Trang chủ Khám phá Trợ giúp
Đăng nhập
lenn
/
grpc1.45.2
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Tree: bef6e57d0d
Branches Tags
grpc1.45.2
/
third_party
/
boringssl-with-bazel
/
win-aarch64
/
crypto
/
fipsmodule
/
aesv8-armx64.S

aesv8-armx64.S 16 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813 
  1. // This file is generated from a similarly-named Perl script in the BoringSSL
    2. 

  2. // source tree. Do not edit by hand.
    3. 

  3. 

  4. #if !defined(__has_feature)
    5. 

  5. #define __has_feature(x) 0
    6. 

  6. #endif
    7. 

  7. #if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
    8. 

  8. #define OPENSSL_NO_ASM
    9. 

  9. #endif
    10. 

  10. 

  11. #if !defined(OPENSSL_NO_ASM)
    12. 

  12. #if defined(__aarch64__)
    13. 

  13. #if defined(BORINGSSL_PREFIX)
    14. 

  14. #include <boringssl_prefix_symbols_asm.h>
    15. 

  15. #endif
    16. 

  16. #include <openssl/arm_arch.h>
    17. 

  17. 

  18. #if __ARM_MAX_ARCH__>=7
    19. 

  19. .text
    20. 

  20. .arch	armv8-a+crypto
    21. 

  21. .section	.rodata
    22. 

  22. .align	5
    23. 

  23. Lrcon:
    24. 

  24. .long	0x01,0x01,0x01,0x01
    25. 

  25. .long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
    26. 

  26. .long	0x1b,0x1b,0x1b,0x1b
    27. 

  27. 

  28. .text
    29. 

  29. 

  30. .globl	aes_hw_set_encrypt_key
    31. 

  31. 

  32. .def aes_hw_set_encrypt_key
    33. 

  33.    .type 32
    34. 

  34. .endef
    35. 

  35. .align	5
    36. 

  36. aes_hw_set_encrypt_key:
    37. 

  37. Lenc_key:
    38. 

  38. 	// Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
    39. 

  39. 	AARCH64_VALID_CALL_TARGET
    40. 

  40. 	stp	x29,x30,[sp,#-16]!
    41. 

  41. 	add	x29,sp,#0
    42. 

  42. 	mov	x3,#-1
    43. 

  43. 	cmp	x0,#0
    44. 

  44. 	b.eq	Lenc_key_abort
    45. 

  45. 	cmp	x2,#0
    46. 

  46. 	b.eq	Lenc_key_abort
    47. 

  47. 	mov	x3,#-2
    48. 

  48. 	cmp	w1,#128
    49. 

  49. 	b.lt	Lenc_key_abort
    50. 

  50. 	cmp	w1,#256
    51. 

  51. 	b.gt	Lenc_key_abort
    52. 

  52. 	tst	w1,#0x3f
    53. 

  53. 	b.ne	Lenc_key_abort
    54. 

  54. 

  55. 	adrp	x3,Lrcon
    56. 

  56. 	add	x3,x3,:lo12:Lrcon
    57. 

  57. 	cmp	w1,#192
    58. 

  58. 

  59. 	eor	v0.16b,v0.16b,v0.16b
    60. 

  60. 	ld1	{v3.16b},[x0],#16
    61. 

  61. 	mov	w1,#8		// reuse w1
    62. 

  62. 	ld1	{v1.4s,v2.4s},[x3],#32
    63. 

  63. 

  64. 	b.lt	Loop128
    65. 

  65. 	b.eq	L192
    66. 

  66. 	b	L256
    67. 

  67. 

  68. .align	4
    69. 

  69. Loop128:
    70. 

  70. 	tbl	v6.16b,{v3.16b},v2.16b
    71. 

  71. 	ext	v5.16b,v0.16b,v3.16b,#12
    72. 

  72. 	st1	{v3.4s},[x2],#16
    73. 

  73. 	aese	v6.16b,v0.16b
    74. 

  74. 	subs	w1,w1,#1
    75. 

  75. 

  76. 	eor	v3.16b,v3.16b,v5.16b
    77. 

  77. 	ext	v5.16b,v0.16b,v5.16b,#12
    78. 

  78. 	eor	v3.16b,v3.16b,v5.16b
    79. 

  79. 	ext	v5.16b,v0.16b,v5.16b,#12
    80. 

  80. 	eor	v6.16b,v6.16b,v1.16b
    81. 

  81. 	eor	v3.16b,v3.16b,v5.16b
    82. 

  82. 	shl	v1.16b,v1.16b,#1
    83. 

  83. 	eor	v3.16b,v3.16b,v6.16b
    84. 

  84. 	b.ne	Loop128
    85. 

  85. 

  86. 	ld1	{v1.4s},[x3]
    87. 

  87. 

  88. 	tbl	v6.16b,{v3.16b},v2.16b
    89. 

  89. 	ext	v5.16b,v0.16b,v3.16b,#12
    90. 

  90. 	st1	{v3.4s},[x2],#16
    91. 

  91. 	aese	v6.16b,v0.16b
    92. 

  92. 

  93. 	eor	v3.16b,v3.16b,v5.16b
    94. 

  94. 	ext	v5.16b,v0.16b,v5.16b,#12
    95. 

  95. 	eor	v3.16b,v3.16b,v5.16b
    96. 

  96. 	ext	v5.16b,v0.16b,v5.16b,#12
    97. 

  97. 	eor	v6.16b,v6.16b,v1.16b
    98. 

  98. 	eor	v3.16b,v3.16b,v5.16b
    99. 

  99. 	shl	v1.16b,v1.16b,#1
    100. 

  100. 	eor	v3.16b,v3.16b,v6.16b
    101. 

  101. 

  102. 	tbl	v6.16b,{v3.16b},v2.16b
    103. 

  103. 	ext	v5.16b,v0.16b,v3.16b,#12
    104. 

  104. 	st1	{v3.4s},[x2],#16
    105. 

  105. 	aese	v6.16b,v0.16b
    106. 

  106. 

  107. 	eor	v3.16b,v3.16b,v5.16b
    108. 

  108. 	ext	v5.16b,v0.16b,v5.16b,#12
    109. 

  109. 	eor	v3.16b,v3.16b,v5.16b
    110. 

  110. 	ext	v5.16b,v0.16b,v5.16b,#12
    111. 

  111. 	eor	v6.16b,v6.16b,v1.16b
    112. 

  112. 	eor	v3.16b,v3.16b,v5.16b
    113. 

  113. 	eor	v3.16b,v3.16b,v6.16b
    114. 

  114. 	st1	{v3.4s},[x2]
    115. 

  115. 	add	x2,x2,#0x50
    116. 

  116. 

  117. 	mov	w12,#10
    118. 

  118. 	b	Ldone
    119. 

  119. 

  120. .align	4
    121. 

  121. L192:
    122. 

  122. 	ld1	{v4.8b},[x0],#8
    123. 

  123. 	movi	v6.16b,#8			// borrow v6.16b
    124. 

  124. 	st1	{v3.4s},[x2],#16
    125. 

  125. 	sub	v2.16b,v2.16b,v6.16b	// adjust the mask
    126. 

  126. 

  127. Loop192:
    128. 

  128. 	tbl	v6.16b,{v4.16b},v2.16b
    129. 

  129. 	ext	v5.16b,v0.16b,v3.16b,#12
    130. 

  130. 	st1	{v4.8b},[x2],#8
    131. 

  131. 	aese	v6.16b,v0.16b
    132. 

  132. 	subs	w1,w1,#1
    133. 

  133. 

  134. 	eor	v3.16b,v3.16b,v5.16b
    135. 

  135. 	ext	v5.16b,v0.16b,v5.16b,#12
    136. 

  136. 	eor	v3.16b,v3.16b,v5.16b
    137. 

  137. 	ext	v5.16b,v0.16b,v5.16b,#12
    138. 

  138. 	eor	v3.16b,v3.16b,v5.16b
    139. 

  139. 

  140. 	dup	v5.4s,v3.s[3]
    141. 

  141. 	eor	v5.16b,v5.16b,v4.16b
    142. 

  142. 	eor	v6.16b,v6.16b,v1.16b
    143. 

  143. 	ext	v4.16b,v0.16b,v4.16b,#12
    144. 

  144. 	shl	v1.16b,v1.16b,#1
    145. 

  145. 	eor	v4.16b,v4.16b,v5.16b
    146. 

  146. 	eor	v3.16b,v3.16b,v6.16b
    147. 

  147. 	eor	v4.16b,v4.16b,v6.16b
    148. 

  148. 	st1	{v3.4s},[x2],#16
    149. 

  149. 	b.ne	Loop192
    150. 

  150. 

  151. 	mov	w12,#12
    152. 

  152. 	add	x2,x2,#0x20
    153. 

  153. 	b	Ldone
    154. 

  154. 

  155. .align	4
    156. 

  156. L256:
    157. 

  157. 	ld1	{v4.16b},[x0]
    158. 

  158. 	mov	w1,#7
    159. 

  159. 	mov	w12,#14
    160. 

  160. 	st1	{v3.4s},[x2],#16
    161. 

  161. 

  162. Loop256:
    163. 

  163. 	tbl	v6.16b,{v4.16b},v2.16b
    164. 

  164. 	ext	v5.16b,v0.16b,v3.16b,#12
    165. 

  165. 	st1	{v4.4s},[x2],#16
    166. 

  166. 	aese	v6.16b,v0.16b
    167. 

  167. 	subs	w1,w1,#1
    168. 

  168. 

  169. 	eor	v3.16b,v3.16b,v5.16b
    170. 

  170. 	ext	v5.16b,v0.16b,v5.16b,#12
    171. 

  171. 	eor	v3.16b,v3.16b,v5.16b
    172. 

  172. 	ext	v5.16b,v0.16b,v5.16b,#12
    173. 

  173. 	eor	v6.16b,v6.16b,v1.16b
    174. 

  174. 	eor	v3.16b,v3.16b,v5.16b
    175. 

  175. 	shl	v1.16b,v1.16b,#1
    176. 

  176. 	eor	v3.16b,v3.16b,v6.16b
    177. 

  177. 	st1	{v3.4s},[x2],#16
    178. 

  178. 	b.eq	Ldone
    179. 

  179. 

  180. 	dup	v6.4s,v3.s[3]		// just splat
    181. 

  181. 	ext	v5.16b,v0.16b,v4.16b,#12
    182. 

  182. 	aese	v6.16b,v0.16b
    183. 

  183. 

  184. 	eor	v4.16b,v4.16b,v5.16b
    185. 

  185. 	ext	v5.16b,v0.16b,v5.16b,#12
    186. 

  186. 	eor	v4.16b,v4.16b,v5.16b
    187. 

  187. 	ext	v5.16b,v0.16b,v5.16b,#12
    188. 

  188. 	eor	v4.16b,v4.16b,v5.16b
    189. 

  189. 

  190. 	eor	v4.16b,v4.16b,v6.16b
    191. 

  191. 	b	Loop256
    192. 

  192. 

  193. Ldone:
    194. 

  194. 	str	w12,[x2]
    195. 

  195. 	mov	x3,#0
    196. 

  196. 

  197. Lenc_key_abort:
    198. 

  198. 	mov	x0,x3			// return value
    199. 

  199. 	ldr	x29,[sp],#16
    200. 

  200. 	ret
    201. 

  201. 

  202. 

  203. .globl	aes_hw_set_decrypt_key
    204. 

  204. 

  205. .def aes_hw_set_decrypt_key
    206. 

  206.    .type 32
    207. 

  207. .endef
    208. 

  208. .align	5
    209. 

  209. aes_hw_set_decrypt_key:
    210. 

  210. 	AARCH64_SIGN_LINK_REGISTER
    211. 

  211. 	stp	x29,x30,[sp,#-16]!
    212. 

  212. 	add	x29,sp,#0
    213. 

  213. 	bl	Lenc_key
    214. 

  214. 

  215. 	cmp	x0,#0
    216. 

  216. 	b.ne	Ldec_key_abort
    217. 

  217. 

  218. 	sub	x2,x2,#240		// restore original x2
    219. 

  219. 	mov	x4,#-16
    220. 

  220. 	add	x0,x2,x12,lsl#4	// end of key schedule
    221. 

  221. 

  222. 	ld1	{v0.4s},[x2]
    223. 

  223. 	ld1	{v1.4s},[x0]
    224. 

  224. 	st1	{v0.4s},[x0],x4
    225. 

  225. 	st1	{v1.4s},[x2],#16
    226. 

  226. 

  227. Loop_imc:
    228. 

  228. 	ld1	{v0.4s},[x2]
    229. 

  229. 	ld1	{v1.4s},[x0]
    230. 

  230. 	aesimc	v0.16b,v0.16b
    231. 

  231. 	aesimc	v1.16b,v1.16b
    232. 

  232. 	st1	{v0.4s},[x0],x4
    233. 

  233. 	st1	{v1.4s},[x2],#16
    234. 

  234. 	cmp	x0,x2
    235. 

  235. 	b.hi	Loop_imc
    236. 

  236. 

  237. 	ld1	{v0.4s},[x2]
    238. 

  238. 	aesimc	v0.16b,v0.16b
    239. 

  239. 	st1	{v0.4s},[x0]
    240. 

  240. 

  241. 	eor	x0,x0,x0		// return value
    242. 

  242. Ldec_key_abort:
    243. 

  243. 	ldp	x29,x30,[sp],#16
    244. 

  244. 	AARCH64_VALIDATE_LINK_REGISTER
    245. 

  245. 	ret
    246. 

  246. 

  247. .globl	aes_hw_encrypt
    248. 

  248. 

  249. .def aes_hw_encrypt
    250. 

  250.    .type 32
    251. 

  251. .endef
    252. 

  252. .align	5
    253. 

  253. aes_hw_encrypt:
    254. 

  254. 	AARCH64_VALID_CALL_TARGET
    255. 

  255. 	ldr	w3,[x2,#240]
    256. 

  256. 	ld1	{v0.4s},[x2],#16
    257. 

  257. 	ld1	{v2.16b},[x0]
    258. 

  258. 	sub	w3,w3,#2
    259. 

  259. 	ld1	{v1.4s},[x2],#16
    260. 

  260. 

  261. Loop_enc:
    262. 

  262. 	aese	v2.16b,v0.16b
    263. 

  263. 	aesmc	v2.16b,v2.16b
    264. 

  264. 	ld1	{v0.4s},[x2],#16
    265. 

  265. 	subs	w3,w3,#2
    266. 

  266. 	aese	v2.16b,v1.16b
    267. 

  267. 	aesmc	v2.16b,v2.16b
    268. 

  268. 	ld1	{v1.4s},[x2],#16
    269. 

  269. 	b.gt	Loop_enc
    270. 

  270. 

  271. 	aese	v2.16b,v0.16b
    272. 

  272. 	aesmc	v2.16b,v2.16b
    273. 

  273. 	ld1	{v0.4s},[x2]
    274. 

  274. 	aese	v2.16b,v1.16b
    275. 

  275. 	eor	v2.16b,v2.16b,v0.16b
    276. 

  276. 

  277. 	st1	{v2.16b},[x1]
    278. 

  278. 	ret
    279. 

  279. 

  280. .globl	aes_hw_decrypt
    281. 

  281. 

  282. .def aes_hw_decrypt
    283. 

  283.    .type 32
    284. 

  284. .endef
    285. 

  285. .align	5
    286. 

  286. aes_hw_decrypt:
    287. 

  287. 	AARCH64_VALID_CALL_TARGET
    288. 

  288. 	ldr	w3,[x2,#240]
    289. 

  289. 	ld1	{v0.4s},[x2],#16
    290. 

  290. 	ld1	{v2.16b},[x0]
    291. 

  291. 	sub	w3,w3,#2
    292. 

  292. 	ld1	{v1.4s},[x2],#16
    293. 

  293. 

  294. Loop_dec:
    295. 

  295. 	aesd	v2.16b,v0.16b
    296. 

  296. 	aesimc	v2.16b,v2.16b
    297. 

  297. 	ld1	{v0.4s},[x2],#16
    298. 

  298. 	subs	w3,w3,#2
    299. 

  299. 	aesd	v2.16b,v1.16b
    300. 

  300. 	aesimc	v2.16b,v2.16b
    301. 

  301. 	ld1	{v1.4s},[x2],#16
    302. 

  302. 	b.gt	Loop_dec
    303. 

  303. 

  304. 	aesd	v2.16b,v0.16b
    305. 

  305. 	aesimc	v2.16b,v2.16b
    306. 

  306. 	ld1	{v0.4s},[x2]
    307. 

  307. 	aesd	v2.16b,v1.16b
    308. 

  308. 	eor	v2.16b,v2.16b,v0.16b
    309. 

  309. 

  310. 	st1	{v2.16b},[x1]
    311. 

  311. 	ret
    312. 

  312. 

  313. .globl	aes_hw_cbc_encrypt
    314. 

  314. 

  315. .def aes_hw_cbc_encrypt
    316. 

  316.    .type 32
    317. 

  317. .endef
    318. 

  318. .align	5
    319. 

  319. aes_hw_cbc_encrypt:
    320. 

  320. 	// Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
    321. 

  321. 	AARCH64_VALID_CALL_TARGET
    322. 

  322. 	stp	x29,x30,[sp,#-16]!
    323. 

  323. 	add	x29,sp,#0
    324. 

  324. 	subs	x2,x2,#16
    325. 

  325. 	mov	x8,#16
    326. 

  326. 	b.lo	Lcbc_abort
    327. 

  327. 	csel	x8,xzr,x8,eq
    328. 

  328. 

  329. 	cmp	w5,#0			// en- or decrypting?
    330. 

  330. 	ldr	w5,[x3,#240]
    331. 

  331. 	and	x2,x2,#-16
    332. 

  332. 	ld1	{v6.16b},[x4]
    333. 

  333. 	ld1	{v0.16b},[x0],x8
    334. 

  334. 

  335. 	ld1	{v16.4s,v17.4s},[x3]		// load key schedule...
    336. 

  336. 	sub	w5,w5,#6
    337. 

  337. 	add	x7,x3,x5,lsl#4	// pointer to last 7 round keys
    338. 

  338. 	sub	w5,w5,#2
    339. 

  339. 	ld1	{v18.4s,v19.4s},[x7],#32
    340. 

  340. 	ld1	{v20.4s,v21.4s},[x7],#32
    341. 

  341. 	ld1	{v22.4s,v23.4s},[x7],#32
    342. 

  342. 	ld1	{v7.4s},[x7]
    343. 

  343. 

  344. 	add	x7,x3,#32
    345. 

  345. 	mov	w6,w5
    346. 

  346. 	b.eq	Lcbc_dec
    347. 

  347. 

  348. 	cmp	w5,#2
    349. 

  349. 	eor	v0.16b,v0.16b,v6.16b
    350. 

  350. 	eor	v5.16b,v16.16b,v7.16b
    351. 

  351. 	b.eq	Lcbc_enc128
    352. 

  352. 

  353. 	ld1	{v2.4s,v3.4s},[x7]
    354. 

  354. 	add	x7,x3,#16
    355. 

  355. 	add	x6,x3,#16*4
    356. 

  356. 	add	x12,x3,#16*5
    357. 

  357. 	aese	v0.16b,v16.16b
    358. 

  358. 	aesmc	v0.16b,v0.16b
    359. 

  359. 	add	x14,x3,#16*6
    360. 

  360. 	add	x3,x3,#16*7
    361. 

  361. 	b	Lenter_cbc_enc
    362. 

  362. 

  363. .align	4
    364. 

  364. Loop_cbc_enc:
    365. 

  365. 	aese	v0.16b,v16.16b
    366. 

  366. 	aesmc	v0.16b,v0.16b
    367. 

  367. 	st1	{v6.16b},[x1],#16
    368. 

  368. Lenter_cbc_enc:
    369. 

  369. 	aese	v0.16b,v17.16b
    370. 

  370. 	aesmc	v0.16b,v0.16b
    371. 

  371. 	aese	v0.16b,v2.16b
    372. 

  372. 	aesmc	v0.16b,v0.16b
    373. 

  373. 	ld1	{v16.4s},[x6]
    374. 

  374. 	cmp	w5,#4
    375. 

  375. 	aese	v0.16b,v3.16b
    376. 

  376. 	aesmc	v0.16b,v0.16b
    377. 

  377. 	ld1	{v17.4s},[x12]
    378. 

  378. 	b.eq	Lcbc_enc192
    379. 

  379. 

  380. 	aese	v0.16b,v16.16b
    381. 

  381. 	aesmc	v0.16b,v0.16b
    382. 

  382. 	ld1	{v16.4s},[x14]
    383. 

  383. 	aese	v0.16b,v17.16b
    384. 

  384. 	aesmc	v0.16b,v0.16b
    385. 

  385. 	ld1	{v17.4s},[x3]
    386. 

  386. 	nop
    387. 

  387. 

  388. Lcbc_enc192:
    389. 

  389. 	aese	v0.16b,v16.16b
    390. 

  390. 	aesmc	v0.16b,v0.16b
    391. 

  391. 	subs	x2,x2,#16
    392. 

  392. 	aese	v0.16b,v17.16b
    393. 

  393. 	aesmc	v0.16b,v0.16b
    394. 

  394. 	csel	x8,xzr,x8,eq
    395. 

  395. 	aese	v0.16b,v18.16b
    396. 

  396. 	aesmc	v0.16b,v0.16b
    397. 

  397. 	aese	v0.16b,v19.16b
    398. 

  398. 	aesmc	v0.16b,v0.16b
    399. 

  399. 	ld1	{v16.16b},[x0],x8
    400. 

  400. 	aese	v0.16b,v20.16b
    401. 

  401. 	aesmc	v0.16b,v0.16b
    402. 

  402. 	eor	v16.16b,v16.16b,v5.16b
    403. 

  403. 	aese	v0.16b,v21.16b
    404. 

  404. 	aesmc	v0.16b,v0.16b
    405. 

  405. 	ld1	{v17.4s},[x7]		// re-pre-load rndkey[1]
    406. 

  406. 	aese	v0.16b,v22.16b
    407. 

  407. 	aesmc	v0.16b,v0.16b
    408. 

  408. 	aese	v0.16b,v23.16b
    409. 

  409. 	eor	v6.16b,v0.16b,v7.16b
    410. 

  410. 	b.hs	Loop_cbc_enc
    411. 

  411. 

  412. 	st1	{v6.16b},[x1],#16
    413. 

  413. 	b	Lcbc_done
    414. 

  414. 

  415. .align	5
    416. 

  416. Lcbc_enc128:
    417. 

  417. 	ld1	{v2.4s,v3.4s},[x7]
    418. 

  418. 	aese	v0.16b,v16.16b
    419. 

  419. 	aesmc	v0.16b,v0.16b
    420. 

  420. 	b	Lenter_cbc_enc128
    421. 

  421. Loop_cbc_enc128:
    422. 

  422. 	aese	v0.16b,v16.16b
    423. 

  423. 	aesmc	v0.16b,v0.16b
    424. 

  424. 	st1	{v6.16b},[x1],#16
    425. 

  425. Lenter_cbc_enc128:
    426. 

  426. 	aese	v0.16b,v17.16b
    427. 

  427. 	aesmc	v0.16b,v0.16b
    428. 

  428. 	subs	x2,x2,#16
    429. 

  429. 	aese	v0.16b,v2.16b
    430. 

  430. 	aesmc	v0.16b,v0.16b
    431. 

  431. 	csel	x8,xzr,x8,eq
    432. 

  432. 	aese	v0.16b,v3.16b
    433. 

  433. 	aesmc	v0.16b,v0.16b
    434. 

  434. 	aese	v0.16b,v18.16b
    435. 

  435. 	aesmc	v0.16b,v0.16b
    436. 

  436. 	aese	v0.16b,v19.16b
    437. 

  437. 	aesmc	v0.16b,v0.16b
    438. 

  438. 	ld1	{v16.16b},[x0],x8
    439. 

  439. 	aese	v0.16b,v20.16b
    440. 

  440. 	aesmc	v0.16b,v0.16b
    441. 

  441. 	aese	v0.16b,v21.16b
    442. 

  442. 	aesmc	v0.16b,v0.16b
    443. 

  443. 	aese	v0.16b,v22.16b
    444. 

  444. 	aesmc	v0.16b,v0.16b
    445. 

  445. 	eor	v16.16b,v16.16b,v5.16b
    446. 

  446. 	aese	v0.16b,v23.16b
    447. 

  447. 	eor	v6.16b,v0.16b,v7.16b
    448. 

  448. 	b.hs	Loop_cbc_enc128
    449. 

  449. 

  450. 	st1	{v6.16b},[x1],#16
    451. 

  451. 	b	Lcbc_done
    452. 

  452. .align	5
    453. 

  453. Lcbc_dec:
    454. 

  454. 	ld1	{v18.16b},[x0],#16
    455. 

  455. 	subs	x2,x2,#32		// bias
    456. 

  456. 	add	w6,w5,#2
    457. 

  457. 	orr	v3.16b,v0.16b,v0.16b
    458. 

  458. 	orr	v1.16b,v0.16b,v0.16b
    459. 

  459. 	orr	v19.16b,v18.16b,v18.16b
    460. 

  460. 	b.lo	Lcbc_dec_tail
    461. 

  461. 

  462. 	orr	v1.16b,v18.16b,v18.16b
    463. 

  463. 	ld1	{v18.16b},[x0],#16
    464. 

  464. 	orr	v2.16b,v0.16b,v0.16b
    465. 

  465. 	orr	v3.16b,v1.16b,v1.16b
    466. 

  466. 	orr	v19.16b,v18.16b,v18.16b
    467. 

  467. 

  468. Loop3x_cbc_dec:
    469. 

  469. 	aesd	v0.16b,v16.16b
    470. 

  470. 	aesimc	v0.16b,v0.16b
    471. 

  471. 	aesd	v1.16b,v16.16b
    472. 

  472. 	aesimc	v1.16b,v1.16b
    473. 

  473. 	aesd	v18.16b,v16.16b
    474. 

  474. 	aesimc	v18.16b,v18.16b
    475. 

  475. 	ld1	{v16.4s},[x7],#16
    476. 

  476. 	subs	w6,w6,#2
    477. 

  477. 	aesd	v0.16b,v17.16b
    478. 

  478. 	aesimc	v0.16b,v0.16b
    479. 

  479. 	aesd	v1.16b,v17.16b
    480. 

  480. 	aesimc	v1.16b,v1.16b
    481. 

  481. 	aesd	v18.16b,v17.16b
    482. 

  482. 	aesimc	v18.16b,v18.16b
    483. 

  483. 	ld1	{v17.4s},[x7],#16
    484. 

  484. 	b.gt	Loop3x_cbc_dec
    485. 

  485. 

  486. 	aesd	v0.16b,v16.16b
    487. 

  487. 	aesimc	v0.16b,v0.16b
    488. 

  488. 	aesd	v1.16b,v16.16b
    489. 

  489. 	aesimc	v1.16b,v1.16b
    490. 

  490. 	aesd	v18.16b,v16.16b
    491. 

  491. 	aesimc	v18.16b,v18.16b
    492. 

  492. 	eor	v4.16b,v6.16b,v7.16b
    493. 

  493. 	subs	x2,x2,#0x30
    494. 

  494. 	eor	v5.16b,v2.16b,v7.16b
    495. 

  495. 	csel	x6,x2,x6,lo			// x6, w6, is zero at this point
    496. 

  496. 	aesd	v0.16b,v17.16b
    497. 

  497. 	aesimc	v0.16b,v0.16b
    498. 

  498. 	aesd	v1.16b,v17.16b
    499. 

  499. 	aesimc	v1.16b,v1.16b
    500. 

  500. 	aesd	v18.16b,v17.16b
    501. 

  501. 	aesimc	v18.16b,v18.16b
    502. 

  502. 	eor	v17.16b,v3.16b,v7.16b
    503. 

  503. 	add	x0,x0,x6		// x0 is adjusted in such way that
    504. 

  504. 					// at exit from the loop v1.16b-v18.16b
    505. 

  505. 					// are loaded with last "words"
    506. 

  506. 	orr	v6.16b,v19.16b,v19.16b
    507. 

  507. 	mov	x7,x3
    508. 

  508. 	aesd	v0.16b,v20.16b
    509. 

  509. 	aesimc	v0.16b,v0.16b
    510. 

  510. 	aesd	v1.16b,v20.16b
    511. 

  511. 	aesimc	v1.16b,v1.16b
    512. 

  512. 	aesd	v18.16b,v20.16b
    513. 

  513. 	aesimc	v18.16b,v18.16b
    514. 

  514. 	ld1	{v2.16b},[x0],#16
    515. 

  515. 	aesd	v0.16b,v21.16b
    516. 

  516. 	aesimc	v0.16b,v0.16b
    517. 

  517. 	aesd	v1.16b,v21.16b
    518. 

  518. 	aesimc	v1.16b,v1.16b
    519. 

  519. 	aesd	v18.16b,v21.16b
    520. 

  520. 	aesimc	v18.16b,v18.16b
    521. 

  521. 	ld1	{v3.16b},[x0],#16
    522. 

  522. 	aesd	v0.16b,v22.16b
    523. 

  523. 	aesimc	v0.16b,v0.16b
    524. 

  524. 	aesd	v1.16b,v22.16b
    525. 

  525. 	aesimc	v1.16b,v1.16b
    526. 

  526. 	aesd	v18.16b,v22.16b
    527. 

  527. 	aesimc	v18.16b,v18.16b
    528. 

  528. 	ld1	{v19.16b},[x0],#16
    529. 

  529. 	aesd	v0.16b,v23.16b
    530. 

  530. 	aesd	v1.16b,v23.16b
    531. 

  531. 	aesd	v18.16b,v23.16b
    532. 

  532. 	ld1	{v16.4s},[x7],#16	// re-pre-load rndkey[0]
    533. 

  533. 	add	w6,w5,#2
    534. 

  534. 	eor	v4.16b,v4.16b,v0.16b
    535. 

  535. 	eor	v5.16b,v5.16b,v1.16b
    536. 

  536. 	eor	v18.16b,v18.16b,v17.16b
    537. 

  537. 	ld1	{v17.4s},[x7],#16	// re-pre-load rndkey[1]
    538. 

  538. 	st1	{v4.16b},[x1],#16
    539. 

  539. 	orr	v0.16b,v2.16b,v2.16b
    540. 

  540. 	st1	{v5.16b},[x1],#16
    541. 

  541. 	orr	v1.16b,v3.16b,v3.16b
    542. 

  542. 	st1	{v18.16b},[x1],#16
    543. 

  543. 	orr	v18.16b,v19.16b,v19.16b
    544. 

  544. 	b.hs	Loop3x_cbc_dec
    545. 

  545. 

  546. 	cmn	x2,#0x30
    547. 

  547. 	b.eq	Lcbc_done
    548. 

  548. 	nop
    549. 

  549. 

  550. Lcbc_dec_tail:
    551. 

  551. 	aesd	v1.16b,v16.16b
    552. 

  552. 	aesimc	v1.16b,v1.16b
    553. 

  553. 	aesd	v18.16b,v16.16b
    554. 

  554. 	aesimc	v18.16b,v18.16b
    555. 

  555. 	ld1	{v16.4s},[x7],#16
    556. 

  556. 	subs	w6,w6,#2
    557. 

  557. 	aesd	v1.16b,v17.16b
    558. 

  558. 	aesimc	v1.16b,v1.16b
    559. 

  559. 	aesd	v18.16b,v17.16b
    560. 

  560. 	aesimc	v18.16b,v18.16b
    561. 

  561. 	ld1	{v17.4s},[x7],#16
    562. 

  562. 	b.gt	Lcbc_dec_tail
    563. 

  563. 

  564. 	aesd	v1.16b,v16.16b
    565. 

  565. 	aesimc	v1.16b,v1.16b
    566. 

  566. 	aesd	v18.16b,v16.16b
    567. 

  567. 	aesimc	v18.16b,v18.16b
    568. 

  568. 	aesd	v1.16b,v17.16b
    569. 

  569. 	aesimc	v1.16b,v1.16b
    570. 

  570. 	aesd	v18.16b,v17.16b
    571. 

  571. 	aesimc	v18.16b,v18.16b
    572. 

  572. 	aesd	v1.16b,v20.16b
    573. 

  573. 	aesimc	v1.16b,v1.16b
    574. 

  574. 	aesd	v18.16b,v20.16b
    575. 

  575. 	aesimc	v18.16b,v18.16b
    576. 

  576. 	cmn	x2,#0x20
    577. 

  577. 	aesd	v1.16b,v21.16b
    578. 

  578. 	aesimc	v1.16b,v1.16b
    579. 

  579. 	aesd	v18.16b,v21.16b
    580. 

  580. 	aesimc	v18.16b,v18.16b
    581. 

  581. 	eor	v5.16b,v6.16b,v7.16b
    582. 

  582. 	aesd	v1.16b,v22.16b
    583. 

  583. 	aesimc	v1.16b,v1.16b
    584. 

  584. 	aesd	v18.16b,v22.16b
    585. 

  585. 	aesimc	v18.16b,v18.16b
    586. 

  586. 	eor	v17.16b,v3.16b,v7.16b
    587. 

  587. 	aesd	v1.16b,v23.16b
    588. 

  588. 	aesd	v18.16b,v23.16b
    589. 

  589. 	b.eq	Lcbc_dec_one
    590. 

  590. 	eor	v5.16b,v5.16b,v1.16b
    591. 

  591. 	eor	v17.16b,v17.16b,v18.16b
    592. 

  592. 	orr	v6.16b,v19.16b,v19.16b
    593. 

  593. 	st1	{v5.16b},[x1],#16
    594. 

  594. 	st1	{v17.16b},[x1],#16
    595. 

  595. 	b	Lcbc_done
    596. 

  596. 

  597. Lcbc_dec_one:
    598. 

  598. 	eor	v5.16b,v5.16b,v18.16b
    599. 

  599. 	orr	v6.16b,v19.16b,v19.16b
    600. 

  600. 	st1	{v5.16b},[x1],#16
    601. 

  601. 

  602. Lcbc_done:
    603. 

  603. 	st1	{v6.16b},[x4]
    604. 

  604. Lcbc_abort:
    605. 

  605. 	ldr	x29,[sp],#16
    606. 

  606. 	ret
    607. 

  607. 

  608. .globl	aes_hw_ctr32_encrypt_blocks
    609. 

  609. 

  610. .def aes_hw_ctr32_encrypt_blocks
    611. 

  611.    .type 32
    612. 

  612. .endef
    613. 

  613. .align	5
    614. 

  614. aes_hw_ctr32_encrypt_blocks:
    615. 

  615. 	// Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later.
    616. 

  616. 	AARCH64_VALID_CALL_TARGET
    617. 

  617. 	stp	x29,x30,[sp,#-16]!
    618. 

  618. 	add	x29,sp,#0
    619. 

  619. 	ldr	w5,[x3,#240]
    620. 

  620. 

  621. 	ldr	w8, [x4, #12]
    622. 

  622. 	ld1	{v0.4s},[x4]
    623. 

  623. 

  624. 	ld1	{v16.4s,v17.4s},[x3]		// load key schedule...
    625. 

  625. 	sub	w5,w5,#4
    626. 

  626. 	mov	x12,#16
    627. 

  627. 	cmp	x2,#2
    628. 

  628. 	add	x7,x3,x5,lsl#4	// pointer to last 5 round keys
    629. 

  629. 	sub	w5,w5,#2
    630. 

  630. 	ld1	{v20.4s,v21.4s},[x7],#32
    631. 

  631. 	ld1	{v22.4s,v23.4s},[x7],#32
    632. 

  632. 	ld1	{v7.4s},[x7]
    633. 

  633. 	add	x7,x3,#32
    634. 

  634. 	mov	w6,w5
    635. 

  635. 	csel	x12,xzr,x12,lo
    636. 

  636. 

  637. 	// ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are
    638. 

  638. 	// affected by silicon errata #1742098 [0] and #1655431 [1],
    639. 

  639. 	// respectively, where the second instruction of an aese/aesmc
    640. 

  640. 	// instruction pair may execute twice if an interrupt is taken right
    641. 

  641. 	// after the first instruction consumes an input register of which a
    642. 

  642. 	// single 32-bit lane has been updated the last time it was modified.
    643. 

  643. 	//
    644. 

  644. 	// This function uses a counter in one 32-bit lane. The vmov lines
    645. 

  645. 	// could write to v1.16b and v18.16b directly, but that trips this bugs.
    646. 

  646. 	// We write to v6.16b and copy to the final register as a workaround.
    647. 

  647. 	//
    648. 

  648. 	// [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice
    649. 

  649. 	// [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice
    650. 

  650. #ifndef __ARMEB__
    651. 

  651. 	rev	w8, w8
    652. 

  652. #endif
    653. 

  653. 	add	w10, w8, #1
    654. 

  654. 	orr	v6.16b,v0.16b,v0.16b
    655. 

  655. 	rev	w10, w10
    656. 

  656. 	mov	v6.s[3],w10
    657. 

  657. 	add	w8, w8, #2
    658. 

  658. 	orr	v1.16b,v6.16b,v6.16b
    659. 

  659. 	b.ls	Lctr32_tail
    660. 

  660. 	rev	w12, w8
    661. 

  661. 	mov	v6.s[3],w12
    662. 

  662. 	sub	x2,x2,#3		// bias
    663. 

  663. 	orr	v18.16b,v6.16b,v6.16b
    664. 

  664. 	b	Loop3x_ctr32
    665. 

  665. 

  666. .align	4
    667. 

  667. Loop3x_ctr32:
    668. 

  668. 	aese	v0.16b,v16.16b
    669. 

  669. 	aesmc	v0.16b,v0.16b
    670. 

  670. 	aese	v1.16b,v16.16b
    671. 

  671. 	aesmc	v1.16b,v1.16b
    672. 

  672. 	aese	v18.16b,v16.16b
    673. 

  673. 	aesmc	v18.16b,v18.16b
    674. 

  674. 	ld1	{v16.4s},[x7],#16
    675. 

  675. 	subs	w6,w6,#2
    676. 

  676. 	aese	v0.16b,v17.16b
    677. 

  677. 	aesmc	v0.16b,v0.16b
    678. 

  678. 	aese	v1.16b,v17.16b
    679. 

  679. 	aesmc	v1.16b,v1.16b
    680. 

  680. 	aese	v18.16b,v17.16b
    681. 

  681. 	aesmc	v18.16b,v18.16b
    682. 

  682. 	ld1	{v17.4s},[x7],#16
    683. 

  683. 	b.gt	Loop3x_ctr32
    684. 

  684. 

  685. 	aese	v0.16b,v16.16b
    686. 

  686. 	aesmc	v4.16b,v0.16b
    687. 

  687. 	aese	v1.16b,v16.16b
    688. 

  688. 	aesmc	v5.16b,v1.16b
    689. 

  689. 	ld1	{v2.16b},[x0],#16
    690. 

  690. 	add	w9,w8,#1
    691. 

  691. 	aese	v18.16b,v16.16b
    692. 

  692. 	aesmc	v18.16b,v18.16b
    693. 

  693. 	ld1	{v3.16b},[x0],#16
    694. 

  694. 	rev	w9,w9
    695. 

  695. 	aese	v4.16b,v17.16b
    696. 

  696. 	aesmc	v4.16b,v4.16b
    697. 

  697. 	aese	v5.16b,v17.16b
    698. 

  698. 	aesmc	v5.16b,v5.16b
    699. 

  699. 	ld1	{v19.16b},[x0],#16
    700. 

  700. 	mov	x7,x3
    701. 

  701. 	aese	v18.16b,v17.16b
    702. 

  702. 	aesmc	v17.16b,v18.16b
    703. 

  703. 	aese	v4.16b,v20.16b
    704. 

  704. 	aesmc	v4.16b,v4.16b
    705. 

  705. 	aese	v5.16b,v20.16b
    706. 

  706. 	aesmc	v5.16b,v5.16b
    707. 

  707. 	eor	v2.16b,v2.16b,v7.16b
    708. 

  708. 	add	w10,w8,#2
    709. 

  709. 	aese	v17.16b,v20.16b
    710. 

  710. 	aesmc	v17.16b,v17.16b
    711. 

  711. 	eor	v3.16b,v3.16b,v7.16b
    712. 

  712. 	add	w8,w8,#3
    713. 

  713. 	aese	v4.16b,v21.16b
    714. 

  714. 	aesmc	v4.16b,v4.16b
    715. 

  715. 	aese	v5.16b,v21.16b
    716. 

  716. 	aesmc	v5.16b,v5.16b
    717. 

  717. 	 // Note the logic to update v0.16b, v1.16b, and v1.16b is written to work
    718. 

  718. 	 // around a bug in ARM Cortex-A57 and Cortex-A72 cores running in
    719. 

  719. 	 // 32-bit mode. See the comment above.
    720. 

  720. 	eor	v19.16b,v19.16b,v7.16b
    721. 

  721. 	mov	v6.s[3], w9
    722. 

  722. 	aese	v17.16b,v21.16b
    723. 

  723. 	aesmc	v17.16b,v17.16b
    724. 

  724. 	orr	v0.16b,v6.16b,v6.16b
    725. 

  725. 	rev	w10,w10
    726. 

  726. 	aese	v4.16b,v22.16b
    727. 

  727. 	aesmc	v4.16b,v4.16b
    728. 

  728. 	mov	v6.s[3], w10
    729. 

  729. 	rev	w12,w8
    730. 

  730. 	aese	v5.16b,v22.16b
    731. 

  731. 	aesmc	v5.16b,v5.16b
    732. 

  732. 	orr	v1.16b,v6.16b,v6.16b
    733. 

  733. 	mov	v6.s[3], w12
    734. 

  734. 	aese	v17.16b,v22.16b
    735. 

  735. 	aesmc	v17.16b,v17.16b
    736. 

  736. 	orr	v18.16b,v6.16b,v6.16b
    737. 

  737. 	subs	x2,x2,#3
    738. 

  738. 	aese	v4.16b,v23.16b
    739. 

  739. 	aese	v5.16b,v23.16b
    740. 

  740. 	aese	v17.16b,v23.16b
    741. 

  741. 

  742. 	eor	v2.16b,v2.16b,v4.16b
    743. 

  743. 	ld1	{v16.4s},[x7],#16	// re-pre-load rndkey[0]
    744. 

  744. 	st1	{v2.16b},[x1],#16
    745. 

  745. 	eor	v3.16b,v3.16b,v5.16b
    746. 

  746. 	mov	w6,w5
    747. 

  747. 	st1	{v3.16b},[x1],#16
    748. 

  748. 	eor	v19.16b,v19.16b,v17.16b
    749. 

  749. 	ld1	{v17.4s},[x7],#16	// re-pre-load rndkey[1]
    750. 

  750. 	st1	{v19.16b},[x1],#16
    751. 

  751. 	b.hs	Loop3x_ctr32
    752. 

  752. 

  753. 	adds	x2,x2,#3
    754. 

  754. 	b.eq	Lctr32_done
    755. 

  755. 	cmp	x2,#1
    756. 

  756. 	mov	x12,#16
    757. 

  757. 	csel	x12,xzr,x12,eq
    758. 

  758. 

  759. Lctr32_tail:
    760. 

  760. 	aese	v0.16b,v16.16b
    761. 

  761. 	aesmc	v0.16b,v0.16b
    762. 

  762. 	aese	v1.16b,v16.16b
    763. 

  763. 	aesmc	v1.16b,v1.16b
    764. 

  764. 	ld1	{v16.4s},[x7],#16
    765. 

  765. 	subs	w6,w6,#2
    766. 

  766. 	aese	v0.16b,v17.16b
    767. 

  767. 	aesmc	v0.16b,v0.16b
    768. 

  768. 	aese	v1.16b,v17.16b
    769. 

  769. 	aesmc	v1.16b,v1.16b
    770. 

  770. 	ld1	{v17.4s},[x7],#16
    771. 

  771. 	b.gt	Lctr32_tail
    772. 

  772. 

  773. 	aese	v0.16b,v16.16b
    774. 

  774. 	aesmc	v0.16b,v0.16b
    775. 

  775. 	aese	v1.16b,v16.16b
    776. 

  776. 	aesmc	v1.16b,v1.16b
    777. 

  777. 	aese	v0.16b,v17.16b
    778. 

  778. 	aesmc	v0.16b,v0.16b
    779. 

  779. 	aese	v1.16b,v17.16b
    780. 

  780. 	aesmc	v1.16b,v1.16b
    781. 

  781. 	ld1	{v2.16b},[x0],x12
    782. 

  782. 	aese	v0.16b,v20.16b
    783. 

  783. 	aesmc	v0.16b,v0.16b
    784. 

  784. 	aese	v1.16b,v20.16b
    785. 

  785. 	aesmc	v1.16b,v1.16b
    786. 

  786. 	ld1	{v3.16b},[x0]
    787. 

  787. 	aese	v0.16b,v21.16b
    788. 

  788. 	aesmc	v0.16b,v0.16b
    789. 

  789. 	aese	v1.16b,v21.16b
    790. 

  790. 	aesmc	v1.16b,v1.16b
    791. 

  791. 	eor	v2.16b,v2.16b,v7.16b
    792. 

  792. 	aese	v0.16b,v22.16b
    793. 

  793. 	aesmc	v0.16b,v0.16b
    794. 

  794. 	aese	v1.16b,v22.16b
    795. 

  795. 	aesmc	v1.16b,v1.16b
    796. 

  796. 	eor	v3.16b,v3.16b,v7.16b
    797. 

  797. 	aese	v0.16b,v23.16b
    798. 

  798. 	aese	v1.16b,v23.16b
    799. 

  799. 

  800. 	cmp	x2,#1
    801. 

  801. 	eor	v2.16b,v2.16b,v0.16b
    802. 

  802. 	eor	v3.16b,v3.16b,v1.16b
    803. 

  803. 	st1	{v2.16b},[x1],#16
    804. 

  804. 	b.eq	Lctr32_done
    805. 

  805. 	st1	{v3.16b},[x1]
    806. 

  806. 

  807. Lctr32_done:
    808. 

  808. 	ldr	x29,[sp],#16
    809. 

  809. 	ret
    810. 

  810. 

  811. #endif
    812. 

  812. #endif
    813. 

  813. #endif  // !OPENSSL_NO_ASM
    814.