wolfssl/wolfcrypt/src/aes_asm.asm

; /* aes_asm.asm
;  *
;  * Copyright (C) 2006-2023 wolfSSL Inc.
;  *
;  * This file is part of wolfSSL.
;  *
;  * wolfSSL is free software; you can redistribute it and/or modify
;  * it under the terms of the GNU General Public License as published by
;  * the Free Software Foundation; either version 2 of the License, or
;  * (at your option) any later version.
;  *
;  * wolfSSL is distributed in the hope that it will be useful,
;  * but WITHOUT ANY WARRANTY; without even the implied warranty of
;  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;  * GNU General Public License for more details.
;  *
;  * You should have received a copy of the GNU General Public License
;  * along with this program; if not, write to the Free Software
;  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
;  */



;
;
;  /* See Intel Advanced Encryption Standard (AES) Instructions Set White Paper
;   * by Israel, Intel Mobility Group Development Center, Israel Shay Gueron
;   */
;
;   /* This file is in intel asm syntax, see .s for at&t syntax */
;


fips_version = 0
IFDEF HAVE_FIPS
  fips_version = 1
  IFDEF HAVE_FIPS_VERSION
    fips_version = HAVE_FIPS_VERSION
  ENDIF
ENDIF

IF fips_version GE 2
  fipsAh SEGMENT ALIAS(".fipsA$h") 'CODE'
ELSE
  _text SEGMENT
ENDIF


;	/*
;	AES_CBC_encrypt_AESNI[const	,unsigned	char*in
;	unsigned	,char*out
;	unsigned	,char	ivec+16
;	unsigned	,long	length
;	const	,unsigned	char*KS
;	int	nr]
;	*/
AES_CBC_encrypt_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi
;#	parameter	3:	rdx
;#	parameter	4:	rcx
;#	parameter	5:	r8
;#	parameter	6:	r9d

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
	mov rdi,rcx
	mov rsi,rdx
	mov rdx,r8
	mov rcx,r9
	mov r8,[rsp+40]
	mov r9d,[rsp+48]

	mov	r10,rcx
	shr	rcx,4
	shl	r10,60
	je	NO_PARTS
	add	rcx,1
NO_PARTS:
	sub	rsi,16
	movdqa	xmm1,[rdx]
LOOP_1:
	pxor	xmm1,[rdi]
	pxor	xmm1,[r8]
	add	rsi,16
	add	rdi,16
	cmp	r9d,12
	aesenc	xmm1,16[r8]
	aesenc	xmm1,32[r8]
	aesenc	xmm1,48[r8]
	aesenc	xmm1,64[r8]
	aesenc	xmm1,80[r8]
	aesenc	xmm1,96[r8]
	aesenc	xmm1,112[r8]
	aesenc	xmm1,128[r8]
	aesenc	xmm1,144[r8]
	movdqa	xmm2,160[r8]
	jb	LAST
	cmp	r9d,14

	aesenc	xmm1,160[r8]
	aesenc	xmm1,176[r8]
	movdqa	xmm2,192[r8]
	jb	LAST
	aesenc	xmm1,192[r8]
	aesenc	xmm1,208[r8]
	movdqa	xmm2,224[r8]
LAST:
	dec	rcx
	aesenclast	xmm1,xmm2
	movdqu	[rsi],xmm1
	jne	LOOP_1
	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
	ret
AES_CBC_encrypt_AESNI ENDP


; void AES_CBC_decrypt_AESNI_by4(const unsigned char* in,
;                          unsigned char* out,
;                          unsigned char ivec[16],
;                          unsigned long length,
;                          const unsigned char* KS,
;                          int nr)
AES_CBC_decrypt_AESNI_by4 PROC
; parameter 1: rdi
; parameter 2: rsi
; parameter 3: rdx
; parameter 4: rcx
; parameter 5: r8
; parameter 6: r9d

        ; save rdi and rsi to rax and r11, restore before ret
        mov         rax, rdi
        mov         r11, rsi
        ; convert to what we had for att&t convention
        mov         rdi, rcx
        mov         rsi, rdx
        mov         rdx, r8
        mov         rcx,r9
        mov         r8, [rsp+40]
        mov         r9d, [rsp+48]
        ; on microsoft xmm6-xmm15 are non volatile,
        ; let's save on stack and restore at end
        sub         rsp, 8+8*16  ; 8 = align stack , 8 xmm6-12,15 16 bytes each
        movdqa      [rsp+0], xmm6
        movdqa      [rsp+16], xmm7
        movdqa      [rsp+32], xmm8
        movdqa      [rsp+48], xmm9
        movdqa      [rsp+64], xmm10
        movdqa      [rsp+80], xmm11
        movdqa      [rsp+96], xmm12
        movdqa      [rsp+112], xmm15
        ; back to our original code, more or less
        mov         r10, rcx
        shr         rcx, 4
        shl         r10, 60
        je          DNO_PARTS_4
        add         rcx, 1
DNO_PARTS_4:
        mov         r10, rcx
        shl         r10, 62
        shr         r10, 62
        shr         rcx, 2
        movdqu      xmm5, [rdx]
        je          DREMAINDER_4
        sub         rsi, 64
DLOOP_4:
        movdqu      xmm1, [rdi]
        movdqu      xmm2, 16[rdi]
        movdqu      xmm3, 32[rdi]
        movdqu      xmm4, 48[rdi]
        movdqa      xmm6, xmm1
        movdqa      xmm7, xmm2
        movdqa      xmm8, xmm3
        movdqa      xmm15, xmm4
        movdqa      xmm9, [r8]
        movdqa      xmm10, 16[r8]
        movdqa      xmm11, 32[r8]
        movdqa      xmm12, 48[r8]
        pxor        xmm1, xmm9
        pxor        xmm2, xmm9
        pxor        xmm3, xmm9
        pxor        xmm4, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm1, xmm12
        aesdec      xmm2, xmm12
        aesdec      xmm3, xmm12
        aesdec      xmm4, xmm12
        movdqa      xmm9, 64[r8]
        movdqa      xmm10, 80[r8]
        movdqa      xmm11, 96[r8]
        movdqa      xmm12, 112[r8]
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm1, xmm12
        aesdec      xmm2, xmm12
        aesdec      xmm3, xmm12
        aesdec      xmm4, xmm12
        movdqa      xmm9, 128[r8]
        movdqa      xmm10, 144[r8]
        movdqa      xmm11, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        jb          DLAST_4
        movdqa      xmm9, 160[r8]
        movdqa      xmm10, 176[r8]
        movdqa      xmm11, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        jb          DLAST_4
        movdqa      xmm9, 192[r8]
        movdqa      xmm10, 208[r8]
        movdqa      xmm11, 224[r8]
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
DLAST_4:
        add         rdi, 64
        add         rsi, 64
        dec         rcx
        aesdeclast  xmm1, xmm11
        aesdeclast  xmm2, xmm11
        aesdeclast  xmm3, xmm11
        aesdeclast  xmm4, xmm11
        pxor        xmm1, xmm5
        pxor        xmm2, xmm6
        pxor        xmm3, xmm7
        pxor        xmm4, xmm8
        movdqu      [rsi], xmm1
        movdqu      16[rsi], xmm2
        movdqu      32[rsi], xmm3
        movdqu      48[rsi], xmm4
        movdqa      xmm5, xmm15
        jne         DLOOP_4
        add         rsi, 64
DREMAINDER_4:
        cmp         r10, 0
        je          DEND_4
DLOOP_4_2:
        movdqu      xmm1, [rdi]
        movdqa      xmm15, xmm1
        add         rdi, 16
        pxor        xmm1, [r8]
        movdqu      xmm2, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, 16[r8]
        aesdec      xmm1, 32[r8]
        aesdec      xmm1, 48[r8]
        aesdec      xmm1, 64[r8]
        aesdec      xmm1, 80[r8]
        aesdec      xmm1, 96[r8]
        aesdec      xmm1, 112[r8]
        aesdec      xmm1, 128[r8]
        aesdec      xmm1, 144[r8]
        jb          DLAST_4_2
        movdqu      xmm2, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, 160[r8]
        aesdec      xmm1, 176[r8]
        jb          DLAST_4_2
        movdqu      xmm2, 224[r8]
        aesdec      xmm1, 192[r8]
        aesdec      xmm1, 208[r8]
DLAST_4_2:
        aesdeclast  xmm1, xmm2
        pxor        xmm1, xmm5
        movdqa      xmm5, xmm15
        movdqu      [rsi], xmm1
        add         rsi, 16
        dec         r10
        jne         DLOOP_4_2
DEND_4:
        ; restore non volatile rdi,rsi
        mov         rdi, rax
        mov         rsi, r11
        ; restore non volatile xmms from stack
        movdqa      xmm6, [rsp+0]
        movdqa      xmm7, [rsp+16]
        movdqa      xmm8, [rsp+32]
        movdqa      xmm9, [rsp+48]
        movdqa      xmm10, [rsp+64]
        movdqa      xmm11, [rsp+80]
        movdqa      xmm12, [rsp+96]
        movdqa      xmm15, [rsp+112]
        add         rsp, 8+8*16 ; 8 = align stack , 8 xmm6-12,15 16 bytes each
        ret
AES_CBC_decrypt_AESNI_by4 ENDP


; void AES_CBC_decrypt_AESNI_by6(const unsigned char *in,
;                          unsigned char *out,
;                          unsigned char ivec[16],
;                          unsigned long length,
;                          const unsigned char *KS,
;                          int nr)
AES_CBC_decrypt_AESNI_by6 PROC
; parameter 1: rdi - in
; parameter 2: rsi - out
; parameter 3: rdx - ivec
; parameter 4: rcx - length
; parameter 5: r8  - KS
; parameter 6: r9d - nr

        ; save rdi and rsi to rax and r11, restore before ret
        mov         rax, rdi
        mov         r11, rsi
        ; convert to what we had for att&t convention
        mov         rdi, rcx
        mov         rsi, rdx
        mov         rdx, r8
        mov         rcx, r9
        mov         r8, [rsp+40]
        mov         r9d, [rsp+48]
        ; on microsoft xmm6-xmm15 are non volatile,
        ; let's save on stack and restore at end
        sub         rsp, 8+9*16  ; 8 = align stack , 9 xmm6-14 16 bytes each
        movdqa      [rsp+0], xmm6
        movdqa      [rsp+16], xmm7
        movdqa      [rsp+32], xmm8
        movdqa      [rsp+48], xmm9
        movdqa      [rsp+64], xmm10
        movdqa      [rsp+80], xmm11
        movdqa      [rsp+96], xmm12
        movdqa      [rsp+112], xmm13
        movdqa      [rsp+128], xmm14
        ; back to our original code, more or less
        mov         r10, rcx
        shr         rcx, 4
        shl         r10, 60
        je          DNO_PARTS_6
        add         rcx, 1
DNO_PARTS_6:
        mov         r12, rax
        mov         r13, rdx
        mov         r14, rbx
        mov         rdx, 0
        mov         rax, rcx
        mov         rbx, 6
        div         rbx
        mov         rcx, rax
        mov         r10, rdx
        mov         rax, r12
        mov         rdx, r13
        mov         rbx, r14
        cmp         rcx, 0
        movdqu      xmm7, [rdx]
        je          DREMAINDER_6
        sub         rsi, 96
DLOOP_6:
        movdqu      xmm1, [rdi]
        movdqu      xmm2, 16[rdi]
        movdqu      xmm3, 32[rdi]
        movdqu      xmm4, 48[rdi]
        movdqu      xmm5, 64[rdi]
        movdqu      xmm6, 80[rdi]
        movdqa      xmm8, [r8]
        movdqa      xmm9, 16[r8]
        movdqa      xmm10, 32[r8]
        movdqa      xmm11, 48[r8]
        pxor        xmm1, xmm8
        pxor        xmm2, xmm8
        pxor        xmm3, xmm8
        pxor        xmm4, xmm8
        pxor        xmm5, xmm8
        pxor        xmm6, xmm8
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm5, xmm9
        aesdec      xmm6, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        movdqa      xmm8, 64[r8]
        movdqa      xmm9, 80[r8]
        movdqa      xmm10, 96[r8]
        movdqa      xmm11, 112[r8]
        aesdec      xmm1, xmm8
        aesdec      xmm2, xmm8
        aesdec      xmm3, xmm8
        aesdec      xmm4, xmm8
        aesdec      xmm5, xmm8
        aesdec      xmm6, xmm8
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm5, xmm9
        aesdec      xmm6, xmm9
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        movdqa      xmm8, 128[r8]
        movdqa      xmm9, 144[r8]
        movdqa      xmm10, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, xmm8
        aesdec      xmm2, xmm8
        aesdec      xmm3, xmm8
        aesdec      xmm4, xmm8
        aesdec      xmm5, xmm8
        aesdec      xmm6, xmm8
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm5, xmm9
        aesdec      xmm6, xmm9
        jb          DLAST_6
        movdqa      xmm8, 160[r8]
        movdqa      xmm9, 176[r8]
        movdqa      xmm10, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, xmm8
        aesdec      xmm2, xmm8
        aesdec      xmm3, xmm8
        aesdec      xmm4, xmm8
        aesdec      xmm5, xmm8
        aesdec      xmm6, xmm8
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm5, xmm9
        aesdec      xmm6, xmm9
        jb          DLAST_6
        movdqa      xmm8, 192[r8]
        movdqa      xmm9, 208[r8]
        movdqa      xmm10, 224[r8]
        aesdec      xmm1, xmm8
        aesdec      xmm2, xmm8
        aesdec      xmm3, xmm8
        aesdec      xmm4, xmm8
        aesdec      xmm5, xmm8
        aesdec      xmm6, xmm8
        aesdec      xmm1, xmm9
        aesdec      xmm2, xmm9
        aesdec      xmm3, xmm9
        aesdec      xmm4, xmm9
        aesdec      xmm5, xmm9
        aesdec      xmm6, xmm9
DLAST_6:
        add         rsi, 96
        aesdeclast  xmm1, xmm10
        aesdeclast  xmm2, xmm10
        aesdeclast  xmm3, xmm10
        aesdeclast  xmm4, xmm10
        aesdeclast  xmm5, xmm10
        aesdeclast  xmm6, xmm10
        movdqu      xmm8, [rdi]
        movdqu      xmm9, 16[rdi]
        movdqu      xmm10, 32[rdi]
        movdqu      xmm11, 48[rdi]
        movdqu      xmm12, 64[rdi]
        movdqu      xmm13, 80[rdi]
        pxor        xmm1, xmm7
        pxor        xmm2, xmm8
        pxor        xmm3, xmm9
        pxor        xmm4, xmm10
        pxor        xmm5, xmm11
        pxor        xmm6, xmm12
        movdqu      xmm7, xmm13
        movdqu      [rsi], xmm1
        movdqu      16[rsi], xmm2
        movdqu      32[rsi], xmm3
        movdqu      48[rsi], xmm4
        movdqu      64[rsi], xmm5
        movdqu      80[rsi], xmm6
        add         rdi, 96
        dec         rcx
        jne         DLOOP_6
        add         rsi, 96
DREMAINDER_6:
        cmp         r10, 0
        je          DEND_6
DLOOP_6_2:
        movdqu      xmm1, [rdi]
        movdqa      xmm10, xmm1
        add         rdi, 16
        pxor        xmm1, [r8]
        movdqu      xmm2, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, 16[r8]
        aesdec      xmm1, 32[r8]
        aesdec      xmm1, 48[r8]
        aesdec      xmm1, 64[r8]
        aesdec      xmm1, 80[r8]
        aesdec      xmm1, 96[r8]
        aesdec      xmm1, 112[r8]
        aesdec      xmm1, 128[r8]
        aesdec      xmm1, 144[r8]
        jb          DLAST_6_2
        movdqu      xmm2, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, 160[r8]
        aesdec      xmm1, 176[r8]
        jb          DLAST_6_2
        movdqu      xmm2, 224[r8]
        aesdec      xmm1, 192[r8]
        aesdec      xmm1, 208[r8]
DLAST_6_2:
        aesdeclast  xmm1, xmm2
        pxor        xmm1, xmm7
        movdqa      xmm7, xmm10
        movdqu      [rsi], xmm1
        add         rsi, 16
        dec         r10
        jne         DLOOP_6_2
DEND_6:
        ; restore non volatile rdi,rsi
        mov         rdi, rax
        mov         rsi, r11
        ; restore non volatile xmms from stack
        movdqa      xmm6, [rsp+0]
        movdqa      xmm7, [rsp+16]
        movdqa      xmm8, [rsp+32]
        movdqa      xmm9, [rsp+48]
        movdqa      xmm10, [rsp+64]
        movdqa      xmm11, [rsp+80]
        movdqa      xmm12, [rsp+96]
        movdqa      xmm13, [rsp+112]
        movdqa      xmm14, [rsp+128]
        add         rsp, 8+9*16 ; 8 = align stack , 9 xmm6-14 16 bytes each
        ret
AES_CBC_decrypt_AESNI_by6 ENDP


; void AES_CBC_decrypt_AESNI_by8(const unsigned char *in,
;                          unsigned char *out,
;                          unsigned char ivec[16],
;                          unsigned long length,
;                          const unsigned char *KS,
;                          int nr)
AES_CBC_decrypt_AESNI_by8 PROC
; parameter 1: rdi - in
; parameter 2: rsi - out
; parameter 3: rdx - ivec
; parameter 4: rcx - length
; parameter 5: r8  - KS
; parameter 6: r9d - nr

        ; save rdi and rsi to rax and r11, restore before ret
        mov         rax, rdi
        mov         r11, rsi
        ; convert to what we had for att&t convention
        mov         rdi, rcx
        mov         rsi, rdx
        mov         rdx, r8
        mov         rcx,r9
        mov         r8, [rsp+40]
        mov         r9d, [rsp+48]
        ; on microsoft xmm6-xmm15 are non volatile,
        ; let's save on stack and restore at end
        sub         rsp, 8+8*16  ; 8 = align stack , 8 xmm6-13 16 bytes each
        movdqa      [rsp+0], xmm6
        movdqa      [rsp+16], xmm7
        movdqa      [rsp+32], xmm8
        movdqa      [rsp+48], xmm9
        movdqa      [rsp+64], xmm10
        movdqa      [rsp+80], xmm11
        movdqa      [rsp+96], xmm12
        movdqa      [rsp+112], xmm13
        ; back to our original code, more or less
        mov         r10, rcx
        shr         rcx, 4
        shl         r10, 60
        je          DNO_PARTS_8
        add         rcx, 1
DNO_PARTS_8:
        mov         r10, rcx
        shl         r10, 61
        shr         r10, 61
        shr         rcx, 3
        movdqu      xmm9, [rdx]
        je          DREMAINDER_8
        sub         rsi, 128
DLOOP_8:
        movdqu      xmm1, [rdi]
        movdqu      xmm2, 16[rdi]
        movdqu      xmm3, 32[rdi]
        movdqu      xmm4, 48[rdi]
        movdqu      xmm5, 64[rdi]
        movdqu      xmm6, 80[rdi]
        movdqu      xmm7, 96[rdi]
        movdqu      xmm8, 112[rdi]
        movdqa      xmm10, [r8]
        movdqa      xmm11, 16[r8]
        movdqa      xmm12, 32[r8]
        movdqa      xmm13, 48[r8]
        pxor        xmm1, xmm10
        pxor        xmm2, xmm10
        pxor        xmm3, xmm10
        pxor        xmm4, xmm10
        pxor        xmm5, xmm10
        pxor        xmm6, xmm10
        pxor        xmm7, xmm10
        pxor        xmm8, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        aesdec      xmm7, xmm11
        aesdec      xmm8, xmm11
        aesdec      xmm1, xmm12
        aesdec      xmm2, xmm12
        aesdec      xmm3, xmm12
        aesdec      xmm4, xmm12
        aesdec      xmm5, xmm12
        aesdec      xmm6, xmm12
        aesdec      xmm7, xmm12
        aesdec      xmm8, xmm12
        aesdec      xmm1, xmm13
        aesdec      xmm2, xmm13
        aesdec      xmm3, xmm13
        aesdec      xmm4, xmm13
        aesdec      xmm5, xmm13
        aesdec      xmm6, xmm13
        aesdec      xmm7, xmm13
        aesdec      xmm8, xmm13
        movdqa      xmm10, 64[r8]
        movdqa      xmm11, 80[r8]
        movdqa      xmm12, 96[r8]
        movdqa      xmm13, 112[r8]
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm7, xmm10
        aesdec      xmm8, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        aesdec      xmm7, xmm11
        aesdec      xmm8, xmm11
        aesdec      xmm1, xmm12
        aesdec      xmm2, xmm12
        aesdec      xmm3, xmm12
        aesdec      xmm4, xmm12
        aesdec      xmm5, xmm12
        aesdec      xmm6, xmm12
        aesdec      xmm7, xmm12
        aesdec      xmm8, xmm12
        aesdec      xmm1, xmm13
        aesdec      xmm2, xmm13
        aesdec      xmm3, xmm13
        aesdec      xmm4, xmm13
        aesdec      xmm5, xmm13
        aesdec      xmm6, xmm13
        aesdec      xmm7, xmm13
        aesdec      xmm8, xmm13
        movdqa      xmm10, 128[r8]
        movdqa      xmm11, 144[r8]
        movdqa      xmm12, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm7, xmm10
        aesdec      xmm8, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        aesdec      xmm7, xmm11
        aesdec      xmm8, xmm11
        jb          DLAST_8
        movdqa      xmm10, 160[r8]
        movdqa      xmm11, 176[r8]
        movdqa      xmm12, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm7, xmm10
        aesdec      xmm8, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        aesdec      xmm7, xmm11
        aesdec      xmm8, xmm11
        jb          DLAST_8
        movdqa      xmm10, 192[r8]
        movdqa      xmm11, 208[r8]
        movdqa      xmm12, 224[r8]
        aesdec      xmm1, xmm10
        aesdec      xmm2, xmm10
        aesdec      xmm3, xmm10
        aesdec      xmm4, xmm10
        aesdec      xmm5, xmm10
        aesdec      xmm6, xmm10
        aesdec      xmm7, xmm10
        aesdec      xmm8, xmm10
        aesdec      xmm1, xmm11
        aesdec      xmm2, xmm11
        aesdec      xmm3, xmm11
        aesdec      xmm4, xmm11
        aesdec      xmm5, xmm11
        aesdec      xmm6, xmm11
        aesdec      xmm7, xmm11
        aesdec      xmm8, xmm11
DLAST_8:
        add         rsi, 128
        aesdeclast  xmm1, xmm12
        aesdeclast  xmm2, xmm12
        aesdeclast  xmm3, xmm12
        aesdeclast  xmm4, xmm12
        aesdeclast  xmm5, xmm12
        aesdeclast  xmm6, xmm12
        aesdeclast  xmm7, xmm12
        aesdeclast  xmm8, xmm12
        movdqu      xmm10, [rdi]
        movdqu      xmm11, 16[rdi]
        movdqu      xmm12, 32[rdi]
        movdqu      xmm13, 48[rdi]
        pxor        xmm1, xmm9
        pxor        xmm2, xmm10
        pxor        xmm3, xmm11
        pxor        xmm4, xmm12
        pxor        xmm5, xmm13
        movdqu      xmm10, 64[rdi]
        movdqu      xmm11, 80[rdi]
        movdqu      xmm12, 96[rdi]
        movdqu      xmm9, 112[rdi]
        pxor        xmm6, xmm10
        pxor        xmm7, xmm11
        pxor        xmm8, xmm12
        movdqu      [rsi], xmm1
        movdqu      16[rsi], xmm2
        movdqu      32[rsi], xmm3
        movdqu      48[rsi], xmm4
        movdqu      64[rsi], xmm5
        movdqu      80[rsi], xmm6
        movdqu      96[rsi], xmm7
        movdqu      112[rsi], xmm8
        add         rdi, 128
        dec         rcx
        jne         DLOOP_8
        add         rsi, 128
DREMAINDER_8:
        cmp         r10, 0 
        je          DEND_8
DLOOP_8_2:
        movdqu      xmm1, [rdi]
        movdqa      xmm10, xmm1
        add         rdi, 16
        pxor        xmm1, [r8]
        movdqu      xmm2, 160[r8]
        cmp         r9d, 12
        aesdec      xmm1, 16[r8]
        aesdec      xmm1, 32[r8]
        aesdec      xmm1, 48[r8]
        aesdec      xmm1, 64[r8]
        aesdec      xmm1, 80[r8]
        aesdec      xmm1, 96[r8]
        aesdec      xmm1, 112[r8]
        aesdec      xmm1, 128[r8]
        aesdec      xmm1, 144[r8]
        jb          DLAST_8_2
        movdqu      xmm2, 192[r8]
        cmp         r9d, 14
        aesdec      xmm1, 160[r8]
        aesdec      xmm1, 176[r8]
        jb          DLAST_8_2
        movdqu      xmm2, 224[r8]
        aesdec      xmm1, 192[r8]
        aesdec      xmm1, 208[r8]
DLAST_8_2:
        aesdeclast  xmm1, xmm2
        pxor        xmm1, xmm9
        movdqa      xmm9, xmm10
        movdqu      [rsi], xmm1
        add         rsi, 16
        dec         r10
        jne         DLOOP_8_2
DEND_8:
        ; restore non volatile rdi,rsi
        mov         rdi, rax
        mov         rsi, r11
        ; restore non volatile xmms from stack
        movdqa      xmm6, [rsp+0]
        movdqa      xmm7, [rsp+16]
        movdqa      xmm8, [rsp+32]
        movdqa      xmm9, [rsp+48]
        movdqa      xmm10, [rsp+64]
        movdqa      xmm11, [rsp+80]
        movdqa      xmm12, [rsp+96]
        movdqa      xmm13, [rsp+112]
        add         rsp, 8+8*16 ; 8 = align stack , 8 xmm6-13 16 bytes each
        ret
AES_CBC_decrypt_AESNI_by8 ENDP


;	/*
;	AES_ECB_encrypt_AESNI[const	,unsigned	char*in
;	unsigned	,char*out
;	unsigned	,long	length
;	const	,unsigned	char*KS
;	int	nr]
;	*/
;	.	globl	AES_ECB_encrypt_AESNI
AES_ECB_encrypt_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi
;#	parameter	3:	rdx
;#	parameter	4:	rcx
;#	parameter	5:	r8d

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
    mov rdi,rcx
	mov rsi,rdx
	mov rdx,r8
	mov rcx,r9
	mov r8d,[rsp+40]

; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end
	sub rsp,8+4*16  ; 8 = align stack , 4 xmm9-12, 16 bytes each
	movdqa [rsp+0], xmm9
	movdqa [rsp+16], xmm10
	movdqa [rsp+32], xmm11
	movdqa [rsp+48], xmm12


	mov	r10,rdx
	shr	rdx,4
	shl	r10,60
	je	EECB_NO_PARTS_4
	add	rdx,1
EECB_NO_PARTS_4:
	mov	r10,rdx
	shl	r10,62
	shr	r10,62
	shr	rdx,2
	je	EECB_REMAINDER_4
	sub	rsi,64
EECB_LOOP_4:
	movdqu  xmm1,[rdi]
	movdqu	xmm2,16[rdi]
	movdqu	xmm3,32[rdi]
	movdqu	xmm4,48[rdi]
	movdqa  xmm9,[rcx]
	movdqa	xmm10,16[rcx]
	movdqa	xmm11,32[rcx]
	movdqa	xmm12,48[rcx]
	pxor	xmm1,xmm9
	pxor	xmm2,xmm9
	pxor	xmm3,xmm9
	pxor	xmm4,xmm9
	aesenc	xmm1,xmm10
	aesenc	xmm2,xmm10
	aesenc	xmm3,xmm10
	aesenc	xmm4,xmm10
	aesenc	xmm1,xmm11
	aesenc	xmm2,xmm11
	aesenc	xmm3,xmm11
	aesenc	xmm4,xmm11
	aesenc	xmm1,xmm12
	aesenc	xmm2,xmm12
	aesenc	xmm3,xmm12
	aesenc	xmm4,xmm12
	movdqa	xmm9,64[rcx]
	movdqa	xmm10,80[rcx]
	movdqa	xmm11,96[rcx]
	movdqa	xmm12,112[rcx]
	aesenc	xmm1,xmm9
	aesenc	xmm2,xmm9
	aesenc	xmm3,xmm9
	aesenc	xmm4,xmm9
	aesenc	xmm1,xmm10
	aesenc	xmm2,xmm10
	aesenc	xmm3,xmm10
	aesenc	xmm4,xmm10
	aesenc	xmm1,xmm11
	aesenc	xmm2,xmm11
	aesenc	xmm3,xmm11
	aesenc	xmm4,xmm11
	aesenc	xmm1,xmm12
	aesenc	xmm2,xmm12
	aesenc	xmm3,xmm12
	aesenc	xmm4,xmm12
	movdqa	xmm9,128[rcx]
	movdqa	xmm10,144[rcx]
	movdqa	xmm11,160[rcx]
	cmp	r8d,12
	aesenc	xmm1,xmm9
	aesenc	xmm2,xmm9
	aesenc	xmm3,xmm9
	aesenc	xmm4,xmm9
	aesenc	xmm1,xmm10
	aesenc	xmm2,xmm10
	aesenc	xmm3,xmm10
	aesenc	xmm4,xmm10
	jb	EECB_LAST_4
	movdqa	xmm9,160[rcx]
	movdqa	xmm10,176[rcx]
	movdqa	xmm11,192[rcx]
	cmp	r8d,14
	aesenc	xmm1,xmm9
	aesenc	xmm2,xmm9
	aesenc	xmm3,xmm9
	aesenc	xmm4,xmm9
	aesenc	xmm1,xmm10
	aesenc	xmm2,xmm10
	aesenc	xmm3,xmm10
	aesenc	xmm4,xmm10
	jb	EECB_LAST_4
	movdqa	xmm9,192[rcx]
	movdqa	xmm10,208[rcx]
	movdqa	xmm11,224[rcx]
	aesenc	xmm1,xmm9
	aesenc	xmm2,xmm9
	aesenc	xmm3,xmm9
	aesenc	xmm4,xmm9
	aesenc	xmm1,xmm10
	aesenc	xmm2,xmm10
	aesenc	xmm3,xmm10
	aesenc	xmm4,xmm10
EECB_LAST_4:
	add	rdi,64
	add	rsi,64
	dec	rdx
	aesenclast	xmm1,xmm11
	aesenclast	xmm2,xmm11
	aesenclast	xmm3,xmm11
	aesenclast	xmm4,xmm11
	movdqu	[rsi],xmm1
	movdqu	16[rsi],xmm2
	movdqu	32[rsi],xmm3
	movdqu	48[rsi],xmm4
	jne	EECB_LOOP_4
	add	rsi,64
EECB_REMAINDER_4:
	cmp	r10,0
	je	EECB_END_4
EECB_LOOP_4_2:
	movdqu  xmm1,[rdi]
	add	rdi,16
	pxor	xmm1,[rcx]
	movdqu	xmm2,160[rcx]
	aesenc	xmm1,16[rcx]
	aesenc	xmm1,32[rcx]
	aesenc	xmm1,48[rcx]
	aesenc	xmm1,64[rcx]
	aesenc	xmm1,80[rcx]
	aesenc	xmm1,96[rcx]
	aesenc	xmm1,112[rcx]
	aesenc	xmm1,128[rcx]
	aesenc	xmm1,144[rcx]
	cmp	r8d,12
	jb	EECB_LAST_4_2
	movdqu	xmm2,192[rcx]
	aesenc	xmm1,160[rcx]
	aesenc	xmm1,176[rcx]
	cmp	r8d,14
	jb	EECB_LAST_4_2
	movdqu	xmm2,224[rcx]
	aesenc	xmm1,192[rcx]
	aesenc	xmm1,208[rcx]
EECB_LAST_4_2:
	aesenclast	xmm1,xmm2
	movdqu	[rsi],xmm1
	add	rsi,16
	dec	r10
	jne	EECB_LOOP_4_2
EECB_END_4:
	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
	; restore non volatile xmms from stack
	movdqa xmm9, [rsp+0]
	movdqa xmm10, [rsp+16]
	movdqa xmm11, [rsp+32]
	movdqa xmm12, [rsp+48]
	add rsp,8+4*16 ; 8 = align stack , 4 xmm9-12 16 bytes each
	ret
AES_ECB_encrypt_AESNI ENDP

;	/*
;	AES_ECB_decrypt_AESNI[const	,unsigned	char*in
;	unsigned	,char*out
;	unsigned	,long	length
;	const	,unsigned	char*KS
;	int	nr]
;	*/
;	.	globl	AES_ECB_decrypt_AESNI
AES_ECB_decrypt_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi
;#	parameter	3:	rdx
;#	parameter	4:	rcx
;#	parameter	5:	r8d

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
	mov rdi,rcx
	mov rsi,rdx
	mov rdx,r8
	mov rcx,r9
	mov r8d,[rsp+40]

; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end
	sub rsp,8+4*16  ; 8 = align stack , 4 xmm9-12, 16 bytes each
	movdqa [rsp+0], xmm9
	movdqa [rsp+16], xmm10
	movdqa [rsp+32], xmm11
	movdqa [rsp+48], xmm12

	mov	r10,rdx
	shr	rdx,4
	shl	r10,60
	je	DECB_NO_PARTS_4
	add	rdx,1
DECB_NO_PARTS_4:
	mov	r10,rdx
	shl	r10,62
	shr	r10,62
	shr	rdx,2
	je	DECB_REMAINDER_4
	sub	rsi,64
DECB_LOOP_4:
	movdqu  xmm1,[rdi]
	movdqu	xmm2,16[rdi]
	movdqu	xmm3,32[rdi]
	movdqu	xmm4,48[rdi]
	movdqa  xmm9,[rcx]
	movdqa	xmm10,16[rcx]
	movdqa	xmm11,32[rcx]
	movdqa	xmm12,48[rcx]
	pxor	xmm1,xmm9
	pxor	xmm2,xmm9
	pxor	xmm3,xmm9
	pxor	xmm4,xmm9
	aesdec	xmm1,xmm10
	aesdec	xmm2,xmm10
	aesdec	xmm3,xmm10
	aesdec	xmm4,xmm10
	aesdec	xmm1,xmm11
	aesdec	xmm2,xmm11
	aesdec	xmm3,xmm11
	aesdec	xmm4,xmm11
	aesdec	xmm1,xmm12
	aesdec	xmm2,xmm12
	aesdec	xmm3,xmm12
	aesdec	xmm4,xmm12
	movdqa	xmm9,64[rcx]
	movdqa	xmm10,80[rcx]
	movdqa	xmm11,96[rcx]
	movdqa	xmm12,112[rcx]
	aesdec	xmm1,xmm9
	aesdec	xmm2,xmm9
	aesdec	xmm3,xmm9
	aesdec	xmm4,xmm9
	aesdec	xmm1,xmm10
	aesdec	xmm2,xmm10
	aesdec	xmm3,xmm10
	aesdec	xmm4,xmm10
	aesdec	xmm1,xmm11
	aesdec	xmm2,xmm11
	aesdec	xmm3,xmm11
	aesdec	xmm4,xmm11
	aesdec	xmm1,xmm12
	aesdec	xmm2,xmm12
	aesdec	xmm3,xmm12
	aesdec	xmm4,xmm12
	movdqa	xmm9,128[rcx]
	movdqa	xmm10,144[rcx]
	movdqa	xmm11,160[rcx]
	cmp	r8d,12
	aesdec	xmm1,xmm9
	aesdec	xmm2,xmm9
	aesdec	xmm3,xmm9
	aesdec	xmm4,xmm9
	aesdec	xmm1,xmm10
	aesdec	xmm2,xmm10
	aesdec	xmm3,xmm10
	aesdec	xmm4,xmm10
	jb	DECB_LAST_4
	movdqa	xmm9,160[rcx]
	movdqa	xmm10,176[rcx]
	movdqa	xmm11,192[rcx]
	cmp	r8d,14
	aesdec	xmm1,xmm9
	aesdec	xmm2,xmm9
	aesdec	xmm3,xmm9
	aesdec	xmm4,xmm9
	aesdec	xmm1,xmm10
	aesdec	xmm2,xmm10
	aesdec	xmm3,xmm10
	aesdec	xmm4,xmm10
	jb	DECB_LAST_4
	movdqa	xmm9,192[rcx]
	movdqa	xmm10,208[rcx]
	movdqa	xmm11,224[rcx]
	aesdec	xmm1,xmm9
	aesdec	xmm2,xmm9
	aesdec	xmm3,xmm9
	aesdec	xmm4,xmm9
	aesdec	xmm1,xmm10
	aesdec	xmm2,xmm10
	aesdec	xmm3,xmm10
	aesdec	xmm4,xmm10
DECB_LAST_4:
	add	rdi,64
	add	rsi,64
	dec	rdx
	aesdeclast	xmm1,xmm11
	aesdeclast	xmm2,xmm11
	aesdeclast	xmm3,xmm11
	aesdeclast	xmm4,xmm11
	movdqu	[rsi],xmm1
	movdqu	16[rsi],xmm2
	movdqu	32[rsi],xmm3
	movdqu	48[rsi],xmm4
	jne	DECB_LOOP_4
	add	rsi,64
DECB_REMAINDER_4:
	cmp	r10,0
	je	DECB_END_4
DECB_LOOP_4_2:
	movdqu  xmm1,[rdi]
	add	rdi,16
	pxor	xmm1,[rcx]
	movdqu	xmm2,160[rcx]
	cmp	r8d,12
	aesdec	xmm1,16[rcx]
	aesdec	xmm1,32[rcx]
	aesdec	xmm1,48[rcx]
	aesdec	xmm1,64[rcx]
	aesdec	xmm1,80[rcx]
	aesdec	xmm1,96[rcx]
	aesdec	xmm1,112[rcx]
	aesdec	xmm1,128[rcx]
	aesdec	xmm1,144[rcx]
	jb	DECB_LAST_4_2
	cmp	r8d,14
	movdqu	xmm2,192[rcx]
	aesdec	xmm1,160[rcx]
	aesdec	xmm1,176[rcx]
	jb	DECB_LAST_4_2
	movdqu	xmm2,224[rcx]
	aesdec	xmm1,192[rcx]
	aesdec	xmm1,208[rcx]
DECB_LAST_4_2:
	aesdeclast	xmm1,xmm2
	movdqu	[rsi],xmm1
	add	rsi,16
	dec	r10
	jne	DECB_LOOP_4_2
DECB_END_4:
	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
	; restore non volatile xmms from stack
	movdqa xmm9, [rsp+0]
	movdqa xmm10, [rsp+16]
	movdqa xmm11, [rsp+32]
	movdqa xmm12, [rsp+48]
	add rsp,8+4*16 ; 8 = align stack , 4 xmm9-12 16 bytes each
	ret
AES_ECB_decrypt_AESNI ENDP



;	/*
;	void	,AES_128_Key_Expansion_AESNI[const	unsigned	char*userkey
;	unsigned	char*key_schedule]/
;	*/
;	.	align	16,0x90
;	.	globl	AES_128_Key_Expansion_AESNI
AES_128_Key_Expansion_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
	mov rdi,rcx
	mov rsi,rdx

	mov	dword ptr 240[rsi],10

	movdqu	xmm1,[rdi]
	movdqa	[rsi],xmm1


ASSISTS:
	aeskeygenassist	xmm2,xmm1,1
	call	PREPARE_ROUNDKEY_128
	movdqa	16[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,2
	call	PREPARE_ROUNDKEY_128
	movdqa	32[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,4
	call	PREPARE_ROUNDKEY_128
	movdqa	48[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,8
	call	PREPARE_ROUNDKEY_128
	movdqa	64[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,16
	call	PREPARE_ROUNDKEY_128
	movdqa	80[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,32
	call	PREPARE_ROUNDKEY_128
	movdqa	96[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,64
	call	PREPARE_ROUNDKEY_128
	movdqa	112[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,80h
	call	PREPARE_ROUNDKEY_128
	movdqa	128[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,1bh
	call	PREPARE_ROUNDKEY_128
	movdqa	144[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,36h
	call	PREPARE_ROUNDKEY_128
	movdqa	160[rsi],xmm1
	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
	ret

PREPARE_ROUNDKEY_128:
	pshufd	xmm2,xmm2,255
	movdqa	xmm3,xmm1
	pslldq	xmm3,4
	pxor	xmm1,xmm3
	pslldq	xmm3,4
	pxor	xmm1,xmm3
	pslldq	xmm3,4
	pxor	xmm1,xmm3
	pxor	xmm1,xmm2
	ret
AES_128_Key_Expansion_AESNI ENDP

;	/*
;	void	,AES_192_Key_Expansion_AESNI[const	unsigned	char*userkey
;	unsigned	char*key]
;	*/
;	.	globl	AES_192_Key_Expansion_AESNI
AES_192_Key_Expansion_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
    mov rdi,rcx
	mov rsi,rdx

; on microsoft xmm6-xmm15 are non volaitle, let's save on stack and restore at end
	sub rsp,8+1*16  ; 8 = align stack , 1 xmm6, 16 bytes each
	movdqa [rsp+0], xmm6

	movdqu  xmm1,[rdi]
	movq	xmm3,qword ptr 16[rdi]
	movdqa	[rsi],xmm1
	movdqa	xmm5,xmm3

	aeskeygenassist	xmm2,xmm3,1h
	call	PREPARE_ROUNDKEY_192
	shufpd	xmm5,xmm1,0
	movdqa	16[rsi],xmm5
	movdqa	xmm6,xmm1
	shufpd	xmm6,xmm3,1
	movdqa	32[rsi],xmm6

	aeskeygenassist	xmm2,xmm3,2h
	call	PREPARE_ROUNDKEY_192
	movdqa	48[rsi],xmm1
	movdqa	xmm5,xmm3

	aeskeygenassist	xmm2,xmm3,4h
	call	PREPARE_ROUNDKEY_192
	shufpd	xmm5,xmm1,0
	movdqa	64[rsi],xmm5
	movdqa	xmm6,xmm1
	shufpd	xmm6,xmm3,1
	movdqa	80[rsi],xmm6

	aeskeygenassist	xmm2,xmm3,8h
	call	PREPARE_ROUNDKEY_192
	movdqa	96[rsi],xmm1
	movdqa	xmm5,xmm3

	aeskeygenassist	xmm2,xmm3,10h
	call	PREPARE_ROUNDKEY_192
	shufpd	xmm5,xmm1,0
	movdqa	112[rsi],xmm5
	movdqa	xmm6,xmm1
	shufpd	xmm6,xmm3,1
	movdqa	128[rsi],xmm6

	aeskeygenassist	xmm2,xmm3,20h
	call	PREPARE_ROUNDKEY_192
	movdqa	144[rsi],xmm1
	movdqa	xmm5,xmm3

	aeskeygenassist	xmm2,xmm3,40h
	call	PREPARE_ROUNDKEY_192
	shufpd	xmm5,xmm1,0
	movdqa	160[rsi],xmm5
	movdqa	xmm6,xmm1
	shufpd	xmm6,xmm3,1
	movdqa	176[rsi],xmm6

	aeskeygenassist	xmm2,xmm3,80h
	call	PREPARE_ROUNDKEY_192
	movdqa	192[rsi],xmm1
	movdqa	208[rsi],xmm3
	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
; restore non volatile xmms from stack
	movdqa xmm6, [rsp+0]
	add rsp,8+1*16 ; 8 = align stack , 1 xmm6 16 bytes each
	ret

PREPARE_ROUNDKEY_192:
	pshufd	xmm2,xmm2,55h
	movdqu	xmm4,xmm1
	pslldq	xmm4,4
	pxor	xmm1,xmm4

	pslldq	xmm4,4
	pxor	xmm1,xmm4
	pslldq	xmm4,4
	pxor	xmm1,xmm4
	pxor	xmm1,xmm2
	pshufd	xmm2,xmm1,0ffh
	movdqu	xmm4,xmm3
	pslldq	xmm4,4
	pxor	xmm3,xmm4
	pxor	xmm3,xmm2
	ret
AES_192_Key_Expansion_AESNI ENDP

;	/*
;	void	,AES_256_Key_Expansion_AESNI[const	unsigned	char*userkey
;	unsigned	char*key]
;	*/
;	.	globl	AES_256_Key_Expansion_AESNI
AES_256_Key_Expansion_AESNI PROC
;#	parameter	1:	rdi
;#	parameter	2:	rsi

; save rdi and rsi to rax and r11, restore before ret
	mov rax,rdi
	mov r11,rsi

; convert to what we had for att&t convention
    mov rdi,rcx
	mov rsi,rdx

	movdqu  xmm1,[rdi]
	movdqu	xmm3,16[rdi]
	movdqa	[rsi],xmm1
	movdqa	16[rsi],xmm3

	aeskeygenassist	xmm2,xmm3,1h
	call	MAKE_RK256_a
	movdqa	32[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	48[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,2h
	call	MAKE_RK256_a
	movdqa	64[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	80[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,4h
	call	MAKE_RK256_a
	movdqa	96[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	112[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,8h
	call	MAKE_RK256_a
	movdqa	128[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	144[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,10h
	call	MAKE_RK256_a
	movdqa	160[rsi],xmm1
	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	176[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,20h
	call	MAKE_RK256_a
	movdqa	192[rsi],xmm1

	aeskeygenassist	xmm2,xmm1,0h
	call	MAKE_RK256_b
	movdqa	208[rsi],xmm3
	aeskeygenassist	xmm2,xmm3,40h
	call	MAKE_RK256_a
	movdqa	224[rsi],xmm1

	; restore non volatile rdi,rsi
	mov rdi,rax
	mov rsi,r11
	ret
AES_256_Key_Expansion_AESNI ENDP

MAKE_RK256_a:
	pshufd	xmm2,xmm2,0ffh
	movdqa	xmm4,xmm1
	pslldq	xmm4,4
	pxor	xmm1,xmm4
	pslldq	xmm4,4
	pxor	xmm1,xmm4
	pslldq	xmm4,4
	pxor	xmm1,xmm4
	pxor	xmm1,xmm2
	ret

MAKE_RK256_b:
	pshufd	xmm2,xmm2,0aah
	movdqa	xmm4,xmm3
	pslldq	xmm4,4
	pxor	xmm3,xmm4
	pslldq	xmm4,4
	pxor	xmm3,xmm4
	pslldq	xmm4,4
	pxor	xmm3,xmm4
	pxor	xmm3,xmm2
	ret


IF fips_version GE 2
  fipsAh ENDS
ELSE
  _text ENDS
ENDIF

END