1/*- 2* The white paper of AES-NI instructions can be downloaded from: 3 * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf 4 * 5 * Copyright (C) 2008-2010, Intel Corporation 6 * Author: Huang Ying <ying.huang@intel.com> 7 * Vinodh Gopal <vinodh.gopal@intel.com> 8 * Kahraman Akdemir 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following 12 * conditions are met: 13 * 14 * - Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * - Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the 20 * distribution. 21 * 22 * - Neither the name of Intel Corporation nor the names of its 23 * contributors may be used to endorse or promote products 24 * derived from this software without specific prior written 25 * permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 32 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 33 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 34 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 37 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 */ 39 40#include <machine/asmacros.h> 41 42 .text 43 44ENTRY(_key_expansion_128) 45_key_expansion_256a: 46 .cfi_startproc 47 pshufd $0b11111111,%xmm1,%xmm1 48 shufps $0b00010000,%xmm0,%xmm4 49 pxor %xmm4,%xmm0 50 shufps $0b10001100,%xmm0,%xmm4 51 pxor %xmm4,%xmm0 52 pxor %xmm1,%xmm0 53 movaps %xmm0,(%rsi) 54 addq $0x10,%rsi 55 retq 56 .cfi_endproc 57END(_key_expansion_128) 58 59ENTRY(_key_expansion_192a) 60 .cfi_startproc 61 pshufd $0b01010101,%xmm1,%xmm1 62 shufps $0b00010000,%xmm0,%xmm4 63 pxor %xmm4,%xmm0 64 shufps $0b10001100,%xmm0,%xmm4 65 pxor %xmm4,%xmm0 66 pxor %xmm1,%xmm0 67 movaps %xmm2,%xmm5 68 movaps %xmm2,%xmm6 69 pslldq $4,%xmm5 70 pshufd $0b11111111,%xmm0,%xmm3 71 pxor %xmm3,%xmm2 72 pxor %xmm5,%xmm2 73 movaps %xmm0,%xmm1 74 shufps $0b01000100,%xmm0,%xmm6 75 movaps %xmm6,(%rsi) 76 shufps $0b01001110,%xmm2,%xmm1 77 movaps %xmm1,0x10(%rsi) 78 addq $0x20,%rsi 79 retq 80 .cfi_endproc 81END(_key_expansion_192a) 82 83ENTRY(_key_expansion_192b) 84 .cfi_startproc 85 pshufd $0b01010101,%xmm1,%xmm1 86 shufps $0b00010000,%xmm0,%xmm4 87 pxor %xmm4,%xmm0 88 shufps $0b10001100,%xmm0,%xmm4 89 pxor %xmm4,%xmm0 90 pxor %xmm1,%xmm0 91 movaps %xmm2,%xmm5 92 pslldq $4,%xmm5 93 pshufd $0b11111111,%xmm0,%xmm3 94 pxor %xmm3,%xmm2 95 pxor %xmm5,%xmm2 96 movaps %xmm0,(%rsi) 97 addq $0x10,%rsi 98 retq 99 .cfi_endproc 100END(_key_expansion_192b) 101 102ENTRY(_key_expansion_256b) 103 .cfi_startproc 104 pshufd $0b10101010,%xmm1,%xmm1 105 shufps $0b00010000,%xmm2,%xmm4 106 pxor %xmm4,%xmm2 107 shufps $0b10001100,%xmm2,%xmm4 108 pxor %xmm4,%xmm2 109 pxor %xmm1,%xmm2 110 movaps %xmm2,(%rsi) 111 addq $0x10,%rsi 112 retq 113 .cfi_endproc 114END(_key_expansion_256b) 115 116ENTRY(aesni_set_enckey) 117 .cfi_startproc 118 movups (%rdi),%xmm0 # user key (first 16 bytes) 119 movaps %xmm0,(%rsi) 120 addq $0x10,%rsi # key addr 121 pxor %xmm4,%xmm4 # xmm4 is assumed 0 in _key_expansion_x 122 cmpl $12,%edx 123 jb .Lenc_key128 124 je .Lenc_key192 125 movups 0x10(%rdi),%xmm2 # other user key 126 movaps %xmm2,(%rsi) 127 addq $0x10,%rsi 128// aeskeygenassist $0x1,%xmm2,%xmm1 # round 1 129 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x01 130 call _key_expansion_256a 131// aeskeygenassist $0x1,%xmm0,%xmm1 132 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x01 133 call _key_expansion_256b 134// aeskeygenassist $0x2,%xmm2,%xmm1 # round 2 135 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x02 136 call _key_expansion_256a 137// aeskeygenassist $0x2,%xmm0,%xmm1 138 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x02 139 call _key_expansion_256b 140// aeskeygenassist $0x4,%xmm2,%xmm1 # round 3 141 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x04 142 call _key_expansion_256a 143// aeskeygenassist $0x4,%xmm0,%xmm1 144 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x04 145 call _key_expansion_256b 146// aeskeygenassist $0x8,%xmm2,%xmm1 # round 4 147 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x08 148 call _key_expansion_256a 149// aeskeygenassist $0x8,%xmm0,%xmm1 150 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x08 151 call _key_expansion_256b 152// aeskeygenassist $0x10,%xmm2,%xmm1 # round 5 153 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x10 154 call _key_expansion_256a 155// aeskeygenassist $0x10,%xmm0,%xmm1 156 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x10 157 call _key_expansion_256b 158// aeskeygenassist $0x20,%xmm2,%xmm1 # round 6 159 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x20 160 call _key_expansion_256a 161// aeskeygenassist $0x20,%xmm0,%xmm1 162 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x20 163 call _key_expansion_256b 164// aeskeygenassist $0x40,%xmm2,%xmm1 # round 7 165 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x40 166 call _key_expansion_256a 167 retq 168.Lenc_key192: 169 movq 0x10(%rdi),%xmm2 # other user key 170// aeskeygenassist $0x1,%xmm2,%xmm1 # round 1 171 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x01 172 call _key_expansion_192a 173// aeskeygenassist $0x2,%xmm2,%xmm1 # round 2 174 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x02 175 call _key_expansion_192b 176// aeskeygenassist $0x4,%xmm2,%xmm1 # round 3 177 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x04 178 call _key_expansion_192a 179// aeskeygenassist $0x8,%xmm2,%xmm1 # round 4 180 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x08 181 call _key_expansion_192b 182// aeskeygenassist $0x10,%xmm2,%xmm1 # round 5 183 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x10 184 call _key_expansion_192a 185// aeskeygenassist $0x20,%xmm2,%xmm1 # round 6 186 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x20 187 call _key_expansion_192b 188// aeskeygenassist $0x40,%xmm2,%xmm1 # round 7 189 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x40 190 call _key_expansion_192a 191// aeskeygenassist $0x80,%xmm2,%xmm1 # round 8 192 .byte 0x66,0x0f,0x3a,0xdf,0xca,0x80 193 call _key_expansion_192b 194 retq 195.Lenc_key128: 196// aeskeygenassist $0x1,%xmm0,%xmm1 # round 1 197 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x01 198 call _key_expansion_128 199// aeskeygenassist $0x2,%xmm0,%xmm1 # round 2 200 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x02 201 call _key_expansion_128 202// aeskeygenassist $0x4,%xmm0,%xmm1 # round 3 203 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x04 204 call _key_expansion_128 205// aeskeygenassist $0x8,%xmm0,%xmm1 # round 4 206 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x08 207 call _key_expansion_128 208// aeskeygenassist $0x10,%xmm0,%xmm1 # round 5 209 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x10 210 call _key_expansion_128 211// aeskeygenassist $0x20,%xmm0,%xmm1 # round 6 212 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x20 213 call _key_expansion_128 214// aeskeygenassist $0x40,%xmm0,%xmm1 # round 7 215 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x40 216 call _key_expansion_128 217// aeskeygenassist $0x80,%xmm0,%xmm1 # round 8 218 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x80 219 call _key_expansion_128 220// aeskeygenassist $0x1b,%xmm0,%xmm1 # round 9 221 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x1b 222 call _key_expansion_128 223// aeskeygenassist $0x36,%xmm0,%xmm1 # round 10 224 .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x36 225 call _key_expansion_128 226 retq 227 .cfi_endproc 228END(aesni_set_enckey) 229 230ENTRY(aesni_set_deckey) 231 .cfi_startproc 232 movslq %edx,%rax 233 shlq $4,%rax 234 addq %rax,%rdi 235 movdqa (%rdi),%xmm0 236 movdqa %xmm0,(%rsi) 237 decl %edx 2381: 239 addq $0x10,%rsi 240 subq $0x10,%rdi 241// aesimc (%rdi),%xmm1 242 .byte 0x66,0x0f,0x38,0xdb,0x0f 243 movdqa %xmm1,(%rsi) 244 decl %edx 245 jne 1b 246 247 addq $0x10,%rsi 248 subq $0x10,%rdi 249 movdqa (%rdi),%xmm0 250 movdqa %xmm0,(%rsi) 251 retq 252 .cfi_endproc 253END(aesni_set_deckey) 254 255 .ident "$FreeBSD$" 256