,q1
77 veor q3,q3,q9
78 vshl.u8 q1,q1,#1
79 veor q3,q3,q10
81 vtbl.8 d20,{q3},d4
82 vtbl.8 d21,{q3},d5
83 vext.8 q9,q0,q3,#12
84 vst1.32 {q3},[r2]!
85 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
87 veor q3,q3,q9
88 vext.8 q9,q0,q9,#12
89 veor q3,q3,q9
90 vext.8 q9,q0,q9,#12
91 veor q10,q10,q1
92 veor q3,q3,q9
93 veor q3,q3,q10
94 vst1.32 {q3},[r2]
95 add r2,r2,#0x50
97 mov r12,#10
98 b .Ldone
100 .align 4
101 .L192:
102 vld1.8 {d16},[r0]!
103 vmov.i8 q10,#8 @ borrow q10
104 vst1.32 {q3},[r2]!
105 vsub.i8 q2,q2,q10 @ adjust the mask
107 .Loop192:
108 vtbl.8 d20,{q8},d4
109 vtbl.8 d21,{q8},d5
110 vext.8 q9,q0,q3,#12
111 vst1.32 {d16},[r2]!
112 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
113 subs r1,r1,#1
115 veor q3,q3,q9
116 vext.8 q9,q0,q9,#12
117 veor q3,q3,q9
118 vext.8 q9,q0,q9,#12
119 veor q3,q3,q9
121 vdup.32 q9,d7[1]
122 veor q9,q9,q8
123 veor q10,q10,q1
124 vext.8 q8,q0,q8,#12
125 vshl.u8 q1,q1,#1
126 veor q8,q8,q9
127 veor q3,q3,q10
128 veor q8,q8,q10
129 vst1.32 {q3},[r2]!
130 bne .Loop192
132 mov r12,#12
133 add r2,r2,#0x20
134 b .Ldone
136 .align 4
137 .L256:
138 vld1.8 {q8},[r0]
139 mov r1,#7
140 mov r12,#14
141 vst1.32 {q3},[r2]!
143 .Loop256:
144 vtbl.8 d20,{q8},d4
145 vtbl.8 d21,{q8},d5
146 vext.8 q9,q0,q3,#12
147 vst1.32 {q8},[r2]!
148 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
149 subs r1,r1,#1
151 veor q3,q3,q9
152 vext.8 q9,q0,q9,#12
153 veor q3,q3,q9
154 vext.8 q9,q0,q9,#12
155 veor q10,q10,q1
156 veor q3,q3,q9
157 vshl.u8 q1,q1,#1
158 veor q3,q3,q10
159 vst1.32 {q3},[r2]!
160 beq .Ldone
162 vdup.32 q10,d7[1]
163 vext.8 q9,q0,q8,#12
164 .byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0
166 veor q8,q8,q9
167 vext.8 q9,q0,q9,#12
168 veor q8,q8,q9
169 vext.8 q9,q0,q9,#12
170 veor q8,q8,q9
172 veor q8,q8,q10
173 b .Loop256
175 .Ldone:
176 str r12,[r2]
177 mov r3,#0
179 .Lenc_key_abort:
180 mov r0,r3 @ return value
182 bx lr
183 .size aes_v8_set_encrypt_key,.-aes_v8_set_encrypt_key
185 .globl aes_v8_set_decrypt_key
186 .type aes_v8_set_decrypt_key,%function
187 .align 5
188 aes_v8_set_decrypt_key:
189 stmdb sp!,{r4,lr}
190 bl .Lenc_key
192 cmp r0,#0
193 bne .Ldec_key_abort
195 sub r2,r2,#240 @ restore original r2
196 mov r4,#-16
197 add r0,r2,r12,lsl#4 @ end of key schedule
199 vld1.32 {q0},[r2]
200 vld1.32 {q1},[r0]
201 vst1.32 {q0},[r0],r4
202 vst1.32 {q1},[r2]!
204 .Loop_imc:
205 vld1.32 {q0},[r2]
206 vld1.32 {q1},[r0]
207 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
208 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
209 vst1.32 {q0},[r0],r4
210 vst1.32 {q1},[r2]!
211 cmp r0,r2
212 bhi .Loop_imc
214 vld1.32 {q0},[r2]
215 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
216 vst1.32 {q0},[r0]
218 eor r0,r0,r0 @ return value
219 .Ldec_key_abort:
220 ldmia sp!,{r4,pc}
221 .size aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key
222 .globl aes_v8_encrypt
223 .type aes_v8_encrypt,%function
224 .align 5
225 aes_v8_encrypt:
226 ldr r3,[r2,#240]
227 vld1.32 {q0},[r2]!
228 vld1.8 {q2},[r0]
229 sub r3,r3,#2
230 vld1.32 {q1},[r2]!
232 .Loop_enc:
233 .byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0
234 .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
235 vld1.32 {q0},[r2]!
236 subs r3,r3,#2
237 .byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1
238 .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
239 vld1.32 {q1},[r2]!
240 bgt .Loop_enc
242 .byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0
243 .byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2
244 vld1.32 {q0},[r2]
245 .byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1
246 veor q2,q2,q0
248 vst1.8 {q2},[r1]
249 bx lr
250 .size aes_v8_encrypt,.-aes_v8_encrypt
251 .globl aes_v8_decrypt
252 .type aes_v8_decrypt,%function
253 .align 5
254 aes_v8_decrypt:
255 ldr r3,[r2,#240]
256 vld1.32 {q0},[r2]!
257 vld1.8 {q2},[r0]
258 sub r3,r3,#2
259 vld1.32 {q1},[r2]!
261 .Loop_dec:
262 .byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0
263 .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
264 vld1.32 {q0},[r2]!
265 subs r3,r3,#2
266 .byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1
267 .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
268 vld1.32 {q1},[r2]!
269 bgt .Loop_dec
271 .byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0
272 .byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2
273 vld1.32 {q0},[r2]
274 .byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1
275 veor q2,q2,q0
277 vst1.8 {q2},[r1]
278 bx lr
279 .size aes_v8_decrypt,.-aes_v8_decrypt
280 .globl aes_v8_cbc_encrypt
281 .type aes_v8_cbc_encrypt,%function
282 .align 5
283 aes_v8_cbc_encrypt:
284 mov ip,sp
285 stmdb sp!,{r4,r5,r6,r7,r8,lr}
286 vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
287 ldmia ip,{r4,r5} @ load remaining args
288 subs r2,r2,#16
289 mov r8,#16
290 blo .Lcbc_abort
291 moveq r8,#0
293 cmp r5,#0 @ en- or decrypting?
294 ldr r5,[r3,#240]
295 and r2,r2,#-16
296 vld1.8 {q6},[r4]
297 vld1.8 {q0},[r0],r8
299 vld1.32 {q8,q9},[r3] @ load key schedule...
300 sub r5,r5,#6
301 add r7,r3,r5,lsl#4 @ pointer to last 7 round keys
302 sub r5,r5,#2
303 vld1.32 {q10,q11},[r7]!
304 vld1.32 {q12,q13},[r7]!
305 vld1.32 {q14,q15},[r7]!
306 vld1.32 {q7},[r7]
308 add r7,r3,#32
309 mov r6,r5
310 beq .Lcbc_dec
312 cmp r5,#2
313 veor q0,q0,q6
314 veor q5,q8,q7
315 beq .Lcbc_enc128
317 vld1.32 {q2,q3},[r7]
318 add r7,r3,#16
319 add r6,r3,#16*4
320 add r12,r3,#16*5
321 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
322 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
323 add r14,r3,#16*6
324 add r3,r3,#16*7
325 b .Lenter_cbc_enc
327 .align 4
328 .Loop_cbc_enc:
329 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
330 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
331 vst1.8 {q6},[r1]!
332 .Lenter_cbc_enc:
333 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
334 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
335 .byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2
336 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
337 vld1.32 {q8},[r6]
338 cmp r5,#4
339 .byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3
340 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
341 vld1.32 {q9},[r12]
342 beq .Lcbc_enc192
344 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
345 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
346 vld1.32 {q8},[r14]
347 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
348 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
349 vld1.32 {q9},[r3]
350 nop
352 .Lcbc_enc192:
353 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
354 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
355 subs r2,r2,#16
356 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
357 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
358 moveq r8,#0
359 .byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10
360 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
361 .byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11
362 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
363 vld1.8 {q8},[r0],r8
364 .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
365 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
366 veor q8,q8,q5
367 .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
368 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
369 vld1.32 {q9},[r7] @ re-pre-load rndkey[1]
370 .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
371 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
372 .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
373 veor q6,q0,q7
374 bhs .Loop_cbc_enc
376 vst1.8 {q6},[r1]!
377 b .Lcbc_done
379 .align 5
380 .Lcbc_enc128:
381 vld1.32 {q2,q3},[r7]
382 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
383 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
384 b .Lenter_cbc_enc128
385 .Loop_cbc_enc128:
386 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
387 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
388 vst1.8 {q6},[r1]!
389 .Lenter_cbc_enc128:
390 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
391 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
392 subs r2,r2,#16
393 .byte 0x04,0x03,0xb0,0xf3 @ aese q0,q2
394 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
395 moveq r8,#0
396 .byte 0x06,0x03,0xb0,0xf3 @ aese q0,q3
397 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
398 .byte 0x24,0x03,0xb0,0xf3 @ aese q0,q10
399 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
400 .byte 0x26,0x03,0xb0,0xf3 @ aese q0,q11
401 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
402 vld1.8 {q8},[r0],r8
403 .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
404 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
405 .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
406 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
407 .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
408 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
409 veor q8,q8,q5
410 .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
411 veor q6,q0,q7
412 bhs .Loop_cbc_enc128
414 vst1.8 {q6},[r1]!
415 b .Lcbc_done
416 .align 5
417 .Lcbc_dec:
418 vld1.8 {q10},[r0]!
419 subs r2,r2,#32 @ bias
420 add r6,r5,#2
421 vorr q3,q0,q0
422 vorr q1,q0,q0
423 vorr q11,q10,q10
424 blo .Lcbc_dec_tail
426 vorr q1,q10,q10
427 vld1.8 {q10},[r0]!
428 vorr q2,q0,q0
429 vorr q3,q1,q1
430 vorr q11,q10,q10
432 .Loop3x_cbc_dec:
433 .byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8
434 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
435 .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
436 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
437 .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
438 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
439 vld1.32 {q8},[r7]!
440 subs r6,r6,#2
441 .byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9
442 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
443 .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
444 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
445 .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
446 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
447 vld1.32 {q9},[r7]!
448 bgt .Loop3x_cbc_dec
450 .byte 0x60,0x03,0xb0,0xf3 @ aesd q0,q8
451 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
452 .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
453 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
454 .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
455 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
456 veor q4,q6,q7
457 subs r2,r2,#0x30
458 veor q5,q2,q7
459 movlo r6,r2 @ r6, r6, is zero at this point
460 .byte 0x62,0x03,0xb0,0xf3 @ aesd q0,q9
461 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
462 .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
463 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
464 .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
465 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
466 veor q9,q3,q7
467 add r0,r0,r6 @ r0 is adjusted in such way that
468 @ at exit from the loop q1-q10
469 @ are loaded with last "words"
470 vorr q6,q11,q11
471 mov r7,r3
472 .byte 0x68,0x03,0xb0,0xf3 @ aesd q0,q12
473 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
474 .byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12
475 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
476 .byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12
477 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
478 vld1.8 {q2},[r0]!
479 .byte 0x6a,0x03,0xb0,0xf3 @ aesd q0,q13
480 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
481 .byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13
482 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
483 .byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13
484 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
485 vld1.8 {q3},[r0]!
486 .byte 0x6c,0x03,0xb0,0xf3 @ aesd q0,q14
487 .byte 0xc0,0x03,0xb0,0xf3 @ aesimc q0,q0
488 .byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14
489 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
490 .byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14
491 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
492 vld1.8 {q11},[r0]!
493 .byte 0x6e,0x03,0xb0,0xf3 @ aesd q0,q15
494 .byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15
495 .byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15
496 vld1.32 {q8},[r7]! @ re-pre-load rndkey[0]
497 add r6,r5,#2
498 veor q4,q4,q0
499 veor q5,q5,q1
500 veor q10,q10,q9
501 vld1.32 {q9},[r7]! @ re-pre-load rndkey[1]
502 vst1.8 {q4},[r1]!
503 vorr q0,q2,q2
504 vst1.8 {q5},[r1]!
505 vorr q1,q3,q3
506 vst1.8 {q10},[r1]!
507 vorr q10,q11,q11
508 bhs .Loop3x_cbc_dec
510 cmn r2,#0x30
511 beq .Lcbc_done
512 nop
514 .Lcbc_dec_tail:
515 .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
516 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
517 .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
518 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
519 vld1.32 {q8},[r7]!
520 subs r6,r6,#2
521 .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
522 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
523 .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
524 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
525 vld1.32 {q9},[r7]!
526 bgt .Lcbc_dec_tail
528 .byte 0x60,0x23,0xb0,0xf3 @ aesd q1,q8
529 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
530 .byte 0x60,0x43,0xf0,0xf3 @ aesd q10,q8
531 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
532 .byte 0x62,0x23,0xb0,0xf3 @ aesd q1,q9
533 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
534 .byte 0x62,0x43,0xf0,0xf3 @ aesd q10,q9
535 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
536 .byte 0x68,0x23,0xb0,0xf3 @ aesd q1,q12
537 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
538 .byte 0x68,0x43,0xf0,0xf3 @ aesd q10,q12
539 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
540 cmn r2,#0x20
541 .byte 0x6a,0x23,0xb0,0xf3 @ aesd q1,q13
542 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
543 .byte 0x6a,0x43,0xf0,0xf3 @ aesd q10,q13
544 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
545 veor q5,q6,q7
546 .byte 0x6c,0x23,0xb0,0xf3 @ aesd q1,q14
547 .byte 0xc2,0x23,0xb0,0xf3 @ aesimc q1,q1
548 .byte 0x6c,0x43,0xf0,0xf3 @ aesd q10,q14
549 .byte 0xe4,0x43,0xf0,0xf3 @ aesimc q10,q10
550 veor q9,q3,q7
551 .byte 0x6e,0x23,0xb0,0xf3 @ aesd q1,q15
552 .byte 0x6e,0x43,0xf0,0xf3 @ aesd q10,q15
553 beq .Lcbc_dec_one
554 veor q5,q5,q1
555 veor q9,q9,q10
556 vorr q6,q11,q11
557 vst1.8 {q5},[r1]!
558 vst1.8 {q9},[r1]!
559 b .Lcbc_done
561 .Lcbc_dec_one:
562 veor q5,q5,q10
563 vorr q6,q11,q11
564 vst1.8 {q5},[r1]!
566 .Lcbc_done:
567 vst1.8 {q6},[r4]
568 .Lcbc_abort:
569 vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
570 ldmia sp!,{r4,r5,r6,r7,r8,pc}
571 .size aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt
572 .globl aes_v8_ctr32_encrypt_blocks
573 .type aes_v8_ctr32_encrypt_blocks,%function
574 .align 5
575 aes_v8_ctr32_encrypt_blocks:
576 mov ip,sp
577 stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,lr}
578 vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so
579 ldr r4, [ip] @ load remaining arg
580 ldr r5,[r3,#240]
582 ldr r8, [r4, #12]
583 vld1.32 {q0},[r4]
585 vld1.32 {q8,q9},[r3] @ load key schedule...
586 sub r5,r5,#4
587 mov r12,#16
588 cmp r2,#2
589 add r7,r3,r5,lsl#4 @ pointer to last 5 round keys
590 sub r5,r5,#2
591 vld1.32 {q12,q13},[r7]!
592 vld1.32 {q14,q15},[r7]!
593 vld1.32 {q7},[r7]
594 add r7,r3,#32
595 mov r6,r5
596 movlo r12,#0
597 #ifndef __ARMEB__
598 rev r8, r8
599 #endif
600 vorr q1,q0,q0
601 add r10, r8, #1
602 vorr q10,q0,q0
603 add r8, r8, #2
604 vorr q6,q0,q0
605 rev r10, r10
606 vmov.32 d3[1],r10
607 bls .Lctr32_tail
608 rev r12, r8
609 sub r2,r2,#3 @ bias
610 vmov.32 d21[1],r12
611 b .Loop3x_ctr32
613 .align 4
614 .Loop3x_ctr32:
615 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
616 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
617 .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
618 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
619 .byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8
620 .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
621 vld1.32 {q8},[r7]!
622 subs r6,r6,#2
623 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
624 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
625 .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
626 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
627 .byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9
628 .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
629 vld1.32 {q9},[r7]!
630 bgt .Loop3x_ctr32
632 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
633 .byte 0x80,0x83,0xb0,0xf3 @ aesmc q4,q0
634 .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
635 .byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1
636 vld1.8 {q2},[r0]!
637 vorr q0,q6,q6
638 .byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8
639 .byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10
640 vld1.8 {q3},[r0]!
641 vorr q1,q6,q6
642 .byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9
643 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
644 .byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9
645 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
646 vld1.8 {q11},[r0]!
647 mov r7,r3
648 .byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9
649 .byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10
650 vorr q10,q6,q6
651 add r9,r8,#1
652 .byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12
653 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
654 .byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12
655 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
656 veor q2,q2,q7
657 add r10,r8,#2
658 .byte 0x28,0x23,0xf0,0xf3 @ aese q9,q12
659 .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
660 veor q3,q3,q7
661 add r8,r8,#3
662 .byte 0x2a,0x83,0xb0,0xf3 @ aese q4,q13
663 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
664 .byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13
665 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
666 veor q11,q11,q7
667 rev r9,r9
668 .byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13
669 .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
670 vmov.32 d1[1], r9
671 rev r10,r10
672 .byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14
673 .byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4
674 .byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14
675 .byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5
676 vmov.32 d3[1], r10
677 rev r12,r8
678 .byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14
679 .byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9
680 vmov.32 d21[1], r12
681 subs r2,r2,#3
682 .byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15
683 .byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15
684 .byte 0x2e,0x23,0xf0,0xf3 @ aese q9,q15
686 veor q2,q2,q4
687 vld1.32 {q8},[r7]! @ re-pre-load rndkey[0]
688 vst1.8 {q2},[r1]!
689 veor q3,q3,q5
690 mov r6,r5
691 vst1.8 {q3},[r1]!
692 veor q11,q11,q9
693 vld1.32 {q9},[r7]! @ re-pre-load rndkey[1]
694 vst1.8 {q11},[r1]!
695 bhs .Loop3x_ctr32
697 adds r2,r2,#3
698 beq .Lctr32_done
699 cmp r2,#1
700 mov r12,#16
701 moveq r12,#0
703 .Lctr32_tail:
704 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
705 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
706 .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
707 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
708 vld1.32 {q8},[r7]!
709 subs r6,r6,#2
710 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
711 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
712 .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
713 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
714 vld1.32 {q9},[r7]!
715 bgt .Lctr32_tail
717 .byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8
718 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
719 .byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8
720 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
721 .byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9
722 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
723 .byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9
724 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
725 vld1.8 {q2},[r0],r12
726 .byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12
727 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
728 .byte 0x28,0x23,0xb0,0xf3 @ aese q1,q12
729 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
730 vld1.8 {q3},[r0]
731 .byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13
732 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
733 .byte 0x2a,0x23,0xb0,0xf3 @ aese q1,q13
734 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
735 veor q2,q2,q7
736 .byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14
737 .byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0
738 .byte 0x2c,0x23,0xb0,0xf3 @ aese q1,q14
739 .byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1
740 veor q3,q3,q7
741 .byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15
742 .byte 0x2e,0x23,0xb0,0xf3 @ aese q1,q15
744 cmp r2,#1
745 veor q2,q2,q0
746 veor q3,q3,q1
747 vst1.8 {q2},[r1]!
748 beq .Lctr32_done
749 vst1.8 {q3},[r1]
751 .Lctr32_done:
752 vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15}
753 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc}
754 .size aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks
755 #endif
756 #endif