xref: /freebsd/sys/crypto/openssl/arm/aes-armv4.S (revision f81cdf24ba5436367377f7c8e8f51f6df2a75ca7) 
1/* Do not modify. This file is auto-generated from aes-armv4.pl. */
2@ Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3@
4@ Licensed under the Apache License 2.0 (the "License").  You may not use
5@ this file except in compliance with the License.  You can obtain a copy
6@ in the file LICENSE in the source distribution or at
7@ https://www.openssl.org/source/license.html
8
9
10@ ====================================================================
11@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
12@ project. The module is, however, dual licensed under OpenSSL and
13@ CRYPTOGAMS licenses depending on where you obtain it. For further
14@ details see http://www.openssl.org/~appro/cryptogams/.
15@ ====================================================================
16
17@ AES for ARMv4
18
19@ January 2007.
20@
21@ Code uses single 1K S-box and is >2 times faster than code generated
22@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
23@ allows to merge logical or arithmetic operation with shift or rotate
24@ in one instruction and emit combined result every cycle. The module
25@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit
26@ key [on single-issue Xscale PXA250 core].
27
28@ May 2007.
29@
30@ AES_set_[en|de]crypt_key is added.
31
32@ July 2010.
33@
34@ Rescheduling for dual-issue pipeline resulted in 12% improvement on
35@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
36
37@ February 2011.
38@
39@ Profiler-assisted and platform-specific optimization resulted in 16%
40@ improvement on Cortex A8 core and ~21.5 cycles per byte.
41
42@ $output is the last argument if it looks like a file (it has an extension)
43@ $flavour is the first argument if it doesn't look like a file
44#ifndef __KERNEL__
45# include "arm_arch.h"
46#else
47# define __ARM_ARCH__ __LINUX_ARM_ARCH__
48#endif
49
50#if defined(__thumb2__) && !defined(__APPLE__)
51.syntax	unified
52.thumb
53#else
54.code	32
55#undef __thumb2__
56#endif
57
58.text
59
60.type	AES_Te,%object
61.align	5
62AES_Te:
63.word	0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
64.word	0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
65.word	0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
66.word	0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
67.word	0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
68.word	0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
69.word	0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
70.word	0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
71.word	0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
72.word	0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
73.word	0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
74.word	0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
75.word	0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
76.word	0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
77.word	0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
78.word	0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
79.word	0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
80.word	0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
81.word	0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
82.word	0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
83.word	0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
84.word	0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
85.word	0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
86.word	0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
87.word	0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
88.word	0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
89.word	0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
90.word	0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
91.word	0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
92.word	0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
93.word	0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
94.word	0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
95.word	0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
96.word	0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
97.word	0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
98.word	0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
99.word	0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
100.word	0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
101.word	0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
102.word	0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
103.word	0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
104.word	0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
105.word	0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
106.word	0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
107.word	0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
108.word	0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
109.word	0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
110.word	0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
111.word	0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
112.word	0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
113.word	0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
114.word	0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
115.word	0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
116.word	0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
117.word	0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
118.word	0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
119.word	0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
120.word	0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
121.word	0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
122.word	0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
123.word	0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
124.word	0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
125.word	0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
126.word	0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
127@ Te4[256]
128.byte	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
129.byte	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
130.byte	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
131.byte	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
132.byte	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
133.byte	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
134.byte	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
135.byte	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
136.byte	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
137.byte	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
138.byte	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
139.byte	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
140.byte	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
141.byte	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
142.byte	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
143.byte	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
144.byte	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
145.byte	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
146.byte	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
147.byte	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
148.byte	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
149.byte	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
150.byte	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
151.byte	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
152.byte	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
153.byte	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
154.byte	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
155.byte	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
156.byte	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
157.byte	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
158.byte	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
159.byte	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
160@ rcon[]
161.word	0x01000000, 0x02000000, 0x04000000, 0x08000000
162.word	0x10000000, 0x20000000, 0x40000000, 0x80000000
163.word	0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
164.size	AES_Te,.-AES_Te
165
166@ void AES_encrypt(const unsigned char *in, unsigned char *out,
167@ 		 const AES_KEY *key) {
168.globl	AES_encrypt
169.type	AES_encrypt,%function
170.align	5
171AES_encrypt:
172#ifndef	__thumb2__
173	sub	r3,pc,#8		@ AES_encrypt
174#else
175	adr	r3,.
176#endif
177	stmdb	sp!,{r1,r4-r12,lr}
178#if defined(__thumb2__) || defined(__APPLE__)
179	adr	r10,AES_Te
180#else
181	sub	r10,r3,#AES_encrypt-AES_Te	@ Te
182#endif
183	mov	r12,r0		@ inp
184	mov	r11,r2
185#if __ARM_ARCH__<7
186	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
187	ldrb	r4,[r12,#2]	@ manner...
188	ldrb	r5,[r12,#1]
189	ldrb	r6,[r12,#0]
190	orr	r0,r0,r4,lsl#8
191	ldrb	r1,[r12,#7]
192	orr	r0,r0,r5,lsl#16
193	ldrb	r4,[r12,#6]
194	orr	r0,r0,r6,lsl#24
195	ldrb	r5,[r12,#5]
196	ldrb	r6,[r12,#4]
197	orr	r1,r1,r4,lsl#8
198	ldrb	r2,[r12,#11]
199	orr	r1,r1,r5,lsl#16
200	ldrb	r4,[r12,#10]
201	orr	r1,r1,r6,lsl#24
202	ldrb	r5,[r12,#9]
203	ldrb	r6,[r12,#8]
204	orr	r2,r2,r4,lsl#8
205	ldrb	r3,[r12,#15]
206	orr	r2,r2,r5,lsl#16
207	ldrb	r4,[r12,#14]
208	orr	r2,r2,r6,lsl#24
209	ldrb	r5,[r12,#13]
210	ldrb	r6,[r12,#12]
211	orr	r3,r3,r4,lsl#8
212	orr	r3,r3,r5,lsl#16
213	orr	r3,r3,r6,lsl#24
214#else
215	ldr	r0,[r12,#0]
216	ldr	r1,[r12,#4]
217	ldr	r2,[r12,#8]
218	ldr	r3,[r12,#12]
219#ifdef __ARMEL__
220	rev	r0,r0
221	rev	r1,r1
222	rev	r2,r2
223	rev	r3,r3
224#endif
225#endif
226	bl	_armv4_AES_encrypt
227
228	ldr	r12,[sp],#4		@ pop out
229#if __ARM_ARCH__>=7
230#ifdef __ARMEL__
231	rev	r0,r0
232	rev	r1,r1
233	rev	r2,r2
234	rev	r3,r3
235#endif
236	str	r0,[r12,#0]
237	str	r1,[r12,#4]
238	str	r2,[r12,#8]
239	str	r3,[r12,#12]
240#else
241	mov	r4,r0,lsr#24		@ write output in endian-neutral
242	mov	r5,r0,lsr#16		@ manner...
243	mov	r6,r0,lsr#8
244	strb	r4,[r12,#0]
245	strb	r5,[r12,#1]
246	mov	r4,r1,lsr#24
247	strb	r6,[r12,#2]
248	mov	r5,r1,lsr#16
249	strb	r0,[r12,#3]
250	mov	r6,r1,lsr#8
251	strb	r4,[r12,#4]
252	strb	r5,[r12,#5]
253	mov	r4,r2,lsr#24
254	strb	r6,[r12,#6]
255	mov	r5,r2,lsr#16
256	strb	r1,[r12,#7]
257	mov	r6,r2,lsr#8
258	strb	r4,[r12,#8]
259	strb	r5,[r12,#9]
260	mov	r4,r3,lsr#24
261	strb	r6,[r12,#10]
262	mov	r5,r3,lsr#16
263	strb	r2,[r12,#11]
264	mov	r6,r3,lsr#8
265	strb	r4,[r12,#12]
266	strb	r5,[r12,#13]
267	strb	r6,[r12,#14]
268	strb	r3,[r12,#15]
269#endif
270#if __ARM_ARCH__>=5
271	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
272#else
273	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
274	tst	lr,#1
275	moveq	pc,lr			@ be binary compatible with V4, yet
276.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
277#endif
278.size	AES_encrypt,.-AES_encrypt
279
280.type	_armv4_AES_encrypt,%function
281.align	2
282_armv4_AES_encrypt:
283	str	lr,[sp,#-4]!		@ push lr
284	ldmia	r11!,{r4,r5,r6,r7}
285	eor	r0,r0,r4
286	ldr	r12,[r11,#240-16]
287	eor	r1,r1,r5
288	eor	r2,r2,r6
289	eor	r3,r3,r7
290	sub	r12,r12,#1
291	mov	lr,#255
292
293	and	r7,lr,r0
294	and	r8,lr,r0,lsr#8
295	and	r9,lr,r0,lsr#16
296	mov	r0,r0,lsr#24
297.Lenc_loop:
298	ldr	r4,[r10,r7,lsl#2]	@ Te3[s0>>0]
299	and	r7,lr,r1,lsr#16	@ i0
300	ldr	r5,[r10,r8,lsl#2]	@ Te2[s0>>8]
301	and	r8,lr,r1
302	ldr	r6,[r10,r9,lsl#2]	@ Te1[s0>>16]
303	and	r9,lr,r1,lsr#8
304	ldr	r0,[r10,r0,lsl#2]	@ Te0[s0>>24]
305	mov	r1,r1,lsr#24
306
307	ldr	r7,[r10,r7,lsl#2]	@ Te1[s1>>16]
308	ldr	r8,[r10,r8,lsl#2]	@ Te3[s1>>0]
309	ldr	r9,[r10,r9,lsl#2]	@ Te2[s1>>8]
310	eor	r0,r0,r7,ror#8
311	ldr	r1,[r10,r1,lsl#2]	@ Te0[s1>>24]
312	and	r7,lr,r2,lsr#8	@ i0
313	eor	r5,r5,r8,ror#8
314	and	r8,lr,r2,lsr#16	@ i1
315	eor	r6,r6,r9,ror#8
316	and	r9,lr,r2
317	ldr	r7,[r10,r7,lsl#2]	@ Te2[s2>>8]
318	eor	r1,r1,r4,ror#24
319	ldr	r8,[r10,r8,lsl#2]	@ Te1[s2>>16]
320	mov	r2,r2,lsr#24
321
322	ldr	r9,[r10,r9,lsl#2]	@ Te3[s2>>0]
323	eor	r0,r0,r7,ror#16
324	ldr	r2,[r10,r2,lsl#2]	@ Te0[s2>>24]
325	and	r7,lr,r3		@ i0
326	eor	r1,r1,r8,ror#8
327	and	r8,lr,r3,lsr#8	@ i1
328	eor	r6,r6,r9,ror#16
329	and	r9,lr,r3,lsr#16	@ i2
330	ldr	r7,[r10,r7,lsl#2]	@ Te3[s3>>0]
331	eor	r2,r2,r5,ror#16
332	ldr	r8,[r10,r8,lsl#2]	@ Te2[s3>>8]
333	mov	r3,r3,lsr#24
334
335	ldr	r9,[r10,r9,lsl#2]	@ Te1[s3>>16]
336	eor	r0,r0,r7,ror#24
337	ldr	r7,[r11],#16
338	eor	r1,r1,r8,ror#16
339	ldr	r3,[r10,r3,lsl#2]	@ Te0[s3>>24]
340	eor	r2,r2,r9,ror#8
341	ldr	r4,[r11,#-12]
342	eor	r3,r3,r6,ror#8
343
344	ldr	r5,[r11,#-8]
345	eor	r0,r0,r7
346	ldr	r6,[r11,#-4]
347	and	r7,lr,r0
348	eor	r1,r1,r4
349	and	r8,lr,r0,lsr#8
350	eor	r2,r2,r5
351	and	r9,lr,r0,lsr#16
352	eor	r3,r3,r6
353	mov	r0,r0,lsr#24
354
355	subs	r12,r12,#1
356	bne	.Lenc_loop
357
358	add	r10,r10,#2
359
360	ldrb	r4,[r10,r7,lsl#2]	@ Te4[s0>>0]
361	and	r7,lr,r1,lsr#16	@ i0
362	ldrb	r5,[r10,r8,lsl#2]	@ Te4[s0>>8]
363	and	r8,lr,r1
364	ldrb	r6,[r10,r9,lsl#2]	@ Te4[s0>>16]
365	and	r9,lr,r1,lsr#8
366	ldrb	r0,[r10,r0,lsl#2]	@ Te4[s0>>24]
367	mov	r1,r1,lsr#24
368
369	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s1>>16]
370	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s1>>0]
371	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s1>>8]
372	eor	r0,r7,r0,lsl#8
373	ldrb	r1,[r10,r1,lsl#2]	@ Te4[s1>>24]
374	and	r7,lr,r2,lsr#8	@ i0
375	eor	r5,r8,r5,lsl#8
376	and	r8,lr,r2,lsr#16	@ i1
377	eor	r6,r9,r6,lsl#8
378	and	r9,lr,r2
379	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s2>>8]
380	eor	r1,r4,r1,lsl#24
381	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s2>>16]
382	mov	r2,r2,lsr#24
383
384	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s2>>0]
385	eor	r0,r7,r0,lsl#8
386	ldrb	r2,[r10,r2,lsl#2]	@ Te4[s2>>24]
387	and	r7,lr,r3		@ i0
388	eor	r1,r1,r8,lsl#16
389	and	r8,lr,r3,lsr#8	@ i1
390	eor	r6,r9,r6,lsl#8
391	and	r9,lr,r3,lsr#16	@ i2
392	ldrb	r7,[r10,r7,lsl#2]	@ Te4[s3>>0]
393	eor	r2,r5,r2,lsl#24
394	ldrb	r8,[r10,r8,lsl#2]	@ Te4[s3>>8]
395	mov	r3,r3,lsr#24
396
397	ldrb	r9,[r10,r9,lsl#2]	@ Te4[s3>>16]
398	eor	r0,r7,r0,lsl#8
399	ldr	r7,[r11,#0]
400	ldrb	r3,[r10,r3,lsl#2]	@ Te4[s3>>24]
401	eor	r1,r1,r8,lsl#8
402	ldr	r4,[r11,#4]
403	eor	r2,r2,r9,lsl#16
404	ldr	r5,[r11,#8]
405	eor	r3,r6,r3,lsl#24
406	ldr	r6,[r11,#12]
407
408	eor	r0,r0,r7
409	eor	r1,r1,r4
410	eor	r2,r2,r5
411	eor	r3,r3,r6
412
413	sub	r10,r10,#2
414	ldr	pc,[sp],#4		@ pop and return
415.size	_armv4_AES_encrypt,.-_armv4_AES_encrypt
416
417.globl	AES_set_encrypt_key
418.type	AES_set_encrypt_key,%function
419.align	5
420AES_set_encrypt_key:
421_armv4_AES_set_encrypt_key:
422#ifndef	__thumb2__
423	sub	r3,pc,#8		@ AES_set_encrypt_key
424#else
425	adr	r3,.
426#endif
427	teq	r0,#0
428#ifdef	__thumb2__
429	itt	eq			@ Thumb2 thing, sanity check in ARM
430#endif
431	moveq	r0,#-1
432	beq	.Labrt
433	teq	r2,#0
434#ifdef	__thumb2__
435	itt	eq			@ Thumb2 thing, sanity check in ARM
436#endif
437	moveq	r0,#-1
438	beq	.Labrt
439
440	teq	r1,#128
441	beq	.Lok
442	teq	r1,#192
443	beq	.Lok
444	teq	r1,#256
445#ifdef	__thumb2__
446	itt	ne			@ Thumb2 thing, sanity check in ARM
447#endif
448	movne	r0,#-1
449	bne	.Labrt
450
451.Lok:	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
452	mov	r12,r0		@ inp
453	mov	lr,r1			@ bits
454	mov	r11,r2			@ key
455
456#if defined(__thumb2__) || defined(__APPLE__)
457	adr	r10,AES_Te+1024				@ Te4
458#else
459	sub	r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024	@ Te4
460#endif
461
462#if __ARM_ARCH__<7
463	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
464	ldrb	r4,[r12,#2]	@ manner...
465	ldrb	r5,[r12,#1]
466	ldrb	r6,[r12,#0]
467	orr	r0,r0,r4,lsl#8
468	ldrb	r1,[r12,#7]
469	orr	r0,r0,r5,lsl#16
470	ldrb	r4,[r12,#6]
471	orr	r0,r0,r6,lsl#24
472	ldrb	r5,[r12,#5]
473	ldrb	r6,[r12,#4]
474	orr	r1,r1,r4,lsl#8
475	ldrb	r2,[r12,#11]
476	orr	r1,r1,r5,lsl#16
477	ldrb	r4,[r12,#10]
478	orr	r1,r1,r6,lsl#24
479	ldrb	r5,[r12,#9]
480	ldrb	r6,[r12,#8]
481	orr	r2,r2,r4,lsl#8
482	ldrb	r3,[r12,#15]
483	orr	r2,r2,r5,lsl#16
484	ldrb	r4,[r12,#14]
485	orr	r2,r2,r6,lsl#24
486	ldrb	r5,[r12,#13]
487	ldrb	r6,[r12,#12]
488	orr	r3,r3,r4,lsl#8
489	str	r0,[r11],#16
490	orr	r3,r3,r5,lsl#16
491	str	r1,[r11,#-12]
492	orr	r3,r3,r6,lsl#24
493	str	r2,[r11,#-8]
494	str	r3,[r11,#-4]
495#else
496	ldr	r0,[r12,#0]
497	ldr	r1,[r12,#4]
498	ldr	r2,[r12,#8]
499	ldr	r3,[r12,#12]
500#ifdef __ARMEL__
501	rev	r0,r0
502	rev	r1,r1
503	rev	r2,r2
504	rev	r3,r3
505#endif
506	str	r0,[r11],#16
507	str	r1,[r11,#-12]
508	str	r2,[r11,#-8]
509	str	r3,[r11,#-4]
510#endif
511
512	teq	lr,#128
513	bne	.Lnot128
514	mov	r12,#10
515	str	r12,[r11,#240-16]
516	add	r6,r10,#256			@ rcon
517	mov	lr,#255
518
519.L128_loop:
520	and	r5,lr,r3,lsr#24
521	and	r7,lr,r3,lsr#16
522	ldrb	r5,[r10,r5]
523	and	r8,lr,r3,lsr#8
524	ldrb	r7,[r10,r7]
525	and	r9,lr,r3
526	ldrb	r8,[r10,r8]
527	orr	r5,r5,r7,lsl#24
528	ldrb	r9,[r10,r9]
529	orr	r5,r5,r8,lsl#16
530	ldr	r4,[r6],#4			@ rcon[i++]
531	orr	r5,r5,r9,lsl#8
532	eor	r5,r5,r4
533	eor	r0,r0,r5			@ rk[4]=rk[0]^...
534	eor	r1,r1,r0			@ rk[5]=rk[1]^rk[4]
535	str	r0,[r11],#16
536	eor	r2,r2,r1			@ rk[6]=rk[2]^rk[5]
537	str	r1,[r11,#-12]
538	eor	r3,r3,r2			@ rk[7]=rk[3]^rk[6]
539	str	r2,[r11,#-8]
540	subs	r12,r12,#1
541	str	r3,[r11,#-4]
542	bne	.L128_loop
543	sub	r2,r11,#176
544	b	.Ldone
545
546.Lnot128:
547#if __ARM_ARCH__<7
548	ldrb	r8,[r12,#19]
549	ldrb	r4,[r12,#18]
550	ldrb	r5,[r12,#17]
551	ldrb	r6,[r12,#16]
552	orr	r8,r8,r4,lsl#8
553	ldrb	r9,[r12,#23]
554	orr	r8,r8,r5,lsl#16
555	ldrb	r4,[r12,#22]
556	orr	r8,r8,r6,lsl#24
557	ldrb	r5,[r12,#21]
558	ldrb	r6,[r12,#20]
559	orr	r9,r9,r4,lsl#8
560	orr	r9,r9,r5,lsl#16
561	str	r8,[r11],#8
562	orr	r9,r9,r6,lsl#24
563	str	r9,[r11,#-4]
564#else
565	ldr	r8,[r12,#16]
566	ldr	r9,[r12,#20]
567#ifdef __ARMEL__
568	rev	r8,r8
569	rev	r9,r9
570#endif
571	str	r8,[r11],#8
572	str	r9,[r11,#-4]
573#endif
574
575	teq	lr,#192
576	bne	.Lnot192
577	mov	r12,#12
578	str	r12,[r11,#240-24]
579	add	r6,r10,#256			@ rcon
580	mov	lr,#255
581	mov	r12,#8
582
583.L192_loop:
584	and	r5,lr,r9,lsr#24
585	and	r7,lr,r9,lsr#16
586	ldrb	r5,[r10,r5]
587	and	r8,lr,r9,lsr#8
588	ldrb	r7,[r10,r7]
589	and	r9,lr,r9
590	ldrb	r8,[r10,r8]
591	orr	r5,r5,r7,lsl#24
592	ldrb	r9,[r10,r9]
593	orr	r5,r5,r8,lsl#16
594	ldr	r4,[r6],#4			@ rcon[i++]
595	orr	r5,r5,r9,lsl#8
596	eor	r9,r5,r4
597	eor	r0,r0,r9			@ rk[6]=rk[0]^...
598	eor	r1,r1,r0			@ rk[7]=rk[1]^rk[6]
599	str	r0,[r11],#24
600	eor	r2,r2,r1			@ rk[8]=rk[2]^rk[7]
601	str	r1,[r11,#-20]
602	eor	r3,r3,r2			@ rk[9]=rk[3]^rk[8]
603	str	r2,[r11,#-16]
604	subs	r12,r12,#1
605	str	r3,[r11,#-12]
606#ifdef	__thumb2__
607	itt	eq				@ Thumb2 thing, sanity check in ARM
608#endif
609	subeq	r2,r11,#216
610	beq	.Ldone
611
612	ldr	r7,[r11,#-32]
613	ldr	r8,[r11,#-28]
614	eor	r7,r7,r3			@ rk[10]=rk[4]^rk[9]
615	eor	r9,r8,r7			@ rk[11]=rk[5]^rk[10]
616	str	r7,[r11,#-8]
617	str	r9,[r11,#-4]
618	b	.L192_loop
619
620.Lnot192:
621#if __ARM_ARCH__<7
622	ldrb	r8,[r12,#27]
623	ldrb	r4,[r12,#26]
624	ldrb	r5,[r12,#25]
625	ldrb	r6,[r12,#24]
626	orr	r8,r8,r4,lsl#8
627	ldrb	r9,[r12,#31]
628	orr	r8,r8,r5,lsl#16
629	ldrb	r4,[r12,#30]
630	orr	r8,r8,r6,lsl#24
631	ldrb	r5,[r12,#29]
632	ldrb	r6,[r12,#28]
633	orr	r9,r9,r4,lsl#8
634	orr	r9,r9,r5,lsl#16
635	str	r8,[r11],#8
636	orr	r9,r9,r6,lsl#24
637	str	r9,[r11,#-4]
638#else
639	ldr	r8,[r12,#24]
640	ldr	r9,[r12,#28]
641#ifdef __ARMEL__
642	rev	r8,r8
643	rev	r9,r9
644#endif
645	str	r8,[r11],#8
646	str	r9,[r11,#-4]
647#endif
648
649	mov	r12,#14
650	str	r12,[r11,#240-32]
651	add	r6,r10,#256			@ rcon
652	mov	lr,#255
653	mov	r12,#7
654
655.L256_loop:
656	and	r5,lr,r9,lsr#24
657	and	r7,lr,r9,lsr#16
658	ldrb	r5,[r10,r5]
659	and	r8,lr,r9,lsr#8
660	ldrb	r7,[r10,r7]
661	and	r9,lr,r9
662	ldrb	r8,[r10,r8]
663	orr	r5,r5,r7,lsl#24
664	ldrb	r9,[r10,r9]
665	orr	r5,r5,r8,lsl#16
666	ldr	r4,[r6],#4			@ rcon[i++]
667	orr	r5,r5,r9,lsl#8
668	eor	r9,r5,r4
669	eor	r0,r0,r9			@ rk[8]=rk[0]^...
670	eor	r1,r1,r0			@ rk[9]=rk[1]^rk[8]
671	str	r0,[r11],#32
672	eor	r2,r2,r1			@ rk[10]=rk[2]^rk[9]
673	str	r1,[r11,#-28]
674	eor	r3,r3,r2			@ rk[11]=rk[3]^rk[10]
675	str	r2,[r11,#-24]
676	subs	r12,r12,#1
677	str	r3,[r11,#-20]
678#ifdef	__thumb2__
679	itt	eq				@ Thumb2 thing, sanity check in ARM
680#endif
681	subeq	r2,r11,#256
682	beq	.Ldone
683
684	and	r5,lr,r3
685	and	r7,lr,r3,lsr#8
686	ldrb	r5,[r10,r5]
687	and	r8,lr,r3,lsr#16
688	ldrb	r7,[r10,r7]
689	and	r9,lr,r3,lsr#24
690	ldrb	r8,[r10,r8]
691	orr	r5,r5,r7,lsl#8
692	ldrb	r9,[r10,r9]
693	orr	r5,r5,r8,lsl#16
694	ldr	r4,[r11,#-48]
695	orr	r5,r5,r9,lsl#24
696
697	ldr	r7,[r11,#-44]
698	ldr	r8,[r11,#-40]
699	eor	r4,r4,r5			@ rk[12]=rk[4]^...
700	ldr	r9,[r11,#-36]
701	eor	r7,r7,r4			@ rk[13]=rk[5]^rk[12]
702	str	r4,[r11,#-16]
703	eor	r8,r8,r7			@ rk[14]=rk[6]^rk[13]
704	str	r7,[r11,#-12]
705	eor	r9,r9,r8			@ rk[15]=rk[7]^rk[14]
706	str	r8,[r11,#-8]
707	str	r9,[r11,#-4]
708	b	.L256_loop
709
710.align	2
711.Ldone:	mov	r0,#0
712	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
713.Labrt:
714#if __ARM_ARCH__>=5
715	bx	lr				@ .word	0xe12fff1e
716#else
717	tst	lr,#1
718	moveq	pc,lr			@ be binary compatible with V4, yet
719.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
720#endif
721.size	AES_set_encrypt_key,.-AES_set_encrypt_key
722
723.globl	AES_set_decrypt_key
724.type	AES_set_decrypt_key,%function
725.align	5
726AES_set_decrypt_key:
727	str	lr,[sp,#-4]!            @ push lr
728	bl	_armv4_AES_set_encrypt_key
729	teq	r0,#0
730	ldr	lr,[sp],#4              @ pop lr
731	bne	.Labrt
732
733	mov	r0,r2			@ AES_set_encrypt_key preserves r2,
734	mov	r1,r2			@ which is AES_KEY *key
735	b	_armv4_AES_set_enc2dec_key
736.size	AES_set_decrypt_key,.-AES_set_decrypt_key
737
738@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
739.globl	AES_set_enc2dec_key
740.type	AES_set_enc2dec_key,%function
741.align	5
742AES_set_enc2dec_key:
743_armv4_AES_set_enc2dec_key:
744	stmdb	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
745
746	ldr	r12,[r0,#240]
747	mov	r7,r0			@ input
748	add	r8,r0,r12,lsl#4
749	mov	r11,r1			@ output
750	add	r10,r1,r12,lsl#4
751	str	r12,[r1,#240]
752
753.Linv:	ldr	r0,[r7],#16
754	ldr	r1,[r7,#-12]
755	ldr	r2,[r7,#-8]
756	ldr	r3,[r7,#-4]
757	ldr	r4,[r8],#-16
758	ldr	r5,[r8,#16+4]
759	ldr	r6,[r8,#16+8]
760	ldr	r9,[r8,#16+12]
761	str	r0,[r10],#-16
762	str	r1,[r10,#16+4]
763	str	r2,[r10,#16+8]
764	str	r3,[r10,#16+12]
765	str	r4,[r11],#16
766	str	r5,[r11,#-12]
767	str	r6,[r11,#-8]
768	str	r9,[r11,#-4]
769	teq	r7,r8
770	bne	.Linv
771
772	ldr	r0,[r7]
773	ldr	r1,[r7,#4]
774	ldr	r2,[r7,#8]
775	ldr	r3,[r7,#12]
776	str	r0,[r11]
777	str	r1,[r11,#4]
778	str	r2,[r11,#8]
779	str	r3,[r11,#12]
780	sub	r11,r11,r12,lsl#3
781	ldr	r0,[r11,#16]!		@ prefetch tp1
782	mov	r7,#0x80
783	mov	r8,#0x1b
784	orr	r7,r7,#0x8000
785	orr	r8,r8,#0x1b00
786	orr	r7,r7,r7,lsl#16
787	orr	r8,r8,r8,lsl#16
788	sub	r12,r12,#1
789	mvn	r9,r7
790	mov	r12,r12,lsl#2	@ (rounds-1)*4
791
792.Lmix:	and	r4,r0,r7
793	and	r1,r0,r9
794	sub	r4,r4,r4,lsr#7
795	and	r4,r4,r8
796	eor	r1,r4,r1,lsl#1	@ tp2
797
798	and	r4,r1,r7
799	and	r2,r1,r9
800	sub	r4,r4,r4,lsr#7
801	and	r4,r4,r8
802	eor	r2,r4,r2,lsl#1	@ tp4
803
804	and	r4,r2,r7
805	and	r3,r2,r9
806	sub	r4,r4,r4,lsr#7
807	and	r4,r4,r8
808	eor	r3,r4,r3,lsl#1	@ tp8
809
810	eor	r4,r1,r2
811	eor	r5,r0,r3		@ tp9
812	eor	r4,r4,r3		@ tpe
813	eor	r4,r4,r1,ror#24
814	eor	r4,r4,r5,ror#24	@ ^= ROTATE(tpb=tp9^tp2,8)
815	eor	r4,r4,r2,ror#16
816	eor	r4,r4,r5,ror#16	@ ^= ROTATE(tpd=tp9^tp4,16)
817	eor	r4,r4,r5,ror#8	@ ^= ROTATE(tp9,24)
818
819	ldr	r0,[r11,#4]		@ prefetch tp1
820	str	r4,[r11],#4
821	subs	r12,r12,#1
822	bne	.Lmix
823
824	mov	r0,#0
825#if __ARM_ARCH__>=5
826	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
827#else
828	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
829	tst	lr,#1
830	moveq	pc,lr			@ be binary compatible with V4, yet
831.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
832#endif
833.size	AES_set_enc2dec_key,.-AES_set_enc2dec_key
834
835.type	AES_Td,%object
836.align	5
837AES_Td:
838.word	0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
839.word	0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
840.word	0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
841.word	0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
842.word	0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
843.word	0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
844.word	0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
845.word	0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
846.word	0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
847.word	0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
848.word	0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
849.word	0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
850.word	0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
851.word	0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
852.word	0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
853.word	0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
854.word	0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
855.word	0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
856.word	0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
857.word	0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
858.word	0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
859.word	0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
860.word	0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
861.word	0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
862.word	0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
863.word	0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
864.word	0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
865.word	0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
866.word	0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
867.word	0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
868.word	0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
869.word	0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
870.word	0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
871.word	0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
872.word	0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
873.word	0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
874.word	0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
875.word	0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
876.word	0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
877.word	0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
878.word	0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
879.word	0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
880.word	0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
881.word	0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
882.word	0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
883.word	0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
884.word	0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
885.word	0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
886.word	0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
887.word	0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
888.word	0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
889.word	0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
890.word	0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
891.word	0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
892.word	0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
893.word	0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
894.word	0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
895.word	0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
896.word	0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
897.word	0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
898.word	0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
899.word	0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
900.word	0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
901.word	0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
902@ Td4[256]
903.byte	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
904.byte	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
905.byte	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
906.byte	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
907.byte	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
908.byte	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
909.byte	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
910.byte	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
911.byte	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
912.byte	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
913.byte	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
914.byte	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
915.byte	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
916.byte	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
917.byte	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
918.byte	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
919.byte	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
920.byte	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
921.byte	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
922.byte	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
923.byte	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
924.byte	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
925.byte	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
926.byte	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
927.byte	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
928.byte	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
929.byte	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
930.byte	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
931.byte	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
932.byte	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
933.byte	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
934.byte	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
935.size	AES_Td,.-AES_Td
936
937@ void AES_decrypt(const unsigned char *in, unsigned char *out,
938@ 		 const AES_KEY *key) {
939.globl	AES_decrypt
940.type	AES_decrypt,%function
941.align	5
942AES_decrypt:
943#ifndef	__thumb2__
944	sub	r3,pc,#8		@ AES_decrypt
945#else
946	adr	r3,.
947#endif
948	stmdb	sp!,{r1,r4-r12,lr}
949#if defined(__thumb2__) || defined(__APPLE__)
950	adr	r10,AES_Td
951#else
952	sub	r10,r3,#AES_decrypt-AES_Td	@ Td
953#endif
954	mov	r12,r0		@ inp
955	mov	r11,r2
956#if __ARM_ARCH__<7
957	ldrb	r0,[r12,#3]	@ load input data in endian-neutral
958	ldrb	r4,[r12,#2]	@ manner...
959	ldrb	r5,[r12,#1]
960	ldrb	r6,[r12,#0]
961	orr	r0,r0,r4,lsl#8
962	ldrb	r1,[r12,#7]
963	orr	r0,r0,r5,lsl#16
964	ldrb	r4,[r12,#6]
965	orr	r0,r0,r6,lsl#24
966	ldrb	r5,[r12,#5]
967	ldrb	r6,[r12,#4]
968	orr	r1,r1,r4,lsl#8
969	ldrb	r2,[r12,#11]
970	orr	r1,r1,r5,lsl#16
971	ldrb	r4,[r12,#10]
972	orr	r1,r1,r6,lsl#24
973	ldrb	r5,[r12,#9]
974	ldrb	r6,[r12,#8]
975	orr	r2,r2,r4,lsl#8
976	ldrb	r3,[r12,#15]
977	orr	r2,r2,r5,lsl#16
978	ldrb	r4,[r12,#14]
979	orr	r2,r2,r6,lsl#24
980	ldrb	r5,[r12,#13]
981	ldrb	r6,[r12,#12]
982	orr	r3,r3,r4,lsl#8
983	orr	r3,r3,r5,lsl#16
984	orr	r3,r3,r6,lsl#24
985#else
986	ldr	r0,[r12,#0]
987	ldr	r1,[r12,#4]
988	ldr	r2,[r12,#8]
989	ldr	r3,[r12,#12]
990#ifdef __ARMEL__
991	rev	r0,r0
992	rev	r1,r1
993	rev	r2,r2
994	rev	r3,r3
995#endif
996#endif
997	bl	_armv4_AES_decrypt
998
999	ldr	r12,[sp],#4		@ pop out
1000#if __ARM_ARCH__>=7
1001#ifdef __ARMEL__
1002	rev	r0,r0
1003	rev	r1,r1
1004	rev	r2,r2
1005	rev	r3,r3
1006#endif
1007	str	r0,[r12,#0]
1008	str	r1,[r12,#4]
1009	str	r2,[r12,#8]
1010	str	r3,[r12,#12]
1011#else
1012	mov	r4,r0,lsr#24		@ write output in endian-neutral
1013	mov	r5,r0,lsr#16		@ manner...
1014	mov	r6,r0,lsr#8
1015	strb	r4,[r12,#0]
1016	strb	r5,[r12,#1]
1017	mov	r4,r1,lsr#24
1018	strb	r6,[r12,#2]
1019	mov	r5,r1,lsr#16
1020	strb	r0,[r12,#3]
1021	mov	r6,r1,lsr#8
1022	strb	r4,[r12,#4]
1023	strb	r5,[r12,#5]
1024	mov	r4,r2,lsr#24
1025	strb	r6,[r12,#6]
1026	mov	r5,r2,lsr#16
1027	strb	r1,[r12,#7]
1028	mov	r6,r2,lsr#8
1029	strb	r4,[r12,#8]
1030	strb	r5,[r12,#9]
1031	mov	r4,r3,lsr#24
1032	strb	r6,[r12,#10]
1033	mov	r5,r3,lsr#16
1034	strb	r2,[r12,#11]
1035	mov	r6,r3,lsr#8
1036	strb	r4,[r12,#12]
1037	strb	r5,[r12,#13]
1038	strb	r6,[r12,#14]
1039	strb	r3,[r12,#15]
1040#endif
1041#if __ARM_ARCH__>=5
1042	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc}
1043#else
1044	ldmia	sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
1045	tst	lr,#1
1046	moveq	pc,lr			@ be binary compatible with V4, yet
1047.word	0xe12fff1e			@ interoperable with Thumb ISA:-)
1048#endif
1049.size	AES_decrypt,.-AES_decrypt
1050
1051.type	_armv4_AES_decrypt,%function
1052.align	2
1053_armv4_AES_decrypt:
1054	str	lr,[sp,#-4]!		@ push lr
1055	ldmia	r11!,{r4,r5,r6,r7}
1056	eor	r0,r0,r4
1057	ldr	r12,[r11,#240-16]
1058	eor	r1,r1,r5
1059	eor	r2,r2,r6
1060	eor	r3,r3,r7
1061	sub	r12,r12,#1
1062	mov	lr,#255
1063
1064	and	r7,lr,r0,lsr#16
1065	and	r8,lr,r0,lsr#8
1066	and	r9,lr,r0
1067	mov	r0,r0,lsr#24
1068.Ldec_loop:
1069	ldr	r4,[r10,r7,lsl#2]	@ Td1[s0>>16]
1070	and	r7,lr,r1		@ i0
1071	ldr	r5,[r10,r8,lsl#2]	@ Td2[s0>>8]
1072	and	r8,lr,r1,lsr#16
1073	ldr	r6,[r10,r9,lsl#2]	@ Td3[s0>>0]
1074	and	r9,lr,r1,lsr#8
1075	ldr	r0,[r10,r0,lsl#2]	@ Td0[s0>>24]
1076	mov	r1,r1,lsr#24
1077
1078	ldr	r7,[r10,r7,lsl#2]	@ Td3[s1>>0]
1079	ldr	r8,[r10,r8,lsl#2]	@ Td1[s1>>16]
1080	ldr	r9,[r10,r9,lsl#2]	@ Td2[s1>>8]
1081	eor	r0,r0,r7,ror#24
1082	ldr	r1,[r10,r1,lsl#2]	@ Td0[s1>>24]
1083	and	r7,lr,r2,lsr#8	@ i0
1084	eor	r5,r8,r5,ror#8
1085	and	r8,lr,r2		@ i1
1086	eor	r6,r9,r6,ror#8
1087	and	r9,lr,r2,lsr#16
1088	ldr	r7,[r10,r7,lsl#2]	@ Td2[s2>>8]
1089	eor	r1,r1,r4,ror#8
1090	ldr	r8,[r10,r8,lsl#2]	@ Td3[s2>>0]
1091	mov	r2,r2,lsr#24
1092
1093	ldr	r9,[r10,r9,lsl#2]	@ Td1[s2>>16]
1094	eor	r0,r0,r7,ror#16
1095	ldr	r2,[r10,r2,lsl#2]	@ Td0[s2>>24]
1096	and	r7,lr,r3,lsr#16	@ i0
1097	eor	r1,r1,r8,ror#24
1098	and	r8,lr,r3,lsr#8	@ i1
1099	eor	r6,r9,r6,ror#8
1100	and	r9,lr,r3		@ i2
1101	ldr	r7,[r10,r7,lsl#2]	@ Td1[s3>>16]
1102	eor	r2,r2,r5,ror#8
1103	ldr	r8,[r10,r8,lsl#2]	@ Td2[s3>>8]
1104	mov	r3,r3,lsr#24
1105
1106	ldr	r9,[r10,r9,lsl#2]	@ Td3[s3>>0]
1107	eor	r0,r0,r7,ror#8
1108	ldr	r7,[r11],#16
1109	eor	r1,r1,r8,ror#16
1110	ldr	r3,[r10,r3,lsl#2]	@ Td0[s3>>24]
1111	eor	r2,r2,r9,ror#24
1112
1113	ldr	r4,[r11,#-12]
1114	eor	r0,r0,r7
1115	ldr	r5,[r11,#-8]
1116	eor	r3,r3,r6,ror#8
1117	ldr	r6,[r11,#-4]
1118	and	r7,lr,r0,lsr#16
1119	eor	r1,r1,r4
1120	and	r8,lr,r0,lsr#8
1121	eor	r2,r2,r5
1122	and	r9,lr,r0
1123	eor	r3,r3,r6
1124	mov	r0,r0,lsr#24
1125
1126	subs	r12,r12,#1
1127	bne	.Ldec_loop
1128
1129	add	r10,r10,#1024
1130
1131	ldr	r5,[r10,#0]		@ prefetch Td4
1132	ldr	r6,[r10,#32]
1133	ldr	r4,[r10,#64]
1134	ldr	r5,[r10,#96]
1135	ldr	r6,[r10,#128]
1136	ldr	r4,[r10,#160]
1137	ldr	r5,[r10,#192]
1138	ldr	r6,[r10,#224]
1139
1140	ldrb	r0,[r10,r0]		@ Td4[s0>>24]
1141	ldrb	r4,[r10,r7]		@ Td4[s0>>16]
1142	and	r7,lr,r1		@ i0
1143	ldrb	r5,[r10,r8]		@ Td4[s0>>8]
1144	and	r8,lr,r1,lsr#16
1145	ldrb	r6,[r10,r9]		@ Td4[s0>>0]
1146	and	r9,lr,r1,lsr#8
1147
1148	add	r1,r10,r1,lsr#24
1149	ldrb	r7,[r10,r7]		@ Td4[s1>>0]
1150	ldrb	r1,[r1]		@ Td4[s1>>24]
1151	ldrb	r8,[r10,r8]		@ Td4[s1>>16]
1152	eor	r0,r7,r0,lsl#24
1153	ldrb	r9,[r10,r9]		@ Td4[s1>>8]
1154	eor	r1,r4,r1,lsl#8
1155	and	r7,lr,r2,lsr#8	@ i0
1156	eor	r5,r5,r8,lsl#8
1157	and	r8,lr,r2		@ i1
1158	ldrb	r7,[r10,r7]		@ Td4[s2>>8]
1159	eor	r6,r6,r9,lsl#8
1160	ldrb	r8,[r10,r8]		@ Td4[s2>>0]
1161	and	r9,lr,r2,lsr#16
1162
1163	add	r2,r10,r2,lsr#24
1164	ldrb	r2,[r2]		@ Td4[s2>>24]
1165	eor	r0,r0,r7,lsl#8
1166	ldrb	r9,[r10,r9]		@ Td4[s2>>16]
1167	eor	r1,r8,r1,lsl#16
1168	and	r7,lr,r3,lsr#16	@ i0
1169	eor	r2,r5,r2,lsl#16
1170	and	r8,lr,r3,lsr#8	@ i1
1171	ldrb	r7,[r10,r7]		@ Td4[s3>>16]
1172	eor	r6,r6,r9,lsl#16
1173	ldrb	r8,[r10,r8]		@ Td4[s3>>8]
1174	and	r9,lr,r3		@ i2
1175
1176	add	r3,r10,r3,lsr#24
1177	ldrb	r9,[r10,r9]		@ Td4[s3>>0]
1178	ldrb	r3,[r3]		@ Td4[s3>>24]
1179	eor	r0,r0,r7,lsl#16
1180	ldr	r7,[r11,#0]
1181	eor	r1,r1,r8,lsl#8
1182	ldr	r4,[r11,#4]
1183	eor	r2,r9,r2,lsl#8
1184	ldr	r5,[r11,#8]
1185	eor	r3,r6,r3,lsl#24
1186	ldr	r6,[r11,#12]
1187
1188	eor	r0,r0,r7
1189	eor	r1,r1,r4
1190	eor	r2,r2,r5
1191	eor	r3,r3,r6
1192
1193	sub	r10,r10,#1024
1194	ldr	pc,[sp],#4		@ pop and return
1195.size	_armv4_AES_decrypt,.-_armv4_AES_decrypt
1196.byte	65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
1197.align	2
1198.align	2
1199