1210409Skib/*- 2210409Skib* The white paper of AES-NI instructions can be downloaded from: 3210409Skib * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf 4210409Skib * 5210409Skib * Copyright (C) 2008-2010, Intel Corporation 6210409Skib * Author: Huang Ying <ying.huang@intel.com> 7210409Skib * Vinodh Gopal <vinodh.gopal@intel.com> 8210409Skib * Kahraman Akdemir 9210409Skib * 10210409Skib * Redistribution and use in source and binary forms, with or without 11210409Skib * modification, are permitted provided that the following 12210409Skib * conditions are met: 13210409Skib * 14210409Skib * - Redistributions of source code must retain the above copyright 15210409Skib * notice, this list of conditions and the following disclaimer. 16210409Skib * 17210409Skib * - Redistributions in binary form must reproduce the above copyright 18210409Skib * notice, this list of conditions and the following disclaimer in the 19210409Skib * documentation and/or other materials provided with the 20210409Skib * distribution. 21210409Skib * 22210409Skib * - Neither the name of Intel Corporation nor the names of its 23210409Skib * contributors may be used to endorse or promote products 24210409Skib * derived from this software without specific prior written 25210409Skib * permission. 26210409Skib * 27210409Skib * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 28210409Skib * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 29210409Skib * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 30210409Skib * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 31210409Skib * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 32210409Skib * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 33210409Skib * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 34210409Skib * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 35210409Skib * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 36210409Skib * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 37210409Skib * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38210409Skib */ 39210409Skib 40210409Skib#include <machine/asmacros.h> 41210409Skib 42210409Skib .text 43210409Skib 44210409SkibENTRY(_key_expansion_128) 45210409Skib_key_expansion_256a: 46210409Skib .cfi_startproc 47210409Skib pshufd $0b11111111,%xmm1,%xmm1 48210409Skib shufps $0b00010000,%xmm0,%xmm4 49210409Skib pxor %xmm4,%xmm0 50210409Skib shufps $0b10001100,%xmm0,%xmm4 51210409Skib pxor %xmm4,%xmm0 52210409Skib pxor %xmm1,%xmm0 53210409Skib movaps %xmm0,(%edx) 54210409Skib addl $0x10,%edx 55213797Sdim retl 56210409Skib .cfi_endproc 57210409SkibEND(_key_expansion_128) 58210409Skib 59210409SkibENTRY(_key_expansion_192a) 60210409Skib .cfi_startproc 61210409Skib pshufd $0b01010101,%xmm1,%xmm1 62210409Skib shufps $0b00010000,%xmm0,%xmm4 63210409Skib pxor %xmm4,%xmm0 64210409Skib shufps $0b10001100,%xmm0,%xmm4 65210409Skib pxor %xmm4,%xmm0 66210409Skib pxor %xmm1,%xmm0 67210409Skib movaps %xmm2,%xmm5 68210409Skib movaps %xmm2,%xmm6 69210409Skib pslldq $4,%xmm5 70210409Skib pshufd $0b11111111,%xmm0,%xmm3 71210409Skib pxor %xmm3,%xmm2 72210409Skib pxor %xmm5,%xmm2 73210409Skib movaps %xmm0,%xmm1 74210409Skib shufps $0b01000100,%xmm0,%xmm6 75210409Skib movaps %xmm6,(%edx) 76210409Skib shufps $0b01001110,%xmm2,%xmm1 77210409Skib movaps %xmm1,0x10(%edx) 78210409Skib addl $0x20,%edx 79213797Sdim retl 80210409Skib .cfi_endproc 81210409SkibEND(_key_expansion_192a) 82210409Skib 83210409SkibENTRY(_key_expansion_192b) 84210409Skib .cfi_startproc 85210409Skib pshufd $0b01010101,%xmm1,%xmm1 86210409Skib shufps $0b00010000,%xmm0,%xmm4 87210409Skib pxor %xmm4,%xmm0 88210409Skib shufps $0b10001100,%xmm0,%xmm4 89210409Skib pxor %xmm4,%xmm0 90210409Skib pxor %xmm1,%xmm0 91210409Skib movaps %xmm2,%xmm5 92210409Skib pslldq $4,%xmm5 93210409Skib pshufd $0b11111111,%xmm0,%xmm3 94210409Skib pxor %xmm3,%xmm2 95210409Skib pxor %xmm5,%xmm2 96210409Skib movaps %xmm0,(%edx) 97210409Skib addl $0x10,%edx 98210409Skib retl 99210409Skib .cfi_endproc 100210409SkibEND(_key_expansion_192b) 101210409Skib 102210409SkibENTRY(_key_expansion_256b) 103210409Skib .cfi_startproc 104210409Skib pshufd $0b10101010,%xmm1,%xmm1 105210409Skib shufps $0b00010000,%xmm2,%xmm4 106210409Skib pxor %xmm4,%xmm2 107210409Skib shufps $0b10001100,%xmm2,%xmm4 108210409Skib pxor %xmm4,%xmm2 109210409Skib pxor %xmm1,%xmm2 110210409Skib movaps %xmm2,(%edx) 111210409Skib addl $0x10,%edx 112210409Skib retl 113210409Skib .cfi_endproc 114210409SkibEND(_key_expansion_256b) 115210409Skib 116210409SkibENTRY(aesni_set_enckey) 117210409Skib .cfi_startproc 118210409Skib pushl %ebp 119210409Skib .cfi_adjust_cfa_offset 4 120210409Skib movl %esp,%ebp 121210409Skib movl 8(%ebp),%ecx 122210409Skib movl 12(%ebp),%edx 123210409Skib movups (%ecx),%xmm0 # user key (first 16 bytes) 124210409Skib movaps %xmm0,(%edx) 125210409Skib addl $0x10,%edx # key addr 126210409Skib pxor %xmm4,%xmm4 # xmm4 is assumed 0 in _key_expansion_x 127210409Skib cmpl $12,16(%ebp) # rounds 128210409Skib jb .Lenc_key128 129210409Skib je .Lenc_key192 130210409Skib movups 0x10(%ecx),%xmm2 # other user key 131210409Skib movaps %xmm2,(%edx) 132210409Skib addl $0x10,%edx 133210409Skib// aeskeygenassist $0x1,%xmm2,%xmm1 # round 1 134210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x01 135210409Skib call _key_expansion_256a 136210409Skib// aeskeygenassist $0x1,%xmm0,%xmm1 137210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x01 138210409Skib call _key_expansion_256b 139210409Skib// aeskeygenassist $0x2,%xmm2,%xmm1 # round 2 140210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x02 141210409Skib call _key_expansion_256a 142210409Skib// aeskeygenassist $0x2,%xmm0,%xmm1 143210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x02 144210409Skib call _key_expansion_256b 145210409Skib// aeskeygenassist $0x4,%xmm2,%xmm1 # round 3 146210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x04 147210409Skib call _key_expansion_256a 148210409Skib// aeskeygenassist $0x4,%xmm0,%xmm1 149210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x04 150210409Skib call _key_expansion_256b 151210409Skib// aeskeygenassist $0x8,%xmm2,%xmm1 # round 4 152210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x08 153210409Skib call _key_expansion_256a 154210409Skib// aeskeygenassist $0x8,%xmm0,%xmm1 155210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x08 156210409Skib call _key_expansion_256b 157210409Skib// aeskeygenassist $0x10,%xmm2,%xmm1 # round 5 158210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x10 159210409Skib call _key_expansion_256a 160210409Skib// aeskeygenassist $0x10,%xmm0,%xmm1 161210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x10 162210409Skib call _key_expansion_256b 163210409Skib// aeskeygenassist $0x20,%xmm2,%xmm1 # round 6 164210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x20 165210409Skib call _key_expansion_256a 166210409Skib// aeskeygenassist $0x20,%xmm0,%xmm1 167210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x20 168210409Skib call _key_expansion_256b 169210409Skib// aeskeygenassist $0x40,%xmm2,%xmm1 # round 7 170219178Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x40 171210409Skib call _key_expansion_256a 172210409Skib .cfi_adjust_cfa_offset -4 173210409Skib leave 174210409Skib retl 175210409Skib.Lenc_key192: 176210409Skib movq 0x10(%ecx),%xmm2 # other user key 177210409Skib// aeskeygenassist $0x1,%xmm2,%xmm1 # round 1 178210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x01 179210409Skib call _key_expansion_192a 180210409Skib// aeskeygenassist $0x2,%xmm2,%xmm1 # round 2 181210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x02 182210409Skib call _key_expansion_192b 183210409Skib// aeskeygenassist $0x4,%xmm2,%xmm1 # round 3 184210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x04 185210409Skib call _key_expansion_192a 186210409Skib// aeskeygenassist $0x8,%xmm2,%xmm1 # round 4 187210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x08 188210409Skib call _key_expansion_192b 189210409Skib// aeskeygenassist $0x10,%xmm2,%xmm1 # round 5 190210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x10 191210409Skib call _key_expansion_192a 192210409Skib// aeskeygenassist $0x20,%xmm2,%xmm1 # round 6 193210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x20 194210409Skib call _key_expansion_192b 195210409Skib// aeskeygenassist $0x40,%xmm2,%xmm1 # round 7 196210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x40 197210409Skib call _key_expansion_192a 198210409Skib// aeskeygenassist $0x80,%xmm2,%xmm1 # round 8 199210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xca,0x80 200210409Skib call _key_expansion_192b 201210409Skib leave 202210409Skib .cfi_adjust_cfa_offset -4 203210409Skib retl 204210409Skib.Lenc_key128: 205210409Skib// aeskeygenassist $0x1,%xmm0,%xmm1 # round 1 206210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x01 207210409Skib call _key_expansion_128 208210409Skib// aeskeygenassist $0x2,%xmm0,%xmm1 # round 2 209210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x02 210210409Skib call _key_expansion_128 211210409Skib// aeskeygenassist $0x4,%xmm0,%xmm1 # round 3 212210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x04 213210409Skib call _key_expansion_128 214210409Skib// aeskeygenassist $0x8,%xmm0,%xmm1 # round 4 215210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x08 216210409Skib call _key_expansion_128 217210409Skib// aeskeygenassist $0x10,%xmm0,%xmm1 # round 5 218210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x10 219210409Skib call _key_expansion_128 220210409Skib// aeskeygenassist $0x20,%xmm0,%xmm1 # round 6 221210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x20 222210409Skib call _key_expansion_128 223210409Skib// aeskeygenassist $0x40,%xmm0,%xmm1 # round 7 224210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x40 225210409Skib call _key_expansion_128 226210409Skib// aeskeygenassist $0x80,%xmm0,%xmm1 # round 8 227210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x80 228210409Skib call _key_expansion_128 229210409Skib// aeskeygenassist $0x1b,%xmm0,%xmm1 # round 9 230210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x1b 231210409Skib call _key_expansion_128 232210409Skib// aeskeygenassist $0x36,%xmm0,%xmm1 # round 10 233210409Skib .byte 0x66,0x0f,0x3a,0xdf,0xc8,0x36 234210409Skib call _key_expansion_128 235210409Skib leave 236210409Skib .cfi_adjust_cfa_offset -4 237210409Skib retl 238210409Skib .cfi_endproc 239210409SkibEND(aesni_set_enckey) 240210409Skib 241210409SkibENTRY(aesni_set_deckey) 242210409Skib .cfi_startproc 243210409Skib pushl %ebp 244210409Skib .cfi_adjust_cfa_offset 4 245210409Skib movl %esp,%ebp 246210409Skib movl 16(%ebp),%eax /* rounds */ 247210409Skib movl %eax,%ecx 248210409Skib shll $4,%ecx 249210409Skib addl 8(%ebp),%ecx /* encrypt_schedule last quad */ 250210409Skib movl 12(%ebp),%edx /* decrypt_schedule */ 251210409Skib movdqa (%ecx),%xmm0 252210409Skib movdqa %xmm0,(%edx) 253210409Skib decl %eax 254210409Skib1: 255210409Skib addl $0x10,%edx 256210409Skib subl $0x10,%ecx 257210409Skib// aesimc (%ecx),%xmm1 258210409Skib .byte 0x66,0x0f,0x38,0xdb,0x09 259210409Skib movdqa %xmm1,(%edx) 260210409Skib decl %eax 261210409Skib jne 1b 262210409Skib 263210409Skib addl $0x10,%edx 264210409Skib subl $0x10,%ecx 265210409Skib movdqa (%ecx),%xmm0 266210409Skib movdqa %xmm0,(%edx) 267210409Skib leave 268210409Skib .cfi_adjust_cfa_offset -4 269210409Skib retl 270210409Skib .cfi_endproc 271210409SkibEND(aesni_set_deckey) 272210409Skib 273210409Skib .ident "$FreeBSD: releng/11.0/sys/crypto/aesni/aeskeys_i386.S 219178 2011-03-02 14:56:58Z kib $" 274