"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/crypto/aes/asm/aes-armv4.pl" (20 Nov 2018, 32772 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "aes-armv4.pl" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.1.1-pre2_vs_1.1.1-pre3.

    1 #!/usr/bin/env perl
    2 
    3 # ====================================================================
    4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
    5 # project. The module is, however, dual licensed under OpenSSL and
    6 # CRYPTOGAMS licenses depending on where you obtain it. For further
    7 # details see http://www.openssl.org/~appro/cryptogams/.
    8 # ====================================================================
    9 
   10 # AES for ARMv4
   11 
   12 # January 2007.
   13 #
   14 # Code uses single 1K S-box and is >2 times faster than code generated
   15 # by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which
   16 # allows to merge logical or arithmetic operation with shift or rotate
   17 # in one instruction and emit combined result every cycle. The module
   18 # is endian-neutral. The performance is ~42 cycles/byte for 128-bit
   19 # key [on single-issue Xscale PXA250 core].
   20 
   21 # May 2007.
   22 #
   23 # AES_set_[en|de]crypt_key is added.
   24 
   25 # July 2010.
   26 #
   27 # Rescheduling for dual-issue pipeline resulted in 12% improvement on
   28 # Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
   29 
   30 # February 2011.
   31 #
   32 # Profiler-assisted and platform-specific optimization resulted in 16%
   33 # improvement on Cortex A8 core and ~21.5 cycles per byte.
   34 
   35 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
   36 open STDOUT,">$output";
   37 
   38 $s0="r0";
   39 $s1="r1";
   40 $s2="r2";
   41 $s3="r3";
   42 $t1="r4";
   43 $t2="r5";
   44 $t3="r6";
   45 $i1="r7";
   46 $i2="r8";
   47 $i3="r9";
   48 
   49 $tbl="r10";
   50 $key="r11";
   51 $rounds="r12";
   52 
   53 $code=<<___;
   54 #ifndef __KERNEL__
   55 # include "arm_arch.h"
   56 #else
   57 # define __ARM_ARCH__ __LINUX_ARM_ARCH__
   58 #endif
   59 
   60 .text
   61 #if __ARM_ARCH__<7
   62 .code   32
   63 #else
   64 .syntax unified
   65 # ifdef __thumb2__
   66 .thumb
   67 # else
   68 .code   32
   69 # endif
   70 #endif
   71 
   72 .type   AES_Te,%object
   73 .align  5
   74 AES_Te:
   75 .word   0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d
   76 .word   0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554
   77 .word   0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d
   78 .word   0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a
   79 .word   0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87
   80 .word   0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b
   81 .word   0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea
   82 .word   0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b
   83 .word   0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a
   84 .word   0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f
   85 .word   0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108
   86 .word   0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f
   87 .word   0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e
   88 .word   0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5
   89 .word   0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d
   90 .word   0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f
   91 .word   0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e
   92 .word   0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb
   93 .word   0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce
   94 .word   0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497
   95 .word   0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c
   96 .word   0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed
   97 .word   0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b
   98 .word   0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a
   99 .word   0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16
  100 .word   0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594
  101 .word   0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81
  102 .word   0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3
  103 .word   0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a
  104 .word   0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504
  105 .word   0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163
  106 .word   0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d
  107 .word   0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f
  108 .word   0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739
  109 .word   0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47
  110 .word   0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395
  111 .word   0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f
  112 .word   0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883
  113 .word   0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c
  114 .word   0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76
  115 .word   0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e
  116 .word   0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4
  117 .word   0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6
  118 .word   0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b
  119 .word   0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7
  120 .word   0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0
  121 .word   0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25
  122 .word   0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818
  123 .word   0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72
  124 .word   0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651
  125 .word   0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21
  126 .word   0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85
  127 .word   0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa
  128 .word   0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12
  129 .word   0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0
  130 .word   0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9
  131 .word   0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133
  132 .word   0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7
  133 .word   0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920
  134 .word   0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a
  135 .word   0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17
  136 .word   0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8
  137 .word   0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11
  138 .word   0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a
  139 @ Te4[256]
  140 .byte   0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
  141 .byte   0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
  142 .byte   0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
  143 .byte   0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
  144 .byte   0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
  145 .byte   0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
  146 .byte   0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
  147 .byte   0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
  148 .byte   0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
  149 .byte   0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
  150 .byte   0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
  151 .byte   0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
  152 .byte   0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
  153 .byte   0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
  154 .byte   0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
  155 .byte   0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
  156 .byte   0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
  157 .byte   0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
  158 .byte   0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
  159 .byte   0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
  160 .byte   0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
  161 .byte   0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
  162 .byte   0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
  163 .byte   0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
  164 .byte   0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
  165 .byte   0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
  166 .byte   0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
  167 .byte   0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
  168 .byte   0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
  169 .byte   0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
  170 .byte   0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
  171 .byte   0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
  172 @ rcon[]
  173 .word   0x01000000, 0x02000000, 0x04000000, 0x08000000
  174 .word   0x10000000, 0x20000000, 0x40000000, 0x80000000
  175 .word   0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0
  176 .size   AES_Te,.-AES_Te
  177 
  178 @ void AES_encrypt(const unsigned char *in, unsigned char *out,
  179 @        const AES_KEY *key) {
  180 .global AES_encrypt
  181 .type   AES_encrypt,%function
  182 .align  5
  183 AES_encrypt:
  184 #if __ARM_ARCH__<7
  185     sub r3,pc,#8        @ AES_encrypt
  186 #else
  187     adr r3,.
  188 #endif
  189     stmdb   sp!,{r1,r4-r12,lr}
  190     mov $rounds,r0      @ inp
  191     mov $key,r2
  192     sub $tbl,r3,#AES_encrypt-AES_Te @ Te
  193 #if __ARM_ARCH__<7
  194     ldrb    $s0,[$rounds,#3]    @ load input data in endian-neutral
  195     ldrb    $t1,[$rounds,#2]    @ manner...
  196     ldrb    $t2,[$rounds,#1]
  197     ldrb    $t3,[$rounds,#0]
  198     orr $s0,$s0,$t1,lsl#8
  199     ldrb    $s1,[$rounds,#7]
  200     orr $s0,$s0,$t2,lsl#16
  201     ldrb    $t1,[$rounds,#6]
  202     orr $s0,$s0,$t3,lsl#24
  203     ldrb    $t2,[$rounds,#5]
  204     ldrb    $t3,[$rounds,#4]
  205     orr $s1,$s1,$t1,lsl#8
  206     ldrb    $s2,[$rounds,#11]
  207     orr $s1,$s1,$t2,lsl#16
  208     ldrb    $t1,[$rounds,#10]
  209     orr $s1,$s1,$t3,lsl#24
  210     ldrb    $t2,[$rounds,#9]
  211     ldrb    $t3,[$rounds,#8]
  212     orr $s2,$s2,$t1,lsl#8
  213     ldrb    $s3,[$rounds,#15]
  214     orr $s2,$s2,$t2,lsl#16
  215     ldrb    $t1,[$rounds,#14]
  216     orr $s2,$s2,$t3,lsl#24
  217     ldrb    $t2,[$rounds,#13]
  218     ldrb    $t3,[$rounds,#12]
  219     orr $s3,$s3,$t1,lsl#8
  220     orr $s3,$s3,$t2,lsl#16
  221     orr $s3,$s3,$t3,lsl#24
  222 #else
  223     ldr $s0,[$rounds,#0]
  224     ldr $s1,[$rounds,#4]
  225     ldr $s2,[$rounds,#8]
  226     ldr $s3,[$rounds,#12]
  227 #ifdef __ARMEL__
  228     rev $s0,$s0
  229     rev $s1,$s1
  230     rev $s2,$s2
  231     rev $s3,$s3
  232 #endif
  233 #endif
  234     bl  _armv4_AES_encrypt
  235 
  236     ldr $rounds,[sp],#4     @ pop out
  237 #if __ARM_ARCH__>=7
  238 #ifdef __ARMEL__
  239     rev $s0,$s0
  240     rev $s1,$s1
  241     rev $s2,$s2
  242     rev $s3,$s3
  243 #endif
  244     str $s0,[$rounds,#0]
  245     str $s1,[$rounds,#4]
  246     str $s2,[$rounds,#8]
  247     str $s3,[$rounds,#12]
  248 #else
  249     mov $t1,$s0,lsr#24      @ write output in endian-neutral
  250     mov $t2,$s0,lsr#16      @ manner...
  251     mov $t3,$s0,lsr#8
  252     strb    $t1,[$rounds,#0]
  253     strb    $t2,[$rounds,#1]
  254     mov $t1,$s1,lsr#24
  255     strb    $t3,[$rounds,#2]
  256     mov $t2,$s1,lsr#16
  257     strb    $s0,[$rounds,#3]
  258     mov $t3,$s1,lsr#8
  259     strb    $t1,[$rounds,#4]
  260     strb    $t2,[$rounds,#5]
  261     mov $t1,$s2,lsr#24
  262     strb    $t3,[$rounds,#6]
  263     mov $t2,$s2,lsr#16
  264     strb    $s1,[$rounds,#7]
  265     mov $t3,$s2,lsr#8
  266     strb    $t1,[$rounds,#8]
  267     strb    $t2,[$rounds,#9]
  268     mov $t1,$s3,lsr#24
  269     strb    $t3,[$rounds,#10]
  270     mov $t2,$s3,lsr#16
  271     strb    $s2,[$rounds,#11]
  272     mov $t3,$s3,lsr#8
  273     strb    $t1,[$rounds,#12]
  274     strb    $t2,[$rounds,#13]
  275     strb    $t3,[$rounds,#14]
  276     strb    $s3,[$rounds,#15]
  277 #endif
  278 #if __ARM_ARCH__>=5
  279     ldmia   sp!,{r4-r12,pc}
  280 #else
  281     ldmia   sp!,{r4-r12,lr}
  282     tst lr,#1
  283     moveq   pc,lr           @ be binary compatible with V4, yet
  284     bx  lr          @ interoperable with Thumb ISA:-)
  285 #endif
  286 .size   AES_encrypt,.-AES_encrypt
  287 
  288 .type   _armv4_AES_encrypt,%function
  289 .align  2
  290 _armv4_AES_encrypt:
  291     str lr,[sp,#-4]!        @ push lr
  292     ldmia   $key!,{$t1-$i1}
  293     eor $s0,$s0,$t1
  294     ldr $rounds,[$key,#240-16]
  295     eor $s1,$s1,$t2
  296     eor $s2,$s2,$t3
  297     eor $s3,$s3,$i1
  298     sub $rounds,$rounds,#1
  299     mov lr,#255
  300 
  301     and $i1,lr,$s0
  302     and $i2,lr,$s0,lsr#8
  303     and $i3,lr,$s0,lsr#16
  304     mov $s0,$s0,lsr#24
  305 .Lenc_loop:
  306     ldr $t1,[$tbl,$i1,lsl#2]    @ Te3[s0>>0]
  307     and $i1,lr,$s1,lsr#16   @ i0
  308     ldr $t2,[$tbl,$i2,lsl#2]    @ Te2[s0>>8]
  309     and $i2,lr,$s1
  310     ldr $t3,[$tbl,$i3,lsl#2]    @ Te1[s0>>16]
  311     and $i3,lr,$s1,lsr#8
  312     ldr $s0,[$tbl,$s0,lsl#2]    @ Te0[s0>>24]
  313     mov $s1,$s1,lsr#24
  314 
  315     ldr $i1,[$tbl,$i1,lsl#2]    @ Te1[s1>>16]
  316     ldr $i2,[$tbl,$i2,lsl#2]    @ Te3[s1>>0]
  317     ldr $i3,[$tbl,$i3,lsl#2]    @ Te2[s1>>8]
  318     eor $s0,$s0,$i1,ror#8
  319     ldr $s1,[$tbl,$s1,lsl#2]    @ Te0[s1>>24]
  320     and $i1,lr,$s2,lsr#8    @ i0
  321     eor $t2,$t2,$i2,ror#8
  322     and $i2,lr,$s2,lsr#16   @ i1
  323     eor $t3,$t3,$i3,ror#8
  324     and $i3,lr,$s2
  325     ldr $i1,[$tbl,$i1,lsl#2]    @ Te2[s2>>8]
  326     eor $s1,$s1,$t1,ror#24
  327     ldr $i2,[$tbl,$i2,lsl#2]    @ Te1[s2>>16]
  328     mov $s2,$s2,lsr#24
  329 
  330     ldr $i3,[$tbl,$i3,lsl#2]    @ Te3[s2>>0]
  331     eor $s0,$s0,$i1,ror#16
  332     ldr $s2,[$tbl,$s2,lsl#2]    @ Te0[s2>>24]
  333     and $i1,lr,$s3      @ i0
  334     eor $s1,$s1,$i2,ror#8
  335     and $i2,lr,$s3,lsr#8    @ i1
  336     eor $t3,$t3,$i3,ror#16
  337     and $i3,lr,$s3,lsr#16   @ i2
  338     ldr $i1,[$tbl,$i1,lsl#2]    @ Te3[s3>>0]
  339     eor $s2,$s2,$t2,ror#16
  340     ldr $i2,[$tbl,$i2,lsl#2]    @ Te2[s3>>8]
  341     mov $s3,$s3,lsr#24
  342 
  343     ldr $i3,[$tbl,$i3,lsl#2]    @ Te1[s3>>16]
  344     eor $s0,$s0,$i1,ror#24
  345     ldr $i1,[$key],#16
  346     eor $s1,$s1,$i2,ror#16
  347     ldr $s3,[$tbl,$s3,lsl#2]    @ Te0[s3>>24]
  348     eor $s2,$s2,$i3,ror#8
  349     ldr $t1,[$key,#-12]
  350     eor $s3,$s3,$t3,ror#8
  351 
  352     ldr $t2,[$key,#-8]
  353     eor $s0,$s0,$i1
  354     ldr $t3,[$key,#-4]
  355     and $i1,lr,$s0
  356     eor $s1,$s1,$t1
  357     and $i2,lr,$s0,lsr#8
  358     eor $s2,$s2,$t2
  359     and $i3,lr,$s0,lsr#16
  360     eor $s3,$s3,$t3
  361     mov $s0,$s0,lsr#24
  362 
  363     subs    $rounds,$rounds,#1
  364     bne .Lenc_loop
  365 
  366     add $tbl,$tbl,#2
  367 
  368     ldrb    $t1,[$tbl,$i1,lsl#2]    @ Te4[s0>>0]
  369     and $i1,lr,$s1,lsr#16   @ i0
  370     ldrb    $t2,[$tbl,$i2,lsl#2]    @ Te4[s0>>8]
  371     and $i2,lr,$s1
  372     ldrb    $t3,[$tbl,$i3,lsl#2]    @ Te4[s0>>16]
  373     and $i3,lr,$s1,lsr#8
  374     ldrb    $s0,[$tbl,$s0,lsl#2]    @ Te4[s0>>24]
  375     mov $s1,$s1,lsr#24
  376 
  377     ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s1>>16]
  378     ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s1>>0]
  379     ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s1>>8]
  380     eor $s0,$i1,$s0,lsl#8
  381     ldrb    $s1,[$tbl,$s1,lsl#2]    @ Te4[s1>>24]
  382     and $i1,lr,$s2,lsr#8    @ i0
  383     eor $t2,$i2,$t2,lsl#8
  384     and $i2,lr,$s2,lsr#16   @ i1
  385     eor $t3,$i3,$t3,lsl#8
  386     and $i3,lr,$s2
  387     ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s2>>8]
  388     eor $s1,$t1,$s1,lsl#24
  389     ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s2>>16]
  390     mov $s2,$s2,lsr#24
  391 
  392     ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s2>>0]
  393     eor $s0,$i1,$s0,lsl#8
  394     ldrb    $s2,[$tbl,$s2,lsl#2]    @ Te4[s2>>24]
  395     and $i1,lr,$s3      @ i0
  396     eor $s1,$s1,$i2,lsl#16
  397     and $i2,lr,$s3,lsr#8    @ i1
  398     eor $t3,$i3,$t3,lsl#8
  399     and $i3,lr,$s3,lsr#16   @ i2
  400     ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s3>>0]
  401     eor $s2,$t2,$s2,lsl#24
  402     ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s3>>8]
  403     mov $s3,$s3,lsr#24
  404 
  405     ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s3>>16]
  406     eor $s0,$i1,$s0,lsl#8
  407     ldr $i1,[$key,#0]
  408     ldrb    $s3,[$tbl,$s3,lsl#2]    @ Te4[s3>>24]
  409     eor $s1,$s1,$i2,lsl#8
  410     ldr $t1,[$key,#4]
  411     eor $s2,$s2,$i3,lsl#16
  412     ldr $t2,[$key,#8]
  413     eor $s3,$t3,$s3,lsl#24
  414     ldr $t3,[$key,#12]
  415 
  416     eor $s0,$s0,$i1
  417     eor $s1,$s1,$t1
  418     eor $s2,$s2,$t2
  419     eor $s3,$s3,$t3
  420 
  421     sub $tbl,$tbl,#2
  422     ldr pc,[sp],#4      @ pop and return
  423 .size   _armv4_AES_encrypt,.-_armv4_AES_encrypt
  424 
  425 .global private_AES_set_encrypt_key
  426 .type   private_AES_set_encrypt_key,%function
  427 .align  5
  428 private_AES_set_encrypt_key:
  429 _armv4_AES_set_encrypt_key:
  430 #if __ARM_ARCH__<7
  431     sub r3,pc,#8        @ AES_set_encrypt_key
  432 #else
  433     adr r3,.
  434 #endif
  435     teq r0,#0
  436 #if __ARM_ARCH__>=7
  437     itt eq          @ Thumb2 thing, sanity check in ARM
  438 #endif
  439     moveq   r0,#-1
  440     beq .Labrt
  441     teq r2,#0
  442 #if __ARM_ARCH__>=7
  443     itt eq          @ Thumb2 thing, sanity check in ARM
  444 #endif
  445     moveq   r0,#-1
  446     beq .Labrt
  447 
  448     teq r1,#128
  449     beq .Lok
  450     teq r1,#192
  451     beq .Lok
  452     teq r1,#256
  453 #if __ARM_ARCH__>=7
  454     itt ne          @ Thumb2 thing, sanity check in ARM
  455 #endif
  456     movne   r0,#-1
  457     bne .Labrt
  458 
  459 .Lok:   stmdb   sp!,{r4-r12,lr}
  460     sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
  461 
  462     mov $rounds,r0      @ inp
  463     mov lr,r1           @ bits
  464     mov $key,r2         @ key
  465 
  466 #if __ARM_ARCH__<7
  467     ldrb    $s0,[$rounds,#3]    @ load input data in endian-neutral
  468     ldrb    $t1,[$rounds,#2]    @ manner...
  469     ldrb    $t2,[$rounds,#1]
  470     ldrb    $t3,[$rounds,#0]
  471     orr $s0,$s0,$t1,lsl#8
  472     ldrb    $s1,[$rounds,#7]
  473     orr $s0,$s0,$t2,lsl#16
  474     ldrb    $t1,[$rounds,#6]
  475     orr $s0,$s0,$t3,lsl#24
  476     ldrb    $t2,[$rounds,#5]
  477     ldrb    $t3,[$rounds,#4]
  478     orr $s1,$s1,$t1,lsl#8
  479     ldrb    $s2,[$rounds,#11]
  480     orr $s1,$s1,$t2,lsl#16
  481     ldrb    $t1,[$rounds,#10]
  482     orr $s1,$s1,$t3,lsl#24
  483     ldrb    $t2,[$rounds,#9]
  484     ldrb    $t3,[$rounds,#8]
  485     orr $s2,$s2,$t1,lsl#8
  486     ldrb    $s3,[$rounds,#15]
  487     orr $s2,$s2,$t2,lsl#16
  488     ldrb    $t1,[$rounds,#14]
  489     orr $s2,$s2,$t3,lsl#24
  490     ldrb    $t2,[$rounds,#13]
  491     ldrb    $t3,[$rounds,#12]
  492     orr $s3,$s3,$t1,lsl#8
  493     str $s0,[$key],#16
  494     orr $s3,$s3,$t2,lsl#16
  495     str $s1,[$key,#-12]
  496     orr $s3,$s3,$t3,lsl#24
  497     str $s2,[$key,#-8]
  498     str $s3,[$key,#-4]
  499 #else
  500     ldr $s0,[$rounds,#0]
  501     ldr $s1,[$rounds,#4]
  502     ldr $s2,[$rounds,#8]
  503     ldr $s3,[$rounds,#12]
  504 #ifdef __ARMEL__
  505     rev $s0,$s0
  506     rev $s1,$s1
  507     rev $s2,$s2
  508     rev $s3,$s3
  509 #endif
  510     str $s0,[$key],#16
  511     str $s1,[$key,#-12]
  512     str $s2,[$key,#-8]
  513     str $s3,[$key,#-4]
  514 #endif
  515 
  516     teq lr,#128
  517     bne .Lnot128
  518     mov $rounds,#10
  519     str $rounds,[$key,#240-16]
  520     add $t3,$tbl,#256           @ rcon
  521     mov lr,#255
  522 
  523 .L128_loop:
  524     and $t2,lr,$s3,lsr#24
  525     and $i1,lr,$s3,lsr#16
  526     ldrb    $t2,[$tbl,$t2]
  527     and $i2,lr,$s3,lsr#8
  528     ldrb    $i1,[$tbl,$i1]
  529     and $i3,lr,$s3
  530     ldrb    $i2,[$tbl,$i2]
  531     orr $t2,$t2,$i1,lsl#24
  532     ldrb    $i3,[$tbl,$i3]
  533     orr $t2,$t2,$i2,lsl#16
  534     ldr $t1,[$t3],#4            @ rcon[i++]
  535     orr $t2,$t2,$i3,lsl#8
  536     eor $t2,$t2,$t1
  537     eor $s0,$s0,$t2         @ rk[4]=rk[0]^...
  538     eor $s1,$s1,$s0         @ rk[5]=rk[1]^rk[4]
  539     str $s0,[$key],#16
  540     eor $s2,$s2,$s1         @ rk[6]=rk[2]^rk[5]
  541     str $s1,[$key,#-12]
  542     eor $s3,$s3,$s2         @ rk[7]=rk[3]^rk[6]
  543     str $s2,[$key,#-8]
  544     subs    $rounds,$rounds,#1
  545     str $s3,[$key,#-4]
  546     bne .L128_loop
  547     sub r2,$key,#176
  548     b   .Ldone
  549 
  550 .Lnot128:
  551 #if __ARM_ARCH__<7
  552     ldrb    $i2,[$rounds,#19]
  553     ldrb    $t1,[$rounds,#18]
  554     ldrb    $t2,[$rounds,#17]
  555     ldrb    $t3,[$rounds,#16]
  556     orr $i2,$i2,$t1,lsl#8
  557     ldrb    $i3,[$rounds,#23]
  558     orr $i2,$i2,$t2,lsl#16
  559     ldrb    $t1,[$rounds,#22]
  560     orr $i2,$i2,$t3,lsl#24
  561     ldrb    $t2,[$rounds,#21]
  562     ldrb    $t3,[$rounds,#20]
  563     orr $i3,$i3,$t1,lsl#8
  564     orr $i3,$i3,$t2,lsl#16
  565     str $i2,[$key],#8
  566     orr $i3,$i3,$t3,lsl#24
  567     str $i3,[$key,#-4]
  568 #else
  569     ldr $i2,[$rounds,#16]
  570     ldr $i3,[$rounds,#20]
  571 #ifdef __ARMEL__
  572     rev $i2,$i2
  573     rev $i3,$i3
  574 #endif
  575     str $i2,[$key],#8
  576     str $i3,[$key,#-4]
  577 #endif
  578 
  579     teq lr,#192
  580     bne .Lnot192
  581     mov $rounds,#12
  582     str $rounds,[$key,#240-24]
  583     add $t3,$tbl,#256           @ rcon
  584     mov lr,#255
  585     mov $rounds,#8
  586 
  587 .L192_loop:
  588     and $t2,lr,$i3,lsr#24
  589     and $i1,lr,$i3,lsr#16
  590     ldrb    $t2,[$tbl,$t2]
  591     and $i2,lr,$i3,lsr#8
  592     ldrb    $i1,[$tbl,$i1]
  593     and $i3,lr,$i3
  594     ldrb    $i2,[$tbl,$i2]
  595     orr $t2,$t2,$i1,lsl#24
  596     ldrb    $i3,[$tbl,$i3]
  597     orr $t2,$t2,$i2,lsl#16
  598     ldr $t1,[$t3],#4            @ rcon[i++]
  599     orr $t2,$t2,$i3,lsl#8
  600     eor $i3,$t2,$t1
  601     eor $s0,$s0,$i3         @ rk[6]=rk[0]^...
  602     eor $s1,$s1,$s0         @ rk[7]=rk[1]^rk[6]
  603     str $s0,[$key],#24
  604     eor $s2,$s2,$s1         @ rk[8]=rk[2]^rk[7]
  605     str $s1,[$key,#-20]
  606     eor $s3,$s3,$s2         @ rk[9]=rk[3]^rk[8]
  607     str $s2,[$key,#-16]
  608     subs    $rounds,$rounds,#1
  609     str $s3,[$key,#-12]
  610 #if __ARM_ARCH__>=7
  611     itt eq              @ Thumb2 thing, sanity check in ARM
  612 #endif
  613     subeq   r2,$key,#216
  614     beq .Ldone
  615 
  616     ldr $i1,[$key,#-32]
  617     ldr $i2,[$key,#-28]
  618     eor $i1,$i1,$s3         @ rk[10]=rk[4]^rk[9]
  619     eor $i3,$i2,$i1         @ rk[11]=rk[5]^rk[10]
  620     str $i1,[$key,#-8]
  621     str $i3,[$key,#-4]
  622     b   .L192_loop
  623 
  624 .Lnot192:
  625 #if __ARM_ARCH__<7
  626     ldrb    $i2,[$rounds,#27]
  627     ldrb    $t1,[$rounds,#26]
  628     ldrb    $t2,[$rounds,#25]
  629     ldrb    $t3,[$rounds,#24]
  630     orr $i2,$i2,$t1,lsl#8
  631     ldrb    $i3,[$rounds,#31]
  632     orr $i2,$i2,$t2,lsl#16
  633     ldrb    $t1,[$rounds,#30]
  634     orr $i2,$i2,$t3,lsl#24
  635     ldrb    $t2,[$rounds,#29]
  636     ldrb    $t3,[$rounds,#28]
  637     orr $i3,$i3,$t1,lsl#8
  638     orr $i3,$i3,$t2,lsl#16
  639     str $i2,[$key],#8
  640     orr $i3,$i3,$t3,lsl#24
  641     str $i3,[$key,#-4]
  642 #else
  643     ldr $i2,[$rounds,#24]
  644     ldr $i3,[$rounds,#28]
  645 #ifdef __ARMEL__
  646     rev $i2,$i2
  647     rev $i3,$i3
  648 #endif
  649     str $i2,[$key],#8
  650     str $i3,[$key,#-4]
  651 #endif
  652 
  653     mov $rounds,#14
  654     str $rounds,[$key,#240-32]
  655     add $t3,$tbl,#256           @ rcon
  656     mov lr,#255
  657     mov $rounds,#7
  658 
  659 .L256_loop:
  660     and $t2,lr,$i3,lsr#24
  661     and $i1,lr,$i3,lsr#16
  662     ldrb    $t2,[$tbl,$t2]
  663     and $i2,lr,$i3,lsr#8
  664     ldrb    $i1,[$tbl,$i1]
  665     and $i3,lr,$i3
  666     ldrb    $i2,[$tbl,$i2]
  667     orr $t2,$t2,$i1,lsl#24
  668     ldrb    $i3,[$tbl,$i3]
  669     orr $t2,$t2,$i2,lsl#16
  670     ldr $t1,[$t3],#4            @ rcon[i++]
  671     orr $t2,$t2,$i3,lsl#8
  672     eor $i3,$t2,$t1
  673     eor $s0,$s0,$i3         @ rk[8]=rk[0]^...
  674     eor $s1,$s1,$s0         @ rk[9]=rk[1]^rk[8]
  675     str $s0,[$key],#32
  676     eor $s2,$s2,$s1         @ rk[10]=rk[2]^rk[9]
  677     str $s1,[$key,#-28]
  678     eor $s3,$s3,$s2         @ rk[11]=rk[3]^rk[10]
  679     str $s2,[$key,#-24]
  680     subs    $rounds,$rounds,#1
  681     str $s3,[$key,#-20]
  682 #if __ARM_ARCH__>=7
  683     itt eq              @ Thumb2 thing, sanity check in ARM
  684 #endif
  685     subeq   r2,$key,#256
  686     beq .Ldone
  687 
  688     and $t2,lr,$s3
  689     and $i1,lr,$s3,lsr#8
  690     ldrb    $t2,[$tbl,$t2]
  691     and $i2,lr,$s3,lsr#16
  692     ldrb    $i1,[$tbl,$i1]
  693     and $i3,lr,$s3,lsr#24
  694     ldrb    $i2,[$tbl,$i2]
  695     orr $t2,$t2,$i1,lsl#8
  696     ldrb    $i3,[$tbl,$i3]
  697     orr $t2,$t2,$i2,lsl#16
  698     ldr $t1,[$key,#-48]
  699     orr $t2,$t2,$i3,lsl#24
  700 
  701     ldr $i1,[$key,#-44]
  702     ldr $i2,[$key,#-40]
  703     eor $t1,$t1,$t2         @ rk[12]=rk[4]^...
  704     ldr $i3,[$key,#-36]
  705     eor $i1,$i1,$t1         @ rk[13]=rk[5]^rk[12]
  706     str $t1,[$key,#-16]
  707     eor $i2,$i2,$i1         @ rk[14]=rk[6]^rk[13]
  708     str $i1,[$key,#-12]
  709     eor $i3,$i3,$i2         @ rk[15]=rk[7]^rk[14]
  710     str $i2,[$key,#-8]
  711     str $i3,[$key,#-4]
  712     b   .L256_loop
  713 
  714 .align  2
  715 .Ldone: mov r0,#0
  716     ldmia   sp!,{r4-r12,lr}
  717 .Labrt:
  718 #if __ARM_ARCH__>=5
  719     ret             @ bx lr
  720 #else
  721     tst lr,#1
  722     moveq   pc,lr           @ be binary compatible with V4, yet
  723     bx  lr          @ interoperable with Thumb ISA:-)
  724 #endif
  725 .size   private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
  726 
  727 .global private_AES_set_decrypt_key
  728 .type   private_AES_set_decrypt_key,%function
  729 .align  5
  730 private_AES_set_decrypt_key:
  731     str lr,[sp,#-4]!            @ push lr
  732     bl  _armv4_AES_set_encrypt_key
  733     teq r0,#0
  734     ldr lr,[sp],#4              @ pop lr
  735     bne .Labrt
  736 
  737     mov r0,r2           @ AES_set_encrypt_key preserves r2,
  738     mov r1,r2           @ which is AES_KEY *key
  739     b   _armv4_AES_set_enc2dec_key
  740 .size   private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
  741 
  742 @ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out)
  743 .global AES_set_enc2dec_key
  744 .type   AES_set_enc2dec_key,%function
  745 .align  5
  746 AES_set_enc2dec_key:
  747 _armv4_AES_set_enc2dec_key:
  748     stmdb   sp!,{r4-r12,lr}
  749 
  750     ldr $rounds,[r0,#240]
  751     mov $i1,r0          @ input
  752     add $i2,r0,$rounds,lsl#4
  753     mov $key,r1         @ ouput
  754     add $tbl,r1,$rounds,lsl#4
  755     str $rounds,[r1,#240]
  756 
  757 .Linv:  ldr $s0,[$i1],#16
  758     ldr $s1,[$i1,#-12]
  759     ldr $s2,[$i1,#-8]
  760     ldr $s3,[$i1,#-4]
  761     ldr $t1,[$i2],#-16
  762     ldr $t2,[$i2,#16+4]
  763     ldr $t3,[$i2,#16+8]
  764     ldr $i3,[$i2,#16+12]
  765     str $s0,[$tbl],#-16
  766     str $s1,[$tbl,#16+4]
  767     str $s2,[$tbl,#16+8]
  768     str $s3,[$tbl,#16+12]
  769     str $t1,[$key],#16
  770     str $t2,[$key,#-12]
  771     str $t3,[$key,#-8]
  772     str $i3,[$key,#-4]
  773     teq $i1,$i2
  774     bne .Linv
  775 
  776     ldr $s0,[$i1]
  777     ldr $s1,[$i1,#4]
  778     ldr $s2,[$i1,#8]
  779     ldr $s3,[$i1,#12]
  780     str $s0,[$key]
  781     str $s1,[$key,#4]
  782     str $s2,[$key,#8]
  783     str $s3,[$key,#12]
  784     sub $key,$key,$rounds,lsl#3
  785 ___
  786 $mask80=$i1;
  787 $mask1b=$i2;
  788 $mask7f=$i3;
  789 $code.=<<___;
  790     ldr $s0,[$key,#16]!     @ prefetch tp1
  791     mov $mask80,#0x80
  792     mov $mask1b,#0x1b
  793     orr $mask80,$mask80,#0x8000
  794     orr $mask1b,$mask1b,#0x1b00
  795     orr $mask80,$mask80,$mask80,lsl#16
  796     orr $mask1b,$mask1b,$mask1b,lsl#16
  797     sub $rounds,$rounds,#1
  798     mvn $mask7f,$mask80
  799     mov $rounds,$rounds,lsl#2   @ (rounds-1)*4
  800 
  801 .Lmix:  and $t1,$s0,$mask80
  802     and $s1,$s0,$mask7f
  803     sub $t1,$t1,$t1,lsr#7
  804     and $t1,$t1,$mask1b
  805     eor $s1,$t1,$s1,lsl#1   @ tp2
  806 
  807     and $t1,$s1,$mask80
  808     and $s2,$s1,$mask7f
  809     sub $t1,$t1,$t1,lsr#7
  810     and $t1,$t1,$mask1b
  811     eor $s2,$t1,$s2,lsl#1   @ tp4
  812 
  813     and $t1,$s2,$mask80
  814     and $s3,$s2,$mask7f
  815     sub $t1,$t1,$t1,lsr#7
  816     and $t1,$t1,$mask1b
  817     eor $s3,$t1,$s3,lsl#1   @ tp8
  818 
  819     eor $t1,$s1,$s2
  820     eor $t2,$s0,$s3     @ tp9
  821     eor $t1,$t1,$s3     @ tpe
  822     eor $t1,$t1,$s1,ror#24
  823     eor $t1,$t1,$t2,ror#24  @ ^= ROTATE(tpb=tp9^tp2,8)
  824     eor $t1,$t1,$s2,ror#16
  825     eor $t1,$t1,$t2,ror#16  @ ^= ROTATE(tpd=tp9^tp4,16)
  826     eor $t1,$t1,$t2,ror#8   @ ^= ROTATE(tp9,24)
  827 
  828     ldr $s0,[$key,#4]       @ prefetch tp1
  829     str $t1,[$key],#4
  830     subs    $rounds,$rounds,#1
  831     bne .Lmix
  832 
  833     mov r0,#0
  834 #if __ARM_ARCH__>=5
  835     ldmia   sp!,{r4-r12,pc}
  836 #else
  837     ldmia   sp!,{r4-r12,lr}
  838     tst lr,#1
  839     moveq   pc,lr           @ be binary compatible with V4, yet
  840     bx  lr          @ interoperable with Thumb ISA:-)
  841 #endif
  842 .size   AES_set_enc2dec_key,.-AES_set_enc2dec_key
  843 
  844 .type   AES_Td,%object
  845 .align  5
  846 AES_Td:
  847 .word   0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96
  848 .word   0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393
  849 .word   0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25
  850 .word   0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f
  851 .word   0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1
  852 .word   0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6
  853 .word   0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da
  854 .word   0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844
  855 .word   0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd
  856 .word   0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4
  857 .word   0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45
  858 .word   0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94
  859 .word   0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7
  860 .word   0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a
  861 .word   0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5
  862 .word   0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c
  863 .word   0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1
  864 .word   0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a
  865 .word   0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75
  866 .word   0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051
  867 .word   0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46
  868 .word   0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff
  869 .word   0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77
  870 .word   0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb
  871 .word   0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000
  872 .word   0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e
  873 .word   0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927
  874 .word   0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a
  875 .word   0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e
  876 .word   0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16
  877 .word   0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d
  878 .word   0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8
  879 .word   0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd
  880 .word   0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34
  881 .word   0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163
  882 .word   0xd731dcca, 0x42638510, 0x13972240, 0x84c61120
  883 .word   0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d
  884 .word   0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0
  885 .word   0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422
  886 .word   0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef
  887 .word   0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36
  888 .word   0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4
  889 .word   0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662
  890 .word   0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5
  891 .word   0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3
  892 .word   0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b
  893 .word   0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8
  894 .word   0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6
  895 .word   0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6
  896 .word   0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0
  897 .word   0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815
  898 .word   0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f
  899 .word   0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df
  900 .word   0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f
  901 .word   0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e
  902 .word   0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713
  903 .word   0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89
  904 .word   0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c
  905 .word   0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf
  906 .word   0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86
  907 .word   0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f
  908 .word   0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541
  909 .word   0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190
  910 .word   0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742
  911 @ Td4[256]
  912 .byte   0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
  913 .byte   0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
  914 .byte   0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
  915 .byte   0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
  916 .byte   0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
  917 .byte   0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
  918 .byte   0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
  919 .byte   0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
  920 .byte   0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
  921 .byte   0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
  922 .byte   0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
  923 .byte   0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
  924 .byte   0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
  925 .byte   0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
  926 .byte   0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
  927 .byte   0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
  928 .byte   0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
  929 .byte   0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
  930 .byte   0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
  931 .byte   0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
  932 .byte   0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
  933 .byte   0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
  934 .byte   0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
  935 .byte   0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
  936 .byte   0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
  937 .byte   0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
  938 .byte   0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
  939 .byte   0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
  940 .byte   0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
  941 .byte   0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
  942 .byte   0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
  943 .byte   0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
  944 .size   AES_Td,.-AES_Td
  945 
  946 @ void AES_decrypt(const unsigned char *in, unsigned char *out,
  947 @        const AES_KEY *key) {
  948 .global AES_decrypt
  949 .type   AES_decrypt,%function
  950 .align  5
  951 AES_decrypt:
  952 #if __ARM_ARCH__<7
  953     sub r3,pc,#8        @ AES_decrypt
  954 #else
  955     adr r3,.
  956 #endif
  957     stmdb   sp!,{r1,r4-r12,lr}
  958     mov $rounds,r0      @ inp
  959     mov $key,r2
  960     sub $tbl,r3,#AES_decrypt-AES_Td     @ Td
  961 #if __ARM_ARCH__<7
  962     ldrb    $s0,[$rounds,#3]    @ load input data in endian-neutral
  963     ldrb    $t1,[$rounds,#2]    @ manner...
  964     ldrb    $t2,[$rounds,#1]
  965     ldrb    $t3,[$rounds,#0]
  966     orr $s0,$s0,$t1,lsl#8
  967     ldrb    $s1,[$rounds,#7]
  968     orr $s0,$s0,$t2,lsl#16
  969     ldrb    $t1,[$rounds,#6]
  970     orr $s0,$s0,$t3,lsl#24
  971     ldrb    $t2,[$rounds,#5]
  972     ldrb    $t3,[$rounds,#4]
  973     orr $s1,$s1,$t1,lsl#8
  974     ldrb    $s2,[$rounds,#11]
  975     orr $s1,$s1,$t2,lsl#16
  976     ldrb    $t1,[$rounds,#10]
  977     orr $s1,$s1,$t3,lsl#24
  978     ldrb    $t2,[$rounds,#9]
  979     ldrb    $t3,[$rounds,#8]
  980     orr $s2,$s2,$t1,lsl#8
  981     ldrb    $s3,[$rounds,#15]
  982     orr $s2,$s2,$t2,lsl#16
  983     ldrb    $t1,[$rounds,#14]
  984     orr $s2,$s2,$t3,lsl#24
  985     ldrb    $t2,[$rounds,#13]
  986     ldrb    $t3,[$rounds,#12]
  987     orr $s3,$s3,$t1,lsl#8
  988     orr $s3,$s3,$t2,lsl#16
  989     orr $s3,$s3,$t3,lsl#24
  990 #else
  991     ldr $s0,[$rounds,#0]
  992     ldr $s1,[$rounds,#4]
  993     ldr $s2,[$rounds,#8]
  994     ldr $s3,[$rounds,#12]
  995 #ifdef __ARMEL__
  996     rev $s0,$s0
  997     rev $s1,$s1
  998     rev $s2,$s2
  999     rev $s3,$s3
 1000 #endif
 1001 #endif
 1002     bl  _armv4_AES_decrypt
 1003 
 1004     ldr $rounds,[sp],#4     @ pop out
 1005 #if __ARM_ARCH__>=7
 1006 #ifdef __ARMEL__
 1007     rev $s0,$s0
 1008     rev $s1,$s1
 1009     rev $s2,$s2
 1010     rev $s3,$s3
 1011 #endif
 1012     str $s0,[$rounds,#0]
 1013     str $s1,[$rounds,#4]
 1014     str $s2,[$rounds,#8]
 1015     str $s3,[$rounds,#12]
 1016 #else
 1017     mov $t1,$s0,lsr#24      @ write output in endian-neutral
 1018     mov $t2,$s0,lsr#16      @ manner...
 1019     mov $t3,$s0,lsr#8
 1020     strb    $t1,[$rounds,#0]
 1021     strb    $t2,[$rounds,#1]
 1022     mov $t1,$s1,lsr#24
 1023     strb    $t3,[$rounds,#2]
 1024     mov $t2,$s1,lsr#16
 1025     strb    $s0,[$rounds,#3]
 1026     mov $t3,$s1,lsr#8
 1027     strb    $t1,[$rounds,#4]
 1028     strb    $t2,[$rounds,#5]
 1029     mov $t1,$s2,lsr#24
 1030     strb    $t3,[$rounds,#6]
 1031     mov $t2,$s2,lsr#16
 1032     strb    $s1,[$rounds,#7]
 1033     mov $t3,$s2,lsr#8
 1034     strb    $t1,[$rounds,#8]
 1035     strb    $t2,[$rounds,#9]
 1036     mov $t1,$s3,lsr#24
 1037     strb    $t3,[$rounds,#10]
 1038     mov $t2,$s3,lsr#16
 1039     strb    $s2,[$rounds,#11]
 1040     mov $t3,$s3,lsr#8
 1041     strb    $t1,[$rounds,#12]
 1042     strb    $t2,[$rounds,#13]
 1043     strb    $t3,[$rounds,#14]
 1044     strb    $s3,[$rounds,#15]
 1045 #endif
 1046 #if __ARM_ARCH__>=5
 1047     ldmia   sp!,{r4-r12,pc}
 1048 #else
 1049     ldmia   sp!,{r4-r12,lr}
 1050     tst lr,#1
 1051     moveq   pc,lr           @ be binary compatible with V4, yet
 1052     bx  lr          @ interoperable with Thumb ISA:-)
 1053 #endif
 1054 .size   AES_decrypt,.-AES_decrypt
 1055 
 1056 .type   _armv4_AES_decrypt,%function
 1057 .align  2
 1058 _armv4_AES_decrypt:
 1059     str lr,[sp,#-4]!        @ push lr
 1060     ldmia   $key!,{$t1-$i1}
 1061     eor $s0,$s0,$t1
 1062     ldr $rounds,[$key,#240-16]
 1063     eor $s1,$s1,$t2
 1064     eor $s2,$s2,$t3
 1065     eor $s3,$s3,$i1
 1066     sub $rounds,$rounds,#1
 1067     mov lr,#255
 1068 
 1069     and $i1,lr,$s0,lsr#16
 1070     and $i2,lr,$s0,lsr#8
 1071     and $i3,lr,$s0
 1072     mov $s0,$s0,lsr#24
 1073 .Ldec_loop:
 1074     ldr $t1,[$tbl,$i1,lsl#2]    @ Td1[s0>>16]
 1075     and $i1,lr,$s1      @ i0
 1076     ldr $t2,[$tbl,$i2,lsl#2]    @ Td2[s0>>8]
 1077     and $i2,lr,$s1,lsr#16
 1078     ldr $t3,[$tbl,$i3,lsl#2]    @ Td3[s0>>0]
 1079     and $i3,lr,$s1,lsr#8
 1080     ldr $s0,[$tbl,$s0,lsl#2]    @ Td0[s0>>24]
 1081     mov $s1,$s1,lsr#24
 1082 
 1083     ldr $i1,[$tbl,$i1,lsl#2]    @ Td3[s1>>0]
 1084     ldr $i2,[$tbl,$i2,lsl#2]    @ Td1[s1>>16]
 1085     ldr $i3,[$tbl,$i3,lsl#2]    @ Td2[s1>>8]
 1086     eor $s0,$s0,$i1,ror#24
 1087     ldr $s1,[$tbl,$s1,lsl#2]    @ Td0[s1>>24]
 1088     and $i1,lr,$s2,lsr#8    @ i0
 1089     eor $t2,$i2,$t2,ror#8
 1090     and $i2,lr,$s2      @ i1
 1091     eor $t3,$i3,$t3,ror#8
 1092     and $i3,lr,$s2,lsr#16
 1093     ldr $i1,[$tbl,$i1,lsl#2]    @ Td2[s2>>8]
 1094     eor $s1,$s1,$t1,ror#8
 1095     ldr $i2,[$tbl,$i2,lsl#2]    @ Td3[s2>>0]
 1096     mov $s2,$s2,lsr#24
 1097 
 1098     ldr $i3,[$tbl,$i3,lsl#2]    @ Td1[s2>>16]
 1099     eor $s0,$s0,$i1,ror#16
 1100     ldr $s2,[$tbl,$s2,lsl#2]    @ Td0[s2>>24]
 1101     and $i1,lr,$s3,lsr#16   @ i0
 1102     eor $s1,$s1,$i2,ror#24
 1103     and $i2,lr,$s3,lsr#8    @ i1
 1104     eor $t3,$i3,$t3,ror#8
 1105     and $i3,lr,$s3      @ i2
 1106     ldr $i1,[$tbl,$i1,lsl#2]    @ Td1[s3>>16]
 1107     eor $s2,$s2,$t2,ror#8
 1108     ldr $i2,[$tbl,$i2,lsl#2]    @ Td2[s3>>8]
 1109     mov $s3,$s3,lsr#24
 1110 
 1111     ldr $i3,[$tbl,$i3,lsl#2]    @ Td3[s3>>0]
 1112     eor $s0,$s0,$i1,ror#8
 1113     ldr $i1,[$key],#16
 1114     eor $s1,$s1,$i2,ror#16
 1115     ldr $s3,[$tbl,$s3,lsl#2]    @ Td0[s3>>24]
 1116     eor $s2,$s2,$i3,ror#24
 1117 
 1118     ldr $t1,[$key,#-12]
 1119     eor $s0,$s0,$i1
 1120     ldr $t2,[$key,#-8]
 1121     eor $s3,$s3,$t3,ror#8
 1122     ldr $t3,[$key,#-4]
 1123     and $i1,lr,$s0,lsr#16
 1124     eor $s1,$s1,$t1
 1125     and $i2,lr,$s0,lsr#8
 1126     eor $s2,$s2,$t2
 1127     and $i3,lr,$s0
 1128     eor $s3,$s3,$t3
 1129     mov $s0,$s0,lsr#24
 1130 
 1131     subs    $rounds,$rounds,#1
 1132     bne .Ldec_loop
 1133 
 1134     add $tbl,$tbl,#1024
 1135 
 1136     ldr $t2,[$tbl,#0]       @ prefetch Td4
 1137     ldr $t3,[$tbl,#32]
 1138     ldr $t1,[$tbl,#64]
 1139     ldr $t2,[$tbl,#96]
 1140     ldr $t3,[$tbl,#128]
 1141     ldr $t1,[$tbl,#160]
 1142     ldr $t2,[$tbl,#192]
 1143     ldr $t3,[$tbl,#224]
 1144 
 1145     ldrb    $s0,[$tbl,$s0]      @ Td4[s0>>24]
 1146     ldrb    $t1,[$tbl,$i1]      @ Td4[s0>>16]
 1147     and $i1,lr,$s1      @ i0
 1148     ldrb    $t2,[$tbl,$i2]      @ Td4[s0>>8]
 1149     and $i2,lr,$s1,lsr#16
 1150     ldrb    $t3,[$tbl,$i3]      @ Td4[s0>>0]
 1151     and $i3,lr,$s1,lsr#8
 1152 
 1153     add $s1,$tbl,$s1,lsr#24
 1154     ldrb    $i1,[$tbl,$i1]      @ Td4[s1>>0]
 1155     ldrb    $s1,[$s1]       @ Td4[s1>>24]
 1156     ldrb    $i2,[$tbl,$i2]      @ Td4[s1>>16]
 1157     eor $s0,$i1,$s0,lsl#24
 1158     ldrb    $i3,[$tbl,$i3]      @ Td4[s1>>8]
 1159     eor $s1,$t1,$s1,lsl#8
 1160     and $i1,lr,$s2,lsr#8    @ i0
 1161     eor $t2,$t2,$i2,lsl#8
 1162     and $i2,lr,$s2      @ i1
 1163     ldrb    $i1,[$tbl,$i1]      @ Td4[s2>>8]
 1164     eor $t3,$t3,$i3,lsl#8
 1165     ldrb    $i2,[$tbl,$i2]      @ Td4[s2>>0]
 1166     and $i3,lr,$s2,lsr#16
 1167 
 1168     add $s2,$tbl,$s2,lsr#24
 1169     ldrb    $s2,[$s2]       @ Td4[s2>>24]
 1170     eor $s0,$s0,$i1,lsl#8
 1171     ldrb    $i3,[$tbl,$i3]      @ Td4[s2>>16]
 1172     eor $s1,$i2,$s1,lsl#16
 1173     and $i1,lr,$s3,lsr#16   @ i0
 1174     eor $s2,$t2,$s2,lsl#16
 1175     and $i2,lr,$s3,lsr#8    @ i1
 1176     ldrb    $i1,[$tbl,$i1]      @ Td4[s3>>16]
 1177     eor $t3,$t3,$i3,lsl#16
 1178     ldrb    $i2,[$tbl,$i2]      @ Td4[s3>>8]
 1179     and $i3,lr,$s3      @ i2
 1180 
 1181     add $s3,$tbl,$s3,lsr#24
 1182     ldrb    $i3,[$tbl,$i3]      @ Td4[s3>>0]
 1183     ldrb    $s3,[$s3]       @ Td4[s3>>24]
 1184     eor $s0,$s0,$i1,lsl#16
 1185     ldr $i1,[$key,#0]
 1186     eor $s1,$s1,$i2,lsl#8
 1187     ldr $t1,[$key,#4]
 1188     eor $s2,$i3,$s2,lsl#8
 1189     ldr $t2,[$key,#8]
 1190     eor $s3,$t3,$s3,lsl#24
 1191     ldr $t3,[$key,#12]
 1192 
 1193     eor $s0,$s0,$i1
 1194     eor $s1,$s1,$t1
 1195     eor $s2,$s2,$t2
 1196     eor $s3,$s3,$t3
 1197 
 1198     sub $tbl,$tbl,#1024
 1199     ldr pc,[sp],#4      @ pop and return
 1200 .size   _armv4_AES_decrypt,.-_armv4_AES_decrypt
 1201 .asciz  "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
 1202 .align  2
 1203 ___
 1204 
 1205 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
 1206 $code =~ s/\bret\b/bx\tlr/gm;
 1207 
 1208 open SELF,$0;
 1209 while(<SELF>) {
 1210     next if (/^#!/);
 1211     last if (!s/^#/@/ and !/^$/);
 1212     print;
 1213 }
 1214 close SELF;
 1215 
 1216 print $code;
 1217 close STDOUT;   # enforce flush