| blob | 69b22c26b9369848e7dd0b09e401aca5948e8e1d |
1 #if defined(__x86_64__)
2 .text
4 .globl _aesni_encrypt
5 .private_extern _aesni_encrypt
7 .p2align 4
8 _aesni_encrypt:
9 movups (%rdi),%xmm2
10 movl 240(%rdx),%eax
11 movups (%rdx),%xmm0
12 movups 16(%rdx),%xmm1
13 leaq 32(%rdx),%rdx
14 xorps %xmm0,%xmm2
15 L$oop_enc1_1:
16 .byte 102,15,56,220,209
17 decl %eax
18 movups (%rdx),%xmm1
19 leaq 16(%rdx),%rdx
20 jnz L$oop_enc1_1
21 .byte 102,15,56,221,209
22 pxor %xmm0,%xmm0
23 pxor %xmm1,%xmm1
24 movups %xmm2,(%rsi)
25 pxor %xmm2,%xmm2
26 .byte 0xf3,0xc3
29 .globl _aesni_decrypt
30 .private_extern _aesni_decrypt
32 .p2align 4
33 _aesni_decrypt:
34 movups (%rdi),%xmm2
35 movl 240(%rdx),%eax
36 movups (%rdx),%xmm0
37 movups 16(%rdx),%xmm1
38 leaq 32(%rdx),%rdx
39 xorps %xmm0,%xmm2
40 L$oop_dec1_2:
41 .byte 102,15,56,222,209
42 decl %eax
43 movups (%rdx),%xmm1
44 leaq 16(%rdx),%rdx
45 jnz L$oop_dec1_2
46 .byte 102,15,56,223,209
47 pxor %xmm0,%xmm0
48 pxor %xmm1,%xmm1
49 movups %xmm2,(%rsi)
50 pxor %xmm2,%xmm2
51 .byte 0xf3,0xc3
54 .p2align 4
55 _aesni_encrypt2:
56 movups (%rcx),%xmm0
57 shll $4,%eax
58 movups 16(%rcx),%xmm1
59 xorps %xmm0,%xmm2
60 xorps %xmm0,%xmm3
61 movups 32(%rcx),%xmm0
62 leaq 32(%rcx,%rax,1),%rcx
63 negq %rax
64 addq $16,%rax
66 L$enc_loop2:
67 .byte 102,15,56,220,209
68 .byte 102,15,56,220,217
69 movups (%rcx,%rax,1),%xmm1
70 addq $32,%rax
71 .byte 102,15,56,220,208
72 .byte 102,15,56,220,216
73 movups -16(%rcx,%rax,1),%xmm0
74 jnz L$enc_loop2
76 .byte 102,15,56,220,209
77 .byte 102,15,56,220,217
78 .byte 102,15,56,221,208
79 .byte 102,15,56,221,216
80 .byte 0xf3,0xc3
83 .p2align 4
84 _aesni_decrypt2:
85 movups (%rcx),%xmm0
86 shll $4,%eax
87 movups 16(%rcx),%xmm1
88 xorps %xmm0,%xmm2
89 xorps %xmm0,%xmm3
90 movups 32(%rcx),%xmm0
91 leaq 32(%rcx,%rax,1),%rcx
92 negq %rax
93 addq $16,%rax
95 L$dec_loop2:
96 .byte 102,15,56,222,209
97 .byte 102,15,56,222,217
98 movups (%rcx,%rax,1),%xmm1
99 addq $32,%rax
100 .byte 102,15,56,222,208
101 .byte 102,15,56,222,216
102 movups -16(%rcx,%rax,1),%xmm0
103 jnz L$dec_loop2
105 .byte 102,15,56,222,209
106 .byte 102,15,56,222,217
107 .byte 102,15,56,223,208
108 .byte 102,15,56,223,216
109 .byte 0xf3,0xc3
112 .p2align 4
113 _aesni_encrypt3:
114 movups (%rcx),%xmm0
115 shll $4,%eax
116 movups 16(%rcx),%xmm1
117 xorps %xmm0,%xmm2
118 xorps %xmm0,%xmm3
119 xorps %xmm0,%xmm4
120 movups 32(%rcx),%xmm0
121 leaq 32(%rcx,%rax,1),%rcx
122 negq %rax
123 addq $16,%rax
125 L$enc_loop3:
126 .byte 102,15,56,220,209
127 .byte 102,15,56,220,217
128 .byte 102,15,56,220,225
129 movups (%rcx,%rax,1),%xmm1
130 addq $32,%rax
131 .byte 102,15,56,220,208
132 .byte 102,15,56,220,216
133 .byte 102,15,56,220,224
134 movups -16(%rcx,%rax,1),%xmm0
135 jnz L$enc_loop3
137 .byte 102,15,56,220,209
138 .byte 102,15,56,220,217
139 .byte 102,15,56,220,225
140 .byte 102,15,56,221,208
141 .byte 102,15,56,221,216
142 .byte 102,15,56,221,224
143 .byte 0xf3,0xc3
146 .p2align 4
147 _aesni_decrypt3:
148 movups (%rcx),%xmm0
149 shll $4,%eax
150 movups 16(%rcx),%xmm1
151 xorps %xmm0,%xmm2
152 xorps %xmm0,%xmm3
153 xorps %xmm0,%xmm4
154 movups 32(%rcx),%xmm0
155 leaq 32(%rcx,%rax,1),%rcx
156 negq %rax
157 addq $16,%rax
159 L$dec_loop3:
160 .byte 102,15,56,222,209
161 .byte 102,15,56,222,217
162 .byte 102,15,56,222,225
163 movups (%rcx,%rax,1),%xmm1
164 addq $32,%rax
165 .byte 102,15,56,222,208
166 .byte 102,15,56,222,216
167 .byte 102,15,56,222,224
168 movups -16(%rcx,%rax,1),%xmm0
169 jnz L$dec_loop3
171 .byte 102,15,56,222,209
172 .byte 102,15,56,222,217
173 .byte 102,15,56,222,225
174 .byte 102,15,56,223,208
175 .byte 102,15,56,223,216
176 .byte 102,15,56,223,224
177 .byte 0xf3,0xc3
180 .p2align 4
181 _aesni_encrypt4:
182 movups (%rcx),%xmm0
183 shll $4,%eax
184 movups 16(%rcx),%xmm1
185 xorps %xmm0,%xmm2
186 xorps %xmm0,%xmm3
187 xorps %xmm0,%xmm4
188 xorps %xmm0,%xmm5
189 movups 32(%rcx),%xmm0
190 leaq 32(%rcx,%rax,1),%rcx
191 negq %rax
192 .byte 0x0f,0x1f,0x00
193 addq $16,%rax
195 L$enc_loop4:
196 .byte 102,15,56,220,209
197 .byte 102,15,56,220,217
198 .byte 102,15,56,220,225
199 .byte 102,15,56,220,233
200 movups (%rcx,%rax,1),%xmm1
201 addq $32,%rax
202 .byte 102,15,56,220,208
203 .byte 102,15,56,220,216
204 .byte 102,15,56,220,224
205 .byte 102,15,56,220,232
206 movups -16(%rcx,%rax,1),%xmm0
207 jnz L$enc_loop4
209 .byte 102,15,56,220,209
210 .byte 102,15,56,220,217
211 .byte 102,15,56,220,225
212 .byte 102,15,56,220,233
213 .byte 102,15,56,221,208
214 .byte 102,15,56,221,216
215 .byte 102,15,56,221,224
216 .byte 102,15,56,221,232
217 .byte 0xf3,0xc3
220 .p2align 4
221 _aesni_decrypt4:
222 movups (%rcx),%xmm0
223 shll $4,%eax
224 movups 16(%rcx),%xmm1
225 xorps %xmm0,%xmm2
226 xorps %xmm0,%xmm3
227 xorps %xmm0,%xmm4
228 xorps %xmm0,%xmm5
229 movups 32(%rcx),%xmm0
230 leaq 32(%rcx,%rax,1),%rcx
231 negq %rax
232 .byte 0x0f,0x1f,0x00
233 addq $16,%rax
235 L$dec_loop4:
236 .byte 102,15,56,222,209
237 .byte 102,15,56,222,217
238 .byte 102,15,56,222,225
239 .byte 102,15,56,222,233
240 movups (%rcx,%rax,1),%xmm1
241 addq $32,%rax
242 .byte 102,15,56,222,208
243 .byte 102,15,56,222,216
244 .byte 102,15,56,222,224
245 .byte 102,15,56,222,232
246 movups -16(%rcx,%rax,1),%xmm0
247 jnz L$dec_loop4
249 .byte 102,15,56,222,209
250 .byte 102,15,56,222,217
251 .byte 102,15,56,222,225
252 .byte 102,15,56,222,233
253 .byte 102,15,56,223,208
254 .byte 102,15,56,223,216
255 .byte 102,15,56,223,224
256 .byte 102,15,56,223,232
257 .byte 0xf3,0xc3
260 .p2align 4
261 _aesni_encrypt6:
262 movups (%rcx),%xmm0
263 shll $4,%eax
264 movups 16(%rcx),%xmm1
265 xorps %xmm0,%xmm2
266 pxor %xmm0,%xmm3
267 pxor %xmm0,%xmm4
268 .byte 102,15,56,220,209
269 leaq 32(%rcx,%rax,1),%rcx
270 negq %rax
271 .byte 102,15,56,220,217
272 pxor %xmm0,%xmm5
273 pxor %xmm0,%xmm6
274 .byte 102,15,56,220,225
275 pxor %xmm0,%xmm7
276 movups (%rcx,%rax,1),%xmm0
277 addq $16,%rax
278 jmp L$enc_loop6_enter
279 .p2align 4
280 L$enc_loop6:
281 .byte 102,15,56,220,209
282 .byte 102,15,56,220,217
283 .byte 102,15,56,220,225
284 L$enc_loop6_enter:
285 .byte 102,15,56,220,233
286 .byte 102,15,56,220,241
287 .byte 102,15,56,220,249
288 movups (%rcx,%rax,1),%xmm1
289 addq $32,%rax
290 .byte 102,15,56,220,208
291 .byte 102,15,56,220,216
292 .byte 102,15,56,220,224
293 .byte 102,15,56,220,232
294 .byte 102,15,56,220,240
295 .byte 102,15,56,220,248
296 movups -16(%rcx,%rax,1),%xmm0
297 jnz L$enc_loop6
299 .byte 102,15,56,220,209
300 .byte 102,15,56,220,217
301 .byte 102,15,56,220,225
302 .byte 102,15,56,220,233
303 .byte 102,15,56,220,241
304 .byte 102,15,56,220,249
305 .byte 102,15,56,221,208
306 .byte 102,15,56,221,216
307 .byte 102,15,56,221,224
308 .byte 102,15,56,221,232
309 .byte 102,15,56,221,240
310 .byte 102,15,56,221,248
311 .byte 0xf3,0xc3
314 .p2align 4
315 _aesni_decrypt6:
316 movups (%rcx),%xmm0
317 shll $4,%eax
318 movups 16(%rcx),%xmm1
319 xorps %xmm0,%xmm2
320 pxor %xmm0,%xmm3
321 pxor %xmm0,%xmm4
322 .byte 102,15,56,222,209
323 leaq 32(%rcx,%rax,1),%rcx
324 negq %rax
325 .byte 102,15,56,222,217
326 pxor %xmm0,%xmm5
327 pxor %xmm0,%xmm6
328 .byte 102,15,56,222,225
329 pxor %xmm0,%xmm7
330 movups (%rcx,%rax,1),%xmm0
331 addq $16,%rax
332 jmp L$dec_loop6_enter
333 .p2align 4
334 L$dec_loop6:
335 .byte 102,15,56,222,209
336 .byte 102,15,56,222,217
337 .byte 102,15,56,222,225
338 L$dec_loop6_enter:
339 .byte 102,15,56,222,233
340 .byte 102,15,56,222,241
341 .byte 102,15,56,222,249
342 movups (%rcx,%rax,1),%xmm1
343 addq $32,%rax
344 .byte 102,15,56,222,208
345 .byte 102,15,56,222,216
346 .byte 102,15,56,222,224
347 .byte 102,15,56,222,232
348 .byte 102,15,56,222,240
349 .byte 102,15,56,222,248
350 movups -16(%rcx,%rax,1),%xmm0
351 jnz L$dec_loop6
353 .byte 102,15,56,222,209
354 .byte 102,15,56,222,217
355 .byte 102,15,56,222,225
356 .byte 102,15,56,222,233
357 .byte 102,15,56,222,241
358 .byte 102,15,56,222,249
359 .byte 102,15,56,223,208
360 .byte 102,15,56,223,216
361 .byte 102,15,56,223,224
362 .byte 102,15,56,223,232
363 .byte 102,15,56,223,240
364 .byte 102,15,56,223,248
365 .byte 0xf3,0xc3
368 .p2align 4
369 _aesni_encrypt8:
370 movups (%rcx),%xmm0
371 shll $4,%eax
372 movups 16(%rcx),%xmm1
373 xorps %xmm0,%xmm2
374 xorps %xmm0,%xmm3
375 pxor %xmm0,%xmm4
376 pxor %xmm0,%xmm5
377 pxor %xmm0,%xmm6
378 leaq 32(%rcx,%rax,1),%rcx
379 negq %rax
380 .byte 102,15,56,220,209
381 pxor %xmm0,%xmm7
382 pxor %xmm0,%xmm8
383 .byte 102,15,56,220,217
384 pxor %xmm0,%xmm9
385 movups (%rcx,%rax,1),%xmm0
386 addq $16,%rax
387 jmp L$enc_loop8_inner
388 .p2align 4
389 L$enc_loop8:
390 .byte 102,15,56,220,209
391 .byte 102,15,56,220,217
392 L$enc_loop8_inner:
393 .byte 102,15,56,220,225
394 .byte 102,15,56,220,233
395 .byte 102,15,56,220,241
396 .byte 102,15,56,220,249
397 .byte 102,68,15,56,220,193
398 .byte 102,68,15,56,220,201
399 L$enc_loop8_enter:
400 movups (%rcx,%rax,1),%xmm1
401 addq $32,%rax
402 .byte 102,15,56,220,208
403 .byte 102,15,56,220,216
404 .byte 102,15,56,220,224
405 .byte 102,15,56,220,232
406 .byte 102,15,56,220,240
407 .byte 102,15,56,220,248
408 .byte 102,68,15,56,220,192
409 .byte 102,68,15,56,220,200
410 movups -16(%rcx,%rax,1),%xmm0
411 jnz L$enc_loop8
413 .byte 102,15,56,220,209
414 .byte 102,15,56,220,217
415 .byte 102,15,56,220,225
416 .byte 102,15,56,220,233
417 .byte 102,15,56,220,241
418 .byte 102,15,56,220,249
419 .byte 102,68,15,56,220,193
420 .byte 102,68,15,56,220,201
421 .byte 102,15,56,221,208
422 .byte 102,15,56,221,216
423 .byte 102,15,56,221,224
424 .byte 102,15,56,221,232
425 .byte 102,15,56,221,240
426 .byte 102,15,56,221,248
427 .byte 102,68,15,56,221,192
428 .byte 102,68,15,56,221,200
429 .byte 0xf3,0xc3
432 .p2align 4
433 _aesni_decrypt8:
434 movups (%rcx),%xmm0
435 shll $4,%eax
436 movups 16(%rcx),%xmm1
437 xorps %xmm0,%xmm2
438 xorps %xmm0,%xmm3
439 pxor %xmm0,%xmm4
440 pxor %xmm0,%xmm5
441 pxor %xmm0,%xmm6
442 leaq 32(%rcx,%rax,1),%rcx
443 negq %rax
444 .byte 102,15,56,222,209
445 pxor %xmm0,%xmm7
446 pxor %xmm0,%xmm8
447 .byte 102,15,56,222,217
448 pxor %xmm0,%xmm9
449 movups (%rcx,%rax,1),%xmm0
450 addq $16,%rax
451 jmp L$dec_loop8_inner
452 .p2align 4
453 L$dec_loop8:
454 .byte 102,15,56,222,209
455 .byte 102,15,56,222,217
456 L$dec_loop8_inner:
457 .byte 102,15,56,222,225
458 .byte 102,15,56,222,233
459 .byte 102,15,56,222,241
460 .byte 102,15,56,222,249
461 .byte 102,68,15,56,222,193
462 .byte 102,68,15,56,222,201
463 L$dec_loop8_enter:
464 movups (%rcx,%rax,1),%xmm1
465 addq $32,%rax
466 .byte 102,15,56,222,208
467 .byte 102,15,56,222,216
468 .byte 102,15,56,222,224
469 .byte 102,15,56,222,232
470 .byte 102,15,56,222,240
471 .byte 102,15,56,222,248
472 .byte 102,68,15,56,222,192
473 .byte 102,68,15,56,222,200
474 movups -16(%rcx,%rax,1),%xmm0
475 jnz L$dec_loop8
477 .byte 102,15,56,222,209
478 .byte 102,15,56,222,217
479 .byte 102,15,56,222,225
480 .byte 102,15,56,222,233
481 .byte 102,15,56,222,241
482 .byte 102,15,56,222,249
483 .byte 102,68,15,56,222,193
484 .byte 102,68,15,56,222,201
485 .byte 102,15,56,223,208
486 .byte 102,15,56,223,216
487 .byte 102,15,56,223,224
488 .byte 102,15,56,223,232
489 .byte 102,15,56,223,240
490 .byte 102,15,56,223,248
491 .byte 102,68,15,56,223,192
492 .byte 102,68,15,56,223,200
493 .byte 0xf3,0xc3
495 .globl _aesni_ecb_encrypt
496 .private_extern _aesni_ecb_encrypt
498 .p2align 4
499 _aesni_ecb_encrypt:
500 andq $-16,%rdx
501 jz L$ecb_ret
503 movl 240(%rcx),%eax
504 movups (%rcx),%xmm0
505 movq %rcx,%r11
506 movl %eax,%r10d
507 testl %r8d,%r8d
508 jz L$ecb_decrypt
510 cmpq $128,%rdx
511 jb L$ecb_enc_tail
513 movdqu (%rdi),%xmm2
514 movdqu 16(%rdi),%xmm3
515 movdqu 32(%rdi),%xmm4
516 movdqu 48(%rdi),%xmm5
517 movdqu 64(%rdi),%xmm6
518 movdqu 80(%rdi),%xmm7
519 movdqu 96(%rdi),%xmm8
520 movdqu 112(%rdi),%xmm9
521 leaq 128(%rdi),%rdi
522 subq $128,%rdx
523 jmp L$ecb_enc_loop8_enter
524 .p2align 4
525 L$ecb_enc_loop8:
526 movups %xmm2,(%rsi)
527 movq %r11,%rcx
528 movdqu (%rdi),%xmm2
529 movl %r10d,%eax
530 movups %xmm3,16(%rsi)
531 movdqu 16(%rdi),%xmm3
532 movups %xmm4,32(%rsi)
533 movdqu 32(%rdi),%xmm4
534 movups %xmm5,48(%rsi)
535 movdqu 48(%rdi),%xmm5
536 movups %xmm6,64(%rsi)
537 movdqu 64(%rdi),%xmm6
538 movups %xmm7,80(%rsi)
539 movdqu 80(%rdi),%xmm7
540 movups %xmm8,96(%rsi)
541 movdqu 96(%rdi),%xmm8
542 movups %xmm9,112(%rsi)
543 leaq 128(%rsi),%rsi
544 movdqu 112(%rdi),%xmm9
545 leaq 128(%rdi),%rdi
546 L$ecb_enc_loop8_enter:
548 call _aesni_encrypt8
550 subq $128,%rdx
551 jnc L$ecb_enc_loop8
553 movups %xmm2,(%rsi)
554 movq %r11,%rcx
555 movups %xmm3,16(%rsi)
556 movl %r10d,%eax
557 movups %xmm4,32(%rsi)
558 movups %xmm5,48(%rsi)
559 movups %xmm6,64(%rsi)
560 movups %xmm7,80(%rsi)
561 movups %xmm8,96(%rsi)
562 movups %xmm9,112(%rsi)
563 leaq 128(%rsi),%rsi
564 addq $128,%rdx
565 jz L$ecb_ret
567 L$ecb_enc_tail:
568 movups (%rdi),%xmm2
569 cmpq $32,%rdx
570 jb L$ecb_enc_one
571 movups 16(%rdi),%xmm3
572 je L$ecb_enc_two
573 movups 32(%rdi),%xmm4
574 cmpq $64,%rdx
575 jb L$ecb_enc_three
576 movups 48(%rdi),%xmm5
577 je L$ecb_enc_four
578 movups 64(%rdi),%xmm6
579 cmpq $96,%rdx
580 jb L$ecb_enc_five
581 movups 80(%rdi),%xmm7
582 je L$ecb_enc_six
583 movdqu 96(%rdi),%xmm8
584 xorps %xmm9,%xmm9
585 call _aesni_encrypt8
586 movups %xmm2,(%rsi)
587 movups %xmm3,16(%rsi)
588 movups %xmm4,32(%rsi)
589 movups %xmm5,48(%rsi)
590 movups %xmm6,64(%rsi)
591 movups %xmm7,80(%rsi)
592 movups %xmm8,96(%rsi)
593 jmp L$ecb_ret
594 .p2align 4
595 L$ecb_enc_one:
596 movups (%rcx),%xmm0
597 movups 16(%rcx),%xmm1
598 leaq 32(%rcx),%rcx
599 xorps %xmm0,%xmm2
600 L$oop_enc1_3:
601 .byte 102,15,56,220,209
602 decl %eax
603 movups (%rcx),%xmm1
604 leaq 16(%rcx),%rcx
605 jnz L$oop_enc1_3
606 .byte 102,15,56,221,209
607 movups %xmm2,(%rsi)
608 jmp L$ecb_ret
609 .p2align 4
610 L$ecb_enc_two:
611 call _aesni_encrypt2
612 movups %xmm2,(%rsi)
613 movups %xmm3,16(%rsi)
614 jmp L$ecb_ret
615 .p2align 4
616 L$ecb_enc_three:
617 call _aesni_encrypt3
618 movups %xmm2,(%rsi)
619 movups %xmm3,16(%rsi)
620 movups %xmm4,32(%rsi)
621 jmp L$ecb_ret
622 .p2align 4
623 L$ecb_enc_four:
624 call _aesni_encrypt4
625 movups %xmm2,(%rsi)
626 movups %xmm3,16(%rsi)
627 movups %xmm4,32(%rsi)
628 movups %xmm5,48(%rsi)
629 jmp L$ecb_ret
630 .p2align 4
631 L$ecb_enc_five:
632 xorps %xmm7,%xmm7
633 call _aesni_encrypt6
634 movups %xmm2,(%rsi)
635 movups %xmm3,16(%rsi)
636 movups %xmm4,32(%rsi)
637 movups %xmm5,48(%rsi)
638 movups %xmm6,64(%rsi)
639 jmp L$ecb_ret
640 .p2align 4
641 L$ecb_enc_six:
642 call _aesni_encrypt6
643 movups %xmm2,(%rsi)
644 movups %xmm3,16(%rsi)
645 movups %xmm4,32(%rsi)
646 movups %xmm5,48(%rsi)
647 movups %xmm6,64(%rsi)
648 movups %xmm7,80(%rsi)
649 jmp L$ecb_ret
651 .p2align 4
652 L$ecb_decrypt:
653 cmpq $128,%rdx
654 jb L$ecb_dec_tail
656 movdqu (%rdi),%xmm2
657 movdqu 16(%rdi),%xmm3
658 movdqu 32(%rdi),%xmm4
659 movdqu 48(%rdi),%xmm5
660 movdqu 64(%rdi),%xmm6
661 movdqu 80(%rdi),%xmm7
662 movdqu 96(%rdi),%xmm8
663 movdqu 112(%rdi),%xmm9
664 leaq 128(%rdi),%rdi
665 subq $128,%rdx
666 jmp L$ecb_dec_loop8_enter
667 .p2align 4
668 L$ecb_dec_loop8:
669 movups %xmm2,(%rsi)
670 movq %r11,%rcx
671 movdqu (%rdi),%xmm2
672 movl %r10d,%eax
673 movups %xmm3,16(%rsi)
674 movdqu 16(%rdi),%xmm3
675 movups %xmm4,32(%rsi)
676 movdqu 32(%rdi),%xmm4
677 movups %xmm5,48(%rsi)
678 movdqu 48(%rdi),%xmm5
679 movups %xmm6,64(%rsi)
680 movdqu 64(%rdi),%xmm6
681 movups %xmm7,80(%rsi)
682 movdqu 80(%rdi),%xmm7
683 movups %xmm8,96(%rsi)
684 movdqu 96(%rdi),%xmm8
685 movups %xmm9,112(%rsi)
686 leaq 128(%rsi),%rsi
687 movdqu 112(%rdi),%xmm9
688 leaq 128(%rdi),%rdi
689 L$ecb_dec_loop8_enter:
691 call _aesni_decrypt8
693 movups (%r11),%xmm0
694 subq $128,%rdx
695 jnc L$ecb_dec_loop8
697 movups %xmm2,(%rsi)
698 pxor %xmm2,%xmm2
699 movq %r11,%rcx
700 movups %xmm3,16(%rsi)
701 pxor %xmm3,%xmm3
702 movl %r10d,%eax
703 movups %xmm4,32(%rsi)
704 pxor %xmm4,%xmm4
705 movups %xmm5,48(%rsi)
706 pxor %xmm5,%xmm5
707 movups %xmm6,64(%rsi)
708 pxor %xmm6,%xmm6
709 movups %xmm7,80(%rsi)
710 pxor %xmm7,%xmm7
711 movups %xmm8,96(%rsi)
712 pxor %xmm8,%xmm8
713 movups %xmm9,112(%rsi)
714 pxor %xmm9,%xmm9
715 leaq 128(%rsi),%rsi
716 addq $128,%rdx
717 jz L$ecb_ret
719 L$ecb_dec_tail:
720 movups (%rdi),%xmm2
721 cmpq $32,%rdx
722 jb L$ecb_dec_one
723 movups 16(%rdi),%xmm3
724 je L$ecb_dec_two
725 movups 32(%rdi),%xmm4
726 cmpq $64,%rdx
727 jb L$ecb_dec_three
728 movups 48(%rdi),%xmm5
729 je L$ecb_dec_four
730 movups 64(%rdi),%xmm6
731 cmpq $96,%rdx
732 jb L$ecb_dec_five
733 movups 80(%rdi),%xmm7
734 je L$ecb_dec_six
735 movups 96(%rdi),%xmm8
736 movups (%rcx),%xmm0
737 xorps %xmm9,%xmm9
738 call _aesni_decrypt8
739 movups %xmm2,(%rsi)
740 pxor %xmm2,%xmm2
741 movups %xmm3,16(%rsi)
742 pxor %xmm3,%xmm3
743 movups %xmm4,32(%rsi)
744 pxor %xmm4,%xmm4
745 movups %xmm5,48(%rsi)
746 pxor %xmm5,%xmm5
747 movups %xmm6,64(%rsi)
748 pxor %xmm6,%xmm6
749 movups %xmm7,80(%rsi)
750 pxor %xmm7,%xmm7
751 movups %xmm8,96(%rsi)
752 pxor %xmm8,%xmm8
753 pxor %xmm9,%xmm9
754 jmp L$ecb_ret
755 .p2align 4
756 L$ecb_dec_one:
757 movups (%rcx),%xmm0
758 movups 16(%rcx),%xmm1
759 leaq 32(%rcx),%rcx
760 xorps %xmm0,%xmm2
761 L$oop_dec1_4:
762 .byte 102,15,56,222,209
763 decl %eax
764 movups (%rcx),%xmm1
765 leaq 16(%rcx),%rcx
766 jnz L$oop_dec1_4
767 .byte 102,15,56,223,209
768 movups %xmm2,(%rsi)
769 pxor %xmm2,%xmm2
770 jmp L$ecb_ret
771 .p2align 4
772 L$ecb_dec_two:
773 call _aesni_decrypt2
774 movups %xmm2,(%rsi)
775 pxor %xmm2,%xmm2
776 movups %xmm3,16(%rsi)
777 pxor %xmm3,%xmm3
778 jmp L$ecb_ret
779 .p2align 4
780 L$ecb_dec_three:
781 call _aesni_decrypt3
782 movups %xmm2,(%rsi)
783 pxor %xmm2,%xmm2
784 movups %xmm3,16(%rsi)
785 pxor %xmm3,%xmm3
786 movups %xmm4,32(%rsi)
787 pxor %xmm4,%xmm4
788 jmp L$ecb_ret
789 .p2align 4
790 L$ecb_dec_four:
791 call _aesni_decrypt4
792 movups %xmm2,(%rsi)
793 pxor %xmm2,%xmm2
794 movups %xmm3,16(%rsi)
795 pxor %xmm3,%xmm3
796 movups %xmm4,32(%rsi)
797 pxor %xmm4,%xmm4
798 movups %xmm5,48(%rsi)
799 pxor %xmm5,%xmm5
800 jmp L$ecb_ret
801 .p2align 4
802 L$ecb_dec_five:
803 xorps %xmm7,%xmm7
804 call _aesni_decrypt6
805 movups %xmm2,(%rsi)
806 pxor %xmm2,%xmm2
807 movups %xmm3,16(%rsi)
808 pxor %xmm3,%xmm3
809 movups %xmm4,32(%rsi)
810 pxor %xmm4,%xmm4
811 movups %xmm5,48(%rsi)
812 pxor %xmm5,%xmm5
813 movups %xmm6,64(%rsi)
814 pxor %xmm6,%xmm6
815 pxor %xmm7,%xmm7
816 jmp L$ecb_ret
817 .p2align 4
818 L$ecb_dec_six:
819 call _aesni_decrypt6
820 movups %xmm2,(%rsi)
821 pxor %xmm2,%xmm2
822 movups %xmm3,16(%rsi)
823 pxor %xmm3,%xmm3
824 movups %xmm4,32(%rsi)
825 pxor %xmm4,%xmm4
826 movups %xmm5,48(%rsi)
827 pxor %xmm5,%xmm5
828 movups %xmm6,64(%rsi)
829 pxor %xmm6,%xmm6
830 movups %xmm7,80(%rsi)
831 pxor %xmm7,%xmm7
833 L$ecb_ret:
834 xorps %xmm0,%xmm0
835 pxor %xmm1,%xmm1
836 .byte 0xf3,0xc3
838 .globl _aesni_ccm64_encrypt_blocks
839 .private_extern _aesni_ccm64_encrypt_blocks
841 .p2align 4
842 _aesni_ccm64_encrypt_blocks:
843 movl 240(%rcx),%eax
844 movdqu (%r8),%xmm6
845 movdqa L$increment64(%rip),%xmm9
846 movdqa L$bswap_mask(%rip),%xmm7
848 shll $4,%eax
849 movl $16,%r10d
850 leaq 0(%rcx),%r11
851 movdqu (%r9),%xmm3
852 movdqa %xmm6,%xmm2
853 leaq 32(%rcx,%rax,1),%rcx
854 .byte 102,15,56,0,247
855 subq %rax,%r10
856 jmp L$ccm64_enc_outer
857 .p2align 4
858 L$ccm64_enc_outer:
859 movups (%r11),%xmm0
860 movq %r10,%rax
861 movups (%rdi),%xmm8
863 xorps %xmm0,%xmm2
864 movups 16(%r11),%xmm1
865 xorps %xmm8,%xmm0
866 xorps %xmm0,%xmm3
867 movups 32(%r11),%xmm0
869 L$ccm64_enc2_loop:
870 .byte 102,15,56,220,209
871 .byte 102,15,56,220,217
872 movups (%rcx,%rax,1),%xmm1
873 addq $32,%rax
874 .byte 102,15,56,220,208
875 .byte 102,15,56,220,216
876 movups -16(%rcx,%rax,1),%xmm0
877 jnz L$ccm64_enc2_loop
878 .byte 102,15,56,220,209
879 .byte 102,15,56,220,217
880 paddq %xmm9,%xmm6
881 decq %rdx
882 .byte 102,15,56,221,208
883 .byte 102,15,56,221,216
885 leaq 16(%rdi),%rdi
886 xorps %xmm2,%xmm8
887 movdqa %xmm6,%xmm2
888 movups %xmm8,(%rsi)
889 .byte 102,15,56,0,215
890 leaq 16(%rsi),%rsi
891 jnz L$ccm64_enc_outer
893 pxor %xmm0,%xmm0
894 pxor %xmm1,%xmm1
895 pxor %xmm2,%xmm2
896 movups %xmm3,(%r9)
897 pxor %xmm3,%xmm3
898 pxor %xmm8,%xmm8
899 pxor %xmm6,%xmm6
900 .byte 0xf3,0xc3
902 .globl _aesni_ccm64_decrypt_blocks
903 .private_extern _aesni_ccm64_decrypt_blocks
905 .p2align 4
906 _aesni_ccm64_decrypt_blocks:
907 movl 240(%rcx),%eax
908 movups (%r8),%xmm6
909 movdqu (%r9),%xmm3
910 movdqa L$increment64(%rip),%xmm9
911 movdqa L$bswap_mask(%rip),%xmm7
913 movaps %xmm6,%xmm2
914 movl %eax,%r10d
915 movq %rcx,%r11
916 .byte 102,15,56,0,247
917 movups (%rcx),%xmm0
918 movups 16(%rcx),%xmm1
919 leaq 32(%rcx),%rcx
920 xorps %xmm0,%xmm2
921 L$oop_enc1_5:
922 .byte 102,15,56,220,209
923 decl %eax
924 movups (%rcx),%xmm1
925 leaq 16(%rcx),%rcx
926 jnz L$oop_enc1_5
927 .byte 102,15,56,221,209
928 shll $4,%r10d
929 movl $16,%eax
930 movups (%rdi),%xmm8
931 paddq %xmm9,%xmm6
932 leaq 16(%rdi),%rdi
933 subq %r10,%rax
934 leaq 32(%r11,%r10,1),%rcx
935 movq %rax,%r10
936 jmp L$ccm64_dec_outer
937 .p2align 4
938 L$ccm64_dec_outer:
939 xorps %xmm2,%xmm8
940 movdqa %xmm6,%xmm2
941 movups %xmm8,(%rsi)
942 leaq 16(%rsi),%rsi
943 .byte 102,15,56,0,215
945 subq $1,%rdx
946 jz L$ccm64_dec_break
948 movups (%r11),%xmm0
949 movq %r10,%rax
950 movups 16(%r11),%xmm1
951 xorps %xmm0,%xmm8
952 xorps %xmm0,%xmm2
953 xorps %xmm8,%xmm3
954 movups 32(%r11),%xmm0
955 jmp L$ccm64_dec2_loop
956 .p2align 4
957 L$ccm64_dec2_loop:
958 .byte 102,15,56,220,209
959 .byte 102,15,56,220,217
960 movups (%rcx,%rax,1),%xmm1
961 addq $32,%rax
962 .byte 102,15,56,220,208
963 .byte 102,15,56,220,216
964 movups -16(%rcx,%rax,1),%xmm0
965 jnz L$ccm64_dec2_loop
966 movups (%rdi),%xmm8
967 paddq %xmm9,%xmm6
968 .byte 102,15,56,220,209
969 .byte 102,15,56,220,217
970 .byte 102,15,56,221,208
971 .byte 102,15,56,221,216
972 leaq 16(%rdi),%rdi
973 jmp L$ccm64_dec_outer
975 .p2align 4
976 L$ccm64_dec_break:
978 movl 240(%r11),%eax
979 movups (%r11),%xmm0
980 movups 16(%r11),%xmm1
981 xorps %xmm0,%xmm8
982 leaq 32(%r11),%r11
983 xorps %xmm8,%xmm3
984 L$oop_enc1_6:
985 .byte 102,15,56,220,217
986 decl %eax
987 movups (%r11),%xmm1
988 leaq 16(%r11),%r11
989 jnz L$oop_enc1_6
990 .byte 102,15,56,221,217
991 pxor %xmm0,%xmm0
992 pxor %xmm1,%xmm1
993 pxor %xmm2,%xmm2
994 movups %xmm3,(%r9)
995 pxor %xmm3,%xmm3
996 pxor %xmm8,%xmm8
997 pxor %xmm6,%xmm6
998 .byte 0xf3,0xc3
1000 .globl _aesni_ctr32_encrypt_blocks
1001 .private_extern _aesni_ctr32_encrypt_blocks
1003 .p2align 4
1004 _aesni_ctr32_encrypt_blocks:
1005 cmpq $1,%rdx
1006 jne L$ctr32_bulk
1010 movups (%r8),%xmm2
1011 movups (%rdi),%xmm3
1012 movl 240(%rcx),%edx
1013 movups (%rcx),%xmm0
1014 movups 16(%rcx),%xmm1
1015 leaq 32(%rcx),%rcx
1016 xorps %xmm0,%xmm2
1017 L$oop_enc1_7:
1018 .byte 102,15,56,220,209
1019 decl %edx
1020 movups (%rcx),%xmm1
1021 leaq 16(%rcx),%rcx
1022 jnz L$oop_enc1_7
1023 .byte 102,15,56,221,209
1024 pxor %xmm0,%xmm0
1025 pxor %xmm1,%xmm1
1026 xorps %xmm3,%xmm2
1027 pxor %xmm3,%xmm3
1028 movups %xmm2,(%rsi)
1029 xorps %xmm2,%xmm2
1030 jmp L$ctr32_epilogue
1032 .p2align 4
1033 L$ctr32_bulk:
1034 leaq (%rsp),%rax
1035 pushq %rbp
1036 subq $128,%rsp
1037 andq $-16,%rsp
1038 leaq -8(%rax),%rbp
1043 movdqu (%r8),%xmm2
1044 movdqu (%rcx),%xmm0
1045 movl 12(%r8),%r8d
1046 pxor %xmm0,%xmm2
1047 movl 12(%rcx),%r11d
1048 movdqa %xmm2,0(%rsp)
1049 bswapl %r8d
1050 movdqa %xmm2,%xmm3
1051 movdqa %xmm2,%xmm4
1052 movdqa %xmm2,%xmm5
1053 movdqa %xmm2,64(%rsp)
1054 movdqa %xmm2,80(%rsp)
1055 movdqa %xmm2,96(%rsp)
1056 movq %rdx,%r10
1057 movdqa %xmm2,112(%rsp)
1059 leaq 1(%r8),%rax
1060 leaq 2(%r8),%rdx
1061 bswapl %eax
1062 bswapl %edx
1063 xorl %r11d,%eax
1064 xorl %r11d,%edx
1065 .byte 102,15,58,34,216,3
1066 leaq 3(%r8),%rax
1067 movdqa %xmm3,16(%rsp)
1068 .byte 102,15,58,34,226,3
1069 bswapl %eax
1070 movq %r10,%rdx
1071 leaq 4(%r8),%r10
1072 movdqa %xmm4,32(%rsp)
1073 xorl %r11d,%eax
1074 bswapl %r10d
1075 .byte 102,15,58,34,232,3
1076 xorl %r11d,%r10d
1077 movdqa %xmm5,48(%rsp)
1078 leaq 5(%r8),%r9
1079 movl %r10d,64+12(%rsp)
1080 bswapl %r9d
1081 leaq 6(%r8),%r10
1082 movl 240(%rcx),%eax
1083 xorl %r11d,%r9d
1084 bswapl %r10d
1085 movl %r9d,80+12(%rsp)
1086 xorl %r11d,%r10d
1087 leaq 7(%r8),%r9
1088 movl %r10d,96+12(%rsp)
1089 bswapl %r9d
1090 movl _OPENSSL_ia32cap_P+4(%rip),%r10d
1091 xorl %r11d,%r9d
1092 andl $71303168,%r10d
1093 movl %r9d,112+12(%rsp)
1095 movups 16(%rcx),%xmm1
1097 movdqa 64(%rsp),%xmm6
1098 movdqa 80(%rsp),%xmm7
1100 cmpq $8,%rdx
1101 jb L$ctr32_tail
1103 subq $6,%rdx
1104 cmpl $4194304,%r10d
1105 je L$ctr32_6x
1107 leaq 128(%rcx),%rcx
1108 subq $2,%rdx
1109 jmp L$ctr32_loop8
1111 .p2align 4
1112 L$ctr32_6x:
1113 shll $4,%eax
1114 movl $48,%r10d
1115 bswapl %r11d
1116 leaq 32(%rcx,%rax,1),%rcx
1117 subq %rax,%r10
1118 jmp L$ctr32_loop6
1120 .p2align 4
1121 L$ctr32_loop6:
1122 addl $6,%r8d
1123 movups -48(%rcx,%r10,1),%xmm0
1124 .byte 102,15,56,220,209
1125 movl %r8d,%eax
1126 xorl %r11d,%eax
1127 .byte 102,15,56,220,217
1128 .byte 0x0f,0x38,0xf1,0x44,0x24,12
1129 leal 1(%r8),%eax
1130 .byte 102,15,56,220,225
1131 xorl %r11d,%eax
1132 .byte 0x0f,0x38,0xf1,0x44,0x24,28
1133 .byte 102,15,56,220,233
1134 leal 2(%r8),%eax
1135 xorl %r11d,%eax
1136 .byte 102,15,56,220,241
1137 .byte 0x0f,0x38,0xf1,0x44,0x24,44
1138 leal 3(%r8),%eax
1139 .byte 102,15,56,220,249
1140 movups -32(%rcx,%r10,1),%xmm1
1141 xorl %r11d,%eax
1143 .byte 102,15,56,220,208
1144 .byte 0x0f,0x38,0xf1,0x44,0x24,60
1145 leal 4(%r8),%eax
1146 .byte 102,15,56,220,216
1147 xorl %r11d,%eax
1148 .byte 0x0f,0x38,0xf1,0x44,0x24,76
1149 .byte 102,15,56,220,224
1150 leal 5(%r8),%eax
1151 xorl %r11d,%eax
1152 .byte 102,15,56,220,232
1153 .byte 0x0f,0x38,0xf1,0x44,0x24,92
1154 movq %r10,%rax
1155 .byte 102,15,56,220,240
1156 .byte 102,15,56,220,248
1157 movups -16(%rcx,%r10,1),%xmm0
1159 call L$enc_loop6
1161 movdqu (%rdi),%xmm8
1162 movdqu 16(%rdi),%xmm9
1163 movdqu 32(%rdi),%xmm10
1164 movdqu 48(%rdi),%xmm11
1165 movdqu 64(%rdi),%xmm12
1166 movdqu 80(%rdi),%xmm13
1167 leaq 96(%rdi),%rdi
1168 movups -64(%rcx,%r10,1),%xmm1
1169 pxor %xmm2,%xmm8
1170 movaps 0(%rsp),%xmm2
1171 pxor %xmm3,%xmm9
1172 movaps 16(%rsp),%xmm3
1173 pxor %xmm4,%xmm10
1174 movaps 32(%rsp),%xmm4
1175 pxor %xmm5,%xmm11
1176 movaps 48(%rsp),%xmm5
1177 pxor %xmm6,%xmm12
1178 movaps 64(%rsp),%xmm6
1179 pxor %xmm7,%xmm13
1180 movaps 80(%rsp),%xmm7
1181 movdqu %xmm8,(%rsi)
1182 movdqu %xmm9,16(%rsi)
1183 movdqu %xmm10,32(%rsi)
1184 movdqu %xmm11,48(%rsi)
1185 movdqu %xmm12,64(%rsi)
1186 movdqu %xmm13,80(%rsi)
1187 leaq 96(%rsi),%rsi
1189 subq $6,%rdx
1190 jnc L$ctr32_loop6
1192 addq $6,%rdx
1193 jz L$ctr32_done
1195 leal -48(%r10),%eax
1196 leaq -80(%rcx,%r10,1),%rcx
1197 negl %eax
1198 shrl $4,%eax
1199 jmp L$ctr32_tail
1201 .p2align 5
1202 L$ctr32_loop8:
1203 addl $8,%r8d
1204 movdqa 96(%rsp),%xmm8
1205 .byte 102,15,56,220,209
1206 movl %r8d,%r9d
1207 movdqa 112(%rsp),%xmm9
1208 .byte 102,15,56,220,217
1209 bswapl %r9d
1210 movups 32-128(%rcx),%xmm0
1211 .byte 102,15,56,220,225
1212 xorl %r11d,%r9d
1213 nop
1214 .byte 102,15,56,220,233
1215 movl %r9d,0+12(%rsp)
1216 leaq 1(%r8),%r9
1217 .byte 102,15,56,220,241
1218 .byte 102,15,56,220,249
1219 .byte 102,68,15,56,220,193
1220 .byte 102,68,15,56,220,201
1221 movups 48-128(%rcx),%xmm1
1222 bswapl %r9d
1223 .byte 102,15,56,220,208
1224 .byte 102,15,56,220,216
1225 xorl %r11d,%r9d
1226 .byte 0x66,0x90
1227 .byte 102,15,56,220,224
1228 .byte 102,15,56,220,232
1229 movl %r9d,16+12(%rsp)
1230 leaq 2(%r8),%r9
1231 .byte 102,15,56,220,240
1232 .byte 102,15,56,220,248
1233 .byte 102,68,15,56,220,192
1234 .byte 102,68,15,56,220,200
1235 movups 64-128(%rcx),%xmm0
1236 bswapl %r9d
1237 .byte 102,15,56,220,209
1238 .byte 102,15,56,220,217
1239 xorl %r11d,%r9d
1240 .byte 0x66,0x90
1241 .byte 102,15,56,220,225
1242 .byte 102,15,56,220,233
1243 movl %r9d,32+12(%rsp)
1244 leaq 3(%r8),%r9
1245 .byte 102,15,56,220,241
1246 .byte 102,15,56,220,249
1247 .byte 102,68,15,56,220,193
1248 .byte 102,68,15,56,220,201
1249 movups 80-128(%rcx),%xmm1
1250 bswapl %r9d
1251 .byte 102,15,56,220,208
1252 .byte 102,15,56,220,216
1253 xorl %r11d,%r9d
1254 .byte 0x66,0x90
1255 .byte 102,15,56,220,224
1256 .byte 102,15,56,220,232
1257 movl %r9d,48+12(%rsp)
1258 leaq 4(%r8),%r9
1259 .byte 102,15,56,220,240
1260 .byte 102,15,56,220,248
1261 .byte 102,68,15,56,220,192
1262 .byte 102,68,15,56,220,200
1263 movups 96-128(%rcx),%xmm0
1264 bswapl %r9d
1265 .byte 102,15,56,220,209
1266 .byte 102,15,56,220,217
1267 xorl %r11d,%r9d
1268 .byte 0x66,0x90
1269 .byte 102,15,56,220,225
1270 .byte 102,15,56,220,233
1271 movl %r9d,64+12(%rsp)
1272 leaq 5(%r8),%r9
1273 .byte 102,15,56,220,241
1274 .byte 102,15,56,220,249
1275 .byte 102,68,15,56,220,193
1276 .byte 102,68,15,56,220,201
1277 movups 112-128(%rcx),%xmm1
1278 bswapl %r9d
1279 .byte 102,15,56,220,208
1280 .byte 102,15,56,220,216
1281 xorl %r11d,%r9d
1282 .byte 0x66,0x90
1283 .byte 102,15,56,220,224
1284 .byte 102,15,56,220,232
1285 movl %r9d,80+12(%rsp)
1286 leaq 6(%r8),%r9
1287 .byte 102,15,56,220,240
1288 .byte 102,15,56,220,248
1289 .byte 102,68,15,56,220,192
1290 .byte 102,68,15,56,220,200
1291 movups 128-128(%rcx),%xmm0
1292 bswapl %r9d
1293 .byte 102,15,56,220,209
1294 .byte 102,15,56,220,217
1295 xorl %r11d,%r9d
1296 .byte 0x66,0x90
1297 .byte 102,15,56,220,225
1298 .byte 102,15,56,220,233
1299 movl %r9d,96+12(%rsp)
1300 leaq 7(%r8),%r9
1301 .byte 102,15,56,220,241
1302 .byte 102,15,56,220,249
1303 .byte 102,68,15,56,220,193
1304 .byte 102,68,15,56,220,201
1305 movups 144-128(%rcx),%xmm1
1306 bswapl %r9d
1307 .byte 102,15,56,220,208
1308 .byte 102,15,56,220,216
1309 .byte 102,15,56,220,224
1310 xorl %r11d,%r9d
1311 movdqu 0(%rdi),%xmm10
1312 .byte 102,15,56,220,232
1313 movl %r9d,112+12(%rsp)
1314 cmpl $11,%eax
1315 .byte 102,15,56,220,240
1316 .byte 102,15,56,220,248
1317 .byte 102,68,15,56,220,192
1318 .byte 102,68,15,56,220,200
1319 movups 160-128(%rcx),%xmm0
1321 jb L$ctr32_enc_done
1323 .byte 102,15,56,220,209
1324 .byte 102,15,56,220,217
1325 .byte 102,15,56,220,225
1326 .byte 102,15,56,220,233
1327 .byte 102,15,56,220,241
1328 .byte 102,15,56,220,249
1329 .byte 102,68,15,56,220,193
1330 .byte 102,68,15,56,220,201
1331 movups 176-128(%rcx),%xmm1
1333 .byte 102,15,56,220,208
1334 .byte 102,15,56,220,216
1335 .byte 102,15,56,220,224
1336 .byte 102,15,56,220,232
1337 .byte 102,15,56,220,240
1338 .byte 102,15,56,220,248
1339 .byte 102,68,15,56,220,192
1340 .byte 102,68,15,56,220,200
1341 movups 192-128(%rcx),%xmm0
1342 je L$ctr32_enc_done
1344 .byte 102,15,56,220,209
1345 .byte 102,15,56,220,217
1346 .byte 102,15,56,220,225
1347 .byte 102,15,56,220,233
1348 .byte 102,15,56,220,241
1349 .byte 102,15,56,220,249
1350 .byte 102,68,15,56,220,193
1351 .byte 102,68,15,56,220,201
1352 movups 208-128(%rcx),%xmm1
1354 .byte 102,15,56,220,208
1355 .byte 102,15,56,220,216
1356 .byte 102,15,56,220,224
1357 .byte 102,15,56,220,232
1358 .byte 102,15,56,220,240
1359 .byte 102,15,56,220,248
1360 .byte 102,68,15,56,220,192
1361 .byte 102,68,15,56,220,200
1362 movups 224-128(%rcx),%xmm0
1363 jmp L$ctr32_enc_done
1365 .p2align 4
1366 L$ctr32_enc_done:
1367 movdqu 16(%rdi),%xmm11
1368 pxor %xmm0,%xmm10
1369 movdqu 32(%rdi),%xmm12
1370 pxor %xmm0,%xmm11
1371 movdqu 48(%rdi),%xmm13
1372 pxor %xmm0,%xmm12
1373 movdqu 64(%rdi),%xmm14
1374 pxor %xmm0,%xmm13
1375 movdqu 80(%rdi),%xmm15
1376 pxor %xmm0,%xmm14
1377 pxor %xmm0,%xmm15
1378 .byte 102,15,56,220,209
1379 .byte 102,15,56,220,217
1380 .byte 102,15,56,220,225
1381 .byte 102,15,56,220,233
1382 .byte 102,15,56,220,241
1383 .byte 102,15,56,220,249
1384 .byte 102,68,15,56,220,193
1385 .byte 102,68,15,56,220,201
1386 movdqu 96(%rdi),%xmm1
1387 leaq 128(%rdi),%rdi
1389 .byte 102,65,15,56,221,210
1390 pxor %xmm0,%xmm1
1391 movdqu 112-128(%rdi),%xmm10
1392 .byte 102,65,15,56,221,219
1393 pxor %xmm0,%xmm10
1394 movdqa 0(%rsp),%xmm11
1395 .byte 102,65,15,56,221,228
1396 .byte 102,65,15,56,221,237
1397 movdqa 16(%rsp),%xmm12
1398 movdqa 32(%rsp),%xmm13
1399 .byte 102,65,15,56,221,246
1400 .byte 102,65,15,56,221,255
1401 movdqa 48(%rsp),%xmm14
1402 movdqa 64(%rsp),%xmm15
1403 .byte 102,68,15,56,221,193
1404 movdqa 80(%rsp),%xmm0
1405 movups 16-128(%rcx),%xmm1
1406 .byte 102,69,15,56,221,202
1408 movups %xmm2,(%rsi)
1409 movdqa %xmm11,%xmm2
1410 movups %xmm3,16(%rsi)
1411 movdqa %xmm12,%xmm3
1412 movups %xmm4,32(%rsi)
1413 movdqa %xmm13,%xmm4
1414 movups %xmm5,48(%rsi)
1415 movdqa %xmm14,%xmm5
1416 movups %xmm6,64(%rsi)
1417 movdqa %xmm15,%xmm6
1418 movups %xmm7,80(%rsi)
1419 movdqa %xmm0,%xmm7
1420 movups %xmm8,96(%rsi)
1421 movups %xmm9,112(%rsi)
1422 leaq 128(%rsi),%rsi
1424 subq $8,%rdx
1425 jnc L$ctr32_loop8
1427 addq $8,%rdx
1428 jz L$ctr32_done
1429 leaq -128(%rcx),%rcx
1431 L$ctr32_tail:
1434 leaq 16(%rcx),%rcx
1435 cmpq $4,%rdx
1436 jb L$ctr32_loop3
1437 je L$ctr32_loop4
1440 shll $4,%eax
1441 movdqa 96(%rsp),%xmm8
1442 pxor %xmm9,%xmm9
1444 movups 16(%rcx),%xmm0
1445 .byte 102,15,56,220,209
1446 .byte 102,15,56,220,217
1447 leaq 32-16(%rcx,%rax,1),%rcx
1448 negq %rax
1449 .byte 102,15,56,220,225
1450 addq $16,%rax
1451 movups (%rdi),%xmm10
1452 .byte 102,15,56,220,233
1453 .byte 102,15,56,220,241
1454 movups 16(%rdi),%xmm11
1455 movups 32(%rdi),%xmm12
1456 .byte 102,15,56,220,249
1457 .byte 102,68,15,56,220,193
1459 call L$enc_loop8_enter
1461 movdqu 48(%rdi),%xmm13
1462 pxor %xmm10,%xmm2
1463 movdqu 64(%rdi),%xmm10
1464 pxor %xmm11,%xmm3
1465 movdqu %xmm2,(%rsi)
1466 pxor %xmm12,%xmm4
1467 movdqu %xmm3,16(%rsi)
1468 pxor %xmm13,%xmm5
1469 movdqu %xmm4,32(%rsi)
1470 pxor %xmm10,%xmm6
1471 movdqu %xmm5,48(%rsi)
1472 movdqu %xmm6,64(%rsi)
1473 cmpq $6,%rdx
1474 jb L$ctr32_done
1476 movups 80(%rdi),%xmm11
1477 xorps %xmm11,%xmm7
1478 movups %xmm7,80(%rsi)
1479 je L$ctr32_done
1481 movups 96(%rdi),%xmm12
1482 xorps %xmm12,%xmm8
1483 movups %xmm8,96(%rsi)
1484 jmp L$ctr32_done
1486 .p2align 5
1487 L$ctr32_loop4:
1488 .byte 102,15,56,220,209
1489 leaq 16(%rcx),%rcx
1490 decl %eax
1491 .byte 102,15,56,220,217
1492 .byte 102,15,56,220,225
1493 .byte 102,15,56,220,233
1494 movups (%rcx),%xmm1
1495 jnz L$ctr32_loop4
1496 .byte 102,15,56,221,209
1497 .byte 102,15,56,221,217
1498 movups (%rdi),%xmm10
1499 movups 16(%rdi),%xmm11
1500 .byte 102,15,56,221,225
1501 .byte 102,15,56,221,233
1502 movups 32(%rdi),%xmm12
1503 movups 48(%rdi),%xmm13
1505 xorps %xmm10,%xmm2
1506 movups %xmm2,(%rsi)
1507 xorps %xmm11,%xmm3
1508 movups %xmm3,16(%rsi)
1509 pxor %xmm12,%xmm4
1510 movdqu %xmm4,32(%rsi)
1511 pxor %xmm13,%xmm5
1512 movdqu %xmm5,48(%rsi)
1513 jmp L$ctr32_done
1515 .p2align 5
1516 L$ctr32_loop3:
1517 .byte 102,15,56,220,209
1518 leaq 16(%rcx),%rcx
1519 decl %eax
1520 .byte 102,15,56,220,217
1521 .byte 102,15,56,220,225
1522 movups (%rcx),%xmm1
1523 jnz L$ctr32_loop3
1524 .byte 102,15,56,221,209
1525 .byte 102,15,56,221,217
1526 .byte 102,15,56,221,225
1528 movups (%rdi),%xmm10
1529 xorps %xmm10,%xmm2
1530 movups %xmm2,(%rsi)
1531 cmpq $2,%rdx
1532 jb L$ctr32_done
1534 movups 16(%rdi),%xmm11
1535 xorps %xmm11,%xmm3
1536 movups %xmm3,16(%rsi)
1537 je L$ctr32_done
1539 movups 32(%rdi),%xmm12
1540 xorps %xmm12,%xmm4
1541 movups %xmm4,32(%rsi)
1543 L$ctr32_done:
1544 xorps %xmm0,%xmm0
1545 xorl %r11d,%r11d
1546 pxor %xmm1,%xmm1
1547 pxor %xmm2,%xmm2
1548 pxor %xmm3,%xmm3
1549 pxor %xmm4,%xmm4
1550 pxor %xmm5,%xmm5
1551 pxor %xmm6,%xmm6
1552 pxor %xmm7,%xmm7
1553 movaps %xmm0,0(%rsp)
1554 pxor %xmm8,%xmm8
1555 movaps %xmm0,16(%rsp)
1556 pxor %xmm9,%xmm9
1557 movaps %xmm0,32(%rsp)
1558 pxor %xmm10,%xmm10
1559 movaps %xmm0,48(%rsp)
1560 pxor %xmm11,%xmm11
1561 movaps %xmm0,64(%rsp)
1562 pxor %xmm12,%xmm12
1563 movaps %xmm0,80(%rsp)
1564 pxor %xmm13,%xmm13
1565 movaps %xmm0,96(%rsp)
1566 pxor %xmm14,%xmm14
1567 movaps %xmm0,112(%rsp)
1568 pxor %xmm15,%xmm15
1569 leaq (%rbp),%rsp
1570 popq %rbp
1571 L$ctr32_epilogue:
1572 .byte 0xf3,0xc3
1574 .globl _aesni_xts_encrypt
1575 .private_extern _aesni_xts_encrypt
1577 .p2align 4
1578 _aesni_xts_encrypt:
1579 leaq (%rsp),%rax
1580 pushq %rbp
1581 subq $112,%rsp
1582 andq $-16,%rsp
1583 leaq -8(%rax),%rbp
1584 movups (%r9),%xmm2
1585 movl 240(%r8),%eax
1586 movl 240(%rcx),%r10d
1587 movups (%r8),%xmm0
1588 movups 16(%r8),%xmm1
1589 leaq 32(%r8),%r8
1590 xorps %xmm0,%xmm2
1591 L$oop_enc1_8:
1592 .byte 102,15,56,220,209
1593 decl %eax
1594 movups (%r8),%xmm1
1595 leaq 16(%r8),%r8
1596 jnz L$oop_enc1_8
1597 .byte 102,15,56,221,209
1598 movups (%rcx),%xmm0
1599 movq %rcx,%r11
1600 movl %r10d,%eax
1601 shll $4,%r10d
1602 movq %rdx,%r9
1603 andq $-16,%rdx
1605 movups 16(%rcx,%r10,1),%xmm1
1607 movdqa L$xts_magic(%rip),%xmm8
1608 movdqa %xmm2,%xmm15
1609 pshufd $95,%xmm2,%xmm9
1610 pxor %xmm0,%xmm1
1611 movdqa %xmm9,%xmm14
1612 paddd %xmm9,%xmm9
1613 movdqa %xmm15,%xmm10
1614 psrad $31,%xmm14
1615 paddq %xmm15,%xmm15
1616 pand %xmm8,%xmm14
1617 pxor %xmm0,%xmm10
1618 pxor %xmm14,%xmm15
1619 movdqa %xmm9,%xmm14
1620 paddd %xmm9,%xmm9
1621 movdqa %xmm15,%xmm11
1622 psrad $31,%xmm14
1623 paddq %xmm15,%xmm15
1624 pand %xmm8,%xmm14
1625 pxor %xmm0,%xmm11
1626 pxor %xmm14,%xmm15
1627 movdqa %xmm9,%xmm14
1628 paddd %xmm9,%xmm9
1629 movdqa %xmm15,%xmm12
1630 psrad $31,%xmm14
1631 paddq %xmm15,%xmm15
1632 pand %xmm8,%xmm14
1633 pxor %xmm0,%xmm12
1634 pxor %xmm14,%xmm15
1635 movdqa %xmm9,%xmm14
1636 paddd %xmm9,%xmm9
1637 movdqa %xmm15,%xmm13
1638 psrad $31,%xmm14
1639 paddq %xmm15,%xmm15
1640 pand %xmm8,%xmm14
1641 pxor %xmm0,%xmm13
1642 pxor %xmm14,%xmm15
1643 movdqa %xmm15,%xmm14
1644 psrad $31,%xmm9
1645 paddq %xmm15,%xmm15
1646 pand %xmm8,%xmm9
1647 pxor %xmm0,%xmm14
1648 pxor %xmm9,%xmm15
1649 movaps %xmm1,96(%rsp)
1651 subq $96,%rdx
1652 jc L$xts_enc_short
1654 movl $16+96,%eax
1655 leaq 32(%r11,%r10,1),%rcx
1656 subq %r10,%rax
1657 movups 16(%r11),%xmm1
1658 movq %rax,%r10
1659 leaq L$xts_magic(%rip),%r8
1660 jmp L$xts_enc_grandloop
1662 .p2align 5
1663 L$xts_enc_grandloop:
1664 movdqu 0(%rdi),%xmm2
1665 movdqa %xmm0,%xmm8
1666 movdqu 16(%rdi),%xmm3
1667 pxor %xmm10,%xmm2
1668 movdqu 32(%rdi),%xmm4
1669 pxor %xmm11,%xmm3
1670 .byte 102,15,56,220,209
1671 movdqu 48(%rdi),%xmm5
1672 pxor %xmm12,%xmm4
1673 .byte 102,15,56,220,217
1674 movdqu 64(%rdi),%xmm6
1675 pxor %xmm13,%xmm5
1676 .byte 102,15,56,220,225
1677 movdqu 80(%rdi),%xmm7
1678 pxor %xmm15,%xmm8
1679 movdqa 96(%rsp),%xmm9
1680 pxor %xmm14,%xmm6
1681 .byte 102,15,56,220,233
1682 movups 32(%r11),%xmm0
1683 leaq 96(%rdi),%rdi
1684 pxor %xmm8,%xmm7
1686 pxor %xmm9,%xmm10
1687 .byte 102,15,56,220,241
1688 pxor %xmm9,%xmm11
1689 movdqa %xmm10,0(%rsp)
1690 .byte 102,15,56,220,249
1691 movups 48(%r11),%xmm1
1692 pxor %xmm9,%xmm12
1694 .byte 102,15,56,220,208
1695 pxor %xmm9,%xmm13
1696 movdqa %xmm11,16(%rsp)
1697 .byte 102,15,56,220,216
1698 pxor %xmm9,%xmm14
1699 movdqa %xmm12,32(%rsp)
1700 .byte 102,15,56,220,224
1701 .byte 102,15,56,220,232
1702 pxor %xmm9,%xmm8
1703 movdqa %xmm14,64(%rsp)
1704 .byte 102,15,56,220,240
1705 .byte 102,15,56,220,248
1706 movups 64(%r11),%xmm0
1707 movdqa %xmm8,80(%rsp)
1708 pshufd $95,%xmm15,%xmm9
1709 jmp L$xts_enc_loop6
1710 .p2align 5
1711 L$xts_enc_loop6:
1712 .byte 102,15,56,220,209
1713 .byte 102,15,56,220,217
1714 .byte 102,15,56,220,225
1715 .byte 102,15,56,220,233
1716 .byte 102,15,56,220,241
1717 .byte 102,15,56,220,249
1718 movups -64(%rcx,%rax,1),%xmm1
1719 addq $32,%rax
1721 .byte 102,15,56,220,208
1722 .byte 102,15,56,220,216
1723 .byte 102,15,56,220,224
1724 .byte 102,15,56,220,232
1725 .byte 102,15,56,220,240
1726 .byte 102,15,56,220,248
1727 movups -80(%rcx,%rax,1),%xmm0
1728 jnz L$xts_enc_loop6
1730 movdqa (%r8),%xmm8
1731 movdqa %xmm9,%xmm14
1732 paddd %xmm9,%xmm9
1733 .byte 102,15,56,220,209
1734 paddq %xmm15,%xmm15
1735 psrad $31,%xmm14
1736 .byte 102,15,56,220,217
1737 pand %xmm8,%xmm14
1738 movups (%r11),%xmm10
1739 .byte 102,15,56,220,225
1740 .byte 102,15,56,220,233
1741 .byte 102,15,56,220,241
1742 pxor %xmm14,%xmm15
1743 movaps %xmm10,%xmm11
1744 .byte 102,15,56,220,249
1745 movups -64(%rcx),%xmm1
1747 movdqa %xmm9,%xmm14
1748 .byte 102,15,56,220,208
1749 paddd %xmm9,%xmm9
1750 pxor %xmm15,%xmm10
1751 .byte 102,15,56,220,216
1752 psrad $31,%xmm14
1753 paddq %xmm15,%xmm15
1754 .byte 102,15,56,220,224
1755 .byte 102,15,56,220,232
1756 pand %xmm8,%xmm14
1757 movaps %xmm11,%xmm12
1758 .byte 102,15,56,220,240
1759 pxor %xmm14,%xmm15
1760 movdqa %xmm9,%xmm14
1761 .byte 102,15,56,220,248
1762 movups -48(%rcx),%xmm0
1764 paddd %xmm9,%xmm9
1765 .byte 102,15,56,220,209
1766 pxor %xmm15,%xmm11
1767 psrad $31,%xmm14
1768 .byte 102,15,56,220,217
1769 paddq %xmm15,%xmm15
1770 pand %xmm8,%xmm14
1771 .byte 102,15,56,220,225
1772 .byte 102,15,56,220,233
1773 movdqa %xmm13,48(%rsp)
1774 pxor %xmm14,%xmm15
1775 .byte 102,15,56,220,241
1776 movaps %xmm12,%xmm13
1777 movdqa %xmm9,%xmm14
1778 .byte 102,15,56,220,249
1779 movups -32(%rcx),%xmm1
1781 paddd %xmm9,%xmm9
1782 .byte 102,15,56,220,208
1783 pxor %xmm15,%xmm12
1784 psrad $31,%xmm14
1785 .byte 102,15,56,220,216
1786 paddq %xmm15,%xmm15
1787 pand %xmm8,%xmm14
1788 .byte 102,15,56,220,224
1789 .byte 102,15,56,220,232
1790 .byte 102,15,56,220,240
1791 pxor %xmm14,%xmm15
1792 movaps %xmm13,%xmm14
1793 .byte 102,15,56,220,248
1795 movdqa %xmm9,%xmm0
1796 paddd %xmm9,%xmm9
1797 .byte 102,15,56,220,209
1798 pxor %xmm15,%xmm13
1799 psrad $31,%xmm0
1800 .byte 102,15,56,220,217
1801 paddq %xmm15,%xmm15
1802 pand %xmm8,%xmm0
1803 .byte 102,15,56,220,225
1804 .byte 102,15,56,220,233
1805 pxor %xmm0,%xmm15
1806 movups (%r11),%xmm0
1807 .byte 102,15,56,220,241
1808 .byte 102,15,56,220,249
1809 movups 16(%r11),%xmm1
1811 pxor %xmm15,%xmm14
1812 .byte 102,15,56,221,84,36,0
1813 psrad $31,%xmm9
1814 paddq %xmm15,%xmm15
1815 .byte 102,15,56,221,92,36,16
1816 .byte 102,15,56,221,100,36,32
1817 pand %xmm8,%xmm9
1818 movq %r10,%rax
1819 .byte 102,15,56,221,108,36,48
1820 .byte 102,15,56,221,116,36,64
1821 .byte 102,15,56,221,124,36,80
1822 pxor %xmm9,%xmm15
1824 leaq 96(%rsi),%rsi
1825 movups %xmm2,-96(%rsi)
1826 movups %xmm3,-80(%rsi)
1827 movups %xmm4,-64(%rsi)
1828 movups %xmm5,-48(%rsi)
1829 movups %xmm6,-32(%rsi)
1830 movups %xmm7,-16(%rsi)
1831 subq $96,%rdx
1832 jnc L$xts_enc_grandloop
1834 movl $16+96,%eax
1835 subl %r10d,%eax
1836 movq %r11,%rcx
1837 shrl $4,%eax
1839 L$xts_enc_short:
1841 movl %eax,%r10d
1842 pxor %xmm0,%xmm10
1843 addq $96,%rdx
1844 jz L$xts_enc_done
1846 pxor %xmm0,%xmm11
1847 cmpq $32,%rdx
1848 jb L$xts_enc_one
1849 pxor %xmm0,%xmm12
1850 je L$xts_enc_two
1852 pxor %xmm0,%xmm13
1853 cmpq $64,%rdx
1854 jb L$xts_enc_three
1855 pxor %xmm0,%xmm14
1856 je L$xts_enc_four
1858 movdqu (%rdi),%xmm2
1859 movdqu 16(%rdi),%xmm3
1860 movdqu 32(%rdi),%xmm4
1861 pxor %xmm10,%xmm2
1862 movdqu 48(%rdi),%xmm5
1863 pxor %xmm11,%xmm3
1864 movdqu 64(%rdi),%xmm6
1865 leaq 80(%rdi),%rdi
1866 pxor %xmm12,%xmm4
1867 pxor %xmm13,%xmm5
1868 pxor %xmm14,%xmm6
1869 pxor %xmm7,%xmm7
1871 call _aesni_encrypt6
1873 xorps %xmm10,%xmm2
1874 movdqa %xmm15,%xmm10
1875 xorps %xmm11,%xmm3
1876 xorps %xmm12,%xmm4
1877 movdqu %xmm2,(%rsi)
1878 xorps %xmm13,%xmm5
1879 movdqu %xmm3,16(%rsi)
1880 xorps %xmm14,%xmm6
1881 movdqu %xmm4,32(%rsi)
1882 movdqu %xmm5,48(%rsi)
1883 movdqu %xmm6,64(%rsi)
1884 leaq 80(%rsi),%rsi
1885 jmp L$xts_enc_done
1887 .p2align 4
1888 L$xts_enc_one:
1889 movups (%rdi),%xmm2
1890 leaq 16(%rdi),%rdi
1891 xorps %xmm10,%xmm2
1892 movups (%rcx),%xmm0
1893 movups 16(%rcx),%xmm1
1894 leaq 32(%rcx),%rcx
1895 xorps %xmm0,%xmm2
1896 L$oop_enc1_9:
1897 .byte 102,15,56,220,209
1898 decl %eax
1899 movups (%rcx),%xmm1
1900 leaq 16(%rcx),%rcx
1901 jnz L$oop_enc1_9
1902 .byte 102,15,56,221,209
1903 xorps %xmm10,%xmm2
1904 movdqa %xmm11,%xmm10
1905 movups %xmm2,(%rsi)
1906 leaq 16(%rsi),%rsi
1907 jmp L$xts_enc_done
1909 .p2align 4
1910 L$xts_enc_two:
1911 movups (%rdi),%xmm2
1912 movups 16(%rdi),%xmm3
1913 leaq 32(%rdi),%rdi
1914 xorps %xmm10,%xmm2
1915 xorps %xmm11,%xmm3
1917 call _aesni_encrypt2
1919 xorps %xmm10,%xmm2
1920 movdqa %xmm12,%xmm10
1921 xorps %xmm11,%xmm3
1922 movups %xmm2,(%rsi)
1923 movups %xmm3,16(%rsi)
1924 leaq 32(%rsi),%rsi
1925 jmp L$xts_enc_done
1927 .p2align 4
1928 L$xts_enc_three:
1929 movups (%rdi),%xmm2
1930 movups 16(%rdi),%xmm3
1931 movups 32(%rdi),%xmm4
1932 leaq 48(%rdi),%rdi
1933 xorps %xmm10,%xmm2
1934 xorps %xmm11,%xmm3
1935 xorps %xmm12,%xmm4
1937 call _aesni_encrypt3
1939 xorps %xmm10,%xmm2
1940 movdqa %xmm13,%xmm10
1941 xorps %xmm11,%xmm3
1942 xorps %xmm12,%xmm4
1943 movups %xmm2,(%rsi)
1944 movups %xmm3,16(%rsi)
1945 movups %xmm4,32(%rsi)
1946 leaq 48(%rsi),%rsi
1947 jmp L$xts_enc_done
1949 .p2align 4
1950 L$xts_enc_four:
1951 movups (%rdi),%xmm2
1952 movups 16(%rdi),%xmm3
1953 movups 32(%rdi),%xmm4
1954 xorps %xmm10,%xmm2
1955 movups 48(%rdi),%xmm5
1956 leaq 64(%rdi),%rdi
1957 xorps %xmm11,%xmm3
1958 xorps %xmm12,%xmm4
1959 xorps %xmm13,%xmm5
1961 call _aesni_encrypt4
1963 pxor %xmm10,%xmm2
1964 movdqa %xmm14,%xmm10
1965 pxor %xmm11,%xmm3
1966 pxor %xmm12,%xmm4
1967 movdqu %xmm2,(%rsi)
1968 pxor %xmm13,%xmm5
1969 movdqu %xmm3,16(%rsi)
1970 movdqu %xmm4,32(%rsi)
1971 movdqu %xmm5,48(%rsi)
1972 leaq 64(%rsi),%rsi
1973 jmp L$xts_enc_done
1975 .p2align 4
1976 L$xts_enc_done:
1977 andq $15,%r9
1978 jz L$xts_enc_ret
1979 movq %r9,%rdx
1981 L$xts_enc_steal:
1982 movzbl (%rdi),%eax
1983 movzbl -16(%rsi),%ecx
1984 leaq 1(%rdi),%rdi
1985 movb %al,-16(%rsi)
1986 movb %cl,0(%rsi)
1987 leaq 1(%rsi),%rsi
1988 subq $1,%rdx
1989 jnz L$xts_enc_steal
1991 subq %r9,%rsi
1992 movq %r11,%rcx
1993 movl %r10d,%eax
1995 movups -16(%rsi),%xmm2
1996 xorps %xmm10,%xmm2
1997 movups (%rcx),%xmm0
1998 movups 16(%rcx),%xmm1
1999 leaq 32(%rcx),%rcx
2000 xorps %xmm0,%xmm2
2001 L$oop_enc1_10:
2002 .byte 102,15,56,220,209
2003 decl %eax
2004 movups (%rcx),%xmm1
2005 leaq 16(%rcx),%rcx
2006 jnz L$oop_enc1_10
2007 .byte 102,15,56,221,209
2008 xorps %xmm10,%xmm2
2009 movups %xmm2,-16(%rsi)
2011 L$xts_enc_ret:
2012 xorps %xmm0,%xmm0
2013 pxor %xmm1,%xmm1
2014 pxor %xmm2,%xmm2
2015 pxor %xmm3,%xmm3
2016 pxor %xmm4,%xmm4
2017 pxor %xmm5,%xmm5
2018 pxor %xmm6,%xmm6
2019 pxor %xmm7,%xmm7
2020 movaps %xmm0,0(%rsp)
2021 pxor %xmm8,%xmm8
2022 movaps %xmm0,16(%rsp)
2023 pxor %xmm9,%xmm9
2024 movaps %xmm0,32(%rsp)
2025 pxor %xmm10,%xmm10
2026 movaps %xmm0,48(%rsp)
2027 pxor %xmm11,%xmm11
2028 movaps %xmm0,64(%rsp)
2029 pxor %xmm12,%xmm12
2030 movaps %xmm0,80(%rsp)
2031 pxor %xmm13,%xmm13
2032 movaps %xmm0,96(%rsp)
2033 pxor %xmm14,%xmm14
2034 pxor %xmm15,%xmm15
2035 leaq (%rbp),%rsp
2036 popq %rbp
2037 L$xts_enc_epilogue:
2038 .byte 0xf3,0xc3
2040 .globl _aesni_xts_decrypt
2041 .private_extern _aesni_xts_decrypt
2043 .p2align 4
2044 _aesni_xts_decrypt:
2045 leaq (%rsp),%rax
2046 pushq %rbp
2047 subq $112,%rsp
2048 andq $-16,%rsp
2049 leaq -8(%rax),%rbp
2050 movups (%r9),%xmm2
2051 movl 240(%r8),%eax
2052 movl 240(%rcx),%r10d
2053 movups (%r8),%xmm0
2054 movups 16(%r8),%xmm1
2055 leaq 32(%r8),%r8
2056 xorps %xmm0,%xmm2
2057 L$oop_enc1_11:
2058 .byte 102,15,56,220,209
2059 decl %eax
2060 movups (%r8),%xmm1
2061 leaq 16(%r8),%r8
2062 jnz L$oop_enc1_11
2063 .byte 102,15,56,221,209
2064 xorl %eax,%eax
2065 testq $15,%rdx
2066 setnz %al
2067 shlq $4,%rax
2068 subq %rax,%rdx
2070 movups (%rcx),%xmm0
2071 movq %rcx,%r11
2072 movl %r10d,%eax
2073 shll $4,%r10d
2074 movq %rdx,%r9
2075 andq $-16,%rdx
2077 movups 16(%rcx,%r10,1),%xmm1
2079 movdqa L$xts_magic(%rip),%xmm8
2080 movdqa %xmm2,%xmm15
2081 pshufd $95,%xmm2,%xmm9
2082 pxor %xmm0,%xmm1
2083 movdqa %xmm9,%xmm14
2084 paddd %xmm9,%xmm9
2085 movdqa %xmm15,%xmm10
2086 psrad $31,%xmm14
2087 paddq %xmm15,%xmm15
2088 pand %xmm8,%xmm14
2089 pxor %xmm0,%xmm10
2090 pxor %xmm14,%xmm15
2091 movdqa %xmm9,%xmm14
2092 paddd %xmm9,%xmm9
2093 movdqa %xmm15,%xmm11
2094 psrad $31,%xmm14
2095 paddq %xmm15,%xmm15
2096 pand %xmm8,%xmm14
2097 pxor %xmm0,%xmm11
2098 pxor %xmm14,%xmm15
2099 movdqa %xmm9,%xmm14
2100 paddd %xmm9,%xmm9
2101 movdqa %xmm15,%xmm12
2102 psrad $31,%xmm14
2103 paddq %xmm15,%xmm15
2104 pand %xmm8,%xmm14
2105 pxor %xmm0,%xmm12
2106 pxor %xmm14,%xmm15
2107 movdqa %xmm9,%xmm14
2108 paddd %xmm9,%xmm9
2109 movdqa %xmm15,%xmm13
2110 psrad $31,%xmm14
2111 paddq %xmm15,%xmm15
2112 pand %xmm8,%xmm14
2113 pxor %xmm0,%xmm13
2114 pxor %xmm14,%xmm15
2115 movdqa %xmm15,%xmm14
2116 psrad $31,%xmm9
2117 paddq %xmm15,%xmm15
2118 pand %xmm8,%xmm9
2119 pxor %xmm0,%xmm14
2120 pxor %xmm9,%xmm15
2121 movaps %xmm1,96(%rsp)
2123 subq $96,%rdx
2124 jc L$xts_dec_short
2126 movl $16+96,%eax
2127 leaq 32(%r11,%r10,1),%rcx
2128 subq %r10,%rax
2129 movups 16(%r11),%xmm1
2130 movq %rax,%r10
2131 leaq L$xts_magic(%rip),%r8
2132 jmp L$xts_dec_grandloop
2134 .p2align 5
2135 L$xts_dec_grandloop:
2136 movdqu 0(%rdi),%xmm2
2137 movdqa %xmm0,%xmm8
2138 movdqu 16(%rdi),%xmm3
2139 pxor %xmm10,%xmm2
2140 movdqu 32(%rdi),%xmm4
2141 pxor %xmm11,%xmm3
2142 .byte 102,15,56,222,209
2143 movdqu 48(%rdi),%xmm5
2144 pxor %xmm12,%xmm4
2145 .byte 102,15,56,222,217
2146 movdqu 64(%rdi),%xmm6
2147 pxor %xmm13,%xmm5
2148 .byte 102,15,56,222,225
2149 movdqu 80(%rdi),%xmm7
2150 pxor %xmm15,%xmm8
2151 movdqa 96(%rsp),%xmm9
2152 pxor %xmm14,%xmm6
2153 .byte 102,15,56,222,233
2154 movups 32(%r11),%xmm0
2155 leaq 96(%rdi),%rdi
2156 pxor %xmm8,%xmm7
2158 pxor %xmm9,%xmm10
2159 .byte 102,15,56,222,241
2160 pxor %xmm9,%xmm11
2161 movdqa %xmm10,0(%rsp)
2162 .byte 102,15,56,222,249
2163 movups 48(%r11),%xmm1
2164 pxor %xmm9,%xmm12
2166 .byte 102,15,56,222,208
2167 pxor %xmm9,%xmm13
2168 movdqa %xmm11,16(%rsp)
2169 .byte 102,15,56,222,216
2170 pxor %xmm9,%xmm14
2171 movdqa %xmm12,32(%rsp)
2172 .byte 102,15,56,222,224
2173 .byte 102,15,56,222,232
2174 pxor %xmm9,%xmm8
2175 movdqa %xmm14,64(%rsp)
2176 .byte 102,15,56,222,240
2177 .byte 102,15,56,222,248
2178 movups 64(%r11),%xmm0
2179 movdqa %xmm8,80(%rsp)
2180 pshufd $95,%xmm15,%xmm9
2181 jmp L$xts_dec_loop6
2182 .p2align 5
2183 L$xts_dec_loop6:
2184 .byte 102,15,56,222,209
2185 .byte 102,15,56,222,217
2186 .byte 102,15,56,222,225
2187 .byte 102,15,56,222,233
2188 .byte 102,15,56,222,241
2189 .byte 102,15,56,222,249
2190 movups -64(%rcx,%rax,1),%xmm1
2191 addq $32,%rax
2193 .byte 102,15,56,222,208
2194 .byte 102,15,56,222,216
2195 .byte 102,15,56,222,224
2196 .byte 102,15,56,222,232
2197 .byte 102,15,56,222,240
2198 .byte 102,15,56,222,248
2199 movups -80(%rcx,%rax,1),%xmm0
2200 jnz L$xts_dec_loop6
2202 movdqa (%r8),%xmm8
2203 movdqa %xmm9,%xmm14
2204 paddd %xmm9,%xmm9
2205 .byte 102,15,56,222,209
2206 paddq %xmm15,%xmm15
2207 psrad $31,%xmm14
2208 .byte 102,15,56,222,217
2209 pand %xmm8,%xmm14
2210 movups (%r11),%xmm10
2211 .byte 102,15,56,222,225
2212 .byte 102,15,56,222,233
2213 .byte 102,15,56,222,241
2214 pxor %xmm14,%xmm15
2215 movaps %xmm10,%xmm11
2216 .byte 102,15,56,222,249
2217 movups -64(%rcx),%xmm1
2219 movdqa %xmm9,%xmm14
2220 .byte 102,15,56,222,208
2221 paddd %xmm9,%xmm9
2222 pxor %xmm15,%xmm10
2223 .byte 102,15,56,222,216
2224 psrad $31,%xmm14
2225 paddq %xmm15,%xmm15
2226 .byte 102,15,56,222,224
2227 .byte 102,15,56,222,232
2228 pand %xmm8,%xmm14
2229 movaps %xmm11,%xmm12
2230 .byte 102,15,56,222,240
2231 pxor %xmm14,%xmm15
2232 movdqa %xmm9,%xmm14
2233 .byte 102,15,56,222,248
2234 movups -48(%rcx),%xmm0
2236 paddd %xmm9,%xmm9
2237 .byte 102,15,56,222,209
2238 pxor %xmm15,%xmm11
2239 psrad $31,%xmm14
2240 .byte 102,15,56,222,217
2241 paddq %xmm15,%xmm15
2242 pand %xmm8,%xmm14
2243 .byte 102,15,56,222,225
2244 .byte 102,15,56,222,233
2245 movdqa %xmm13,48(%rsp)
2246 pxor %xmm14,%xmm15
2247 .byte 102,15,56,222,241
2248 movaps %xmm12,%xmm13
2249 movdqa %xmm9,%xmm14
2250 .byte 102,15,56,222,249
2251 movups -32(%rcx),%xmm1
2253 paddd %xmm9,%xmm9
2254 .byte 102,15,56,222,208
2255 pxor %xmm15,%xmm12
2256 psrad $31,%xmm14
2257 .byte 102,15,56,222,216
2258 paddq %xmm15,%xmm15
2259 pand %xmm8,%xmm14
2260 .byte 102,15,56,222,224
2261 .byte 102,15,56,222,232
2262 .byte 102,15,56,222,240
2263 pxor %xmm14,%xmm15
2264 movaps %xmm13,%xmm14
2265 .byte 102,15,56,222,248
2267 movdqa %xmm9,%xmm0
2268 paddd %xmm9,%xmm9
2269 .byte 102,15,56,222,209
2270 pxor %xmm15,%xmm13
2271 psrad $31,%xmm0
2272 .byte 102,15,56,222,217
2273 paddq %xmm15,%xmm15
2274 pand %xmm8,%xmm0
2275 .byte 102,15,56,222,225
2276 .byte 102,15,56,222,233
2277 pxor %xmm0,%xmm15
2278 movups (%r11),%xmm0
2279 .byte 102,15,56,222,241
2280 .byte 102,15,56,222,249
2281 movups 16(%r11),%xmm1
2283 pxor %xmm15,%xmm14
2284 .byte 102,15,56,223,84,36,0
2285 psrad $31,%xmm9
2286 paddq %xmm15,%xmm15
2287 .byte 102,15,56,223,92,36,16
2288 .byte 102,15,56,223,100,36,32
2289 pand %xmm8,%xmm9
2290 movq %r10,%rax
2291 .byte 102,15,56,223,108,36,48
2292 .byte 102,15,56,223,116,36,64
2293 .byte 102,15,56,223,124,36,80
2294 pxor %xmm9,%xmm15
2296 leaq 96(%rsi),%rsi
2297 movups %xmm2,-96(%rsi)
2298 movups %xmm3,-80(%rsi)
2299 movups %xmm4,-64(%rsi)
2300 movups %xmm5,-48(%rsi)
2301 movups %xmm6,-32(%rsi)
2302 movups %xmm7,-16(%rsi)
2303 subq $96,%rdx
2304 jnc L$xts_dec_grandloop
2306 movl $16+96,%eax
2307 subl %r10d,%eax
2308 movq %r11,%rcx
2309 shrl $4,%eax
2311 L$xts_dec_short:
2313 movl %eax,%r10d
2314 pxor %xmm0,%xmm10
2315 pxor %xmm0,%xmm11
2316 addq $96,%rdx
2317 jz L$xts_dec_done
2319 pxor %xmm0,%xmm12
2320 cmpq $32,%rdx
2321 jb L$xts_dec_one
2322 pxor %xmm0,%xmm13
2323 je L$xts_dec_two
2325 pxor %xmm0,%xmm14
2326 cmpq $64,%rdx
2327 jb L$xts_dec_three
2328 je L$xts_dec_four
2330 movdqu (%rdi),%xmm2
2331 movdqu 16(%rdi),%xmm3
2332 movdqu 32(%rdi),%xmm4
2333 pxor %xmm10,%xmm2
2334 movdqu 48(%rdi),%xmm5
2335 pxor %xmm11,%xmm3
2336 movdqu 64(%rdi),%xmm6
2337 leaq 80(%rdi),%rdi
2338 pxor %xmm12,%xmm4
2339 pxor %xmm13,%xmm5
2340 pxor %xmm14,%xmm6
2342 call _aesni_decrypt6
2344 xorps %xmm10,%xmm2
2345 xorps %xmm11,%xmm3
2346 xorps %xmm12,%xmm4
2347 movdqu %xmm2,(%rsi)
2348 xorps %xmm13,%xmm5
2349 movdqu %xmm3,16(%rsi)
2350 xorps %xmm14,%xmm6
2351 movdqu %xmm4,32(%rsi)
2352 pxor %xmm14,%xmm14
2353 movdqu %xmm5,48(%rsi)
2354 pcmpgtd %xmm15,%xmm14
2355 movdqu %xmm6,64(%rsi)
2356 leaq 80(%rsi),%rsi
2357 pshufd $19,%xmm14,%xmm11
2358 andq $15,%r9
2359 jz L$xts_dec_ret
2361 movdqa %xmm15,%xmm10
2362 paddq %xmm15,%xmm15
2363 pand %xmm8,%xmm11
2364 pxor %xmm15,%xmm11
2365 jmp L$xts_dec_done2
2367 .p2align 4
2368 L$xts_dec_one:
2369 movups (%rdi),%xmm2
2370 leaq 16(%rdi),%rdi
2371 xorps %xmm10,%xmm2
2372 movups (%rcx),%xmm0
2373 movups 16(%rcx),%xmm1
2374 leaq 32(%rcx),%rcx
2375 xorps %xmm0,%xmm2
2376 L$oop_dec1_12:
2377 .byte 102,15,56,222,209
2378 decl %eax
2379 movups (%rcx),%xmm1
2380 leaq 16(%rcx),%rcx
2381 jnz L$oop_dec1_12
2382 .byte 102,15,56,223,209
2383 xorps %xmm10,%xmm2
2384 movdqa %xmm11,%xmm10
2385 movups %xmm2,(%rsi)
2386 movdqa %xmm12,%xmm11
2387 leaq 16(%rsi),%rsi
2388 jmp L$xts_dec_done
2390 .p2align 4
2391 L$xts_dec_two:
2392 movups (%rdi),%xmm2
2393 movups 16(%rdi),%xmm3
2394 leaq 32(%rdi),%rdi
2395 xorps %xmm10,%xmm2
2396 xorps %xmm11,%xmm3
2398 call _aesni_decrypt2
2400 xorps %xmm10,%xmm2
2401 movdqa %xmm12,%xmm10
2402 xorps %xmm11,%xmm3
2403 movdqa %xmm13,%xmm11
2404 movups %xmm2,(%rsi)
2405 movups %xmm3,16(%rsi)
2406 leaq 32(%rsi),%rsi
2407 jmp L$xts_dec_done
2409 .p2align 4
2410 L$xts_dec_three:
2411 movups (%rdi),%xmm2
2412 movups 16(%rdi),%xmm3
2413 movups 32(%rdi),%xmm4
2414 leaq 48(%rdi),%rdi
2415 xorps %xmm10,%xmm2
2416 xorps %xmm11,%xmm3
2417 xorps %xmm12,%xmm4
2419 call _aesni_decrypt3
2421 xorps %xmm10,%xmm2
2422 movdqa %xmm13,%xmm10
2423 xorps %xmm11,%xmm3
2424 movdqa %xmm14,%xmm11
2425 xorps %xmm12,%xmm4
2426 movups %xmm2,(%rsi)
2427 movups %xmm3,16(%rsi)
2428 movups %xmm4,32(%rsi)
2429 leaq 48(%rsi),%rsi
2430 jmp L$xts_dec_done
2432 .p2align 4
2433 L$xts_dec_four:
2434 movups (%rdi),%xmm2
2435 movups 16(%rdi),%xmm3
2436 movups 32(%rdi),%xmm4
2437 xorps %xmm10,%xmm2
2438 movups 48(%rdi),%xmm5
2439 leaq 64(%rdi),%rdi
2440 xorps %xmm11,%xmm3
2441 xorps %xmm12,%xmm4
2442 xorps %xmm13,%xmm5
2444 call _aesni_decrypt4
2446 pxor %xmm10,%xmm2
2447 movdqa %xmm14,%xmm10
2448 pxor %xmm11,%xmm3
2449 movdqa %xmm15,%xmm11
2450 pxor %xmm12,%xmm4
2451 movdqu %xmm2,(%rsi)
2452 pxor %xmm13,%xmm5
2453 movdqu %xmm3,16(%rsi)
2454 movdqu %xmm4,32(%rsi)
2455 movdqu %xmm5,48(%rsi)
2456 leaq 64(%rsi),%rsi
2457 jmp L$xts_dec_done
2459 .p2align 4
2460 L$xts_dec_done:
2461 andq $15,%r9
2462 jz L$xts_dec_ret
2463 L$xts_dec_done2:
2464 movq %r9,%rdx
2465 movq %r11,%rcx
2466 movl %r10d,%eax
2468 movups (%rdi),%xmm2
2469 xorps %xmm11,%xmm2
2470 movups (%rcx),%xmm0
2471 movups 16(%rcx),%xmm1
2472 leaq 32(%rcx),%rcx
2473 xorps %xmm0,%xmm2
2474 L$oop_dec1_13:
2475 .byte 102,15,56,222,209
2476 decl %eax
2477 movups (%rcx),%xmm1
2478 leaq 16(%rcx),%rcx
2479 jnz L$oop_dec1_13
2480 .byte 102,15,56,223,209
2481 xorps %xmm11,%xmm2
2482 movups %xmm2,(%rsi)
2484 L$xts_dec_steal:
2485 movzbl 16(%rdi),%eax
2486 movzbl (%rsi),%ecx
2487 leaq 1(%rdi),%rdi
2488 movb %al,(%rsi)
2489 movb %cl,16(%rsi)
2490 leaq 1(%rsi),%rsi
2491 subq $1,%rdx
2492 jnz L$xts_dec_steal
2494 subq %r9,%rsi
2495 movq %r11,%rcx
2496 movl %r10d,%eax
2498 movups (%rsi),%xmm2
2499 xorps %xmm10,%xmm2
2500 movups (%rcx),%xmm0
2501 movups 16(%rcx),%xmm1
2502 leaq 32(%rcx),%rcx
2503 xorps %xmm0,%xmm2
2504 L$oop_dec1_14:
2505 .byte 102,15,56,222,209
2506 decl %eax
2507 movups (%rcx),%xmm1
2508 leaq 16(%rcx),%rcx
2509 jnz L$oop_dec1_14
2510 .byte 102,15,56,223,209
2511 xorps %xmm10,%xmm2
2512 movups %xmm2,(%rsi)
2514 L$xts_dec_ret:
2515 xorps %xmm0,%xmm0
2516 pxor %xmm1,%xmm1
2517 pxor %xmm2,%xmm2
2518 pxor %xmm3,%xmm3
2519 pxor %xmm4,%xmm4
2520 pxor %xmm5,%xmm5
2521 pxor %xmm6,%xmm6
2522 pxor %xmm7,%xmm7
2523 movaps %xmm0,0(%rsp)
2524 pxor %xmm8,%xmm8
2525 movaps %xmm0,16(%rsp)
2526 pxor %xmm9,%xmm9
2527 movaps %xmm0,32(%rsp)
2528 pxor %xmm10,%xmm10
2529 movaps %xmm0,48(%rsp)
2530 pxor %xmm11,%xmm11
2531 movaps %xmm0,64(%rsp)
2532 pxor %xmm12,%xmm12
2533 movaps %xmm0,80(%rsp)
2534 pxor %xmm13,%xmm13
2535 movaps %xmm0,96(%rsp)
2536 pxor %xmm14,%xmm14
2537 pxor %xmm15,%xmm15
2538 leaq (%rbp),%rsp
2539 popq %rbp
2540 L$xts_dec_epilogue:
2541 .byte 0xf3,0xc3
2543 .globl _aesni_cbc_encrypt
2544 .private_extern _aesni_cbc_encrypt
2546 .p2align 4
2547 _aesni_cbc_encrypt:
2548 testq %rdx,%rdx
2549 jz L$cbc_ret
2551 movl 240(%rcx),%r10d
2552 movq %rcx,%r11
2553 testl %r9d,%r9d
2554 jz L$cbc_decrypt
2556 movups (%r8),%xmm2
2557 movl %r10d,%eax
2558 cmpq $16,%rdx
2559 jb L$cbc_enc_tail
2560 subq $16,%rdx
2561 jmp L$cbc_enc_loop
2562 .p2align 4
2563 L$cbc_enc_loop:
2564 movups (%rdi),%xmm3
2565 leaq 16(%rdi),%rdi
2567 movups (%rcx),%xmm0
2568 movups 16(%rcx),%xmm1
2569 xorps %xmm0,%xmm3
2570 leaq 32(%rcx),%rcx
2571 xorps %xmm3,%xmm2
2572 L$oop_enc1_15:
2573 .byte 102,15,56,220,209
2574 decl %eax
2575 movups (%rcx),%xmm1
2576 leaq 16(%rcx),%rcx
2577 jnz L$oop_enc1_15
2578 .byte 102,15,56,221,209
2579 movl %r10d,%eax
2580 movq %r11,%rcx
2581 movups %xmm2,0(%rsi)
2582 leaq 16(%rsi),%rsi
2583 subq $16,%rdx
2584 jnc L$cbc_enc_loop
2585 addq $16,%rdx
2586 jnz L$cbc_enc_tail
2587 pxor %xmm0,%xmm0
2588 pxor %xmm1,%xmm1
2589 movups %xmm2,(%r8)
2590 pxor %xmm2,%xmm2
2591 pxor %xmm3,%xmm3
2592 jmp L$cbc_ret
2594 L$cbc_enc_tail:
2595 movq %rdx,%rcx
2596 xchgq %rdi,%rsi
2597 .long 0x9066A4F3
2598 movl $16,%ecx
2599 subq %rdx,%rcx
2600 xorl %eax,%eax
2601 .long 0x9066AAF3
2602 leaq -16(%rdi),%rdi
2603 movl %r10d,%eax
2604 movq %rdi,%rsi
2605 movq %r11,%rcx
2606 xorq %rdx,%rdx
2607 jmp L$cbc_enc_loop
2609 .p2align 4
2610 L$cbc_decrypt:
2611 cmpq $16,%rdx
2612 jne L$cbc_decrypt_bulk
2616 movdqu (%rdi),%xmm2
2617 movdqu (%r8),%xmm3
2618 movdqa %xmm2,%xmm4
2619 movups (%rcx),%xmm0
2620 movups 16(%rcx),%xmm1
2621 leaq 32(%rcx),%rcx
2622 xorps %xmm0,%xmm2
2623 L$oop_dec1_16:
2624 .byte 102,15,56,222,209
2625 decl %r10d
2626 movups (%rcx),%xmm1
2627 leaq 16(%rcx),%rcx
2628 jnz L$oop_dec1_16
2629 .byte 102,15,56,223,209
2630 pxor %xmm0,%xmm0
2631 pxor %xmm1,%xmm1
2632 movdqu %xmm4,(%r8)
2633 xorps %xmm3,%xmm2
2634 pxor %xmm3,%xmm3
2635 movups %xmm2,(%rsi)
2636 pxor %xmm2,%xmm2
2637 jmp L$cbc_ret
2638 .p2align 4
2639 L$cbc_decrypt_bulk:
2640 leaq (%rsp),%rax
2641 pushq %rbp
2642 subq $16,%rsp
2643 andq $-16,%rsp
2644 leaq -8(%rax),%rbp
2645 movups (%r8),%xmm10
2646 movl %r10d,%eax
2647 cmpq $80,%rdx
2648 jbe L$cbc_dec_tail
2650 movups (%rcx),%xmm0
2651 movdqu 0(%rdi),%xmm2
2652 movdqu 16(%rdi),%xmm3
2653 movdqa %xmm2,%xmm11
2654 movdqu 32(%rdi),%xmm4
2655 movdqa %xmm3,%xmm12
2656 movdqu 48(%rdi),%xmm5
2657 movdqa %xmm4,%xmm13
2658 movdqu 64(%rdi),%xmm6
2659 movdqa %xmm5,%xmm14
2660 movdqu 80(%rdi),%xmm7
2661 movdqa %xmm6,%xmm15
2662 movl _OPENSSL_ia32cap_P+4(%rip),%r9d
2663 cmpq $112,%rdx
2664 jbe L$cbc_dec_six_or_seven
2666 andl $71303168,%r9d
2667 subq $80,%rdx
2668 cmpl $4194304,%r9d
2669 je L$cbc_dec_loop6_enter
2670 subq $32,%rdx
2671 leaq 112(%rcx),%rcx
2672 jmp L$cbc_dec_loop8_enter
2673 .p2align 4
2674 L$cbc_dec_loop8:
2675 movups %xmm9,(%rsi)
2676 leaq 16(%rsi),%rsi
2677 L$cbc_dec_loop8_enter:
2678 movdqu 96(%rdi),%xmm8
2679 pxor %xmm0,%xmm2
2680 movdqu 112(%rdi),%xmm9
2681 pxor %xmm0,%xmm3
2682 movups 16-112(%rcx),%xmm1
2683 pxor %xmm0,%xmm4
2684 xorq %r11,%r11
2685 cmpq $112,%rdx
2686 pxor %xmm0,%xmm5
2687 pxor %xmm0,%xmm6
2688 pxor %xmm0,%xmm7
2689 pxor %xmm0,%xmm8
2691 .byte 102,15,56,222,209
2692 pxor %xmm0,%xmm9
2693 movups 32-112(%rcx),%xmm0
2694 .byte 102,15,56,222,217
2695 .byte 102,15,56,222,225
2696 .byte 102,15,56,222,233
2697 .byte 102,15,56,222,241
2698 .byte 102,15,56,222,249
2699 .byte 102,68,15,56,222,193
2700 setnc %r11b
2701 shlq $7,%r11
2702 .byte 102,68,15,56,222,201
2703 addq %rdi,%r11
2704 movups 48-112(%rcx),%xmm1
2705 .byte 102,15,56,222,208
2706 .byte 102,15,56,222,216
2707 .byte 102,15,56,222,224
2708 .byte 102,15,56,222,232
2709 .byte 102,15,56,222,240
2710 .byte 102,15,56,222,248
2711 .byte 102,68,15,56,222,192
2712 .byte 102,68,15,56,222,200
2713 movups 64-112(%rcx),%xmm0
2714 nop
2715 .byte 102,15,56,222,209
2716 .byte 102,15,56,222,217
2717 .byte 102,15,56,222,225
2718 .byte 102,15,56,222,233
2719 .byte 102,15,56,222,241
2720 .byte 102,15,56,222,249
2721 .byte 102,68,15,56,222,193
2722 .byte 102,68,15,56,222,201
2723 movups 80-112(%rcx),%xmm1
2724 nop
2725 .byte 102,15,56,222,208
2726 .byte 102,15,56,222,216
2727 .byte 102,15,56,222,224
2728 .byte 102,15,56,222,232
2729 .byte 102,15,56,222,240
2730 .byte 102,15,56,222,248
2731 .byte 102,68,15,56,222,192
2732 .byte 102,68,15,56,222,200
2733 movups 96-112(%rcx),%xmm0
2734 nop
2735 .byte 102,15,56,222,209
2736 .byte 102,15,56,222,217
2737 .byte 102,15,56,222,225
2738 .byte 102,15,56,222,233
2739 .byte 102,15,56,222,241
2740 .byte 102,15,56,222,249
2741 .byte 102,68,15,56,222,193
2742 .byte 102,68,15,56,222,201
2743 movups 112-112(%rcx),%xmm1
2744 nop
2745 .byte 102,15,56,222,208
2746 .byte 102,15,56,222,216
2747 .byte 102,15,56,222,224
2748 .byte 102,15,56,222,232
2749 .byte 102,15,56,222,240
2750 .byte 102,15,56,222,248
2751 .byte 102,68,15,56,222,192
2752 .byte 102,68,15,56,222,200
2753 movups 128-112(%rcx),%xmm0
2754 nop
2755 .byte 102,15,56,222,209
2756 .byte 102,15,56,222,217
2757 .byte 102,15,56,222,225
2758 .byte 102,15,56,222,233
2759 .byte 102,15,56,222,241
2760 .byte 102,15,56,222,249
2761 .byte 102,68,15,56,222,193
2762 .byte 102,68,15,56,222,201
2763 movups 144-112(%rcx),%xmm1
2764 cmpl $11,%eax
2765 .byte 102,15,56,222,208
2766 .byte 102,15,56,222,216
2767 .byte 102,15,56,222,224
2768 .byte 102,15,56,222,232
2769 .byte 102,15,56,222,240
2770 .byte 102,15,56,222,248
2771 .byte 102,68,15,56,222,192
2772 .byte 102,68,15,56,222,200
2773 movups 160-112(%rcx),%xmm0
2774 jb L$cbc_dec_done
2775 .byte 102,15,56,222,209
2776 .byte 102,15,56,222,217
2777 .byte 102,15,56,222,225
2778 .byte 102,15,56,222,233
2779 .byte 102,15,56,222,241
2780 .byte 102,15,56,222,249
2781 .byte 102,68,15,56,222,193
2782 .byte 102,68,15,56,222,201
2783 movups 176-112(%rcx),%xmm1
2784 nop
2785 .byte 102,15,56,222,208
2786 .byte 102,15,56,222,216
2787 .byte 102,15,56,222,224
2788 .byte 102,15,56,222,232
2789 .byte 102,15,56,222,240
2790 .byte 102,15,56,222,248
2791 .byte 102,68,15,56,222,192
2792 .byte 102,68,15,56,222,200
2793 movups 192-112(%rcx),%xmm0
2794 je L$cbc_dec_done
2795 .byte 102,15,56,222,209
2796 .byte 102,15,56,222,217
2797 .byte 102,15,56,222,225
2798 .byte 102,15,56,222,233
2799 .byte 102,15,56,222,241
2800 .byte 102,15,56,222,249
2801 .byte 102,68,15,56,222,193
2802 .byte 102,68,15,56,222,201
2803 movups 208-112(%rcx),%xmm1
2804 nop
2805 .byte 102,15,56,222,208
2806 .byte 102,15,56,222,216
2807 .byte 102,15,56,222,224
2808 .byte 102,15,56,222,232
2809 .byte 102,15,56,222,240
2810 .byte 102,15,56,222,248
2811 .byte 102,68,15,56,222,192
2812 .byte 102,68,15,56,222,200
2813 movups 224-112(%rcx),%xmm0
2814 jmp L$cbc_dec_done
2815 .p2align 4
2816 L$cbc_dec_done:
2817 .byte 102,15,56,222,209
2818 .byte 102,15,56,222,217
2819 pxor %xmm0,%xmm10
2820 pxor %xmm0,%xmm11
2821 .byte 102,15,56,222,225
2822 .byte 102,15,56,222,233
2823 pxor %xmm0,%xmm12
2824 pxor %xmm0,%xmm13
2825 .byte 102,15,56,222,241
2826 .byte 102,15,56,222,249
2827 pxor %xmm0,%xmm14
2828 pxor %xmm0,%xmm15
2829 .byte 102,68,15,56,222,193
2830 .byte 102,68,15,56,222,201
2831 movdqu 80(%rdi),%xmm1
2833 .byte 102,65,15,56,223,210
2834 movdqu 96(%rdi),%xmm10
2835 pxor %xmm0,%xmm1
2836 .byte 102,65,15,56,223,219
2837 pxor %xmm0,%xmm10
2838 movdqu 112(%rdi),%xmm0
2839 .byte 102,65,15,56,223,228
2840 leaq 128(%rdi),%rdi
2841 movdqu 0(%r11),%xmm11
2842 .byte 102,65,15,56,223,237
2843 .byte 102,65,15,56,223,246
2844 movdqu 16(%r11),%xmm12
2845 movdqu 32(%r11),%xmm13
2846 .byte 102,65,15,56,223,255
2847 .byte 102,68,15,56,223,193
2848 movdqu 48(%r11),%xmm14
2849 movdqu 64(%r11),%xmm15
2850 .byte 102,69,15,56,223,202
2851 movdqa %xmm0,%xmm10
2852 movdqu 80(%r11),%xmm1
2853 movups -112(%rcx),%xmm0
2855 movups %xmm2,(%rsi)
2856 movdqa %xmm11,%xmm2
2857 movups %xmm3,16(%rsi)
2858 movdqa %xmm12,%xmm3
2859 movups %xmm4,32(%rsi)
2860 movdqa %xmm13,%xmm4
2861 movups %xmm5,48(%rsi)
2862 movdqa %xmm14,%xmm5
2863 movups %xmm6,64(%rsi)
2864 movdqa %xmm15,%xmm6
2865 movups %xmm7,80(%rsi)
2866 movdqa %xmm1,%xmm7
2867 movups %xmm8,96(%rsi)
2868 leaq 112(%rsi),%rsi
2870 subq $128,%rdx
2871 ja L$cbc_dec_loop8
2873 movaps %xmm9,%xmm2
2874 leaq -112(%rcx),%rcx
2875 addq $112,%rdx
2876 jle L$cbc_dec_clear_tail_collected
2877 movups %xmm9,(%rsi)
2878 leaq 16(%rsi),%rsi
2879 cmpq $80,%rdx
2880 jbe L$cbc_dec_tail
2882 movaps %xmm11,%xmm2
2883 L$cbc_dec_six_or_seven:
2884 cmpq $96,%rdx
2885 ja L$cbc_dec_seven
2887 movaps %xmm7,%xmm8
2888 call _aesni_decrypt6
2889 pxor %xmm10,%xmm2
2890 movaps %xmm8,%xmm10
2891 pxor %xmm11,%xmm3
2892 movdqu %xmm2,(%rsi)
2893 pxor %xmm12,%xmm4
2894 movdqu %xmm3,16(%rsi)
2895 pxor %xmm3,%xmm3
2896 pxor %xmm13,%xmm5
2897 movdqu %xmm4,32(%rsi)
2898 pxor %xmm4,%xmm4
2899 pxor %xmm14,%xmm6
2900 movdqu %xmm5,48(%rsi)
2901 pxor %xmm5,%xmm5
2902 pxor %xmm15,%xmm7
2903 movdqu %xmm6,64(%rsi)
2904 pxor %xmm6,%xmm6
2905 leaq 80(%rsi),%rsi
2906 movdqa %xmm7,%xmm2
2907 pxor %xmm7,%xmm7
2908 jmp L$cbc_dec_tail_collected
2910 .p2align 4
2911 L$cbc_dec_seven:
2912 movups 96(%rdi),%xmm8
2913 xorps %xmm9,%xmm9
2914 call _aesni_decrypt8
2915 movups 80(%rdi),%xmm9
2916 pxor %xmm10,%xmm2
2917 movups 96(%rdi),%xmm10
2918 pxor %xmm11,%xmm3
2919 movdqu %xmm2,(%rsi)
2920 pxor %xmm12,%xmm4
2921 movdqu %xmm3,16(%rsi)
2922 pxor %xmm3,%xmm3
2923 pxor %xmm13,%xmm5
2924 movdqu %xmm4,32(%rsi)
2925 pxor %xmm4,%xmm4
2926 pxor %xmm14,%xmm6
2927 movdqu %xmm5,48(%rsi)
2928 pxor %xmm5,%xmm5
2929 pxor %xmm15,%xmm7
2930 movdqu %xmm6,64(%rsi)
2931 pxor %xmm6,%xmm6
2932 pxor %xmm9,%xmm8
2933 movdqu %xmm7,80(%rsi)
2934 pxor %xmm7,%xmm7
2935 leaq 96(%rsi),%rsi
2936 movdqa %xmm8,%xmm2
2937 pxor %xmm8,%xmm8
2938 pxor %xmm9,%xmm9
2939 jmp L$cbc_dec_tail_collected
2941 .p2align 4
2942 L$cbc_dec_loop6:
2943 movups %xmm7,(%rsi)
2944 leaq 16(%rsi),%rsi
2945 movdqu 0(%rdi),%xmm2
2946 movdqu 16(%rdi),%xmm3
2947 movdqa %xmm2,%xmm11
2948 movdqu 32(%rdi),%xmm4
2949 movdqa %xmm3,%xmm12
2950 movdqu 48(%rdi),%xmm5
2951 movdqa %xmm4,%xmm13
2952 movdqu 64(%rdi),%xmm6
2953 movdqa %xmm5,%xmm14
2954 movdqu 80(%rdi),%xmm7
2955 movdqa %xmm6,%xmm15
2956 L$cbc_dec_loop6_enter:
2957 leaq 96(%rdi),%rdi
2958 movdqa %xmm7,%xmm8
2960 call _aesni_decrypt6
2962 pxor %xmm10,%xmm2
2963 movdqa %xmm8,%xmm10
2964 pxor %xmm11,%xmm3
2965 movdqu %xmm2,(%rsi)
2966 pxor %xmm12,%xmm4
2967 movdqu %xmm3,16(%rsi)
2968 pxor %xmm13,%xmm5
2969 movdqu %xmm4,32(%rsi)
2970 pxor %xmm14,%xmm6
2971 movq %r11,%rcx
2972 movdqu %xmm5,48(%rsi)
2973 pxor %xmm15,%xmm7
2974 movl %r10d,%eax
2975 movdqu %xmm6,64(%rsi)
2976 leaq 80(%rsi),%rsi
2977 subq $96,%rdx
2978 ja L$cbc_dec_loop6
2980 movdqa %xmm7,%xmm2
2981 addq $80,%rdx
2982 jle L$cbc_dec_clear_tail_collected
2983 movups %xmm7,(%rsi)
2984 leaq 16(%rsi),%rsi
2986 L$cbc_dec_tail:
2987 movups (%rdi),%xmm2
2988 subq $16,%rdx
2989 jbe L$cbc_dec_one
2991 movups 16(%rdi),%xmm3
2992 movaps %xmm2,%xmm11
2993 subq $16,%rdx
2994 jbe L$cbc_dec_two
2996 movups 32(%rdi),%xmm4
2997 movaps %xmm3,%xmm12
2998 subq $16,%rdx
2999 jbe L$cbc_dec_three
3001 movups 48(%rdi),%xmm5
3002 movaps %xmm4,%xmm13
3003 subq $16,%rdx
3004 jbe L$cbc_dec_four
3006 movups 64(%rdi),%xmm6
3007 movaps %xmm5,%xmm14
3008 movaps %xmm6,%xmm15
3009 xorps %xmm7,%xmm7
3010 call _aesni_decrypt6
3011 pxor %xmm10,%xmm2
3012 movaps %xmm15,%xmm10
3013 pxor %xmm11,%xmm3
3014 movdqu %xmm2,(%rsi)
3015 pxor %xmm12,%xmm4
3016 movdqu %xmm3,16(%rsi)
3017 pxor %xmm3,%xmm3
3018 pxor %xmm13,%xmm5
3019 movdqu %xmm4,32(%rsi)
3020 pxor %xmm4,%xmm4
3021 pxor %xmm14,%xmm6
3022 movdqu %xmm5,48(%rsi)
3023 pxor %xmm5,%xmm5
3024 leaq 64(%rsi),%rsi
3025 movdqa %xmm6,%xmm2
3026 pxor %xmm6,%xmm6
3027 pxor %xmm7,%xmm7
3028 subq $16,%rdx
3029 jmp L$cbc_dec_tail_collected
3031 .p2align 4
3032 L$cbc_dec_one:
3033 movaps %xmm2,%xmm11
3034 movups (%rcx),%xmm0
3035 movups 16(%rcx),%xmm1
3036 leaq 32(%rcx),%rcx
3037 xorps %xmm0,%xmm2
3038 L$oop_dec1_17:
3039 .byte 102,15,56,222,209
3040 decl %eax
3041 movups (%rcx),%xmm1
3042 leaq 16(%rcx),%rcx
3043 jnz L$oop_dec1_17
3044 .byte 102,15,56,223,209
3045 xorps %xmm10,%xmm2
3046 movaps %xmm11,%xmm10
3047 jmp L$cbc_dec_tail_collected
3048 .p2align 4
3049 L$cbc_dec_two:
3050 movaps %xmm3,%xmm12
3051 call _aesni_decrypt2
3052 pxor %xmm10,%xmm2
3053 movaps %xmm12,%xmm10
3054 pxor %xmm11,%xmm3
3055 movdqu %xmm2,(%rsi)
3056 movdqa %xmm3,%xmm2
3057 pxor %xmm3,%xmm3
3058 leaq 16(%rsi),%rsi
3059 jmp L$cbc_dec_tail_collected
3060 .p2align 4
3061 L$cbc_dec_three:
3062 movaps %xmm4,%xmm13
3063 call _aesni_decrypt3
3064 pxor %xmm10,%xmm2
3065 movaps %xmm13,%xmm10
3066 pxor %xmm11,%xmm3
3067 movdqu %xmm2,(%rsi)
3068 pxor %xmm12,%xmm4
3069 movdqu %xmm3,16(%rsi)
3070 pxor %xmm3,%xmm3
3071 movdqa %xmm4,%xmm2
3072 pxor %xmm4,%xmm4
3073 leaq 32(%rsi),%rsi
3074 jmp L$cbc_dec_tail_collected
3075 .p2align 4
3076 L$cbc_dec_four:
3077 movaps %xmm5,%xmm14
3078 call _aesni_decrypt4
3079 pxor %xmm10,%xmm2
3080 movaps %xmm14,%xmm10
3081 pxor %xmm11,%xmm3
3082 movdqu %xmm2,(%rsi)
3083 pxor %xmm12,%xmm4
3084 movdqu %xmm3,16(%rsi)
3085 pxor %xmm3,%xmm3
3086 pxor %xmm13,%xmm5
3087 movdqu %xmm4,32(%rsi)
3088 pxor %xmm4,%xmm4
3089 movdqa %xmm5,%xmm2
3090 pxor %xmm5,%xmm5
3091 leaq 48(%rsi),%rsi
3092 jmp L$cbc_dec_tail_collected
3094 .p2align 4
3095 L$cbc_dec_clear_tail_collected:
3096 pxor %xmm3,%xmm3
3097 pxor %xmm4,%xmm4
3098 pxor %xmm5,%xmm5
3099 pxor %xmm6,%xmm6
3100 pxor %xmm7,%xmm7
3101 pxor %xmm8,%xmm8
3102 pxor %xmm9,%xmm9
3103 L$cbc_dec_tail_collected:
3104 movups %xmm10,(%r8)
3105 andq $15,%rdx
3106 jnz L$cbc_dec_tail_partial
3107 movups %xmm2,(%rsi)
3108 pxor %xmm2,%xmm2
3109 jmp L$cbc_dec_ret
3110 .p2align 4
3111 L$cbc_dec_tail_partial:
3112 movaps %xmm2,(%rsp)
3113 pxor %xmm2,%xmm2
3114 movq $16,%rcx
3115 movq %rsi,%rdi
3116 subq %rdx,%rcx
3117 leaq (%rsp),%rsi
3118 .long 0x9066A4F3
3119 movdqa %xmm2,(%rsp)
3121 L$cbc_dec_ret:
3122 xorps %xmm0,%xmm0
3123 pxor %xmm1,%xmm1
3124 leaq (%rbp),%rsp
3125 popq %rbp
3126 L$cbc_ret:
3127 .byte 0xf3,0xc3
3129 .globl _aesni_set_decrypt_key
3130 .private_extern _aesni_set_decrypt_key
3132 .p2align 4
3133 _aesni_set_decrypt_key:
3134 .byte 0x48,0x83,0xEC,0x08
3135 call __aesni_set_encrypt_key
3136 shll $4,%esi
3137 testl %eax,%eax
3138 jnz L$dec_key_ret
3139 leaq 16(%rdx,%rsi,1),%rdi
3141 movups (%rdx),%xmm0
3142 movups (%rdi),%xmm1
3143 movups %xmm0,(%rdi)
3144 movups %xmm1,(%rdx)
3145 leaq 16(%rdx),%rdx
3146 leaq -16(%rdi),%rdi
3148 L$dec_key_inverse:
3149 movups (%rdx),%xmm0
3150 movups (%rdi),%xmm1
3151 .byte 102,15,56,219,192
3152 .byte 102,15,56,219,201
3153 leaq 16(%rdx),%rdx
3154 leaq -16(%rdi),%rdi
3155 movups %xmm0,16(%rdi)
3156 movups %xmm1,-16(%rdx)
3157 cmpq %rdx,%rdi
3158 ja L$dec_key_inverse
3160 movups (%rdx),%xmm0
3161 .byte 102,15,56,219,192
3162 pxor %xmm1,%xmm1
3163 movups %xmm0,(%rdi)
3164 pxor %xmm0,%xmm0
3165 L$dec_key_ret:
3166 addq $8,%rsp
3167 .byte 0xf3,0xc3
3168 L$SEH_end_set_decrypt_key:
3170 .globl _aesni_set_encrypt_key
3171 .private_extern _aesni_set_encrypt_key
3173 .p2align 4
3174 _aesni_set_encrypt_key:
3175 __aesni_set_encrypt_key:
3176 .byte 0x48,0x83,0xEC,0x08
3177 movq $-1,%rax
3178 testq %rdi,%rdi
3179 jz L$enc_key_ret
3180 testq %rdx,%rdx
3181 jz L$enc_key_ret
3183 movl $268437504,%r10d
3184 movups (%rdi),%xmm0
3185 xorps %xmm4,%xmm4
3186 andl _OPENSSL_ia32cap_P+4(%rip),%r10d
3187 leaq 16(%rdx),%rax
3188 cmpl $256,%esi
3189 je L$14rounds
3190 cmpl $192,%esi
3191 je L$12rounds
3192 cmpl $128,%esi
3193 jne L$bad_keybits
3195 L$10rounds:
3196 movl $9,%esi
3197 cmpl $268435456,%r10d
3198 je L$10rounds_alt
3200 movups %xmm0,(%rdx)
3201 .byte 102,15,58,223,200,1
3202 call L$key_expansion_128_cold
3203 .byte 102,15,58,223,200,2
3204 call L$key_expansion_128
3205 .byte 102,15,58,223,200,4
3206 call L$key_expansion_128
3207 .byte 102,15,58,223,200,8
3208 call L$key_expansion_128
3209 .byte 102,15,58,223,200,16
3210 call L$key_expansion_128
3211 .byte 102,15,58,223,200,32
3212 call L$key_expansion_128
3213 .byte 102,15,58,223,200,64
3214 call L$key_expansion_128
3215 .byte 102,15,58,223,200,128
3216 call L$key_expansion_128
3217 .byte 102,15,58,223,200,27
3218 call L$key_expansion_128
3219 .byte 102,15,58,223,200,54
3220 call L$key_expansion_128
3221 movups %xmm0,(%rax)
3222 movl %esi,80(%rax)
3223 xorl %eax,%eax
3224 jmp L$enc_key_ret
3226 .p2align 4
3227 L$10rounds_alt:
3228 movdqa L$key_rotate(%rip),%xmm5
3229 movl $8,%r10d
3230 movdqa L$key_rcon1(%rip),%xmm4
3231 movdqa %xmm0,%xmm2
3232 movdqu %xmm0,(%rdx)
3233 jmp L$oop_key128
3235 .p2align 4
3236 L$oop_key128:
3237 .byte 102,15,56,0,197
3238 .byte 102,15,56,221,196
3239 pslld $1,%xmm4
3240 leaq 16(%rax),%rax
3242 movdqa %xmm2,%xmm3
3243 pslldq $4,%xmm2
3244 pxor %xmm2,%xmm3
3245 pslldq $4,%xmm2
3246 pxor %xmm2,%xmm3
3247 pslldq $4,%xmm2
3248 pxor %xmm3,%xmm2
3250 pxor %xmm2,%xmm0
3251 movdqu %xmm0,-16(%rax)
3252 movdqa %xmm0,%xmm2
3254 decl %r10d
3255 jnz L$oop_key128
3257 movdqa L$key_rcon1b(%rip),%xmm4
3259 .byte 102,15,56,0,197
3260 .byte 102,15,56,221,196
3261 pslld $1,%xmm4
3263 movdqa %xmm2,%xmm3
3264 pslldq $4,%xmm2
3265 pxor %xmm2,%xmm3
3266 pslldq $4,%xmm2
3267 pxor %xmm2,%xmm3
3268 pslldq $4,%xmm2
3269 pxor %xmm3,%xmm2
3271 pxor %xmm2,%xmm0
3272 movdqu %xmm0,(%rax)
3274 movdqa %xmm0,%xmm2
3275 .byte 102,15,56,0,197
3276 .byte 102,15,56,221,196
3278 movdqa %xmm2,%xmm3
3279 pslldq $4,%xmm2
3280 pxor %xmm2,%xmm3
3281 pslldq $4,%xmm2
3282 pxor %xmm2,%xmm3
3283 pslldq $4,%xmm2
3284 pxor %xmm3,%xmm2
3286 pxor %xmm2,%xmm0
3287 movdqu %xmm0,16(%rax)
3289 movl %esi,96(%rax)
3290 xorl %eax,%eax
3291 jmp L$enc_key_ret
3293 .p2align 4
3294 L$12rounds:
3295 movq 16(%rdi),%xmm2
3296 movl $11,%esi
3297 cmpl $268435456,%r10d
3298 je L$12rounds_alt
3300 movups %xmm0,(%rdx)
3301 .byte 102,15,58,223,202,1
3302 call L$key_expansion_192a_cold
3303 .byte 102,15,58,223,202,2
3304 call L$key_expansion_192b
3305 .byte 102,15,58,223,202,4
3306 call L$key_expansion_192a
3307 .byte 102,15,58,223,202,8
3308 call L$key_expansion_192b
3309 .byte 102,15,58,223,202,16
3310 call L$key_expansion_192a
3311 .byte 102,15,58,223,202,32
3312 call L$key_expansion_192b
3313 .byte 102,15,58,223,202,64
3314 call L$key_expansion_192a
3315 .byte 102,15,58,223,202,128
3316 call L$key_expansion_192b
3317 movups %xmm0,(%rax)
3318 movl %esi,48(%rax)
3319 xorq %rax,%rax
3320 jmp L$enc_key_ret
3322 .p2align 4
3323 L$12rounds_alt:
3324 movdqa L$key_rotate192(%rip),%xmm5
3325 movdqa L$key_rcon1(%rip),%xmm4
3326 movl $8,%r10d
3327 movdqu %xmm0,(%rdx)
3328 jmp L$oop_key192
3330 .p2align 4
3331 L$oop_key192:
3332 movq %xmm2,0(%rax)
3333 movdqa %xmm2,%xmm1
3334 .byte 102,15,56,0,213
3335 .byte 102,15,56,221,212
3336 pslld $1,%xmm4
3337 leaq 24(%rax),%rax
3339 movdqa %xmm0,%xmm3
3340 pslldq $4,%xmm0
3341 pxor %xmm0,%xmm3
3342 pslldq $4,%xmm0
3343 pxor %xmm0,%xmm3
3344 pslldq $4,%xmm0
3345 pxor %xmm3,%xmm0
3347 pshufd $255,%xmm0,%xmm3
3348 pxor %xmm1,%xmm3
3349 pslldq $4,%xmm1
3350 pxor %xmm1,%xmm3
3352 pxor %xmm2,%xmm0
3353 pxor %xmm3,%xmm2
3354 movdqu %xmm0,-16(%rax)
3356 decl %r10d
3357 jnz L$oop_key192
3359 movl %esi,32(%rax)
3360 xorl %eax,%eax
3361 jmp L$enc_key_ret
3363 .p2align 4
3364 L$14rounds:
3365 movups 16(%rdi),%xmm2
3366 movl $13,%esi
3367 leaq 16(%rax),%rax
3368 cmpl $268435456,%r10d
3369 je L$14rounds_alt
3371 movups %xmm0,(%rdx)
3372 movups %xmm2,16(%rdx)
3373 .byte 102,15,58,223,202,1
3374 call L$key_expansion_256a_cold
3375 .byte 102,15,58,223,200,1
3376 call L$key_expansion_256b
3377 .byte 102,15,58,223,202,2
3378 call L$key_expansion_256a
3379 .byte 102,15,58,223,200,2
3380 call L$key_expansion_256b
3381 .byte 102,15,58,223,202,4
3382 call L$key_expansion_256a
3383 .byte 102,15,58,223,200,4
3384 call L$key_expansion_256b
3385 .byte 102,15,58,223,202,8
3386 call L$key_expansion_256a
3387 .byte 102,15,58,223,200,8
3388 call L$key_expansion_256b
3389 .byte 102,15,58,223,202,16
3390 call L$key_expansion_256a
3391 .byte 102,15,58,223,200,16
3392 call L$key_expansion_256b
3393 .byte 102,15,58,223,202,32
3394 call L$key_expansion_256a
3395 .byte 102,15,58,223,200,32
3396 call L$key_expansion_256b
3397 .byte 102,15,58,223,202,64
3398 call L$key_expansion_256a
3399 movups %xmm0,(%rax)
3400 movl %esi,16(%rax)
3401 xorq %rax,%rax
3402 jmp L$enc_key_ret
3404 .p2align 4
3405 L$14rounds_alt:
3406 movdqa L$key_rotate(%rip),%xmm5
3407 movdqa L$key_rcon1(%rip),%xmm4
3408 movl $7,%r10d
3409 movdqu %xmm0,0(%rdx)
3410 movdqa %xmm2,%xmm1
3411 movdqu %xmm2,16(%rdx)
3412 jmp L$oop_key256
3414 .p2align 4
3415 L$oop_key256:
3416 .byte 102,15,56,0,213
3417 .byte 102,15,56,221,212
3419 movdqa %xmm0,%xmm3
3420 pslldq $4,%xmm0
3421 pxor %xmm0,%xmm3
3422 pslldq $4,%xmm0
3423 pxor %xmm0,%xmm3
3424 pslldq $4,%xmm0
3425 pxor %xmm3,%xmm0
3426 pslld $1,%xmm4
3428 pxor %xmm2,%xmm0
3429 movdqu %xmm0,(%rax)
3431 decl %r10d
3432 jz L$done_key256
3434 pshufd $255,%xmm0,%xmm2
3435 pxor %xmm3,%xmm3
3436 .byte 102,15,56,221,211
3438 movdqa %xmm1,%xmm3
3439 pslldq $4,%xmm1
3440 pxor %xmm1,%xmm3
3441 pslldq $4,%xmm1
3442 pxor %xmm1,%xmm3
3443 pslldq $4,%xmm1
3444 pxor %xmm3,%xmm1
3446 pxor %xmm1,%xmm2
3447 movdqu %xmm2,16(%rax)
3448 leaq 32(%rax),%rax
3449 movdqa %xmm2,%xmm1
3451 jmp L$oop_key256
3453 L$done_key256:
3454 movl %esi,16(%rax)
3455 xorl %eax,%eax
3456 jmp L$enc_key_ret
3458 .p2align 4
3459 L$bad_keybits:
3460 movq $-2,%rax
3461 L$enc_key_ret:
3462 pxor %xmm0,%xmm0
3463 pxor %xmm1,%xmm1
3464 pxor %xmm2,%xmm2
3465 pxor %xmm3,%xmm3
3466 pxor %xmm4,%xmm4
3467 pxor %xmm5,%xmm5
3468 addq $8,%rsp
3469 .byte 0xf3,0xc3
3470 L$SEH_end_set_encrypt_key:
3472 .p2align 4
3473 L$key_expansion_128:
3474 movups %xmm0,(%rax)
3475 leaq 16(%rax),%rax
3476 L$key_expansion_128_cold:
3477 shufps $16,%xmm0,%xmm4
3478 xorps %xmm4,%xmm0
3479 shufps $140,%xmm0,%xmm4
3480 xorps %xmm4,%xmm0
3481 shufps $255,%xmm1,%xmm1
3482 xorps %xmm1,%xmm0
3483 .byte 0xf3,0xc3
3485 .p2align 4
3486 L$key_expansion_192a:
3487 movups %xmm0,(%rax)
3488 leaq 16(%rax),%rax
3489 L$key_expansion_192a_cold:
3490 movaps %xmm2,%xmm5
3491 L$key_expansion_192b_warm:
3492 shufps $16,%xmm0,%xmm4
3493 movdqa %xmm2,%xmm3
3494 xorps %xmm4,%xmm0
3495 shufps $140,%xmm0,%xmm4
3496 pslldq $4,%xmm3
3497 xorps %xmm4,%xmm0
3498 pshufd $85,%xmm1,%xmm1
3499 pxor %xmm3,%xmm2
3500 pxor %xmm1,%xmm0
3501 pshufd $255,%xmm0,%xmm3
3502 pxor %xmm3,%xmm2
3503 .byte 0xf3,0xc3
3505 .p2align 4
3506 L$key_expansion_192b:
3507 movaps %xmm0,%xmm3
3508 shufps $68,%xmm0,%xmm5
3509 movups %xmm5,(%rax)
3510 shufps $78,%xmm2,%xmm3
3511 movups %xmm3,16(%rax)
3512 leaq 32(%rax),%rax
3513 jmp L$key_expansion_192b_warm
3515 .p2align 4
3516 L$key_expansion_256a:
3517 movups %xmm2,(%rax)
3518 leaq 16(%rax),%rax
3519 L$key_expansion_256a_cold:
3520 shufps $16,%xmm0,%xmm4
3521 xorps %xmm4,%xmm0
3522 shufps $140,%xmm0,%xmm4
3523 xorps %xmm4,%xmm0
3524 shufps $255,%xmm1,%xmm1
3525 xorps %xmm1,%xmm0
3526 .byte 0xf3,0xc3
3528 .p2align 4
3529 L$key_expansion_256b:
3530 movups %xmm0,(%rax)
3531 leaq 16(%rax),%rax
3533 shufps $16,%xmm2,%xmm4
3534 xorps %xmm4,%xmm2
3535 shufps $140,%xmm2,%xmm4
3536 xorps %xmm4,%xmm2
3537 shufps $170,%xmm1,%xmm1
3538 xorps %xmm1,%xmm2
3539 .byte 0xf3,0xc3
3542 .p2align 6
3543 L$bswap_mask:
3544 .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
3545 L$increment32:
3546 .long 6,6,6,0
3547 L$increment64:
3548 .long 1,0,0,0
3549 L$xts_magic:
3550 .long 0x87,0,1,0
3551 L$increment1:
3552 .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
3553 L$key_rotate:
3554 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d
3555 L$key_rotate192:
3556 .long 0x04070605,0x04070605,0x04070605,0x04070605
3557 L$key_rcon1:
3558 .long 1,1,1,1
3559 L$key_rcon1b:
3560 .long 0x1b,0x1b,0x1b,0x1b
3562 .byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
3563 .p2align 6
3564 #endif