2
0

aes-c64xplus.pl 43 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382
  1. #! /usr/bin/env perl
  2. # Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. #
  9. # ====================================================================
  10. # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
  11. # project. The module is, however, dual licensed under OpenSSL and
  12. # CRYPTOGAMS licenses depending on where you obtain it. For further
  13. # details see http://www.openssl.org/~appro/cryptogams/.
  14. # ====================================================================
  15. #
  16. # [Endian-neutral] AES for C64x+.
  17. #
  18. # Even though SPLOOPs are scheduled for 13 cycles, and thus expected
  19. # performance is ~8.5 cycles per byte processed with 128-bit key,
  20. # measured performance turned to be ~10 cycles per byte. Discrepancy
  21. # must be caused by limitations of L1D memory banking(*), see SPRU871
  22. # TI publication for further details. If any consolation it's still
  23. # ~20% faster than TI's linear assembly module anyway... Compared to
  24. # aes_core.c compiled with cl6x 6.0 with -mv6400+ -o2 options this
  25. # code is 3.75x faster and almost 3x smaller (tables included).
  26. #
  27. # (*) This means that there might be subtle correlation between data
  28. # and timing and one can wonder if it can be ... attacked:-(
  29. # On the other hand this also means that *if* one chooses to
  30. # implement *4* T-tables variant [instead of 1 T-table as in
  31. # this implementation, or in addition to], then one ought to
  32. # *interleave* them. Even though it complicates addressing,
  33. # references to interleaved tables would be guaranteed not to
  34. # clash. I reckon that it should be possible to break 8 cycles
  35. # per byte "barrier," i.e. improve by ~20%, naturally at the
  36. # cost of 8x increased pressure on L1D. 8x because you'd have
  37. # to interleave both Te and Td tables...
  38. while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
  39. open STDOUT,">$output";
  40. ($TEA,$TEB)=("A5","B5");
  41. ($KPA,$KPB)=("A3","B1");
  42. @K=("A6","B6","A7","B7");
  43. @s=("A8","B8","A9","B9");
  44. @Te0=@Td0=("A16","B16","A17","B17");
  45. @Te1=@Td1=("A18","B18","A19","B19");
  46. @Te2=@Td2=("A20","B20","A21","B21");
  47. @Te3=@Td3=("A22","B22","A23","B23");
  48. $code=<<___;
  49. .text
  50. .if .ASSEMBLER_VERSION<7000000
  51. .asg 0,__TI_EABI__
  52. .endif
  53. .if __TI_EABI__
  54. .nocmp
  55. .asg AES_encrypt,_AES_encrypt
  56. .asg AES_decrypt,_AES_decrypt
  57. .asg AES_set_encrypt_key,_AES_set_encrypt_key
  58. .asg AES_set_decrypt_key,_AES_set_decrypt_key
  59. .asg AES_ctr32_encrypt,_AES_ctr32_encrypt
  60. .endif
  61. .asg B3,RA
  62. .asg A4,INP
  63. .asg B4,OUT
  64. .asg A6,KEY
  65. .asg A4,RET
  66. .asg B15,SP
  67. .eval 24,EXT0
  68. .eval 16,EXT1
  69. .eval 8,EXT2
  70. .eval 0,EXT3
  71. .eval 8,TBL1
  72. .eval 16,TBL2
  73. .eval 24,TBL3
  74. .if .BIG_ENDIAN
  75. .eval 24-EXT0,EXT0
  76. .eval 24-EXT1,EXT1
  77. .eval 24-EXT2,EXT2
  78. .eval 24-EXT3,EXT3
  79. .eval 32-TBL1,TBL1
  80. .eval 32-TBL2,TBL2
  81. .eval 32-TBL3,TBL3
  82. .endif
  83. .global _AES_encrypt
  84. _AES_encrypt:
  85. .asmfunc
  86. MVK 1,B2
  87. __encrypt:
  88. .if __TI_EABI__
  89. [B2] LDNDW *INP++,A9:A8 ; load input
  90. || MVKL \$PCR_OFFSET(AES_Te,__encrypt),$TEA
  91. || ADDKPC __encrypt,B0
  92. [B2] LDNDW *INP++,B9:B8
  93. || MVKH \$PCR_OFFSET(AES_Te,__encrypt),$TEA
  94. || ADD 0,KEY,$KPA
  95. || ADD 4,KEY,$KPB
  96. .else
  97. [B2] LDNDW *INP++,A9:A8 ; load input
  98. || MVKL (AES_Te-__encrypt),$TEA
  99. || ADDKPC __encrypt,B0
  100. [B2] LDNDW *INP++,B9:B8
  101. || MVKH (AES_Te-__encrypt),$TEA
  102. || ADD 0,KEY,$KPA
  103. || ADD 4,KEY,$KPB
  104. .endif
  105. LDW *$KPA++[2],$Te0[0] ; zero round key
  106. || LDW *$KPB++[2],$Te0[1]
  107. || MVK 60,A0
  108. || ADD B0,$TEA,$TEA ; AES_Te
  109. LDW *KEY[A0],B0 ; rounds
  110. || MVK 1024,A0 ; sizeof(AES_Te)
  111. LDW *$KPA++[2],$Te0[2]
  112. || LDW *$KPB++[2],$Te0[3]
  113. || MV $TEA,$TEB
  114. NOP
  115. .if .BIG_ENDIAN
  116. MV A9,$s[0]
  117. || MV A8,$s[1]
  118. || MV B9,$s[2]
  119. || MV B8,$s[3]
  120. .else
  121. MV A8,$s[0]
  122. || MV A9,$s[1]
  123. || MV B8,$s[2]
  124. || MV B9,$s[3]
  125. .endif
  126. XOR $Te0[0],$s[0],$s[0]
  127. || XOR $Te0[1],$s[1],$s[1]
  128. || LDW *$KPA++[2],$K[0] ; 1st round key
  129. || LDW *$KPB++[2],$K[1]
  130. SUB B0,2,B0
  131. SPLOOPD 13
  132. || MVC B0,ILC
  133. || LDW *$KPA++[2],$K[2]
  134. || LDW *$KPB++[2],$K[3]
  135. ;;====================================================================
  136. EXTU $s[1],EXT1,24,$Te1[1]
  137. || EXTU $s[0],EXT3,24,$Te3[0]
  138. LDW *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0
  139. || LDW *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1
  140. || XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled
  141. || XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled
  142. || EXTU $s[1],EXT3,24,$Te3[1]
  143. || EXTU $s[0],EXT1,24,$Te1[0]
  144. LDW *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2
  145. || LDW *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3
  146. || EXTU $s[2],EXT2,24,$Te2[2]
  147. || EXTU $s[3],EXT2,24,$Te2[3]
  148. LDW *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0
  149. || LDW *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1
  150. || EXTU $s[3],EXT3,24,$Te3[3]
  151. || EXTU $s[2],EXT1,24,$Te1[2]
  152. LDW *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0
  153. || LDW *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1
  154. || EXTU $s[0],EXT2,24,$Te2[0]
  155. || EXTU $s[1],EXT2,24,$Te2[1]
  156. LDW *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2
  157. || LDW *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3
  158. || EXTU $s[3],EXT1,24,$Te1[3]
  159. || EXTU $s[2],EXT3,24,$Te3[2]
  160. LDW *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2
  161. || LDW *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3
  162. || ROTL $Te1[1],TBL1,$Te3[0] ; t0
  163. || ROTL $Te3[0],TBL3,$Te1[1] ; t1
  164. || EXTU $s[0],EXT0,24,$Te0[0]
  165. || EXTU $s[1],EXT0,24,$Te0[1]
  166. LDW *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0
  167. || LDW *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1
  168. || ROTL $Te3[1],TBL3,$Te1[0] ; t2
  169. || ROTL $Te1[0],TBL1,$Te3[1] ; t3
  170. || EXTU $s[2],EXT0,24,$Te0[2]
  171. || EXTU $s[3],EXT0,24,$Te0[3]
  172. LDW *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2
  173. || LDW *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3
  174. || ROTL $Te2[2],TBL2,$Te2[2] ; t0
  175. || ROTL $Te2[3],TBL2,$Te2[3] ; t1
  176. || XOR $K[0],$Te3[0],$s[0]
  177. || XOR $K[1],$Te1[1],$s[1]
  178. ROTL $Te3[3],TBL3,$Te1[2] ; t0
  179. || ROTL $Te1[2],TBL1,$Te3[3] ; t1
  180. || XOR $K[2],$Te1[0],$s[2]
  181. || XOR $K[3],$Te3[1],$s[3]
  182. || LDW *$KPA++[2],$K[0] ; next round key
  183. || LDW *$KPB++[2],$K[1]
  184. ROTL $Te2[0],TBL2,$Te2[0] ; t2
  185. || ROTL $Te2[1],TBL2,$Te2[1] ; t3
  186. || XOR $s[0],$Te2[2],$s[0]
  187. || XOR $s[1],$Te2[3],$s[1]
  188. || LDW *$KPA++[2],$K[2]
  189. || LDW *$KPB++[2],$K[3]
  190. ROTL $Te1[3],TBL1,$Te3[2] ; t2
  191. || ROTL $Te3[2],TBL3,$Te1[3] ; t3
  192. || XOR $s[0],$Te1[2],$s[0]
  193. || XOR $s[1],$Te3[3],$s[1]
  194. XOR $s[2],$Te2[0],$s[2]
  195. || XOR $s[3],$Te2[1],$s[3]
  196. || XOR $s[0],$Te0[0],$s[0]
  197. || XOR $s[1],$Te0[1],$s[1]
  198. SPKERNEL
  199. || XOR.L $s[2],$Te3[2],$s[2]
  200. || XOR.L $s[3],$Te1[3],$s[3]
  201. ;;====================================================================
  202. ADD.D ${TEA},A0,${TEA} ; point to Te4
  203. || ADD.D ${TEB},A0,${TEB}
  204. || EXTU $s[1],EXT1,24,$Te1[1]
  205. || EXTU $s[0],EXT3,24,$Te3[0]
  206. LDBU *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0
  207. || LDBU *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1
  208. || XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled
  209. || XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled
  210. || EXTU $s[0],EXT0,24,$Te0[0]
  211. || EXTU $s[1],EXT0,24,$Te0[1]
  212. LDBU *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0
  213. || LDBU *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1
  214. || EXTU $s[3],EXT3,24,$Te3[3]
  215. || EXTU $s[2],EXT1,24,$Te1[2]
  216. LDBU *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0
  217. || LDBU *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1
  218. || EXTU $s[2],EXT2,24,$Te2[2]
  219. || EXTU $s[3],EXT2,24,$Te2[3]
  220. LDBU *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0
  221. || LDBU *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1
  222. || EXTU $s[1],EXT3,24,$Te3[1]
  223. || EXTU $s[0],EXT1,24,$Te1[0]
  224. LDBU *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2
  225. || LDBU *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3
  226. || EXTU $s[3],EXT1,24,$Te1[3]
  227. || EXTU $s[2],EXT3,24,$Te3[2]
  228. LDBU *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2
  229. || LDBU *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3
  230. || EXTU $s[2],EXT0,24,$Te0[2]
  231. || EXTU $s[3],EXT0,24,$Te0[3]
  232. LDBU *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2
  233. || LDBU *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3
  234. || EXTU $s[0],EXT2,24,$Te2[0]
  235. || EXTU $s[1],EXT2,24,$Te2[1]
  236. LDBU *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2
  237. || LDBU *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3
  238. .if .BIG_ENDIAN
  239. PACK2 $Te0[0],$Te1[1],$Te0[0]
  240. || PACK2 $Te0[1],$Te1[2],$Te0[1]
  241. PACK2 $Te2[2],$Te3[3],$Te2[2]
  242. || PACK2 $Te2[3],$Te3[0],$Te2[3]
  243. PACKL4 $Te0[0],$Te2[2],$Te0[0]
  244. || PACKL4 $Te0[1],$Te2[3],$Te0[1]
  245. XOR $K[0],$Te0[0],$Te0[0] ; s[0]
  246. || XOR $K[1],$Te0[1],$Te0[1] ; s[1]
  247. PACK2 $Te0[2],$Te1[3],$Te0[2]
  248. || PACK2 $Te0[3],$Te1[0],$Te0[3]
  249. PACK2 $Te2[0],$Te3[1],$Te2[0]
  250. || PACK2 $Te2[1],$Te3[2],$Te2[1]
  251. || BNOP RA
  252. PACKL4 $Te0[2],$Te2[0],$Te0[2]
  253. || PACKL4 $Te0[3],$Te2[1],$Te0[3]
  254. XOR $K[2],$Te0[2],$Te0[2] ; s[2]
  255. || XOR $K[3],$Te0[3],$Te0[3] ; s[3]
  256. MV $Te0[0],A9
  257. || MV $Te0[1],A8
  258. MV $Te0[2],B9
  259. || MV $Te0[3],B8
  260. || [B2] STNDW A9:A8,*OUT++
  261. [B2] STNDW B9:B8,*OUT++
  262. .else
  263. PACK2 $Te1[1],$Te0[0],$Te1[1]
  264. || PACK2 $Te1[2],$Te0[1],$Te1[2]
  265. PACK2 $Te3[3],$Te2[2],$Te3[3]
  266. || PACK2 $Te3[0],$Te2[3],$Te3[0]
  267. PACKL4 $Te3[3],$Te1[1],$Te1[1]
  268. || PACKL4 $Te3[0],$Te1[2],$Te1[2]
  269. XOR $K[0],$Te1[1],$Te1[1] ; s[0]
  270. || XOR $K[1],$Te1[2],$Te1[2] ; s[1]
  271. PACK2 $Te1[3],$Te0[2],$Te1[3]
  272. || PACK2 $Te1[0],$Te0[3],$Te1[0]
  273. PACK2 $Te3[1],$Te2[0],$Te3[1]
  274. || PACK2 $Te3[2],$Te2[1],$Te3[2]
  275. || BNOP RA
  276. PACKL4 $Te3[1],$Te1[3],$Te1[3]
  277. || PACKL4 $Te3[2],$Te1[0],$Te1[0]
  278. XOR $K[2],$Te1[3],$Te1[3] ; s[2]
  279. || XOR $K[3],$Te1[0],$Te1[0] ; s[3]
  280. MV $Te1[1],A8
  281. || MV $Te1[2],A9
  282. MV $Te1[3],B8
  283. || MV $Te1[0],B9
  284. || [B2] STNDW A9:A8,*OUT++
  285. [B2] STNDW B9:B8,*OUT++
  286. .endif
  287. .endasmfunc
  288. .global _AES_decrypt
  289. _AES_decrypt:
  290. .asmfunc
  291. MVK 1,B2
  292. __decrypt:
  293. .if __TI_EABI__
  294. [B2] LDNDW *INP++,A9:A8 ; load input
  295. || MVKL \$PCR_OFFSET(AES_Td,__decrypt),$TEA
  296. || ADDKPC __decrypt,B0
  297. [B2] LDNDW *INP++,B9:B8
  298. || MVKH \$PCR_OFFSET(AES_Td,__decrypt),$TEA
  299. || ADD 0,KEY,$KPA
  300. || ADD 4,KEY,$KPB
  301. .else
  302. [B2] LDNDW *INP++,A9:A8 ; load input
  303. || MVKL (AES_Td-__decrypt),$TEA
  304. || ADDKPC __decrypt,B0
  305. [B2] LDNDW *INP++,B9:B8
  306. || MVKH (AES_Td-__decrypt),$TEA
  307. || ADD 0,KEY,$KPA
  308. || ADD 4,KEY,$KPB
  309. .endif
  310. LDW *$KPA++[2],$Td0[0] ; zero round key
  311. || LDW *$KPB++[2],$Td0[1]
  312. || MVK 60,A0
  313. || ADD B0,$TEA,$TEA ; AES_Td
  314. LDW *KEY[A0],B0 ; rounds
  315. || MVK 1024,A0 ; sizeof(AES_Td)
  316. LDW *$KPA++[2],$Td0[2]
  317. || LDW *$KPB++[2],$Td0[3]
  318. || MV $TEA,$TEB
  319. NOP
  320. .if .BIG_ENDIAN
  321. MV A9,$s[0]
  322. || MV A8,$s[1]
  323. || MV B9,$s[2]
  324. || MV B8,$s[3]
  325. .else
  326. MV A8,$s[0]
  327. || MV A9,$s[1]
  328. || MV B8,$s[2]
  329. || MV B9,$s[3]
  330. .endif
  331. XOR $Td0[0],$s[0],$s[0]
  332. || XOR $Td0[1],$s[1],$s[1]
  333. || LDW *$KPA++[2],$K[0] ; 1st round key
  334. || LDW *$KPB++[2],$K[1]
  335. SUB B0,2,B0
  336. SPLOOPD 13
  337. || MVC B0,ILC
  338. || LDW *$KPA++[2],$K[2]
  339. || LDW *$KPB++[2],$K[3]
  340. ;;====================================================================
  341. EXTU $s[1],EXT3,24,$Td3[1]
  342. || EXTU $s[0],EXT1,24,$Td1[0]
  343. LDW *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0
  344. || LDW *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1
  345. || XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled
  346. || XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled
  347. || EXTU $s[1],EXT1,24,$Td1[1]
  348. || EXTU $s[0],EXT3,24,$Td3[0]
  349. LDW *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2
  350. || LDW *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3
  351. || EXTU $s[2],EXT2,24,$Td2[2]
  352. || EXTU $s[3],EXT2,24,$Td2[3]
  353. LDW *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0
  354. || LDW *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1
  355. || EXTU $s[3],EXT1,24,$Td1[3]
  356. || EXTU $s[2],EXT3,24,$Td3[2]
  357. LDW *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0
  358. || LDW *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1
  359. || EXTU $s[0],EXT2,24,$Td2[0]
  360. || EXTU $s[1],EXT2,24,$Td2[1]
  361. LDW *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2
  362. || LDW *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3
  363. || EXTU $s[3],EXT3,24,$Td3[3]
  364. || EXTU $s[2],EXT1,24,$Td1[2]
  365. LDW *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2
  366. || LDW *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3
  367. || ROTL $Td3[1],TBL3,$Td1[0] ; t0
  368. || ROTL $Td1[0],TBL1,$Td3[1] ; t1
  369. || EXTU $s[0],EXT0,24,$Td0[0]
  370. || EXTU $s[1],EXT0,24,$Td0[1]
  371. LDW *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0
  372. || LDW *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1
  373. || ROTL $Td1[1],TBL1,$Td3[0] ; t2
  374. || ROTL $Td3[0],TBL3,$Td1[1] ; t3
  375. || EXTU $s[2],EXT0,24,$Td0[2]
  376. || EXTU $s[3],EXT0,24,$Td0[3]
  377. LDW *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2
  378. || LDW *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3
  379. || ROTL $Td2[2],TBL2,$Td2[2] ; t0
  380. || ROTL $Td2[3],TBL2,$Td2[3] ; t1
  381. || XOR $K[0],$Td1[0],$s[0]
  382. || XOR $K[1],$Td3[1],$s[1]
  383. ROTL $Td1[3],TBL1,$Td3[2] ; t0
  384. || ROTL $Td3[2],TBL3,$Td1[3] ; t1
  385. || XOR $K[2],$Td3[0],$s[2]
  386. || XOR $K[3],$Td1[1],$s[3]
  387. || LDW *$KPA++[2],$K[0] ; next round key
  388. || LDW *$KPB++[2],$K[1]
  389. ROTL $Td2[0],TBL2,$Td2[0] ; t2
  390. || ROTL $Td2[1],TBL2,$Td2[1] ; t3
  391. || XOR $s[0],$Td2[2],$s[0]
  392. || XOR $s[1],$Td2[3],$s[1]
  393. || LDW *$KPA++[2],$K[2]
  394. || LDW *$KPB++[2],$K[3]
  395. ROTL $Td3[3],TBL3,$Td1[2] ; t2
  396. || ROTL $Td1[2],TBL1,$Td3[3] ; t3
  397. || XOR $s[0],$Td3[2],$s[0]
  398. || XOR $s[1],$Td1[3],$s[1]
  399. XOR $s[2],$Td2[0],$s[2]
  400. || XOR $s[3],$Td2[1],$s[3]
  401. || XOR $s[0],$Td0[0],$s[0]
  402. || XOR $s[1],$Td0[1],$s[1]
  403. SPKERNEL
  404. || XOR.L $s[2],$Td1[2],$s[2]
  405. || XOR.L $s[3],$Td3[3],$s[3]
  406. ;;====================================================================
  407. ADD.D ${TEA},A0,${TEA} ; point to Td4
  408. || ADD.D ${TEB},A0,${TEB}
  409. || EXTU $s[1],EXT3,24,$Td3[1]
  410. || EXTU $s[0],EXT1,24,$Td1[0]
  411. LDBU *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0
  412. || LDBU *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1
  413. || XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled
  414. || XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled
  415. || EXTU $s[0],EXT0,24,$Td0[0]
  416. || EXTU $s[1],EXT0,24,$Td0[1]
  417. LDBU *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0
  418. || LDBU *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1
  419. || EXTU $s[2],EXT2,24,$Td2[2]
  420. || EXTU $s[3],EXT2,24,$Td2[3]
  421. LDBU *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0
  422. || LDBU *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1
  423. || EXTU $s[3],EXT1,24,$Td1[3]
  424. || EXTU $s[2],EXT3,24,$Td3[2]
  425. LDBU *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0
  426. || LDBU *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1
  427. || EXTU $s[1],EXT1,24,$Td1[1]
  428. || EXTU $s[0],EXT3,24,$Td3[0]
  429. LDBU *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2
  430. || LDBU *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3
  431. || EXTU $s[0],EXT2,24,$Td2[0]
  432. || EXTU $s[1],EXT2,24,$Td2[1]
  433. LDBU *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2
  434. || LDBU *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3
  435. || EXTU $s[3],EXT3,24,$Td3[3]
  436. || EXTU $s[2],EXT1,24,$Td1[2]
  437. LDBU *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2
  438. || LDBU *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3
  439. || EXTU $s[2],EXT0,24,$Td0[2]
  440. || EXTU $s[3],EXT0,24,$Td0[3]
  441. LDBU *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2
  442. || LDBU *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3
  443. .if .BIG_ENDIAN
  444. PACK2 $Td0[0],$Td1[3],$Td0[0]
  445. || PACK2 $Td0[1],$Td1[0],$Td0[1]
  446. PACK2 $Td2[2],$Td3[1],$Td2[2]
  447. || PACK2 $Td2[3],$Td3[2],$Td2[3]
  448. PACKL4 $Td0[0],$Td2[2],$Td0[0]
  449. || PACKL4 $Td0[1],$Td2[3],$Td0[1]
  450. XOR $K[0],$Td0[0],$Td0[0] ; s[0]
  451. || XOR $K[1],$Td0[1],$Td0[1] ; s[1]
  452. PACK2 $Td0[2],$Td1[1],$Td0[2]
  453. || PACK2 $Td0[3],$Td1[2],$Td0[3]
  454. PACK2 $Td2[0],$Td3[3],$Td2[0]
  455. || PACK2 $Td2[1],$Td3[0],$Td2[1]
  456. || BNOP RA
  457. PACKL4 $Td0[2],$Td2[0],$Td0[2]
  458. || PACKL4 $Td0[3],$Td2[1],$Td0[3]
  459. XOR $K[2],$Td0[2],$Td0[2] ; s[2]
  460. || XOR $K[3],$Td0[3],$Td0[3] ; s[3]
  461. MV $Td0[0],A9
  462. || MV $Td0[1],A8
  463. MV $Td0[2],B9
  464. || MV $Td0[3],B8
  465. || [B2] STNDW A9:A8,*OUT++
  466. [B2] STNDW B9:B8,*OUT++
  467. .else
  468. PACK2 $Td1[3],$Td0[0],$Td1[3]
  469. || PACK2 $Td1[0],$Td0[1],$Td1[0]
  470. PACK2 $Td3[1],$Td2[2],$Td3[1]
  471. || PACK2 $Td3[2],$Td2[3],$Td3[2]
  472. PACKL4 $Td3[1],$Td1[3],$Td1[3]
  473. || PACKL4 $Td3[2],$Td1[0],$Td1[0]
  474. XOR $K[0],$Td1[3],$Td1[3] ; s[0]
  475. || XOR $K[1],$Td1[0],$Td1[0] ; s[1]
  476. PACK2 $Td1[1],$Td0[2],$Td1[1]
  477. || PACK2 $Td1[2],$Td0[3],$Td1[2]
  478. PACK2 $Td3[3],$Td2[0],$Td3[3]
  479. || PACK2 $Td3[0],$Td2[1],$Td3[0]
  480. || BNOP RA
  481. PACKL4 $Td3[3],$Td1[1],$Td1[1]
  482. || PACKL4 $Td3[0],$Td1[2],$Td1[2]
  483. XOR $K[2],$Td1[1],$Td1[1] ; s[2]
  484. || XOR $K[3],$Td1[2],$Td1[2] ; s[3]
  485. MV $Td1[3],A8
  486. || MV $Td1[0],A9
  487. MV $Td1[1],B8
  488. || MV $Td1[2],B9
  489. || [B2] STNDW A9:A8,*OUT++
  490. [B2] STNDW B9:B8,*OUT++
  491. .endif
  492. .endasmfunc
  493. ___
  494. {
  495. my @K=(@K,@s); # extended key
  496. my @Te4=map("B$_",(16..19));
  497. my @Kx9=@Te0; # used in AES_set_decrypt_key
  498. my @KxB=@Te1;
  499. my @KxD=@Te2;
  500. my @KxE=@Te3;
  501. $code.=<<___;
  502. .asg OUT,BITS
  503. .global _AES_set_encrypt_key
  504. _AES_set_encrypt_key:
  505. __set_encrypt_key:
  506. .asmfunc
  507. MV INP,A0
  508. || SHRU BITS,5,BITS ; 128-192-256 -> 4-6-8
  509. || MV KEY,A1
  510. [!A0] B RA
  511. ||[!A0] MVK -1,RET
  512. ||[!A0] MVK 1,A1 ; only one B RA
  513. [!A1] B RA
  514. ||[!A1] MVK -1,RET
  515. ||[!A1] MVK 0,A0
  516. || MVK 0,B0
  517. || MVK 0,A1
  518. [A0] LDNDW *INP++,A9:A8
  519. || [A0] CMPEQ 4,BITS,B0
  520. || [A0] CMPLT 3,BITS,A1
  521. [B0] B key128?
  522. || [A1] LDNDW *INP++,B9:B8
  523. || [A0] CMPEQ 6,BITS,B0
  524. || [A0] CMPLT 5,BITS,A1
  525. [B0] B key192?
  526. || [A1] LDNDW *INP++,B17:B16
  527. || [A0] CMPEQ 8,BITS,B0
  528. || [A0] CMPLT 7,BITS,A1
  529. [B0] B key256?
  530. || [A1] LDNDW *INP++,B19:B18
  531. .if __TI_EABI__
  532. [A0] ADD 0,KEY,$KPA
  533. || [A0] ADD 4,KEY,$KPB
  534. || [A0] MVKL \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
  535. || [A0] ADDKPC __set_encrypt_key,B6
  536. [A0] MVKH \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
  537. [A0] ADD B6,$TEA,$TEA ; AES_Te4
  538. .else
  539. [A0] ADD 0,KEY,$KPA
  540. || [A0] ADD 4,KEY,$KPB
  541. || [A0] MVKL (AES_Te4-__set_encrypt_key),$TEA
  542. || [A0] ADDKPC __set_encrypt_key,B6
  543. [A0] MVKH (AES_Te4-__set_encrypt_key),$TEA
  544. [A0] ADD B6,$TEA,$TEA ; AES_Te4
  545. .endif
  546. NOP
  547. NOP
  548. BNOP RA,5
  549. || MVK -2,RET ; unknown bit length
  550. || MVK 0,B0 ; redundant
  551. ;;====================================================================
  552. ;;====================================================================
  553. key128?:
  554. .if .BIG_ENDIAN
  555. MV A9,$K[0]
  556. || MV A8,$K[1]
  557. || MV B9,$Te4[2]
  558. || MV B8,$K[3]
  559. .else
  560. MV A8,$K[0]
  561. || MV A9,$K[1]
  562. || MV B8,$Te4[2]
  563. || MV B9,$K[3]
  564. .endif
  565. MVK 256,A0
  566. || MVK 9,B0
  567. SPLOOPD 14
  568. || MVC B0,ILC
  569. || MV $TEA,$TEB
  570. || ADD $TEA,A0,A30 ; rcon
  571. ;;====================================================================
  572. LDW *A30++[1],A31 ; rcon[i]
  573. || MV $Te4[2],$K[2]
  574. || EXTU $K[3],EXT1,24,$Te4[0]
  575. LDBU *${TEB}[$Te4[0]],$Te4[0]
  576. || MV $K[3],A0
  577. || EXTU $K[3],EXT2,24,$Te4[1]
  578. LDBU *${TEB}[$Te4[1]],$Te4[1]
  579. || EXTU A0,EXT3,24,A0
  580. || EXTU $K[3],EXT0,24,$Te4[3]
  581. .if .BIG_ENDIAN
  582. LDBU *${TEA}[A0],$Te4[3]
  583. || LDBU *${TEB}[$Te4[3]],A0
  584. .else
  585. LDBU *${TEA}[A0],A0
  586. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  587. .endif
  588. STW $K[0],*$KPA++[2]
  589. || STW $K[1],*$KPB++[2]
  590. STW $K[2],*$KPA++[2]
  591. || STW $K[3],*$KPB++[2]
  592. XOR A31,$K[0],$K[0] ; ^=rcon[i]
  593. .if .BIG_ENDIAN
  594. PACK2 $Te4[0],$Te4[1],$Te4[1]
  595. PACK2 $Te4[3],A0,$Te4[3]
  596. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  597. .else
  598. PACK2 $Te4[1],$Te4[0],$Te4[1]
  599. PACK2 $Te4[3],A0,$Te4[3]
  600. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  601. .endif
  602. XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  603. XOR $Te4[0],$K[1],$K[1] ; K[1]
  604. MV $Te4[0],$K[0]
  605. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  606. XOR $Te4[2],$K[3],$K[3] ; K[3]
  607. SPKERNEL
  608. ;;====================================================================
  609. BNOP RA
  610. MV $Te4[2],$K[2]
  611. || STW $K[0],*$KPA++[2]
  612. || STW $K[1],*$KPB++[2]
  613. STW $K[2],*$KPA++[2]
  614. || STW $K[3],*$KPB++[2]
  615. MVK 10,B0 ; rounds
  616. STW B0,*++${KPB}[15]
  617. MVK 0,RET
  618. ;;====================================================================
  619. ;;====================================================================
  620. key192?:
  621. .if .BIG_ENDIAN
  622. MV A9,$K[0]
  623. || MV A8,$K[1]
  624. || MV B9,$K[2]
  625. || MV B8,$K[3]
  626. MV B17,$Te4[2]
  627. || MV B16,$K[5]
  628. .else
  629. MV A8,$K[0]
  630. || MV A9,$K[1]
  631. || MV B8,$K[2]
  632. || MV B9,$K[3]
  633. MV B16,$Te4[2]
  634. || MV B17,$K[5]
  635. .endif
  636. MVK 256,A0
  637. || MVK 6,B0
  638. MV $TEA,$TEB
  639. || ADD $TEA,A0,A30 ; rcon
  640. ;;====================================================================
  641. loop192?:
  642. LDW *A30++[1],A31 ; rcon[i]
  643. || MV $Te4[2],$K[4]
  644. || EXTU $K[5],EXT1,24,$Te4[0]
  645. LDBU *${TEB}[$Te4[0]],$Te4[0]
  646. || MV $K[5],A0
  647. || EXTU $K[5],EXT2,24,$Te4[1]
  648. LDBU *${TEB}[$Te4[1]],$Te4[1]
  649. || EXTU A0,EXT3,24,A0
  650. || EXTU $K[5],EXT0,24,$Te4[3]
  651. .if .BIG_ENDIAN
  652. LDBU *${TEA}[A0],$Te4[3]
  653. || LDBU *${TEB}[$Te4[3]],A0
  654. .else
  655. LDBU *${TEA}[A0],A0
  656. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  657. .endif
  658. STW $K[0],*$KPA++[2]
  659. || STW $K[1],*$KPB++[2]
  660. STW $K[2],*$KPA++[2]
  661. || STW $K[3],*$KPB++[2]
  662. STW $K[4],*$KPA++[2]
  663. || STW $K[5],*$KPB++[2]
  664. XOR A31,$K[0],$K[0] ; ^=rcon[i]
  665. .if .BIG_ENDIAN
  666. PACK2 $Te4[0],$Te4[1],$Te4[1]
  667. || PACK2 $Te4[3],A0,$Te4[3]
  668. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  669. .else
  670. PACK2 $Te4[1],$Te4[0],$Te4[1]
  671. || PACK2 $Te4[3],A0,$Te4[3]
  672. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  673. .endif
  674. BDEC loop192?,B0
  675. || XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  676. XOR $Te4[0],$K[1],$K[1] ; K[1]
  677. MV $Te4[0],$K[0]
  678. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  679. XOR $Te4[2],$K[3],$K[3] ; K[3]
  680. MV $Te4[2],$K[2]
  681. || XOR $K[3],$K[4],$Te4[2] ; K[4]
  682. XOR $Te4[2],$K[5],$K[5] ; K[5]
  683. ;;====================================================================
  684. BNOP RA
  685. STW $K[0],*$KPA++[2]
  686. || STW $K[1],*$KPB++[2]
  687. STW $K[2],*$KPA++[2]
  688. || STW $K[3],*$KPB++[2]
  689. MVK 12,B0 ; rounds
  690. STW B0,*++${KPB}[7]
  691. MVK 0,RET
  692. ;;====================================================================
  693. ;;====================================================================
  694. key256?:
  695. .if .BIG_ENDIAN
  696. MV A9,$K[0]
  697. || MV A8,$K[1]
  698. || MV B9,$K[2]
  699. || MV B8,$K[3]
  700. MV B17,$K[4]
  701. || MV B16,$K[5]
  702. || MV B19,$Te4[2]
  703. || MV B18,$K[7]
  704. .else
  705. MV A8,$K[0]
  706. || MV A9,$K[1]
  707. || MV B8,$K[2]
  708. || MV B9,$K[3]
  709. MV B16,$K[4]
  710. || MV B17,$K[5]
  711. || MV B18,$Te4[2]
  712. || MV B19,$K[7]
  713. .endif
  714. MVK 256,A0
  715. || MVK 6,B0
  716. MV $TEA,$TEB
  717. || ADD $TEA,A0,A30 ; rcon
  718. ;;====================================================================
  719. loop256?:
  720. LDW *A30++[1],A31 ; rcon[i]
  721. || MV $Te4[2],$K[6]
  722. || EXTU $K[7],EXT1,24,$Te4[0]
  723. LDBU *${TEB}[$Te4[0]],$Te4[0]
  724. || MV $K[7],A0
  725. || EXTU $K[7],EXT2,24,$Te4[1]
  726. LDBU *${TEB}[$Te4[1]],$Te4[1]
  727. || EXTU A0,EXT3,24,A0
  728. || EXTU $K[7],EXT0,24,$Te4[3]
  729. .if .BIG_ENDIAN
  730. LDBU *${TEA}[A0],$Te4[3]
  731. || LDBU *${TEB}[$Te4[3]],A0
  732. .else
  733. LDBU *${TEA}[A0],A0
  734. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  735. .endif
  736. STW $K[0],*$KPA++[2]
  737. || STW $K[1],*$KPB++[2]
  738. STW $K[2],*$KPA++[2]
  739. || STW $K[3],*$KPB++[2]
  740. STW $K[4],*$KPA++[2]
  741. || STW $K[5],*$KPB++[2]
  742. STW $K[6],*$KPA++[2]
  743. || STW $K[7],*$KPB++[2]
  744. || XOR A31,$K[0],$K[0] ; ^=rcon[i]
  745. .if .BIG_ENDIAN
  746. PACK2 $Te4[0],$Te4[1],$Te4[1]
  747. || PACK2 $Te4[3],A0,$Te4[3]
  748. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  749. ||[!B0] B done256?
  750. .else
  751. PACK2 $Te4[1],$Te4[0],$Te4[1]
  752. || PACK2 $Te4[3],A0,$Te4[3]
  753. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  754. ||[!B0] B done256?
  755. .endif
  756. XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  757. XOR $Te4[0],$K[1],$K[1] ; K[1]
  758. MV $Te4[0],$K[0]
  759. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  760. XOR $Te4[2],$K[3],$K[3] ; K[3]
  761. MV $Te4[2],$K[2]
  762. || [B0] EXTU $K[3],EXT0,24,$Te4[0]
  763. || [B0] SUB B0,1,B0
  764. LDBU *${TEB}[$Te4[0]],$Te4[0]
  765. || MV $K[3],A0
  766. || EXTU $K[3],EXT1,24,$Te4[1]
  767. LDBU *${TEB}[$Te4[1]],$Te4[1]
  768. || EXTU A0,EXT2,24,A0
  769. || EXTU $K[3],EXT3,24,$Te4[3]
  770. .if .BIG_ENDIAN
  771. LDBU *${TEA}[A0],$Te4[3]
  772. || LDBU *${TEB}[$Te4[3]],A0
  773. NOP 3
  774. PACK2 $Te4[0],$Te4[1],$Te4[1]
  775. PACK2 $Te4[3],A0,$Te4[3]
  776. || B loop256?
  777. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  778. .else
  779. LDBU *${TEA}[A0],A0
  780. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  781. NOP 3
  782. PACK2 $Te4[1],$Te4[0],$Te4[1]
  783. PACK2 $Te4[3],A0,$Te4[3]
  784. || B loop256?
  785. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  786. .endif
  787. XOR $Te4[3],$K[4],$Te4[0] ; K[4]
  788. XOR $Te4[0],$K[5],$K[5] ; K[5]
  789. MV $Te4[0],$K[4]
  790. || XOR $K[5],$K[6],$Te4[2] ; K[6]
  791. XOR $Te4[2],$K[7],$K[7] ; K[7]
  792. ;;====================================================================
  793. done256?:
  794. BNOP RA
  795. STW $K[0],*$KPA++[2]
  796. || STW $K[1],*$KPB++[2]
  797. STW $K[2],*$KPA++[2]
  798. || STW $K[3],*$KPB++[2]
  799. MVK 14,B0 ; rounds
  800. STW B0,*--${KPB}[1]
  801. MVK 0,RET
  802. .endasmfunc
  803. .global _AES_set_decrypt_key
  804. _AES_set_decrypt_key:
  805. .asmfunc
  806. B __set_encrypt_key ; guarantee local call
  807. MV KEY,B30 ; B30 is not modified
  808. MV RA, B31 ; B31 is not modified
  809. ADDKPC ret?,RA,2
  810. ret?: ; B0 holds rounds or zero
  811. [!B0] BNOP B31 ; return if zero
  812. [B0] SHL B0,4,A0 ; offset to last round key
  813. [B0] SHRU B0,1,B1
  814. [B0] SUB B1,1,B1
  815. [B0] MVK 0x0000001B,B3 ; AES polynomial
  816. [B0] MVKH 0x07000000,B3
  817. SPLOOPD 9 ; flip round keys
  818. || MVC B1,ILC
  819. || MV B30,$KPA
  820. || ADD B30,A0,$KPB
  821. || MVK 16,A0 ; sizeof(round key)
  822. ;;====================================================================
  823. LDW *${KPA}[0],A16
  824. || LDW *${KPB}[0],B16
  825. LDW *${KPA}[1],A17
  826. || LDW *${KPB}[1],B17
  827. LDW *${KPA}[2],A18
  828. || LDW *${KPB}[2],B18
  829. LDW *${KPA}[3],A19
  830. || ADD $KPA,A0,$KPA
  831. || LDW *${KPB}[3],B19
  832. || SUB $KPB,A0,$KPB
  833. NOP
  834. STW B16,*${KPA}[-4]
  835. || STW A16,*${KPB}[4]
  836. STW B17,*${KPA}[-3]
  837. || STW A17,*${KPB}[5]
  838. STW B18,*${KPA}[-2]
  839. || STW A18,*${KPB}[6]
  840. STW B19,*${KPA}[-1]
  841. || STW A19,*${KPB}[7]
  842. SPKERNEL
  843. ;;====================================================================
  844. SUB B0,1,B0 ; skip last round
  845. || ADD B30,A0,$KPA ; skip first round
  846. || ADD B30,A0,$KPB
  847. || MVC GFPGFR,B30 ; save GFPGFR
  848. LDW *${KPA}[0],$K[0]
  849. || LDW *${KPB}[1],$K[1]
  850. || MVC B3,GFPGFR
  851. LDW *${KPA}[2],$K[2]
  852. || LDW *${KPB}[3],$K[3]
  853. MVK 0x00000909,A24
  854. || MVK 0x00000B0B,B24
  855. MVKH 0x09090000,A24
  856. || MVKH 0x0B0B0000,B24
  857. MVC B0,ILC
  858. || SUB B0,1,B0
  859. GMPY4 $K[0],A24,$Kx9[0] ; ·0x09
  860. || GMPY4 $K[1],A24,$Kx9[1]
  861. || MVK 0x00000D0D,A25
  862. || MVK 0x00000E0E,B25
  863. GMPY4 $K[2],A24,$Kx9[2]
  864. || GMPY4 $K[3],A24,$Kx9[3]
  865. || MVKH 0x0D0D0000,A25
  866. || MVKH 0x0E0E0000,B25
  867. GMPY4 $K[0],B24,$KxB[0] ; ·0x0B
  868. || GMPY4 $K[1],B24,$KxB[1]
  869. GMPY4 $K[2],B24,$KxB[2]
  870. || GMPY4 $K[3],B24,$KxB[3]
  871. SPLOOP 11 ; InvMixColumns
  872. ;;====================================================================
  873. GMPY4 $K[0],A25,$KxD[0] ; ·0x0D
  874. || GMPY4 $K[1],A25,$KxD[1]
  875. || SWAP2 $Kx9[0],$Kx9[0] ; rotate by 16
  876. || SWAP2 $Kx9[1],$Kx9[1]
  877. || MV $K[0],$s[0] ; this or DINT
  878. || MV $K[1],$s[1]
  879. || [B0] LDW *${KPA}[4],$K[0]
  880. || [B0] LDW *${KPB}[5],$K[1]
  881. GMPY4 $K[2],A25,$KxD[2]
  882. || GMPY4 $K[3],A25,$KxD[3]
  883. || SWAP2 $Kx9[2],$Kx9[2]
  884. || SWAP2 $Kx9[3],$Kx9[3]
  885. || MV $K[2],$s[2]
  886. || MV $K[3],$s[3]
  887. || [B0] LDW *${KPA}[6],$K[2]
  888. || [B0] LDW *${KPB}[7],$K[3]
  889. GMPY4 $s[0],B25,$KxE[0] ; ·0x0E
  890. || GMPY4 $s[1],B25,$KxE[1]
  891. || XOR $Kx9[0],$KxB[0],$KxB[0]
  892. || XOR $Kx9[1],$KxB[1],$KxB[1]
  893. GMPY4 $s[2],B25,$KxE[2]
  894. || GMPY4 $s[3],B25,$KxE[3]
  895. || XOR $Kx9[2],$KxB[2],$KxB[2]
  896. || XOR $Kx9[3],$KxB[3],$KxB[3]
  897. ROTL $KxB[0],TBL3,$KxB[0]
  898. || ROTL $KxB[1],TBL3,$KxB[1]
  899. || SWAP2 $KxD[0],$KxD[0] ; rotate by 16
  900. || SWAP2 $KxD[1],$KxD[1]
  901. ROTL $KxB[2],TBL3,$KxB[2]
  902. || ROTL $KxB[3],TBL3,$KxB[3]
  903. || SWAP2 $KxD[2],$KxD[2]
  904. || SWAP2 $KxD[3],$KxD[3]
  905. XOR $KxE[0],$KxD[0],$KxE[0]
  906. || XOR $KxE[1],$KxD[1],$KxE[1]
  907. || [B0] GMPY4 $K[0],A24,$Kx9[0] ; ·0x09
  908. || [B0] GMPY4 $K[1],A24,$Kx9[1]
  909. || ADDAW $KPA,4,$KPA
  910. XOR $KxE[2],$KxD[2],$KxE[2]
  911. || XOR $KxE[3],$KxD[3],$KxE[3]
  912. || [B0] GMPY4 $K[2],A24,$Kx9[2]
  913. || [B0] GMPY4 $K[3],A24,$Kx9[3]
  914. || ADDAW $KPB,4,$KPB
  915. XOR $KxB[0],$KxE[0],$KxE[0]
  916. || XOR $KxB[1],$KxE[1],$KxE[1]
  917. || [B0] GMPY4 $K[0],B24,$KxB[0] ; ·0x0B
  918. || [B0] GMPY4 $K[1],B24,$KxB[1]
  919. XOR $KxB[2],$KxE[2],$KxE[2]
  920. || XOR $KxB[3],$KxE[3],$KxE[3]
  921. || [B0] GMPY4 $K[2],B24,$KxB[2]
  922. || [B0] GMPY4 $K[3],B24,$KxB[3]
  923. || STW $KxE[0],*${KPA}[-4]
  924. || STW $KxE[1],*${KPB}[-3]
  925. STW $KxE[2],*${KPA}[-2]
  926. || STW $KxE[3],*${KPB}[-1]
  927. || [B0] SUB B0,1,B0
  928. SPKERNEL
  929. ;;====================================================================
  930. BNOP B31,3
  931. MVC B30,GFPGFR ; restore GFPGFR(*)
  932. MVK 0,RET
  933. .endasmfunc
  934. ___
  935. # (*) Even though ABI doesn't specify GFPGFR as non-volatile, there
  936. # are code samples out there that *assume* its default value.
  937. }
  938. {
  939. my ($inp,$out,$blocks,$key,$ivp)=("A4","B4","A6","B6","A8");
  940. $code.=<<___;
  941. .global _AES_ctr32_encrypt
  942. _AES_ctr32_encrypt:
  943. .asmfunc
  944. LDNDW *${ivp}[0],A31:A30 ; load counter value
  945. || MV $blocks,A2 ; reassign $blocks
  946. || DMV RA,$key,B27:B26 ; reassign RA and $key
  947. LDNDW *${ivp}[1],B31:B30
  948. || MVK 0,B2 ; don't let __encrypt load input
  949. || MVK 0,A1 ; and postpone writing output
  950. .if .BIG_ENDIAN
  951. NOP
  952. .else
  953. NOP 4
  954. SWAP2 B31,B31 ; keep least significant 32 bits
  955. SWAP4 B31,B31 ; in host byte order
  956. .endif
  957. ctr32_loop?:
  958. [A2] BNOP __encrypt
  959. || [A1] XOR A29,A9,A9 ; input^Ek(counter)
  960. || [A1] XOR A28,A8,A8
  961. || [A2] LDNDW *INP++,A29:A28 ; load input
  962. [!A2] BNOP B27 ; return
  963. || [A1] XOR B29,B9,B9
  964. || [A1] XOR B28,B8,B8
  965. || [A2] LDNDW *INP++,B29:B28
  966. .if .BIG_ENDIAN
  967. [A1] STNDW A9:A8,*OUT++ ; save output
  968. || [A2] DMV A31,A30,A9:A8 ; pass counter value to __encrypt
  969. [A1] STNDW B9:B8,*OUT++
  970. || [A2] DMV B31,B30,B9:B8
  971. || [A2] ADD B30,1,B30 ; counter++
  972. .else
  973. [A1] STNDW A9:A8,*OUT++ ; save output
  974. || [A2] DMV A31,A30,A9:A8
  975. || [A2] SWAP2 B31,B0
  976. || [A2] ADD B31,1,B31 ; counter++
  977. [A1] STNDW B9:B8,*OUT++
  978. || [A2] MV B30,B8
  979. || [A2] SWAP4 B0,B9
  980. .endif
  981. [A2] ADDKPC ctr32_loop?,RA ; return to ctr32_loop?
  982. || [A2] MV B26,KEY ; pass $key
  983. || [A2] SUB A2,1,A2 ; $blocks--
  984. ||[!A1] MVK 1,A1
  985. NOP
  986. NOP
  987. .endasmfunc
  988. ___
  989. }
  990. # Tables are kept in endian-neutral manner
  991. $code.=<<___;
  992. .if __TI_EABI__
  993. .sect ".text:aes_asm.const"
  994. .else
  995. .sect ".const:aes_asm"
  996. .endif
  997. .align 128
  998. AES_Te:
  999. .byte 0xc6,0x63,0x63,0xa5, 0xf8,0x7c,0x7c,0x84
  1000. .byte 0xee,0x77,0x77,0x99, 0xf6,0x7b,0x7b,0x8d
  1001. .byte 0xff,0xf2,0xf2,0x0d, 0xd6,0x6b,0x6b,0xbd
  1002. .byte 0xde,0x6f,0x6f,0xb1, 0x91,0xc5,0xc5,0x54
  1003. .byte 0x60,0x30,0x30,0x50, 0x02,0x01,0x01,0x03
  1004. .byte 0xce,0x67,0x67,0xa9, 0x56,0x2b,0x2b,0x7d
  1005. .byte 0xe7,0xfe,0xfe,0x19, 0xb5,0xd7,0xd7,0x62
  1006. .byte 0x4d,0xab,0xab,0xe6, 0xec,0x76,0x76,0x9a
  1007. .byte 0x8f,0xca,0xca,0x45, 0x1f,0x82,0x82,0x9d
  1008. .byte 0x89,0xc9,0xc9,0x40, 0xfa,0x7d,0x7d,0x87
  1009. .byte 0xef,0xfa,0xfa,0x15, 0xb2,0x59,0x59,0xeb
  1010. .byte 0x8e,0x47,0x47,0xc9, 0xfb,0xf0,0xf0,0x0b
  1011. .byte 0x41,0xad,0xad,0xec, 0xb3,0xd4,0xd4,0x67
  1012. .byte 0x5f,0xa2,0xa2,0xfd, 0x45,0xaf,0xaf,0xea
  1013. .byte 0x23,0x9c,0x9c,0xbf, 0x53,0xa4,0xa4,0xf7
  1014. .byte 0xe4,0x72,0x72,0x96, 0x9b,0xc0,0xc0,0x5b
  1015. .byte 0x75,0xb7,0xb7,0xc2, 0xe1,0xfd,0xfd,0x1c
  1016. .byte 0x3d,0x93,0x93,0xae, 0x4c,0x26,0x26,0x6a
  1017. .byte 0x6c,0x36,0x36,0x5a, 0x7e,0x3f,0x3f,0x41
  1018. .byte 0xf5,0xf7,0xf7,0x02, 0x83,0xcc,0xcc,0x4f
  1019. .byte 0x68,0x34,0x34,0x5c, 0x51,0xa5,0xa5,0xf4
  1020. .byte 0xd1,0xe5,0xe5,0x34, 0xf9,0xf1,0xf1,0x08
  1021. .byte 0xe2,0x71,0x71,0x93, 0xab,0xd8,0xd8,0x73
  1022. .byte 0x62,0x31,0x31,0x53, 0x2a,0x15,0x15,0x3f
  1023. .byte 0x08,0x04,0x04,0x0c, 0x95,0xc7,0xc7,0x52
  1024. .byte 0x46,0x23,0x23,0x65, 0x9d,0xc3,0xc3,0x5e
  1025. .byte 0x30,0x18,0x18,0x28, 0x37,0x96,0x96,0xa1
  1026. .byte 0x0a,0x05,0x05,0x0f, 0x2f,0x9a,0x9a,0xb5
  1027. .byte 0x0e,0x07,0x07,0x09, 0x24,0x12,0x12,0x36
  1028. .byte 0x1b,0x80,0x80,0x9b, 0xdf,0xe2,0xe2,0x3d
  1029. .byte 0xcd,0xeb,0xeb,0x26, 0x4e,0x27,0x27,0x69
  1030. .byte 0x7f,0xb2,0xb2,0xcd, 0xea,0x75,0x75,0x9f
  1031. .byte 0x12,0x09,0x09,0x1b, 0x1d,0x83,0x83,0x9e
  1032. .byte 0x58,0x2c,0x2c,0x74, 0x34,0x1a,0x1a,0x2e
  1033. .byte 0x36,0x1b,0x1b,0x2d, 0xdc,0x6e,0x6e,0xb2
  1034. .byte 0xb4,0x5a,0x5a,0xee, 0x5b,0xa0,0xa0,0xfb
  1035. .byte 0xa4,0x52,0x52,0xf6, 0x76,0x3b,0x3b,0x4d
  1036. .byte 0xb7,0xd6,0xd6,0x61, 0x7d,0xb3,0xb3,0xce
  1037. .byte 0x52,0x29,0x29,0x7b, 0xdd,0xe3,0xe3,0x3e
  1038. .byte 0x5e,0x2f,0x2f,0x71, 0x13,0x84,0x84,0x97
  1039. .byte 0xa6,0x53,0x53,0xf5, 0xb9,0xd1,0xd1,0x68
  1040. .byte 0x00,0x00,0x00,0x00, 0xc1,0xed,0xed,0x2c
  1041. .byte 0x40,0x20,0x20,0x60, 0xe3,0xfc,0xfc,0x1f
  1042. .byte 0x79,0xb1,0xb1,0xc8, 0xb6,0x5b,0x5b,0xed
  1043. .byte 0xd4,0x6a,0x6a,0xbe, 0x8d,0xcb,0xcb,0x46
  1044. .byte 0x67,0xbe,0xbe,0xd9, 0x72,0x39,0x39,0x4b
  1045. .byte 0x94,0x4a,0x4a,0xde, 0x98,0x4c,0x4c,0xd4
  1046. .byte 0xb0,0x58,0x58,0xe8, 0x85,0xcf,0xcf,0x4a
  1047. .byte 0xbb,0xd0,0xd0,0x6b, 0xc5,0xef,0xef,0x2a
  1048. .byte 0x4f,0xaa,0xaa,0xe5, 0xed,0xfb,0xfb,0x16
  1049. .byte 0x86,0x43,0x43,0xc5, 0x9a,0x4d,0x4d,0xd7
  1050. .byte 0x66,0x33,0x33,0x55, 0x11,0x85,0x85,0x94
  1051. .byte 0x8a,0x45,0x45,0xcf, 0xe9,0xf9,0xf9,0x10
  1052. .byte 0x04,0x02,0x02,0x06, 0xfe,0x7f,0x7f,0x81
  1053. .byte 0xa0,0x50,0x50,0xf0, 0x78,0x3c,0x3c,0x44
  1054. .byte 0x25,0x9f,0x9f,0xba, 0x4b,0xa8,0xa8,0xe3
  1055. .byte 0xa2,0x51,0x51,0xf3, 0x5d,0xa3,0xa3,0xfe
  1056. .byte 0x80,0x40,0x40,0xc0, 0x05,0x8f,0x8f,0x8a
  1057. .byte 0x3f,0x92,0x92,0xad, 0x21,0x9d,0x9d,0xbc
  1058. .byte 0x70,0x38,0x38,0x48, 0xf1,0xf5,0xf5,0x04
  1059. .byte 0x63,0xbc,0xbc,0xdf, 0x77,0xb6,0xb6,0xc1
  1060. .byte 0xaf,0xda,0xda,0x75, 0x42,0x21,0x21,0x63
  1061. .byte 0x20,0x10,0x10,0x30, 0xe5,0xff,0xff,0x1a
  1062. .byte 0xfd,0xf3,0xf3,0x0e, 0xbf,0xd2,0xd2,0x6d
  1063. .byte 0x81,0xcd,0xcd,0x4c, 0x18,0x0c,0x0c,0x14
  1064. .byte 0x26,0x13,0x13,0x35, 0xc3,0xec,0xec,0x2f
  1065. .byte 0xbe,0x5f,0x5f,0xe1, 0x35,0x97,0x97,0xa2
  1066. .byte 0x88,0x44,0x44,0xcc, 0x2e,0x17,0x17,0x39
  1067. .byte 0x93,0xc4,0xc4,0x57, 0x55,0xa7,0xa7,0xf2
  1068. .byte 0xfc,0x7e,0x7e,0x82, 0x7a,0x3d,0x3d,0x47
  1069. .byte 0xc8,0x64,0x64,0xac, 0xba,0x5d,0x5d,0xe7
  1070. .byte 0x32,0x19,0x19,0x2b, 0xe6,0x73,0x73,0x95
  1071. .byte 0xc0,0x60,0x60,0xa0, 0x19,0x81,0x81,0x98
  1072. .byte 0x9e,0x4f,0x4f,0xd1, 0xa3,0xdc,0xdc,0x7f
  1073. .byte 0x44,0x22,0x22,0x66, 0x54,0x2a,0x2a,0x7e
  1074. .byte 0x3b,0x90,0x90,0xab, 0x0b,0x88,0x88,0x83
  1075. .byte 0x8c,0x46,0x46,0xca, 0xc7,0xee,0xee,0x29
  1076. .byte 0x6b,0xb8,0xb8,0xd3, 0x28,0x14,0x14,0x3c
  1077. .byte 0xa7,0xde,0xde,0x79, 0xbc,0x5e,0x5e,0xe2
  1078. .byte 0x16,0x0b,0x0b,0x1d, 0xad,0xdb,0xdb,0x76
  1079. .byte 0xdb,0xe0,0xe0,0x3b, 0x64,0x32,0x32,0x56
  1080. .byte 0x74,0x3a,0x3a,0x4e, 0x14,0x0a,0x0a,0x1e
  1081. .byte 0x92,0x49,0x49,0xdb, 0x0c,0x06,0x06,0x0a
  1082. .byte 0x48,0x24,0x24,0x6c, 0xb8,0x5c,0x5c,0xe4
  1083. .byte 0x9f,0xc2,0xc2,0x5d, 0xbd,0xd3,0xd3,0x6e
  1084. .byte 0x43,0xac,0xac,0xef, 0xc4,0x62,0x62,0xa6
  1085. .byte 0x39,0x91,0x91,0xa8, 0x31,0x95,0x95,0xa4
  1086. .byte 0xd3,0xe4,0xe4,0x37, 0xf2,0x79,0x79,0x8b
  1087. .byte 0xd5,0xe7,0xe7,0x32, 0x8b,0xc8,0xc8,0x43
  1088. .byte 0x6e,0x37,0x37,0x59, 0xda,0x6d,0x6d,0xb7
  1089. .byte 0x01,0x8d,0x8d,0x8c, 0xb1,0xd5,0xd5,0x64
  1090. .byte 0x9c,0x4e,0x4e,0xd2, 0x49,0xa9,0xa9,0xe0
  1091. .byte 0xd8,0x6c,0x6c,0xb4, 0xac,0x56,0x56,0xfa
  1092. .byte 0xf3,0xf4,0xf4,0x07, 0xcf,0xea,0xea,0x25
  1093. .byte 0xca,0x65,0x65,0xaf, 0xf4,0x7a,0x7a,0x8e
  1094. .byte 0x47,0xae,0xae,0xe9, 0x10,0x08,0x08,0x18
  1095. .byte 0x6f,0xba,0xba,0xd5, 0xf0,0x78,0x78,0x88
  1096. .byte 0x4a,0x25,0x25,0x6f, 0x5c,0x2e,0x2e,0x72
  1097. .byte 0x38,0x1c,0x1c,0x24, 0x57,0xa6,0xa6,0xf1
  1098. .byte 0x73,0xb4,0xb4,0xc7, 0x97,0xc6,0xc6,0x51
  1099. .byte 0xcb,0xe8,0xe8,0x23, 0xa1,0xdd,0xdd,0x7c
  1100. .byte 0xe8,0x74,0x74,0x9c, 0x3e,0x1f,0x1f,0x21
  1101. .byte 0x96,0x4b,0x4b,0xdd, 0x61,0xbd,0xbd,0xdc
  1102. .byte 0x0d,0x8b,0x8b,0x86, 0x0f,0x8a,0x8a,0x85
  1103. .byte 0xe0,0x70,0x70,0x90, 0x7c,0x3e,0x3e,0x42
  1104. .byte 0x71,0xb5,0xb5,0xc4, 0xcc,0x66,0x66,0xaa
  1105. .byte 0x90,0x48,0x48,0xd8, 0x06,0x03,0x03,0x05
  1106. .byte 0xf7,0xf6,0xf6,0x01, 0x1c,0x0e,0x0e,0x12
  1107. .byte 0xc2,0x61,0x61,0xa3, 0x6a,0x35,0x35,0x5f
  1108. .byte 0xae,0x57,0x57,0xf9, 0x69,0xb9,0xb9,0xd0
  1109. .byte 0x17,0x86,0x86,0x91, 0x99,0xc1,0xc1,0x58
  1110. .byte 0x3a,0x1d,0x1d,0x27, 0x27,0x9e,0x9e,0xb9
  1111. .byte 0xd9,0xe1,0xe1,0x38, 0xeb,0xf8,0xf8,0x13
  1112. .byte 0x2b,0x98,0x98,0xb3, 0x22,0x11,0x11,0x33
  1113. .byte 0xd2,0x69,0x69,0xbb, 0xa9,0xd9,0xd9,0x70
  1114. .byte 0x07,0x8e,0x8e,0x89, 0x33,0x94,0x94,0xa7
  1115. .byte 0x2d,0x9b,0x9b,0xb6, 0x3c,0x1e,0x1e,0x22
  1116. .byte 0x15,0x87,0x87,0x92, 0xc9,0xe9,0xe9,0x20
  1117. .byte 0x87,0xce,0xce,0x49, 0xaa,0x55,0x55,0xff
  1118. .byte 0x50,0x28,0x28,0x78, 0xa5,0xdf,0xdf,0x7a
  1119. .byte 0x03,0x8c,0x8c,0x8f, 0x59,0xa1,0xa1,0xf8
  1120. .byte 0x09,0x89,0x89,0x80, 0x1a,0x0d,0x0d,0x17
  1121. .byte 0x65,0xbf,0xbf,0xda, 0xd7,0xe6,0xe6,0x31
  1122. .byte 0x84,0x42,0x42,0xc6, 0xd0,0x68,0x68,0xb8
  1123. .byte 0x82,0x41,0x41,0xc3, 0x29,0x99,0x99,0xb0
  1124. .byte 0x5a,0x2d,0x2d,0x77, 0x1e,0x0f,0x0f,0x11
  1125. .byte 0x7b,0xb0,0xb0,0xcb, 0xa8,0x54,0x54,0xfc
  1126. .byte 0x6d,0xbb,0xbb,0xd6, 0x2c,0x16,0x16,0x3a
  1127. AES_Te4:
  1128. .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
  1129. .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
  1130. .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
  1131. .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
  1132. .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
  1133. .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
  1134. .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
  1135. .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
  1136. .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
  1137. .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
  1138. .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
  1139. .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
  1140. .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
  1141. .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
  1142. .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
  1143. .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
  1144. .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
  1145. .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
  1146. .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
  1147. .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
  1148. .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
  1149. .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
  1150. .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
  1151. .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
  1152. .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
  1153. .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
  1154. .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
  1155. .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
  1156. .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
  1157. .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
  1158. .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
  1159. .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
  1160. rcon:
  1161. .byte 0x01,0x00,0x00,0x00, 0x02,0x00,0x00,0x00
  1162. .byte 0x04,0x00,0x00,0x00, 0x08,0x00,0x00,0x00
  1163. .byte 0x10,0x00,0x00,0x00, 0x20,0x00,0x00,0x00
  1164. .byte 0x40,0x00,0x00,0x00, 0x80,0x00,0x00,0x00
  1165. .byte 0x1B,0x00,0x00,0x00, 0x36,0x00,0x00,0x00
  1166. .align 128
  1167. AES_Td:
  1168. .byte 0x51,0xf4,0xa7,0x50, 0x7e,0x41,0x65,0x53
  1169. .byte 0x1a,0x17,0xa4,0xc3, 0x3a,0x27,0x5e,0x96
  1170. .byte 0x3b,0xab,0x6b,0xcb, 0x1f,0x9d,0x45,0xf1
  1171. .byte 0xac,0xfa,0x58,0xab, 0x4b,0xe3,0x03,0x93
  1172. .byte 0x20,0x30,0xfa,0x55, 0xad,0x76,0x6d,0xf6
  1173. .byte 0x88,0xcc,0x76,0x91, 0xf5,0x02,0x4c,0x25
  1174. .byte 0x4f,0xe5,0xd7,0xfc, 0xc5,0x2a,0xcb,0xd7
  1175. .byte 0x26,0x35,0x44,0x80, 0xb5,0x62,0xa3,0x8f
  1176. .byte 0xde,0xb1,0x5a,0x49, 0x25,0xba,0x1b,0x67
  1177. .byte 0x45,0xea,0x0e,0x98, 0x5d,0xfe,0xc0,0xe1
  1178. .byte 0xc3,0x2f,0x75,0x02, 0x81,0x4c,0xf0,0x12
  1179. .byte 0x8d,0x46,0x97,0xa3, 0x6b,0xd3,0xf9,0xc6
  1180. .byte 0x03,0x8f,0x5f,0xe7, 0x15,0x92,0x9c,0x95
  1181. .byte 0xbf,0x6d,0x7a,0xeb, 0x95,0x52,0x59,0xda
  1182. .byte 0xd4,0xbe,0x83,0x2d, 0x58,0x74,0x21,0xd3
  1183. .byte 0x49,0xe0,0x69,0x29, 0x8e,0xc9,0xc8,0x44
  1184. .byte 0x75,0xc2,0x89,0x6a, 0xf4,0x8e,0x79,0x78
  1185. .byte 0x99,0x58,0x3e,0x6b, 0x27,0xb9,0x71,0xdd
  1186. .byte 0xbe,0xe1,0x4f,0xb6, 0xf0,0x88,0xad,0x17
  1187. .byte 0xc9,0x20,0xac,0x66, 0x7d,0xce,0x3a,0xb4
  1188. .byte 0x63,0xdf,0x4a,0x18, 0xe5,0x1a,0x31,0x82
  1189. .byte 0x97,0x51,0x33,0x60, 0x62,0x53,0x7f,0x45
  1190. .byte 0xb1,0x64,0x77,0xe0, 0xbb,0x6b,0xae,0x84
  1191. .byte 0xfe,0x81,0xa0,0x1c, 0xf9,0x08,0x2b,0x94
  1192. .byte 0x70,0x48,0x68,0x58, 0x8f,0x45,0xfd,0x19
  1193. .byte 0x94,0xde,0x6c,0x87, 0x52,0x7b,0xf8,0xb7
  1194. .byte 0xab,0x73,0xd3,0x23, 0x72,0x4b,0x02,0xe2
  1195. .byte 0xe3,0x1f,0x8f,0x57, 0x66,0x55,0xab,0x2a
  1196. .byte 0xb2,0xeb,0x28,0x07, 0x2f,0xb5,0xc2,0x03
  1197. .byte 0x86,0xc5,0x7b,0x9a, 0xd3,0x37,0x08,0xa5
  1198. .byte 0x30,0x28,0x87,0xf2, 0x23,0xbf,0xa5,0xb2
  1199. .byte 0x02,0x03,0x6a,0xba, 0xed,0x16,0x82,0x5c
  1200. .byte 0x8a,0xcf,0x1c,0x2b, 0xa7,0x79,0xb4,0x92
  1201. .byte 0xf3,0x07,0xf2,0xf0, 0x4e,0x69,0xe2,0xa1
  1202. .byte 0x65,0xda,0xf4,0xcd, 0x06,0x05,0xbe,0xd5
  1203. .byte 0xd1,0x34,0x62,0x1f, 0xc4,0xa6,0xfe,0x8a
  1204. .byte 0x34,0x2e,0x53,0x9d, 0xa2,0xf3,0x55,0xa0
  1205. .byte 0x05,0x8a,0xe1,0x32, 0xa4,0xf6,0xeb,0x75
  1206. .byte 0x0b,0x83,0xec,0x39, 0x40,0x60,0xef,0xaa
  1207. .byte 0x5e,0x71,0x9f,0x06, 0xbd,0x6e,0x10,0x51
  1208. .byte 0x3e,0x21,0x8a,0xf9, 0x96,0xdd,0x06,0x3d
  1209. .byte 0xdd,0x3e,0x05,0xae, 0x4d,0xe6,0xbd,0x46
  1210. .byte 0x91,0x54,0x8d,0xb5, 0x71,0xc4,0x5d,0x05
  1211. .byte 0x04,0x06,0xd4,0x6f, 0x60,0x50,0x15,0xff
  1212. .byte 0x19,0x98,0xfb,0x24, 0xd6,0xbd,0xe9,0x97
  1213. .byte 0x89,0x40,0x43,0xcc, 0x67,0xd9,0x9e,0x77
  1214. .byte 0xb0,0xe8,0x42,0xbd, 0x07,0x89,0x8b,0x88
  1215. .byte 0xe7,0x19,0x5b,0x38, 0x79,0xc8,0xee,0xdb
  1216. .byte 0xa1,0x7c,0x0a,0x47, 0x7c,0x42,0x0f,0xe9
  1217. .byte 0xf8,0x84,0x1e,0xc9, 0x00,0x00,0x00,0x00
  1218. .byte 0x09,0x80,0x86,0x83, 0x32,0x2b,0xed,0x48
  1219. .byte 0x1e,0x11,0x70,0xac, 0x6c,0x5a,0x72,0x4e
  1220. .byte 0xfd,0x0e,0xff,0xfb, 0x0f,0x85,0x38,0x56
  1221. .byte 0x3d,0xae,0xd5,0x1e, 0x36,0x2d,0x39,0x27
  1222. .byte 0x0a,0x0f,0xd9,0x64, 0x68,0x5c,0xa6,0x21
  1223. .byte 0x9b,0x5b,0x54,0xd1, 0x24,0x36,0x2e,0x3a
  1224. .byte 0x0c,0x0a,0x67,0xb1, 0x93,0x57,0xe7,0x0f
  1225. .byte 0xb4,0xee,0x96,0xd2, 0x1b,0x9b,0x91,0x9e
  1226. .byte 0x80,0xc0,0xc5,0x4f, 0x61,0xdc,0x20,0xa2
  1227. .byte 0x5a,0x77,0x4b,0x69, 0x1c,0x12,0x1a,0x16
  1228. .byte 0xe2,0x93,0xba,0x0a, 0xc0,0xa0,0x2a,0xe5
  1229. .byte 0x3c,0x22,0xe0,0x43, 0x12,0x1b,0x17,0x1d
  1230. .byte 0x0e,0x09,0x0d,0x0b, 0xf2,0x8b,0xc7,0xad
  1231. .byte 0x2d,0xb6,0xa8,0xb9, 0x14,0x1e,0xa9,0xc8
  1232. .byte 0x57,0xf1,0x19,0x85, 0xaf,0x75,0x07,0x4c
  1233. .byte 0xee,0x99,0xdd,0xbb, 0xa3,0x7f,0x60,0xfd
  1234. .byte 0xf7,0x01,0x26,0x9f, 0x5c,0x72,0xf5,0xbc
  1235. .byte 0x44,0x66,0x3b,0xc5, 0x5b,0xfb,0x7e,0x34
  1236. .byte 0x8b,0x43,0x29,0x76, 0xcb,0x23,0xc6,0xdc
  1237. .byte 0xb6,0xed,0xfc,0x68, 0xb8,0xe4,0xf1,0x63
  1238. .byte 0xd7,0x31,0xdc,0xca, 0x42,0x63,0x85,0x10
  1239. .byte 0x13,0x97,0x22,0x40, 0x84,0xc6,0x11,0x20
  1240. .byte 0x85,0x4a,0x24,0x7d, 0xd2,0xbb,0x3d,0xf8
  1241. .byte 0xae,0xf9,0x32,0x11, 0xc7,0x29,0xa1,0x6d
  1242. .byte 0x1d,0x9e,0x2f,0x4b, 0xdc,0xb2,0x30,0xf3
  1243. .byte 0x0d,0x86,0x52,0xec, 0x77,0xc1,0xe3,0xd0
  1244. .byte 0x2b,0xb3,0x16,0x6c, 0xa9,0x70,0xb9,0x99
  1245. .byte 0x11,0x94,0x48,0xfa, 0x47,0xe9,0x64,0x22
  1246. .byte 0xa8,0xfc,0x8c,0xc4, 0xa0,0xf0,0x3f,0x1a
  1247. .byte 0x56,0x7d,0x2c,0xd8, 0x22,0x33,0x90,0xef
  1248. .byte 0x87,0x49,0x4e,0xc7, 0xd9,0x38,0xd1,0xc1
  1249. .byte 0x8c,0xca,0xa2,0xfe, 0x98,0xd4,0x0b,0x36
  1250. .byte 0xa6,0xf5,0x81,0xcf, 0xa5,0x7a,0xde,0x28
  1251. .byte 0xda,0xb7,0x8e,0x26, 0x3f,0xad,0xbf,0xa4
  1252. .byte 0x2c,0x3a,0x9d,0xe4, 0x50,0x78,0x92,0x0d
  1253. .byte 0x6a,0x5f,0xcc,0x9b, 0x54,0x7e,0x46,0x62
  1254. .byte 0xf6,0x8d,0x13,0xc2, 0x90,0xd8,0xb8,0xe8
  1255. .byte 0x2e,0x39,0xf7,0x5e, 0x82,0xc3,0xaf,0xf5
  1256. .byte 0x9f,0x5d,0x80,0xbe, 0x69,0xd0,0x93,0x7c
  1257. .byte 0x6f,0xd5,0x2d,0xa9, 0xcf,0x25,0x12,0xb3
  1258. .byte 0xc8,0xac,0x99,0x3b, 0x10,0x18,0x7d,0xa7
  1259. .byte 0xe8,0x9c,0x63,0x6e, 0xdb,0x3b,0xbb,0x7b
  1260. .byte 0xcd,0x26,0x78,0x09, 0x6e,0x59,0x18,0xf4
  1261. .byte 0xec,0x9a,0xb7,0x01, 0x83,0x4f,0x9a,0xa8
  1262. .byte 0xe6,0x95,0x6e,0x65, 0xaa,0xff,0xe6,0x7e
  1263. .byte 0x21,0xbc,0xcf,0x08, 0xef,0x15,0xe8,0xe6
  1264. .byte 0xba,0xe7,0x9b,0xd9, 0x4a,0x6f,0x36,0xce
  1265. .byte 0xea,0x9f,0x09,0xd4, 0x29,0xb0,0x7c,0xd6
  1266. .byte 0x31,0xa4,0xb2,0xaf, 0x2a,0x3f,0x23,0x31
  1267. .byte 0xc6,0xa5,0x94,0x30, 0x35,0xa2,0x66,0xc0
  1268. .byte 0x74,0x4e,0xbc,0x37, 0xfc,0x82,0xca,0xa6
  1269. .byte 0xe0,0x90,0xd0,0xb0, 0x33,0xa7,0xd8,0x15
  1270. .byte 0xf1,0x04,0x98,0x4a, 0x41,0xec,0xda,0xf7
  1271. .byte 0x7f,0xcd,0x50,0x0e, 0x17,0x91,0xf6,0x2f
  1272. .byte 0x76,0x4d,0xd6,0x8d, 0x43,0xef,0xb0,0x4d
  1273. .byte 0xcc,0xaa,0x4d,0x54, 0xe4,0x96,0x04,0xdf
  1274. .byte 0x9e,0xd1,0xb5,0xe3, 0x4c,0x6a,0x88,0x1b
  1275. .byte 0xc1,0x2c,0x1f,0xb8, 0x46,0x65,0x51,0x7f
  1276. .byte 0x9d,0x5e,0xea,0x04, 0x01,0x8c,0x35,0x5d
  1277. .byte 0xfa,0x87,0x74,0x73, 0xfb,0x0b,0x41,0x2e
  1278. .byte 0xb3,0x67,0x1d,0x5a, 0x92,0xdb,0xd2,0x52
  1279. .byte 0xe9,0x10,0x56,0x33, 0x6d,0xd6,0x47,0x13
  1280. .byte 0x9a,0xd7,0x61,0x8c, 0x37,0xa1,0x0c,0x7a
  1281. .byte 0x59,0xf8,0x14,0x8e, 0xeb,0x13,0x3c,0x89
  1282. .byte 0xce,0xa9,0x27,0xee, 0xb7,0x61,0xc9,0x35
  1283. .byte 0xe1,0x1c,0xe5,0xed, 0x7a,0x47,0xb1,0x3c
  1284. .byte 0x9c,0xd2,0xdf,0x59, 0x55,0xf2,0x73,0x3f
  1285. .byte 0x18,0x14,0xce,0x79, 0x73,0xc7,0x37,0xbf
  1286. .byte 0x53,0xf7,0xcd,0xea, 0x5f,0xfd,0xaa,0x5b
  1287. .byte 0xdf,0x3d,0x6f,0x14, 0x78,0x44,0xdb,0x86
  1288. .byte 0xca,0xaf,0xf3,0x81, 0xb9,0x68,0xc4,0x3e
  1289. .byte 0x38,0x24,0x34,0x2c, 0xc2,0xa3,0x40,0x5f
  1290. .byte 0x16,0x1d,0xc3,0x72, 0xbc,0xe2,0x25,0x0c
  1291. .byte 0x28,0x3c,0x49,0x8b, 0xff,0x0d,0x95,0x41
  1292. .byte 0x39,0xa8,0x01,0x71, 0x08,0x0c,0xb3,0xde
  1293. .byte 0xd8,0xb4,0xe4,0x9c, 0x64,0x56,0xc1,0x90
  1294. .byte 0x7b,0xcb,0x84,0x61, 0xd5,0x32,0xb6,0x70
  1295. .byte 0x48,0x6c,0x5c,0x74, 0xd0,0xb8,0x57,0x42
  1296. AES_Td4:
  1297. .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
  1298. .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
  1299. .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
  1300. .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
  1301. .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
  1302. .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
  1303. .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
  1304. .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
  1305. .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
  1306. .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
  1307. .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
  1308. .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
  1309. .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
  1310. .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
  1311. .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
  1312. .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
  1313. .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
  1314. .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
  1315. .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
  1316. .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
  1317. .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
  1318. .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
  1319. .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
  1320. .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
  1321. .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
  1322. .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
  1323. .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
  1324. .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
  1325. .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
  1326. .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
  1327. .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
  1328. .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
  1329. .cstring "AES for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
  1330. .align 4
  1331. ___
  1332. print $code;
  1333. close STDOUT;