2
0

aes-c64xplus.pl 43 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381
  1. #! /usr/bin/env perl
  2. # Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. #
  9. # ====================================================================
  10. # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
  11. # project. The module is, however, dual licensed under OpenSSL and
  12. # CRYPTOGAMS licenses depending on where you obtain it. For further
  13. # details see http://www.openssl.org/~appro/cryptogams/.
  14. # ====================================================================
  15. #
  16. # [Endian-neutral] AES for C64x+.
  17. #
  18. # Even though SPLOOPs are scheduled for 13 cycles, and thus expected
  19. # performance is ~8.5 cycles per byte processed with 128-bit key,
  20. # measured performance turned to be ~10 cycles per byte. Discrepancy
  21. # must be caused by limitations of L1D memory banking(*), see SPRU871
  22. # TI publication for further details. If any consolation it's still
  23. # ~20% faster than TI's linear assembly module anyway... Compared to
  24. # aes_core.c compiled with cl6x 6.0 with -mv6400+ -o2 options this
  25. # code is 3.75x faster and almost 3x smaller (tables included).
  26. #
  27. # (*) This means that there might be subtle correlation between data
  28. # and timing and one can wonder if it can be ... attacked:-(
  29. # On the other hand this also means that *if* one chooses to
  30. # implement *4* T-tables variant [instead of 1 T-table as in
  31. # this implementation, or in addition to], then one ought to
  32. # *interleave* them. Even though it complicates addressing,
  33. # references to interleaved tables would be guaranteed not to
  34. # clash. I reckon that it should be possible to break 8 cycles
  35. # per byte "barrier," i.e. improve by ~20%, naturally at the
  36. # cost of 8x increased pressure on L1D. 8x because you'd have
  37. # to interleave both Te and Td tables...
  38. $output = pop and open STDOUT,">$output";
  39. ($TEA,$TEB)=("A5","B5");
  40. ($KPA,$KPB)=("A3","B1");
  41. @K=("A6","B6","A7","B7");
  42. @s=("A8","B8","A9","B9");
  43. @Te0=@Td0=("A16","B16","A17","B17");
  44. @Te1=@Td1=("A18","B18","A19","B19");
  45. @Te2=@Td2=("A20","B20","A21","B21");
  46. @Te3=@Td3=("A22","B22","A23","B23");
  47. $code=<<___;
  48. .text
  49. .if .ASSEMBLER_VERSION<7000000
  50. .asg 0,__TI_EABI__
  51. .endif
  52. .if __TI_EABI__
  53. .nocmp
  54. .asg AES_encrypt,_AES_encrypt
  55. .asg AES_decrypt,_AES_decrypt
  56. .asg AES_set_encrypt_key,_AES_set_encrypt_key
  57. .asg AES_set_decrypt_key,_AES_set_decrypt_key
  58. .asg AES_ctr32_encrypt,_AES_ctr32_encrypt
  59. .endif
  60. .asg B3,RA
  61. .asg A4,INP
  62. .asg B4,OUT
  63. .asg A6,KEY
  64. .asg A4,RET
  65. .asg B15,SP
  66. .eval 24,EXT0
  67. .eval 16,EXT1
  68. .eval 8,EXT2
  69. .eval 0,EXT3
  70. .eval 8,TBL1
  71. .eval 16,TBL2
  72. .eval 24,TBL3
  73. .if .BIG_ENDIAN
  74. .eval 24-EXT0,EXT0
  75. .eval 24-EXT1,EXT1
  76. .eval 24-EXT2,EXT2
  77. .eval 24-EXT3,EXT3
  78. .eval 32-TBL1,TBL1
  79. .eval 32-TBL2,TBL2
  80. .eval 32-TBL3,TBL3
  81. .endif
  82. .global _AES_encrypt
  83. _AES_encrypt:
  84. .asmfunc
  85. MVK 1,B2
  86. __encrypt:
  87. .if __TI_EABI__
  88. [B2] LDNDW *INP++,A9:A8 ; load input
  89. || MVKL \$PCR_OFFSET(AES_Te,__encrypt),$TEA
  90. || ADDKPC __encrypt,B0
  91. [B2] LDNDW *INP++,B9:B8
  92. || MVKH \$PCR_OFFSET(AES_Te,__encrypt),$TEA
  93. || ADD 0,KEY,$KPA
  94. || ADD 4,KEY,$KPB
  95. .else
  96. [B2] LDNDW *INP++,A9:A8 ; load input
  97. || MVKL (AES_Te-__encrypt),$TEA
  98. || ADDKPC __encrypt,B0
  99. [B2] LDNDW *INP++,B9:B8
  100. || MVKH (AES_Te-__encrypt),$TEA
  101. || ADD 0,KEY,$KPA
  102. || ADD 4,KEY,$KPB
  103. .endif
  104. LDW *$KPA++[2],$Te0[0] ; zero round key
  105. || LDW *$KPB++[2],$Te0[1]
  106. || MVK 60,A0
  107. || ADD B0,$TEA,$TEA ; AES_Te
  108. LDW *KEY[A0],B0 ; rounds
  109. || MVK 1024,A0 ; sizeof(AES_Te)
  110. LDW *$KPA++[2],$Te0[2]
  111. || LDW *$KPB++[2],$Te0[3]
  112. || MV $TEA,$TEB
  113. NOP
  114. .if .BIG_ENDIAN
  115. MV A9,$s[0]
  116. || MV A8,$s[1]
  117. || MV B9,$s[2]
  118. || MV B8,$s[3]
  119. .else
  120. MV A8,$s[0]
  121. || MV A9,$s[1]
  122. || MV B8,$s[2]
  123. || MV B9,$s[3]
  124. .endif
  125. XOR $Te0[0],$s[0],$s[0]
  126. || XOR $Te0[1],$s[1],$s[1]
  127. || LDW *$KPA++[2],$K[0] ; 1st round key
  128. || LDW *$KPB++[2],$K[1]
  129. SUB B0,2,B0
  130. SPLOOPD 13
  131. || MVC B0,ILC
  132. || LDW *$KPA++[2],$K[2]
  133. || LDW *$KPB++[2],$K[3]
  134. ;;====================================================================
  135. EXTU $s[1],EXT1,24,$Te1[1]
  136. || EXTU $s[0],EXT3,24,$Te3[0]
  137. LDW *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0
  138. || LDW *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1
  139. || XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled
  140. || XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled
  141. || EXTU $s[1],EXT3,24,$Te3[1]
  142. || EXTU $s[0],EXT1,24,$Te1[0]
  143. LDW *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2
  144. || LDW *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3
  145. || EXTU $s[2],EXT2,24,$Te2[2]
  146. || EXTU $s[3],EXT2,24,$Te2[3]
  147. LDW *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0
  148. || LDW *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1
  149. || EXTU $s[3],EXT3,24,$Te3[3]
  150. || EXTU $s[2],EXT1,24,$Te1[2]
  151. LDW *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0
  152. || LDW *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1
  153. || EXTU $s[0],EXT2,24,$Te2[0]
  154. || EXTU $s[1],EXT2,24,$Te2[1]
  155. LDW *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2
  156. || LDW *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3
  157. || EXTU $s[3],EXT1,24,$Te1[3]
  158. || EXTU $s[2],EXT3,24,$Te3[2]
  159. LDW *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2
  160. || LDW *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3
  161. || ROTL $Te1[1],TBL1,$Te3[0] ; t0
  162. || ROTL $Te3[0],TBL3,$Te1[1] ; t1
  163. || EXTU $s[0],EXT0,24,$Te0[0]
  164. || EXTU $s[1],EXT0,24,$Te0[1]
  165. LDW *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0
  166. || LDW *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1
  167. || ROTL $Te3[1],TBL3,$Te1[0] ; t2
  168. || ROTL $Te1[0],TBL1,$Te3[1] ; t3
  169. || EXTU $s[2],EXT0,24,$Te0[2]
  170. || EXTU $s[3],EXT0,24,$Te0[3]
  171. LDW *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2
  172. || LDW *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3
  173. || ROTL $Te2[2],TBL2,$Te2[2] ; t0
  174. || ROTL $Te2[3],TBL2,$Te2[3] ; t1
  175. || XOR $K[0],$Te3[0],$s[0]
  176. || XOR $K[1],$Te1[1],$s[1]
  177. ROTL $Te3[3],TBL3,$Te1[2] ; t0
  178. || ROTL $Te1[2],TBL1,$Te3[3] ; t1
  179. || XOR $K[2],$Te1[0],$s[2]
  180. || XOR $K[3],$Te3[1],$s[3]
  181. || LDW *$KPA++[2],$K[0] ; next round key
  182. || LDW *$KPB++[2],$K[1]
  183. ROTL $Te2[0],TBL2,$Te2[0] ; t2
  184. || ROTL $Te2[1],TBL2,$Te2[1] ; t3
  185. || XOR $s[0],$Te2[2],$s[0]
  186. || XOR $s[1],$Te2[3],$s[1]
  187. || LDW *$KPA++[2],$K[2]
  188. || LDW *$KPB++[2],$K[3]
  189. ROTL $Te1[3],TBL1,$Te3[2] ; t2
  190. || ROTL $Te3[2],TBL3,$Te1[3] ; t3
  191. || XOR $s[0],$Te1[2],$s[0]
  192. || XOR $s[1],$Te3[3],$s[1]
  193. XOR $s[2],$Te2[0],$s[2]
  194. || XOR $s[3],$Te2[1],$s[3]
  195. || XOR $s[0],$Te0[0],$s[0]
  196. || XOR $s[1],$Te0[1],$s[1]
  197. SPKERNEL
  198. || XOR.L $s[2],$Te3[2],$s[2]
  199. || XOR.L $s[3],$Te1[3],$s[3]
  200. ;;====================================================================
  201. ADD.D ${TEA},A0,${TEA} ; point to Te4
  202. || ADD.D ${TEB},A0,${TEB}
  203. || EXTU $s[1],EXT1,24,$Te1[1]
  204. || EXTU $s[0],EXT3,24,$Te3[0]
  205. LDBU *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0
  206. || LDBU *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1
  207. || XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled
  208. || XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled
  209. || EXTU $s[0],EXT0,24,$Te0[0]
  210. || EXTU $s[1],EXT0,24,$Te0[1]
  211. LDBU *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0
  212. || LDBU *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1
  213. || EXTU $s[3],EXT3,24,$Te3[3]
  214. || EXTU $s[2],EXT1,24,$Te1[2]
  215. LDBU *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0
  216. || LDBU *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1
  217. || EXTU $s[2],EXT2,24,$Te2[2]
  218. || EXTU $s[3],EXT2,24,$Te2[3]
  219. LDBU *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0
  220. || LDBU *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1
  221. || EXTU $s[1],EXT3,24,$Te3[1]
  222. || EXTU $s[0],EXT1,24,$Te1[0]
  223. LDBU *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2
  224. || LDBU *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3
  225. || EXTU $s[3],EXT1,24,$Te1[3]
  226. || EXTU $s[2],EXT3,24,$Te3[2]
  227. LDBU *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2
  228. || LDBU *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3
  229. || EXTU $s[2],EXT0,24,$Te0[2]
  230. || EXTU $s[3],EXT0,24,$Te0[3]
  231. LDBU *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2
  232. || LDBU *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3
  233. || EXTU $s[0],EXT2,24,$Te2[0]
  234. || EXTU $s[1],EXT2,24,$Te2[1]
  235. LDBU *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2
  236. || LDBU *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3
  237. .if .BIG_ENDIAN
  238. PACK2 $Te0[0],$Te1[1],$Te0[0]
  239. || PACK2 $Te0[1],$Te1[2],$Te0[1]
  240. PACK2 $Te2[2],$Te3[3],$Te2[2]
  241. || PACK2 $Te2[3],$Te3[0],$Te2[3]
  242. PACKL4 $Te0[0],$Te2[2],$Te0[0]
  243. || PACKL4 $Te0[1],$Te2[3],$Te0[1]
  244. XOR $K[0],$Te0[0],$Te0[0] ; s[0]
  245. || XOR $K[1],$Te0[1],$Te0[1] ; s[1]
  246. PACK2 $Te0[2],$Te1[3],$Te0[2]
  247. || PACK2 $Te0[3],$Te1[0],$Te0[3]
  248. PACK2 $Te2[0],$Te3[1],$Te2[0]
  249. || PACK2 $Te2[1],$Te3[2],$Te2[1]
  250. || BNOP RA
  251. PACKL4 $Te0[2],$Te2[0],$Te0[2]
  252. || PACKL4 $Te0[3],$Te2[1],$Te0[3]
  253. XOR $K[2],$Te0[2],$Te0[2] ; s[2]
  254. || XOR $K[3],$Te0[3],$Te0[3] ; s[3]
  255. MV $Te0[0],A9
  256. || MV $Te0[1],A8
  257. MV $Te0[2],B9
  258. || MV $Te0[3],B8
  259. || [B2] STNDW A9:A8,*OUT++
  260. [B2] STNDW B9:B8,*OUT++
  261. .else
  262. PACK2 $Te1[1],$Te0[0],$Te1[1]
  263. || PACK2 $Te1[2],$Te0[1],$Te1[2]
  264. PACK2 $Te3[3],$Te2[2],$Te3[3]
  265. || PACK2 $Te3[0],$Te2[3],$Te3[0]
  266. PACKL4 $Te3[3],$Te1[1],$Te1[1]
  267. || PACKL4 $Te3[0],$Te1[2],$Te1[2]
  268. XOR $K[0],$Te1[1],$Te1[1] ; s[0]
  269. || XOR $K[1],$Te1[2],$Te1[2] ; s[1]
  270. PACK2 $Te1[3],$Te0[2],$Te1[3]
  271. || PACK2 $Te1[0],$Te0[3],$Te1[0]
  272. PACK2 $Te3[1],$Te2[0],$Te3[1]
  273. || PACK2 $Te3[2],$Te2[1],$Te3[2]
  274. || BNOP RA
  275. PACKL4 $Te3[1],$Te1[3],$Te1[3]
  276. || PACKL4 $Te3[2],$Te1[0],$Te1[0]
  277. XOR $K[2],$Te1[3],$Te1[3] ; s[2]
  278. || XOR $K[3],$Te1[0],$Te1[0] ; s[3]
  279. MV $Te1[1],A8
  280. || MV $Te1[2],A9
  281. MV $Te1[3],B8
  282. || MV $Te1[0],B9
  283. || [B2] STNDW A9:A8,*OUT++
  284. [B2] STNDW B9:B8,*OUT++
  285. .endif
  286. .endasmfunc
  287. .global _AES_decrypt
  288. _AES_decrypt:
  289. .asmfunc
  290. MVK 1,B2
  291. __decrypt:
  292. .if __TI_EABI__
  293. [B2] LDNDW *INP++,A9:A8 ; load input
  294. || MVKL \$PCR_OFFSET(AES_Td,__decrypt),$TEA
  295. || ADDKPC __decrypt,B0
  296. [B2] LDNDW *INP++,B9:B8
  297. || MVKH \$PCR_OFFSET(AES_Td,__decrypt),$TEA
  298. || ADD 0,KEY,$KPA
  299. || ADD 4,KEY,$KPB
  300. .else
  301. [B2] LDNDW *INP++,A9:A8 ; load input
  302. || MVKL (AES_Td-__decrypt),$TEA
  303. || ADDKPC __decrypt,B0
  304. [B2] LDNDW *INP++,B9:B8
  305. || MVKH (AES_Td-__decrypt),$TEA
  306. || ADD 0,KEY,$KPA
  307. || ADD 4,KEY,$KPB
  308. .endif
  309. LDW *$KPA++[2],$Td0[0] ; zero round key
  310. || LDW *$KPB++[2],$Td0[1]
  311. || MVK 60,A0
  312. || ADD B0,$TEA,$TEA ; AES_Td
  313. LDW *KEY[A0],B0 ; rounds
  314. || MVK 1024,A0 ; sizeof(AES_Td)
  315. LDW *$KPA++[2],$Td0[2]
  316. || LDW *$KPB++[2],$Td0[3]
  317. || MV $TEA,$TEB
  318. NOP
  319. .if .BIG_ENDIAN
  320. MV A9,$s[0]
  321. || MV A8,$s[1]
  322. || MV B9,$s[2]
  323. || MV B8,$s[3]
  324. .else
  325. MV A8,$s[0]
  326. || MV A9,$s[1]
  327. || MV B8,$s[2]
  328. || MV B9,$s[3]
  329. .endif
  330. XOR $Td0[0],$s[0],$s[0]
  331. || XOR $Td0[1],$s[1],$s[1]
  332. || LDW *$KPA++[2],$K[0] ; 1st round key
  333. || LDW *$KPB++[2],$K[1]
  334. SUB B0,2,B0
  335. SPLOOPD 13
  336. || MVC B0,ILC
  337. || LDW *$KPA++[2],$K[2]
  338. || LDW *$KPB++[2],$K[3]
  339. ;;====================================================================
  340. EXTU $s[1],EXT3,24,$Td3[1]
  341. || EXTU $s[0],EXT1,24,$Td1[0]
  342. LDW *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0
  343. || LDW *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1
  344. || XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled
  345. || XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled
  346. || EXTU $s[1],EXT1,24,$Td1[1]
  347. || EXTU $s[0],EXT3,24,$Td3[0]
  348. LDW *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2
  349. || LDW *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3
  350. || EXTU $s[2],EXT2,24,$Td2[2]
  351. || EXTU $s[3],EXT2,24,$Td2[3]
  352. LDW *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0
  353. || LDW *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1
  354. || EXTU $s[3],EXT1,24,$Td1[3]
  355. || EXTU $s[2],EXT3,24,$Td3[2]
  356. LDW *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0
  357. || LDW *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1
  358. || EXTU $s[0],EXT2,24,$Td2[0]
  359. || EXTU $s[1],EXT2,24,$Td2[1]
  360. LDW *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2
  361. || LDW *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3
  362. || EXTU $s[3],EXT3,24,$Td3[3]
  363. || EXTU $s[2],EXT1,24,$Td1[2]
  364. LDW *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2
  365. || LDW *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3
  366. || ROTL $Td3[1],TBL3,$Td1[0] ; t0
  367. || ROTL $Td1[0],TBL1,$Td3[1] ; t1
  368. || EXTU $s[0],EXT0,24,$Td0[0]
  369. || EXTU $s[1],EXT0,24,$Td0[1]
  370. LDW *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0
  371. || LDW *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1
  372. || ROTL $Td1[1],TBL1,$Td3[0] ; t2
  373. || ROTL $Td3[0],TBL3,$Td1[1] ; t3
  374. || EXTU $s[2],EXT0,24,$Td0[2]
  375. || EXTU $s[3],EXT0,24,$Td0[3]
  376. LDW *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2
  377. || LDW *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3
  378. || ROTL $Td2[2],TBL2,$Td2[2] ; t0
  379. || ROTL $Td2[3],TBL2,$Td2[3] ; t1
  380. || XOR $K[0],$Td1[0],$s[0]
  381. || XOR $K[1],$Td3[1],$s[1]
  382. ROTL $Td1[3],TBL1,$Td3[2] ; t0
  383. || ROTL $Td3[2],TBL3,$Td1[3] ; t1
  384. || XOR $K[2],$Td3[0],$s[2]
  385. || XOR $K[3],$Td1[1],$s[3]
  386. || LDW *$KPA++[2],$K[0] ; next round key
  387. || LDW *$KPB++[2],$K[1]
  388. ROTL $Td2[0],TBL2,$Td2[0] ; t2
  389. || ROTL $Td2[1],TBL2,$Td2[1] ; t3
  390. || XOR $s[0],$Td2[2],$s[0]
  391. || XOR $s[1],$Td2[3],$s[1]
  392. || LDW *$KPA++[2],$K[2]
  393. || LDW *$KPB++[2],$K[3]
  394. ROTL $Td3[3],TBL3,$Td1[2] ; t2
  395. || ROTL $Td1[2],TBL1,$Td3[3] ; t3
  396. || XOR $s[0],$Td3[2],$s[0]
  397. || XOR $s[1],$Td1[3],$s[1]
  398. XOR $s[2],$Td2[0],$s[2]
  399. || XOR $s[3],$Td2[1],$s[3]
  400. || XOR $s[0],$Td0[0],$s[0]
  401. || XOR $s[1],$Td0[1],$s[1]
  402. SPKERNEL
  403. || XOR.L $s[2],$Td1[2],$s[2]
  404. || XOR.L $s[3],$Td3[3],$s[3]
  405. ;;====================================================================
  406. ADD.D ${TEA},A0,${TEA} ; point to Td4
  407. || ADD.D ${TEB},A0,${TEB}
  408. || EXTU $s[1],EXT3,24,$Td3[1]
  409. || EXTU $s[0],EXT1,24,$Td1[0]
  410. LDBU *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0
  411. || LDBU *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1
  412. || XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled
  413. || XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled
  414. || EXTU $s[0],EXT0,24,$Td0[0]
  415. || EXTU $s[1],EXT0,24,$Td0[1]
  416. LDBU *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0
  417. || LDBU *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1
  418. || EXTU $s[2],EXT2,24,$Td2[2]
  419. || EXTU $s[3],EXT2,24,$Td2[3]
  420. LDBU *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0
  421. || LDBU *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1
  422. || EXTU $s[3],EXT1,24,$Td1[3]
  423. || EXTU $s[2],EXT3,24,$Td3[2]
  424. LDBU *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0
  425. || LDBU *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1
  426. || EXTU $s[1],EXT1,24,$Td1[1]
  427. || EXTU $s[0],EXT3,24,$Td3[0]
  428. LDBU *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2
  429. || LDBU *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3
  430. || EXTU $s[0],EXT2,24,$Td2[0]
  431. || EXTU $s[1],EXT2,24,$Td2[1]
  432. LDBU *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2
  433. || LDBU *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3
  434. || EXTU $s[3],EXT3,24,$Td3[3]
  435. || EXTU $s[2],EXT1,24,$Td1[2]
  436. LDBU *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2
  437. || LDBU *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3
  438. || EXTU $s[2],EXT0,24,$Td0[2]
  439. || EXTU $s[3],EXT0,24,$Td0[3]
  440. LDBU *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2
  441. || LDBU *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3
  442. .if .BIG_ENDIAN
  443. PACK2 $Td0[0],$Td1[3],$Td0[0]
  444. || PACK2 $Td0[1],$Td1[0],$Td0[1]
  445. PACK2 $Td2[2],$Td3[1],$Td2[2]
  446. || PACK2 $Td2[3],$Td3[2],$Td2[3]
  447. PACKL4 $Td0[0],$Td2[2],$Td0[0]
  448. || PACKL4 $Td0[1],$Td2[3],$Td0[1]
  449. XOR $K[0],$Td0[0],$Td0[0] ; s[0]
  450. || XOR $K[1],$Td0[1],$Td0[1] ; s[1]
  451. PACK2 $Td0[2],$Td1[1],$Td0[2]
  452. || PACK2 $Td0[3],$Td1[2],$Td0[3]
  453. PACK2 $Td2[0],$Td3[3],$Td2[0]
  454. || PACK2 $Td2[1],$Td3[0],$Td2[1]
  455. || BNOP RA
  456. PACKL4 $Td0[2],$Td2[0],$Td0[2]
  457. || PACKL4 $Td0[3],$Td2[1],$Td0[3]
  458. XOR $K[2],$Td0[2],$Td0[2] ; s[2]
  459. || XOR $K[3],$Td0[3],$Td0[3] ; s[3]
  460. MV $Td0[0],A9
  461. || MV $Td0[1],A8
  462. MV $Td0[2],B9
  463. || MV $Td0[3],B8
  464. || [B2] STNDW A9:A8,*OUT++
  465. [B2] STNDW B9:B8,*OUT++
  466. .else
  467. PACK2 $Td1[3],$Td0[0],$Td1[3]
  468. || PACK2 $Td1[0],$Td0[1],$Td1[0]
  469. PACK2 $Td3[1],$Td2[2],$Td3[1]
  470. || PACK2 $Td3[2],$Td2[3],$Td3[2]
  471. PACKL4 $Td3[1],$Td1[3],$Td1[3]
  472. || PACKL4 $Td3[2],$Td1[0],$Td1[0]
  473. XOR $K[0],$Td1[3],$Td1[3] ; s[0]
  474. || XOR $K[1],$Td1[0],$Td1[0] ; s[1]
  475. PACK2 $Td1[1],$Td0[2],$Td1[1]
  476. || PACK2 $Td1[2],$Td0[3],$Td1[2]
  477. PACK2 $Td3[3],$Td2[0],$Td3[3]
  478. || PACK2 $Td3[0],$Td2[1],$Td3[0]
  479. || BNOP RA
  480. PACKL4 $Td3[3],$Td1[1],$Td1[1]
  481. || PACKL4 $Td3[0],$Td1[2],$Td1[2]
  482. XOR $K[2],$Td1[1],$Td1[1] ; s[2]
  483. || XOR $K[3],$Td1[2],$Td1[2] ; s[3]
  484. MV $Td1[3],A8
  485. || MV $Td1[0],A9
  486. MV $Td1[1],B8
  487. || MV $Td1[2],B9
  488. || [B2] STNDW A9:A8,*OUT++
  489. [B2] STNDW B9:B8,*OUT++
  490. .endif
  491. .endasmfunc
  492. ___
  493. {
  494. my @K=(@K,@s); # extended key
  495. my @Te4=map("B$_",(16..19));
  496. my @Kx9=@Te0; # used in AES_set_decrypt_key
  497. my @KxB=@Te1;
  498. my @KxD=@Te2;
  499. my @KxE=@Te3;
  500. $code.=<<___;
  501. .asg OUT,BITS
  502. .global _AES_set_encrypt_key
  503. _AES_set_encrypt_key:
  504. __set_encrypt_key:
  505. .asmfunc
  506. MV INP,A0
  507. || SHRU BITS,5,BITS ; 128-192-256 -> 4-6-8
  508. || MV KEY,A1
  509. [!A0] B RA
  510. ||[!A0] MVK -1,RET
  511. ||[!A0] MVK 1,A1 ; only one B RA
  512. [!A1] B RA
  513. ||[!A1] MVK -1,RET
  514. ||[!A1] MVK 0,A0
  515. || MVK 0,B0
  516. || MVK 0,A1
  517. [A0] LDNDW *INP++,A9:A8
  518. || [A0] CMPEQ 4,BITS,B0
  519. || [A0] CMPLT 3,BITS,A1
  520. [B0] B key128?
  521. || [A1] LDNDW *INP++,B9:B8
  522. || [A0] CMPEQ 6,BITS,B0
  523. || [A0] CMPLT 5,BITS,A1
  524. [B0] B key192?
  525. || [A1] LDNDW *INP++,B17:B16
  526. || [A0] CMPEQ 8,BITS,B0
  527. || [A0] CMPLT 7,BITS,A1
  528. [B0] B key256?
  529. || [A1] LDNDW *INP++,B19:B18
  530. .if __TI_EABI__
  531. [A0] ADD 0,KEY,$KPA
  532. || [A0] ADD 4,KEY,$KPB
  533. || [A0] MVKL \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
  534. || [A0] ADDKPC __set_encrypt_key,B6
  535. [A0] MVKH \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA
  536. [A0] ADD B6,$TEA,$TEA ; AES_Te4
  537. .else
  538. [A0] ADD 0,KEY,$KPA
  539. || [A0] ADD 4,KEY,$KPB
  540. || [A0] MVKL (AES_Te4-__set_encrypt_key),$TEA
  541. || [A0] ADDKPC __set_encrypt_key,B6
  542. [A0] MVKH (AES_Te4-__set_encrypt_key),$TEA
  543. [A0] ADD B6,$TEA,$TEA ; AES_Te4
  544. .endif
  545. NOP
  546. NOP
  547. BNOP RA,5
  548. || MVK -2,RET ; unknown bit length
  549. || MVK 0,B0 ; redundant
  550. ;;====================================================================
  551. ;;====================================================================
  552. key128?:
  553. .if .BIG_ENDIAN
  554. MV A9,$K[0]
  555. || MV A8,$K[1]
  556. || MV B9,$Te4[2]
  557. || MV B8,$K[3]
  558. .else
  559. MV A8,$K[0]
  560. || MV A9,$K[1]
  561. || MV B8,$Te4[2]
  562. || MV B9,$K[3]
  563. .endif
  564. MVK 256,A0
  565. || MVK 9,B0
  566. SPLOOPD 14
  567. || MVC B0,ILC
  568. || MV $TEA,$TEB
  569. || ADD $TEA,A0,A30 ; rcon
  570. ;;====================================================================
  571. LDW *A30++[1],A31 ; rcon[i]
  572. || MV $Te4[2],$K[2]
  573. || EXTU $K[3],EXT1,24,$Te4[0]
  574. LDBU *${TEB}[$Te4[0]],$Te4[0]
  575. || MV $K[3],A0
  576. || EXTU $K[3],EXT2,24,$Te4[1]
  577. LDBU *${TEB}[$Te4[1]],$Te4[1]
  578. || EXTU A0,EXT3,24,A0
  579. || EXTU $K[3],EXT0,24,$Te4[3]
  580. .if .BIG_ENDIAN
  581. LDBU *${TEA}[A0],$Te4[3]
  582. || LDBU *${TEB}[$Te4[3]],A0
  583. .else
  584. LDBU *${TEA}[A0],A0
  585. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  586. .endif
  587. STW $K[0],*$KPA++[2]
  588. || STW $K[1],*$KPB++[2]
  589. STW $K[2],*$KPA++[2]
  590. || STW $K[3],*$KPB++[2]
  591. XOR A31,$K[0],$K[0] ; ^=rcon[i]
  592. .if .BIG_ENDIAN
  593. PACK2 $Te4[0],$Te4[1],$Te4[1]
  594. PACK2 $Te4[3],A0,$Te4[3]
  595. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  596. .else
  597. PACK2 $Te4[1],$Te4[0],$Te4[1]
  598. PACK2 $Te4[3],A0,$Te4[3]
  599. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  600. .endif
  601. XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  602. XOR $Te4[0],$K[1],$K[1] ; K[1]
  603. MV $Te4[0],$K[0]
  604. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  605. XOR $Te4[2],$K[3],$K[3] ; K[3]
  606. SPKERNEL
  607. ;;====================================================================
  608. BNOP RA
  609. MV $Te4[2],$K[2]
  610. || STW $K[0],*$KPA++[2]
  611. || STW $K[1],*$KPB++[2]
  612. STW $K[2],*$KPA++[2]
  613. || STW $K[3],*$KPB++[2]
  614. MVK 10,B0 ; rounds
  615. STW B0,*++${KPB}[15]
  616. MVK 0,RET
  617. ;;====================================================================
  618. ;;====================================================================
  619. key192?:
  620. .if .BIG_ENDIAN
  621. MV A9,$K[0]
  622. || MV A8,$K[1]
  623. || MV B9,$K[2]
  624. || MV B8,$K[3]
  625. MV B17,$Te4[2]
  626. || MV B16,$K[5]
  627. .else
  628. MV A8,$K[0]
  629. || MV A9,$K[1]
  630. || MV B8,$K[2]
  631. || MV B9,$K[3]
  632. MV B16,$Te4[2]
  633. || MV B17,$K[5]
  634. .endif
  635. MVK 256,A0
  636. || MVK 6,B0
  637. MV $TEA,$TEB
  638. || ADD $TEA,A0,A30 ; rcon
  639. ;;====================================================================
  640. loop192?:
  641. LDW *A30++[1],A31 ; rcon[i]
  642. || MV $Te4[2],$K[4]
  643. || EXTU $K[5],EXT1,24,$Te4[0]
  644. LDBU *${TEB}[$Te4[0]],$Te4[0]
  645. || MV $K[5],A0
  646. || EXTU $K[5],EXT2,24,$Te4[1]
  647. LDBU *${TEB}[$Te4[1]],$Te4[1]
  648. || EXTU A0,EXT3,24,A0
  649. || EXTU $K[5],EXT0,24,$Te4[3]
  650. .if .BIG_ENDIAN
  651. LDBU *${TEA}[A0],$Te4[3]
  652. || LDBU *${TEB}[$Te4[3]],A0
  653. .else
  654. LDBU *${TEA}[A0],A0
  655. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  656. .endif
  657. STW $K[0],*$KPA++[2]
  658. || STW $K[1],*$KPB++[2]
  659. STW $K[2],*$KPA++[2]
  660. || STW $K[3],*$KPB++[2]
  661. STW $K[4],*$KPA++[2]
  662. || STW $K[5],*$KPB++[2]
  663. XOR A31,$K[0],$K[0] ; ^=rcon[i]
  664. .if .BIG_ENDIAN
  665. PACK2 $Te4[0],$Te4[1],$Te4[1]
  666. || PACK2 $Te4[3],A0,$Te4[3]
  667. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  668. .else
  669. PACK2 $Te4[1],$Te4[0],$Te4[1]
  670. || PACK2 $Te4[3],A0,$Te4[3]
  671. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  672. .endif
  673. BDEC loop192?,B0
  674. || XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  675. XOR $Te4[0],$K[1],$K[1] ; K[1]
  676. MV $Te4[0],$K[0]
  677. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  678. XOR $Te4[2],$K[3],$K[3] ; K[3]
  679. MV $Te4[2],$K[2]
  680. || XOR $K[3],$K[4],$Te4[2] ; K[4]
  681. XOR $Te4[2],$K[5],$K[5] ; K[5]
  682. ;;====================================================================
  683. BNOP RA
  684. STW $K[0],*$KPA++[2]
  685. || STW $K[1],*$KPB++[2]
  686. STW $K[2],*$KPA++[2]
  687. || STW $K[3],*$KPB++[2]
  688. MVK 12,B0 ; rounds
  689. STW B0,*++${KPB}[7]
  690. MVK 0,RET
  691. ;;====================================================================
  692. ;;====================================================================
  693. key256?:
  694. .if .BIG_ENDIAN
  695. MV A9,$K[0]
  696. || MV A8,$K[1]
  697. || MV B9,$K[2]
  698. || MV B8,$K[3]
  699. MV B17,$K[4]
  700. || MV B16,$K[5]
  701. || MV B19,$Te4[2]
  702. || MV B18,$K[7]
  703. .else
  704. MV A8,$K[0]
  705. || MV A9,$K[1]
  706. || MV B8,$K[2]
  707. || MV B9,$K[3]
  708. MV B16,$K[4]
  709. || MV B17,$K[5]
  710. || MV B18,$Te4[2]
  711. || MV B19,$K[7]
  712. .endif
  713. MVK 256,A0
  714. || MVK 6,B0
  715. MV $TEA,$TEB
  716. || ADD $TEA,A0,A30 ; rcon
  717. ;;====================================================================
  718. loop256?:
  719. LDW *A30++[1],A31 ; rcon[i]
  720. || MV $Te4[2],$K[6]
  721. || EXTU $K[7],EXT1,24,$Te4[0]
  722. LDBU *${TEB}[$Te4[0]],$Te4[0]
  723. || MV $K[7],A0
  724. || EXTU $K[7],EXT2,24,$Te4[1]
  725. LDBU *${TEB}[$Te4[1]],$Te4[1]
  726. || EXTU A0,EXT3,24,A0
  727. || EXTU $K[7],EXT0,24,$Te4[3]
  728. .if .BIG_ENDIAN
  729. LDBU *${TEA}[A0],$Te4[3]
  730. || LDBU *${TEB}[$Te4[3]],A0
  731. .else
  732. LDBU *${TEA}[A0],A0
  733. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  734. .endif
  735. STW $K[0],*$KPA++[2]
  736. || STW $K[1],*$KPB++[2]
  737. STW $K[2],*$KPA++[2]
  738. || STW $K[3],*$KPB++[2]
  739. STW $K[4],*$KPA++[2]
  740. || STW $K[5],*$KPB++[2]
  741. STW $K[6],*$KPA++[2]
  742. || STW $K[7],*$KPB++[2]
  743. || XOR A31,$K[0],$K[0] ; ^=rcon[i]
  744. .if .BIG_ENDIAN
  745. PACK2 $Te4[0],$Te4[1],$Te4[1]
  746. || PACK2 $Te4[3],A0,$Te4[3]
  747. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  748. ||[!B0] B done256?
  749. .else
  750. PACK2 $Te4[1],$Te4[0],$Te4[1]
  751. || PACK2 $Te4[3],A0,$Te4[3]
  752. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  753. ||[!B0] B done256?
  754. .endif
  755. XOR $Te4[3],$K[0],$Te4[0] ; K[0]
  756. XOR $Te4[0],$K[1],$K[1] ; K[1]
  757. MV $Te4[0],$K[0]
  758. || XOR $K[1],$K[2],$Te4[2] ; K[2]
  759. XOR $Te4[2],$K[3],$K[3] ; K[3]
  760. MV $Te4[2],$K[2]
  761. || [B0] EXTU $K[3],EXT0,24,$Te4[0]
  762. || [B0] SUB B0,1,B0
  763. LDBU *${TEB}[$Te4[0]],$Te4[0]
  764. || MV $K[3],A0
  765. || EXTU $K[3],EXT1,24,$Te4[1]
  766. LDBU *${TEB}[$Te4[1]],$Te4[1]
  767. || EXTU A0,EXT2,24,A0
  768. || EXTU $K[3],EXT3,24,$Te4[3]
  769. .if .BIG_ENDIAN
  770. LDBU *${TEA}[A0],$Te4[3]
  771. || LDBU *${TEB}[$Te4[3]],A0
  772. NOP 3
  773. PACK2 $Te4[0],$Te4[1],$Te4[1]
  774. PACK2 $Te4[3],A0,$Te4[3]
  775. || B loop256?
  776. PACKL4 $Te4[1],$Te4[3],$Te4[3]
  777. .else
  778. LDBU *${TEA}[A0],A0
  779. || LDBU *${TEB}[$Te4[3]],$Te4[3]
  780. NOP 3
  781. PACK2 $Te4[1],$Te4[0],$Te4[1]
  782. PACK2 $Te4[3],A0,$Te4[3]
  783. || B loop256?
  784. PACKL4 $Te4[3],$Te4[1],$Te4[3]
  785. .endif
  786. XOR $Te4[3],$K[4],$Te4[0] ; K[4]
  787. XOR $Te4[0],$K[5],$K[5] ; K[5]
  788. MV $Te4[0],$K[4]
  789. || XOR $K[5],$K[6],$Te4[2] ; K[6]
  790. XOR $Te4[2],$K[7],$K[7] ; K[7]
  791. ;;====================================================================
  792. done256?:
  793. BNOP RA
  794. STW $K[0],*$KPA++[2]
  795. || STW $K[1],*$KPB++[2]
  796. STW $K[2],*$KPA++[2]
  797. || STW $K[3],*$KPB++[2]
  798. MVK 14,B0 ; rounds
  799. STW B0,*--${KPB}[1]
  800. MVK 0,RET
  801. .endasmfunc
  802. .global _AES_set_decrypt_key
  803. _AES_set_decrypt_key:
  804. .asmfunc
  805. B __set_encrypt_key ; guarantee local call
  806. MV KEY,B30 ; B30 is not modified
  807. MV RA, B31 ; B31 is not modified
  808. ADDKPC ret?,RA,2
  809. ret?: ; B0 holds rounds or zero
  810. [!B0] BNOP B31 ; return if zero
  811. [B0] SHL B0,4,A0 ; offset to last round key
  812. [B0] SHRU B0,1,B1
  813. [B0] SUB B1,1,B1
  814. [B0] MVK 0x0000001B,B3 ; AES polynomial
  815. [B0] MVKH 0x07000000,B3
  816. SPLOOPD 9 ; flip round keys
  817. || MVC B1,ILC
  818. || MV B30,$KPA
  819. || ADD B30,A0,$KPB
  820. || MVK 16,A0 ; sizeof(round key)
  821. ;;====================================================================
  822. LDW *${KPA}[0],A16
  823. || LDW *${KPB}[0],B16
  824. LDW *${KPA}[1],A17
  825. || LDW *${KPB}[1],B17
  826. LDW *${KPA}[2],A18
  827. || LDW *${KPB}[2],B18
  828. LDW *${KPA}[3],A19
  829. || ADD $KPA,A0,$KPA
  830. || LDW *${KPB}[3],B19
  831. || SUB $KPB,A0,$KPB
  832. NOP
  833. STW B16,*${KPA}[-4]
  834. || STW A16,*${KPB}[4]
  835. STW B17,*${KPA}[-3]
  836. || STW A17,*${KPB}[5]
  837. STW B18,*${KPA}[-2]
  838. || STW A18,*${KPB}[6]
  839. STW B19,*${KPA}[-1]
  840. || STW A19,*${KPB}[7]
  841. SPKERNEL
  842. ;;====================================================================
  843. SUB B0,1,B0 ; skip last round
  844. || ADD B30,A0,$KPA ; skip first round
  845. || ADD B30,A0,$KPB
  846. || MVC GFPGFR,B30 ; save GFPGFR
  847. LDW *${KPA}[0],$K[0]
  848. || LDW *${KPB}[1],$K[1]
  849. || MVC B3,GFPGFR
  850. LDW *${KPA}[2],$K[2]
  851. || LDW *${KPB}[3],$K[3]
  852. MVK 0x00000909,A24
  853. || MVK 0x00000B0B,B24
  854. MVKH 0x09090000,A24
  855. || MVKH 0x0B0B0000,B24
  856. MVC B0,ILC
  857. || SUB B0,1,B0
  858. GMPY4 $K[0],A24,$Kx9[0] ; ·0x09
  859. || GMPY4 $K[1],A24,$Kx9[1]
  860. || MVK 0x00000D0D,A25
  861. || MVK 0x00000E0E,B25
  862. GMPY4 $K[2],A24,$Kx9[2]
  863. || GMPY4 $K[3],A24,$Kx9[3]
  864. || MVKH 0x0D0D0000,A25
  865. || MVKH 0x0E0E0000,B25
  866. GMPY4 $K[0],B24,$KxB[0] ; ·0x0B
  867. || GMPY4 $K[1],B24,$KxB[1]
  868. GMPY4 $K[2],B24,$KxB[2]
  869. || GMPY4 $K[3],B24,$KxB[3]
  870. SPLOOP 11 ; InvMixColumns
  871. ;;====================================================================
  872. GMPY4 $K[0],A25,$KxD[0] ; ·0x0D
  873. || GMPY4 $K[1],A25,$KxD[1]
  874. || SWAP2 $Kx9[0],$Kx9[0] ; rotate by 16
  875. || SWAP2 $Kx9[1],$Kx9[1]
  876. || MV $K[0],$s[0] ; this or DINT
  877. || MV $K[1],$s[1]
  878. || [B0] LDW *${KPA}[4],$K[0]
  879. || [B0] LDW *${KPB}[5],$K[1]
  880. GMPY4 $K[2],A25,$KxD[2]
  881. || GMPY4 $K[3],A25,$KxD[3]
  882. || SWAP2 $Kx9[2],$Kx9[2]
  883. || SWAP2 $Kx9[3],$Kx9[3]
  884. || MV $K[2],$s[2]
  885. || MV $K[3],$s[3]
  886. || [B0] LDW *${KPA}[6],$K[2]
  887. || [B0] LDW *${KPB}[7],$K[3]
  888. GMPY4 $s[0],B25,$KxE[0] ; ·0x0E
  889. || GMPY4 $s[1],B25,$KxE[1]
  890. || XOR $Kx9[0],$KxB[0],$KxB[0]
  891. || XOR $Kx9[1],$KxB[1],$KxB[1]
  892. GMPY4 $s[2],B25,$KxE[2]
  893. || GMPY4 $s[3],B25,$KxE[3]
  894. || XOR $Kx9[2],$KxB[2],$KxB[2]
  895. || XOR $Kx9[3],$KxB[3],$KxB[3]
  896. ROTL $KxB[0],TBL3,$KxB[0]
  897. || ROTL $KxB[1],TBL3,$KxB[1]
  898. || SWAP2 $KxD[0],$KxD[0] ; rotate by 16
  899. || SWAP2 $KxD[1],$KxD[1]
  900. ROTL $KxB[2],TBL3,$KxB[2]
  901. || ROTL $KxB[3],TBL3,$KxB[3]
  902. || SWAP2 $KxD[2],$KxD[2]
  903. || SWAP2 $KxD[3],$KxD[3]
  904. XOR $KxE[0],$KxD[0],$KxE[0]
  905. || XOR $KxE[1],$KxD[1],$KxE[1]
  906. || [B0] GMPY4 $K[0],A24,$Kx9[0] ; ·0x09
  907. || [B0] GMPY4 $K[1],A24,$Kx9[1]
  908. || ADDAW $KPA,4,$KPA
  909. XOR $KxE[2],$KxD[2],$KxE[2]
  910. || XOR $KxE[3],$KxD[3],$KxE[3]
  911. || [B0] GMPY4 $K[2],A24,$Kx9[2]
  912. || [B0] GMPY4 $K[3],A24,$Kx9[3]
  913. || ADDAW $KPB,4,$KPB
  914. XOR $KxB[0],$KxE[0],$KxE[0]
  915. || XOR $KxB[1],$KxE[1],$KxE[1]
  916. || [B0] GMPY4 $K[0],B24,$KxB[0] ; ·0x0B
  917. || [B0] GMPY4 $K[1],B24,$KxB[1]
  918. XOR $KxB[2],$KxE[2],$KxE[2]
  919. || XOR $KxB[3],$KxE[3],$KxE[3]
  920. || [B0] GMPY4 $K[2],B24,$KxB[2]
  921. || [B0] GMPY4 $K[3],B24,$KxB[3]
  922. || STW $KxE[0],*${KPA}[-4]
  923. || STW $KxE[1],*${KPB}[-3]
  924. STW $KxE[2],*${KPA}[-2]
  925. || STW $KxE[3],*${KPB}[-1]
  926. || [B0] SUB B0,1,B0
  927. SPKERNEL
  928. ;;====================================================================
  929. BNOP B31,3
  930. MVC B30,GFPGFR ; restore GFPGFR(*)
  931. MVK 0,RET
  932. .endasmfunc
  933. ___
  934. # (*) Even though ABI doesn't specify GFPGFR as non-volatile, there
  935. # are code samples out there that *assume* its default value.
  936. }
  937. {
  938. my ($inp,$out,$blocks,$key,$ivp)=("A4","B4","A6","B6","A8");
  939. $code.=<<___;
  940. .global _AES_ctr32_encrypt
  941. _AES_ctr32_encrypt:
  942. .asmfunc
  943. LDNDW *${ivp}[0],A31:A30 ; load counter value
  944. || MV $blocks,A2 ; reassign $blocks
  945. || DMV RA,$key,B27:B26 ; reassign RA and $key
  946. LDNDW *${ivp}[1],B31:B30
  947. || MVK 0,B2 ; don't let __encrypt load input
  948. || MVK 0,A1 ; and postpone writing output
  949. .if .BIG_ENDIAN
  950. NOP
  951. .else
  952. NOP 4
  953. SWAP2 B31,B31 ; keep least significant 32 bits
  954. SWAP4 B31,B31 ; in host byte order
  955. .endif
  956. ctr32_loop?:
  957. [A2] BNOP __encrypt
  958. || [A1] XOR A29,A9,A9 ; input^Ek(counter)
  959. || [A1] XOR A28,A8,A8
  960. || [A2] LDNDW *INP++,A29:A28 ; load input
  961. [!A2] BNOP B27 ; return
  962. || [A1] XOR B29,B9,B9
  963. || [A1] XOR B28,B8,B8
  964. || [A2] LDNDW *INP++,B29:B28
  965. .if .BIG_ENDIAN
  966. [A1] STNDW A9:A8,*OUT++ ; save output
  967. || [A2] DMV A31,A30,A9:A8 ; pass counter value to __encrypt
  968. [A1] STNDW B9:B8,*OUT++
  969. || [A2] DMV B31,B30,B9:B8
  970. || [A2] ADD B30,1,B30 ; counter++
  971. .else
  972. [A1] STNDW A9:A8,*OUT++ ; save output
  973. || [A2] DMV A31,A30,A9:A8
  974. || [A2] SWAP2 B31,B0
  975. || [A2] ADD B31,1,B31 ; counter++
  976. [A1] STNDW B9:B8,*OUT++
  977. || [A2] MV B30,B8
  978. || [A2] SWAP4 B0,B9
  979. .endif
  980. [A2] ADDKPC ctr32_loop?,RA ; return to ctr32_loop?
  981. || [A2] MV B26,KEY ; pass $key
  982. || [A2] SUB A2,1,A2 ; $blocks--
  983. ||[!A1] MVK 1,A1
  984. NOP
  985. NOP
  986. .endasmfunc
  987. ___
  988. }
  989. # Tables are kept in endian-neutral manner
  990. $code.=<<___;
  991. .if __TI_EABI__
  992. .sect ".text:aes_asm.const"
  993. .else
  994. .sect ".const:aes_asm"
  995. .endif
  996. .align 128
  997. AES_Te:
  998. .byte 0xc6,0x63,0x63,0xa5, 0xf8,0x7c,0x7c,0x84
  999. .byte 0xee,0x77,0x77,0x99, 0xf6,0x7b,0x7b,0x8d
  1000. .byte 0xff,0xf2,0xf2,0x0d, 0xd6,0x6b,0x6b,0xbd
  1001. .byte 0xde,0x6f,0x6f,0xb1, 0x91,0xc5,0xc5,0x54
  1002. .byte 0x60,0x30,0x30,0x50, 0x02,0x01,0x01,0x03
  1003. .byte 0xce,0x67,0x67,0xa9, 0x56,0x2b,0x2b,0x7d
  1004. .byte 0xe7,0xfe,0xfe,0x19, 0xb5,0xd7,0xd7,0x62
  1005. .byte 0x4d,0xab,0xab,0xe6, 0xec,0x76,0x76,0x9a
  1006. .byte 0x8f,0xca,0xca,0x45, 0x1f,0x82,0x82,0x9d
  1007. .byte 0x89,0xc9,0xc9,0x40, 0xfa,0x7d,0x7d,0x87
  1008. .byte 0xef,0xfa,0xfa,0x15, 0xb2,0x59,0x59,0xeb
  1009. .byte 0x8e,0x47,0x47,0xc9, 0xfb,0xf0,0xf0,0x0b
  1010. .byte 0x41,0xad,0xad,0xec, 0xb3,0xd4,0xd4,0x67
  1011. .byte 0x5f,0xa2,0xa2,0xfd, 0x45,0xaf,0xaf,0xea
  1012. .byte 0x23,0x9c,0x9c,0xbf, 0x53,0xa4,0xa4,0xf7
  1013. .byte 0xe4,0x72,0x72,0x96, 0x9b,0xc0,0xc0,0x5b
  1014. .byte 0x75,0xb7,0xb7,0xc2, 0xe1,0xfd,0xfd,0x1c
  1015. .byte 0x3d,0x93,0x93,0xae, 0x4c,0x26,0x26,0x6a
  1016. .byte 0x6c,0x36,0x36,0x5a, 0x7e,0x3f,0x3f,0x41
  1017. .byte 0xf5,0xf7,0xf7,0x02, 0x83,0xcc,0xcc,0x4f
  1018. .byte 0x68,0x34,0x34,0x5c, 0x51,0xa5,0xa5,0xf4
  1019. .byte 0xd1,0xe5,0xe5,0x34, 0xf9,0xf1,0xf1,0x08
  1020. .byte 0xe2,0x71,0x71,0x93, 0xab,0xd8,0xd8,0x73
  1021. .byte 0x62,0x31,0x31,0x53, 0x2a,0x15,0x15,0x3f
  1022. .byte 0x08,0x04,0x04,0x0c, 0x95,0xc7,0xc7,0x52
  1023. .byte 0x46,0x23,0x23,0x65, 0x9d,0xc3,0xc3,0x5e
  1024. .byte 0x30,0x18,0x18,0x28, 0x37,0x96,0x96,0xa1
  1025. .byte 0x0a,0x05,0x05,0x0f, 0x2f,0x9a,0x9a,0xb5
  1026. .byte 0x0e,0x07,0x07,0x09, 0x24,0x12,0x12,0x36
  1027. .byte 0x1b,0x80,0x80,0x9b, 0xdf,0xe2,0xe2,0x3d
  1028. .byte 0xcd,0xeb,0xeb,0x26, 0x4e,0x27,0x27,0x69
  1029. .byte 0x7f,0xb2,0xb2,0xcd, 0xea,0x75,0x75,0x9f
  1030. .byte 0x12,0x09,0x09,0x1b, 0x1d,0x83,0x83,0x9e
  1031. .byte 0x58,0x2c,0x2c,0x74, 0x34,0x1a,0x1a,0x2e
  1032. .byte 0x36,0x1b,0x1b,0x2d, 0xdc,0x6e,0x6e,0xb2
  1033. .byte 0xb4,0x5a,0x5a,0xee, 0x5b,0xa0,0xa0,0xfb
  1034. .byte 0xa4,0x52,0x52,0xf6, 0x76,0x3b,0x3b,0x4d
  1035. .byte 0xb7,0xd6,0xd6,0x61, 0x7d,0xb3,0xb3,0xce
  1036. .byte 0x52,0x29,0x29,0x7b, 0xdd,0xe3,0xe3,0x3e
  1037. .byte 0x5e,0x2f,0x2f,0x71, 0x13,0x84,0x84,0x97
  1038. .byte 0xa6,0x53,0x53,0xf5, 0xb9,0xd1,0xd1,0x68
  1039. .byte 0x00,0x00,0x00,0x00, 0xc1,0xed,0xed,0x2c
  1040. .byte 0x40,0x20,0x20,0x60, 0xe3,0xfc,0xfc,0x1f
  1041. .byte 0x79,0xb1,0xb1,0xc8, 0xb6,0x5b,0x5b,0xed
  1042. .byte 0xd4,0x6a,0x6a,0xbe, 0x8d,0xcb,0xcb,0x46
  1043. .byte 0x67,0xbe,0xbe,0xd9, 0x72,0x39,0x39,0x4b
  1044. .byte 0x94,0x4a,0x4a,0xde, 0x98,0x4c,0x4c,0xd4
  1045. .byte 0xb0,0x58,0x58,0xe8, 0x85,0xcf,0xcf,0x4a
  1046. .byte 0xbb,0xd0,0xd0,0x6b, 0xc5,0xef,0xef,0x2a
  1047. .byte 0x4f,0xaa,0xaa,0xe5, 0xed,0xfb,0xfb,0x16
  1048. .byte 0x86,0x43,0x43,0xc5, 0x9a,0x4d,0x4d,0xd7
  1049. .byte 0x66,0x33,0x33,0x55, 0x11,0x85,0x85,0x94
  1050. .byte 0x8a,0x45,0x45,0xcf, 0xe9,0xf9,0xf9,0x10
  1051. .byte 0x04,0x02,0x02,0x06, 0xfe,0x7f,0x7f,0x81
  1052. .byte 0xa0,0x50,0x50,0xf0, 0x78,0x3c,0x3c,0x44
  1053. .byte 0x25,0x9f,0x9f,0xba, 0x4b,0xa8,0xa8,0xe3
  1054. .byte 0xa2,0x51,0x51,0xf3, 0x5d,0xa3,0xa3,0xfe
  1055. .byte 0x80,0x40,0x40,0xc0, 0x05,0x8f,0x8f,0x8a
  1056. .byte 0x3f,0x92,0x92,0xad, 0x21,0x9d,0x9d,0xbc
  1057. .byte 0x70,0x38,0x38,0x48, 0xf1,0xf5,0xf5,0x04
  1058. .byte 0x63,0xbc,0xbc,0xdf, 0x77,0xb6,0xb6,0xc1
  1059. .byte 0xaf,0xda,0xda,0x75, 0x42,0x21,0x21,0x63
  1060. .byte 0x20,0x10,0x10,0x30, 0xe5,0xff,0xff,0x1a
  1061. .byte 0xfd,0xf3,0xf3,0x0e, 0xbf,0xd2,0xd2,0x6d
  1062. .byte 0x81,0xcd,0xcd,0x4c, 0x18,0x0c,0x0c,0x14
  1063. .byte 0x26,0x13,0x13,0x35, 0xc3,0xec,0xec,0x2f
  1064. .byte 0xbe,0x5f,0x5f,0xe1, 0x35,0x97,0x97,0xa2
  1065. .byte 0x88,0x44,0x44,0xcc, 0x2e,0x17,0x17,0x39
  1066. .byte 0x93,0xc4,0xc4,0x57, 0x55,0xa7,0xa7,0xf2
  1067. .byte 0xfc,0x7e,0x7e,0x82, 0x7a,0x3d,0x3d,0x47
  1068. .byte 0xc8,0x64,0x64,0xac, 0xba,0x5d,0x5d,0xe7
  1069. .byte 0x32,0x19,0x19,0x2b, 0xe6,0x73,0x73,0x95
  1070. .byte 0xc0,0x60,0x60,0xa0, 0x19,0x81,0x81,0x98
  1071. .byte 0x9e,0x4f,0x4f,0xd1, 0xa3,0xdc,0xdc,0x7f
  1072. .byte 0x44,0x22,0x22,0x66, 0x54,0x2a,0x2a,0x7e
  1073. .byte 0x3b,0x90,0x90,0xab, 0x0b,0x88,0x88,0x83
  1074. .byte 0x8c,0x46,0x46,0xca, 0xc7,0xee,0xee,0x29
  1075. .byte 0x6b,0xb8,0xb8,0xd3, 0x28,0x14,0x14,0x3c
  1076. .byte 0xa7,0xde,0xde,0x79, 0xbc,0x5e,0x5e,0xe2
  1077. .byte 0x16,0x0b,0x0b,0x1d, 0xad,0xdb,0xdb,0x76
  1078. .byte 0xdb,0xe0,0xe0,0x3b, 0x64,0x32,0x32,0x56
  1079. .byte 0x74,0x3a,0x3a,0x4e, 0x14,0x0a,0x0a,0x1e
  1080. .byte 0x92,0x49,0x49,0xdb, 0x0c,0x06,0x06,0x0a
  1081. .byte 0x48,0x24,0x24,0x6c, 0xb8,0x5c,0x5c,0xe4
  1082. .byte 0x9f,0xc2,0xc2,0x5d, 0xbd,0xd3,0xd3,0x6e
  1083. .byte 0x43,0xac,0xac,0xef, 0xc4,0x62,0x62,0xa6
  1084. .byte 0x39,0x91,0x91,0xa8, 0x31,0x95,0x95,0xa4
  1085. .byte 0xd3,0xe4,0xe4,0x37, 0xf2,0x79,0x79,0x8b
  1086. .byte 0xd5,0xe7,0xe7,0x32, 0x8b,0xc8,0xc8,0x43
  1087. .byte 0x6e,0x37,0x37,0x59, 0xda,0x6d,0x6d,0xb7
  1088. .byte 0x01,0x8d,0x8d,0x8c, 0xb1,0xd5,0xd5,0x64
  1089. .byte 0x9c,0x4e,0x4e,0xd2, 0x49,0xa9,0xa9,0xe0
  1090. .byte 0xd8,0x6c,0x6c,0xb4, 0xac,0x56,0x56,0xfa
  1091. .byte 0xf3,0xf4,0xf4,0x07, 0xcf,0xea,0xea,0x25
  1092. .byte 0xca,0x65,0x65,0xaf, 0xf4,0x7a,0x7a,0x8e
  1093. .byte 0x47,0xae,0xae,0xe9, 0x10,0x08,0x08,0x18
  1094. .byte 0x6f,0xba,0xba,0xd5, 0xf0,0x78,0x78,0x88
  1095. .byte 0x4a,0x25,0x25,0x6f, 0x5c,0x2e,0x2e,0x72
  1096. .byte 0x38,0x1c,0x1c,0x24, 0x57,0xa6,0xa6,0xf1
  1097. .byte 0x73,0xb4,0xb4,0xc7, 0x97,0xc6,0xc6,0x51
  1098. .byte 0xcb,0xe8,0xe8,0x23, 0xa1,0xdd,0xdd,0x7c
  1099. .byte 0xe8,0x74,0x74,0x9c, 0x3e,0x1f,0x1f,0x21
  1100. .byte 0x96,0x4b,0x4b,0xdd, 0x61,0xbd,0xbd,0xdc
  1101. .byte 0x0d,0x8b,0x8b,0x86, 0x0f,0x8a,0x8a,0x85
  1102. .byte 0xe0,0x70,0x70,0x90, 0x7c,0x3e,0x3e,0x42
  1103. .byte 0x71,0xb5,0xb5,0xc4, 0xcc,0x66,0x66,0xaa
  1104. .byte 0x90,0x48,0x48,0xd8, 0x06,0x03,0x03,0x05
  1105. .byte 0xf7,0xf6,0xf6,0x01, 0x1c,0x0e,0x0e,0x12
  1106. .byte 0xc2,0x61,0x61,0xa3, 0x6a,0x35,0x35,0x5f
  1107. .byte 0xae,0x57,0x57,0xf9, 0x69,0xb9,0xb9,0xd0
  1108. .byte 0x17,0x86,0x86,0x91, 0x99,0xc1,0xc1,0x58
  1109. .byte 0x3a,0x1d,0x1d,0x27, 0x27,0x9e,0x9e,0xb9
  1110. .byte 0xd9,0xe1,0xe1,0x38, 0xeb,0xf8,0xf8,0x13
  1111. .byte 0x2b,0x98,0x98,0xb3, 0x22,0x11,0x11,0x33
  1112. .byte 0xd2,0x69,0x69,0xbb, 0xa9,0xd9,0xd9,0x70
  1113. .byte 0x07,0x8e,0x8e,0x89, 0x33,0x94,0x94,0xa7
  1114. .byte 0x2d,0x9b,0x9b,0xb6, 0x3c,0x1e,0x1e,0x22
  1115. .byte 0x15,0x87,0x87,0x92, 0xc9,0xe9,0xe9,0x20
  1116. .byte 0x87,0xce,0xce,0x49, 0xaa,0x55,0x55,0xff
  1117. .byte 0x50,0x28,0x28,0x78, 0xa5,0xdf,0xdf,0x7a
  1118. .byte 0x03,0x8c,0x8c,0x8f, 0x59,0xa1,0xa1,0xf8
  1119. .byte 0x09,0x89,0x89,0x80, 0x1a,0x0d,0x0d,0x17
  1120. .byte 0x65,0xbf,0xbf,0xda, 0xd7,0xe6,0xe6,0x31
  1121. .byte 0x84,0x42,0x42,0xc6, 0xd0,0x68,0x68,0xb8
  1122. .byte 0x82,0x41,0x41,0xc3, 0x29,0x99,0x99,0xb0
  1123. .byte 0x5a,0x2d,0x2d,0x77, 0x1e,0x0f,0x0f,0x11
  1124. .byte 0x7b,0xb0,0xb0,0xcb, 0xa8,0x54,0x54,0xfc
  1125. .byte 0x6d,0xbb,0xbb,0xd6, 0x2c,0x16,0x16,0x3a
  1126. AES_Te4:
  1127. .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
  1128. .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
  1129. .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
  1130. .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
  1131. .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
  1132. .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
  1133. .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
  1134. .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
  1135. .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
  1136. .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
  1137. .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
  1138. .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
  1139. .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
  1140. .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
  1141. .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
  1142. .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
  1143. .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
  1144. .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
  1145. .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
  1146. .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
  1147. .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
  1148. .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
  1149. .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
  1150. .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
  1151. .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
  1152. .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
  1153. .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
  1154. .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
  1155. .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
  1156. .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
  1157. .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
  1158. .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
  1159. rcon:
  1160. .byte 0x01,0x00,0x00,0x00, 0x02,0x00,0x00,0x00
  1161. .byte 0x04,0x00,0x00,0x00, 0x08,0x00,0x00,0x00
  1162. .byte 0x10,0x00,0x00,0x00, 0x20,0x00,0x00,0x00
  1163. .byte 0x40,0x00,0x00,0x00, 0x80,0x00,0x00,0x00
  1164. .byte 0x1B,0x00,0x00,0x00, 0x36,0x00,0x00,0x00
  1165. .align 128
  1166. AES_Td:
  1167. .byte 0x51,0xf4,0xa7,0x50, 0x7e,0x41,0x65,0x53
  1168. .byte 0x1a,0x17,0xa4,0xc3, 0x3a,0x27,0x5e,0x96
  1169. .byte 0x3b,0xab,0x6b,0xcb, 0x1f,0x9d,0x45,0xf1
  1170. .byte 0xac,0xfa,0x58,0xab, 0x4b,0xe3,0x03,0x93
  1171. .byte 0x20,0x30,0xfa,0x55, 0xad,0x76,0x6d,0xf6
  1172. .byte 0x88,0xcc,0x76,0x91, 0xf5,0x02,0x4c,0x25
  1173. .byte 0x4f,0xe5,0xd7,0xfc, 0xc5,0x2a,0xcb,0xd7
  1174. .byte 0x26,0x35,0x44,0x80, 0xb5,0x62,0xa3,0x8f
  1175. .byte 0xde,0xb1,0x5a,0x49, 0x25,0xba,0x1b,0x67
  1176. .byte 0x45,0xea,0x0e,0x98, 0x5d,0xfe,0xc0,0xe1
  1177. .byte 0xc3,0x2f,0x75,0x02, 0x81,0x4c,0xf0,0x12
  1178. .byte 0x8d,0x46,0x97,0xa3, 0x6b,0xd3,0xf9,0xc6
  1179. .byte 0x03,0x8f,0x5f,0xe7, 0x15,0x92,0x9c,0x95
  1180. .byte 0xbf,0x6d,0x7a,0xeb, 0x95,0x52,0x59,0xda
  1181. .byte 0xd4,0xbe,0x83,0x2d, 0x58,0x74,0x21,0xd3
  1182. .byte 0x49,0xe0,0x69,0x29, 0x8e,0xc9,0xc8,0x44
  1183. .byte 0x75,0xc2,0x89,0x6a, 0xf4,0x8e,0x79,0x78
  1184. .byte 0x99,0x58,0x3e,0x6b, 0x27,0xb9,0x71,0xdd
  1185. .byte 0xbe,0xe1,0x4f,0xb6, 0xf0,0x88,0xad,0x17
  1186. .byte 0xc9,0x20,0xac,0x66, 0x7d,0xce,0x3a,0xb4
  1187. .byte 0x63,0xdf,0x4a,0x18, 0xe5,0x1a,0x31,0x82
  1188. .byte 0x97,0x51,0x33,0x60, 0x62,0x53,0x7f,0x45
  1189. .byte 0xb1,0x64,0x77,0xe0, 0xbb,0x6b,0xae,0x84
  1190. .byte 0xfe,0x81,0xa0,0x1c, 0xf9,0x08,0x2b,0x94
  1191. .byte 0x70,0x48,0x68,0x58, 0x8f,0x45,0xfd,0x19
  1192. .byte 0x94,0xde,0x6c,0x87, 0x52,0x7b,0xf8,0xb7
  1193. .byte 0xab,0x73,0xd3,0x23, 0x72,0x4b,0x02,0xe2
  1194. .byte 0xe3,0x1f,0x8f,0x57, 0x66,0x55,0xab,0x2a
  1195. .byte 0xb2,0xeb,0x28,0x07, 0x2f,0xb5,0xc2,0x03
  1196. .byte 0x86,0xc5,0x7b,0x9a, 0xd3,0x37,0x08,0xa5
  1197. .byte 0x30,0x28,0x87,0xf2, 0x23,0xbf,0xa5,0xb2
  1198. .byte 0x02,0x03,0x6a,0xba, 0xed,0x16,0x82,0x5c
  1199. .byte 0x8a,0xcf,0x1c,0x2b, 0xa7,0x79,0xb4,0x92
  1200. .byte 0xf3,0x07,0xf2,0xf0, 0x4e,0x69,0xe2,0xa1
  1201. .byte 0x65,0xda,0xf4,0xcd, 0x06,0x05,0xbe,0xd5
  1202. .byte 0xd1,0x34,0x62,0x1f, 0xc4,0xa6,0xfe,0x8a
  1203. .byte 0x34,0x2e,0x53,0x9d, 0xa2,0xf3,0x55,0xa0
  1204. .byte 0x05,0x8a,0xe1,0x32, 0xa4,0xf6,0xeb,0x75
  1205. .byte 0x0b,0x83,0xec,0x39, 0x40,0x60,0xef,0xaa
  1206. .byte 0x5e,0x71,0x9f,0x06, 0xbd,0x6e,0x10,0x51
  1207. .byte 0x3e,0x21,0x8a,0xf9, 0x96,0xdd,0x06,0x3d
  1208. .byte 0xdd,0x3e,0x05,0xae, 0x4d,0xe6,0xbd,0x46
  1209. .byte 0x91,0x54,0x8d,0xb5, 0x71,0xc4,0x5d,0x05
  1210. .byte 0x04,0x06,0xd4,0x6f, 0x60,0x50,0x15,0xff
  1211. .byte 0x19,0x98,0xfb,0x24, 0xd6,0xbd,0xe9,0x97
  1212. .byte 0x89,0x40,0x43,0xcc, 0x67,0xd9,0x9e,0x77
  1213. .byte 0xb0,0xe8,0x42,0xbd, 0x07,0x89,0x8b,0x88
  1214. .byte 0xe7,0x19,0x5b,0x38, 0x79,0xc8,0xee,0xdb
  1215. .byte 0xa1,0x7c,0x0a,0x47, 0x7c,0x42,0x0f,0xe9
  1216. .byte 0xf8,0x84,0x1e,0xc9, 0x00,0x00,0x00,0x00
  1217. .byte 0x09,0x80,0x86,0x83, 0x32,0x2b,0xed,0x48
  1218. .byte 0x1e,0x11,0x70,0xac, 0x6c,0x5a,0x72,0x4e
  1219. .byte 0xfd,0x0e,0xff,0xfb, 0x0f,0x85,0x38,0x56
  1220. .byte 0x3d,0xae,0xd5,0x1e, 0x36,0x2d,0x39,0x27
  1221. .byte 0x0a,0x0f,0xd9,0x64, 0x68,0x5c,0xa6,0x21
  1222. .byte 0x9b,0x5b,0x54,0xd1, 0x24,0x36,0x2e,0x3a
  1223. .byte 0x0c,0x0a,0x67,0xb1, 0x93,0x57,0xe7,0x0f
  1224. .byte 0xb4,0xee,0x96,0xd2, 0x1b,0x9b,0x91,0x9e
  1225. .byte 0x80,0xc0,0xc5,0x4f, 0x61,0xdc,0x20,0xa2
  1226. .byte 0x5a,0x77,0x4b,0x69, 0x1c,0x12,0x1a,0x16
  1227. .byte 0xe2,0x93,0xba,0x0a, 0xc0,0xa0,0x2a,0xe5
  1228. .byte 0x3c,0x22,0xe0,0x43, 0x12,0x1b,0x17,0x1d
  1229. .byte 0x0e,0x09,0x0d,0x0b, 0xf2,0x8b,0xc7,0xad
  1230. .byte 0x2d,0xb6,0xa8,0xb9, 0x14,0x1e,0xa9,0xc8
  1231. .byte 0x57,0xf1,0x19,0x85, 0xaf,0x75,0x07,0x4c
  1232. .byte 0xee,0x99,0xdd,0xbb, 0xa3,0x7f,0x60,0xfd
  1233. .byte 0xf7,0x01,0x26,0x9f, 0x5c,0x72,0xf5,0xbc
  1234. .byte 0x44,0x66,0x3b,0xc5, 0x5b,0xfb,0x7e,0x34
  1235. .byte 0x8b,0x43,0x29,0x76, 0xcb,0x23,0xc6,0xdc
  1236. .byte 0xb6,0xed,0xfc,0x68, 0xb8,0xe4,0xf1,0x63
  1237. .byte 0xd7,0x31,0xdc,0xca, 0x42,0x63,0x85,0x10
  1238. .byte 0x13,0x97,0x22,0x40, 0x84,0xc6,0x11,0x20
  1239. .byte 0x85,0x4a,0x24,0x7d, 0xd2,0xbb,0x3d,0xf8
  1240. .byte 0xae,0xf9,0x32,0x11, 0xc7,0x29,0xa1,0x6d
  1241. .byte 0x1d,0x9e,0x2f,0x4b, 0xdc,0xb2,0x30,0xf3
  1242. .byte 0x0d,0x86,0x52,0xec, 0x77,0xc1,0xe3,0xd0
  1243. .byte 0x2b,0xb3,0x16,0x6c, 0xa9,0x70,0xb9,0x99
  1244. .byte 0x11,0x94,0x48,0xfa, 0x47,0xe9,0x64,0x22
  1245. .byte 0xa8,0xfc,0x8c,0xc4, 0xa0,0xf0,0x3f,0x1a
  1246. .byte 0x56,0x7d,0x2c,0xd8, 0x22,0x33,0x90,0xef
  1247. .byte 0x87,0x49,0x4e,0xc7, 0xd9,0x38,0xd1,0xc1
  1248. .byte 0x8c,0xca,0xa2,0xfe, 0x98,0xd4,0x0b,0x36
  1249. .byte 0xa6,0xf5,0x81,0xcf, 0xa5,0x7a,0xde,0x28
  1250. .byte 0xda,0xb7,0x8e,0x26, 0x3f,0xad,0xbf,0xa4
  1251. .byte 0x2c,0x3a,0x9d,0xe4, 0x50,0x78,0x92,0x0d
  1252. .byte 0x6a,0x5f,0xcc,0x9b, 0x54,0x7e,0x46,0x62
  1253. .byte 0xf6,0x8d,0x13,0xc2, 0x90,0xd8,0xb8,0xe8
  1254. .byte 0x2e,0x39,0xf7,0x5e, 0x82,0xc3,0xaf,0xf5
  1255. .byte 0x9f,0x5d,0x80,0xbe, 0x69,0xd0,0x93,0x7c
  1256. .byte 0x6f,0xd5,0x2d,0xa9, 0xcf,0x25,0x12,0xb3
  1257. .byte 0xc8,0xac,0x99,0x3b, 0x10,0x18,0x7d,0xa7
  1258. .byte 0xe8,0x9c,0x63,0x6e, 0xdb,0x3b,0xbb,0x7b
  1259. .byte 0xcd,0x26,0x78,0x09, 0x6e,0x59,0x18,0xf4
  1260. .byte 0xec,0x9a,0xb7,0x01, 0x83,0x4f,0x9a,0xa8
  1261. .byte 0xe6,0x95,0x6e,0x65, 0xaa,0xff,0xe6,0x7e
  1262. .byte 0x21,0xbc,0xcf,0x08, 0xef,0x15,0xe8,0xe6
  1263. .byte 0xba,0xe7,0x9b,0xd9, 0x4a,0x6f,0x36,0xce
  1264. .byte 0xea,0x9f,0x09,0xd4, 0x29,0xb0,0x7c,0xd6
  1265. .byte 0x31,0xa4,0xb2,0xaf, 0x2a,0x3f,0x23,0x31
  1266. .byte 0xc6,0xa5,0x94,0x30, 0x35,0xa2,0x66,0xc0
  1267. .byte 0x74,0x4e,0xbc,0x37, 0xfc,0x82,0xca,0xa6
  1268. .byte 0xe0,0x90,0xd0,0xb0, 0x33,0xa7,0xd8,0x15
  1269. .byte 0xf1,0x04,0x98,0x4a, 0x41,0xec,0xda,0xf7
  1270. .byte 0x7f,0xcd,0x50,0x0e, 0x17,0x91,0xf6,0x2f
  1271. .byte 0x76,0x4d,0xd6,0x8d, 0x43,0xef,0xb0,0x4d
  1272. .byte 0xcc,0xaa,0x4d,0x54, 0xe4,0x96,0x04,0xdf
  1273. .byte 0x9e,0xd1,0xb5,0xe3, 0x4c,0x6a,0x88,0x1b
  1274. .byte 0xc1,0x2c,0x1f,0xb8, 0x46,0x65,0x51,0x7f
  1275. .byte 0x9d,0x5e,0xea,0x04, 0x01,0x8c,0x35,0x5d
  1276. .byte 0xfa,0x87,0x74,0x73, 0xfb,0x0b,0x41,0x2e
  1277. .byte 0xb3,0x67,0x1d,0x5a, 0x92,0xdb,0xd2,0x52
  1278. .byte 0xe9,0x10,0x56,0x33, 0x6d,0xd6,0x47,0x13
  1279. .byte 0x9a,0xd7,0x61,0x8c, 0x37,0xa1,0x0c,0x7a
  1280. .byte 0x59,0xf8,0x14,0x8e, 0xeb,0x13,0x3c,0x89
  1281. .byte 0xce,0xa9,0x27,0xee, 0xb7,0x61,0xc9,0x35
  1282. .byte 0xe1,0x1c,0xe5,0xed, 0x7a,0x47,0xb1,0x3c
  1283. .byte 0x9c,0xd2,0xdf,0x59, 0x55,0xf2,0x73,0x3f
  1284. .byte 0x18,0x14,0xce,0x79, 0x73,0xc7,0x37,0xbf
  1285. .byte 0x53,0xf7,0xcd,0xea, 0x5f,0xfd,0xaa,0x5b
  1286. .byte 0xdf,0x3d,0x6f,0x14, 0x78,0x44,0xdb,0x86
  1287. .byte 0xca,0xaf,0xf3,0x81, 0xb9,0x68,0xc4,0x3e
  1288. .byte 0x38,0x24,0x34,0x2c, 0xc2,0xa3,0x40,0x5f
  1289. .byte 0x16,0x1d,0xc3,0x72, 0xbc,0xe2,0x25,0x0c
  1290. .byte 0x28,0x3c,0x49,0x8b, 0xff,0x0d,0x95,0x41
  1291. .byte 0x39,0xa8,0x01,0x71, 0x08,0x0c,0xb3,0xde
  1292. .byte 0xd8,0xb4,0xe4,0x9c, 0x64,0x56,0xc1,0x90
  1293. .byte 0x7b,0xcb,0x84,0x61, 0xd5,0x32,0xb6,0x70
  1294. .byte 0x48,0x6c,0x5c,0x74, 0xd0,0xb8,0x57,0x42
  1295. AES_Td4:
  1296. .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
  1297. .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
  1298. .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
  1299. .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
  1300. .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
  1301. .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
  1302. .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
  1303. .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
  1304. .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
  1305. .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
  1306. .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
  1307. .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
  1308. .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
  1309. .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
  1310. .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
  1311. .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
  1312. .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
  1313. .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
  1314. .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
  1315. .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
  1316. .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
  1317. .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
  1318. .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
  1319. .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
  1320. .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
  1321. .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
  1322. .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
  1323. .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
  1324. .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
  1325. .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
  1326. .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
  1327. .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
  1328. .cstring "AES for C64x+, CRYPTOGAMS by <appro\@openssl.org>"
  1329. .align 4
  1330. ___
  1331. print $code;
  1332. close STDOUT or die "error closing STDOUT: $!";