1/* 2 * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28 29/* 30 * --------------------------------------------------------------------------- 31 * Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved. 32 * 33 * LICENSE TERMS 34 * 35 * The free distribution and use of this software in both source and binary 36 * form is allowed (with or without changes) provided that: 37 * 38 * 1. distributions of this source code include the above copyright 39 * notice, this list of conditions and the following disclaimer; 40 * 41 * 2. distributions in binary form include the above copyright 42 * notice, this list of conditions and the following disclaimer 43 * in the documentation and/or other associated materials; 44 * 45 * 3. the copyright holder's name is not used to endorse products 46 * built using this software without specific written permission. 47 * 48 * ALTERNATIVELY, provided that this notice is retained in full, this product 49 * may be distributed under the terms of the GNU General Public License (GPL), 50 * in which case the provisions of the GPL apply INSTEAD OF those given above. 51 * 52 * DISCLAIMER 53 * 54 * This software is provided 'as is' with no explicit or implied warranties 55 * in respect of its properties, including, but not limited to, correctness 56 * and/or fitness for purpose. 57 * --------------------------------------------------------------------------- 58 * Issue 31/01/2006 59 * 60 * This code requires either ASM_X86_V2 or ASM_X86_V2C to be set in aesopt.h 61 * and the same define to be set here as well. If AES_V2C is set this file 62 * requires the C files aeskey.c and aestab.c for support. 63 * 64 * This is a full assembler implementation covering encryption, decryption and 65 * key scheduling. It uses 2k bytes of tables but its encryption and decryption 66 * performance is very close to that obtained using large tables. Key schedule 67 * expansion is slower for both encryption and decryption but this is likely to 68 * be offset by the much smaller load that this version places on the processor 69 * cache. I acknowledge the contribution made by Daniel Bernstein to aspects of 70 * the design of the AES round function used here. 71 * 72 * This code provides the standard AES block size (128 bits, 16 bytes) and the 73 * three standard AES key sizes (128, 192 and 256 bits). It has the same call 74 * interface as my C implementation. The ebx, esi, edi and ebp registers are 75 * preserved across calls but eax, ecx and edx and the artihmetic status flags 76 * are not. 77 */ 78 79#include <mach/i386/asm.h> 80 81#define AES_128 /* define if AES with 128 bit keys is needed */ 82#define AES_192 /* define if AES with 192 bit keys is needed */ 83#define AES_256 /* define if AES with 256 bit keys is needed */ 84#define AES_VAR /* define if a variable key size is needed */ 85#define ENCRYPTION /* define if encryption is needed */ 86#define DECRYPTION /* define if decryption is needed */ 87#define AES_REV_DKS /* define if key decryption schedule is reversed */ 88 89#ifndef ASM_X86_V2C 90#define ENCRYPTION_KEY_SCHEDULE /* define if enc. key expansion is needed */ 91#define DECRYPTION_KEY_SCHEDULE /* define if dec. key expansion is needed */ 92#endif 93 94/* 95 * The encryption key schedule has the following in memory layout where N is the 96 * number of rounds (10, 12 or 14): 97 * 98 * lo: | input key (round 0) | ; each round is four 32-bit words 99 * | encryption round 1 | 100 * | encryption round 2 | 101 * .... 102 * | encryption round N-1 | 103 * hi: | encryption round N | 104 * 105 * The decryption key schedule is normally set up so that it has the same 106 * layout as above by actually reversing the order of the encryption key 107 * schedule in memory (this happens when AES_REV_DKS is set): 108 * 109 * lo: | decryption round 0 | = | encryption round N | 110 * | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ] 111 * | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ] 112 * .... .... 113 * | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ] 114 * hi: | decryption round N | = | input key (round 0) | 115 * 116 * with rounds except the first and last modified using inv_mix_column() 117 * But if AES_REV_DKS is NOT set the order of keys is left as it is for 118 * encryption so that it has to be accessed in reverse when used for 119 * decryption (although the inverse mix column modifications are done) 120 * 121 * lo: | decryption round 0 | = | input key (round 0) | 122 * | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ] 123 * | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ] 124 * .... .... 125 * | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ] 126 * hi: | decryption round N | = | encryption round N | 127 * 128 * This layout is faster when the assembler key scheduling provided here 129 * is used. 130 */ 131 132/* End of user defines */ 133 134#ifdef AES_VAR 135#ifndef AES_128 136#define AES_128 137#endif 138#ifndef AES_192 139#define AES_192 140#endif 141#ifndef AES_256 142#define AES_256 143#endif 144#endif 145 146#ifdef AES_VAR 147#define KS_LENGTH 60 148#else 149#ifdef AES_256 150#define KS_LENGTH 60 151#else 152#ifdef AES_192 153#define KS_LENGTH 52 154#else 155#define KS_LENGTH 44 156#endif 157#endif 158#endif 159 160/* 161 * These macros implement stack based local variables 162 */ 163#define save(r1) \ 164 movl %r1, (%esp); 165 166#define restore(r1) \ 167 movl (%esp), %r1; 168 169#define do_call(f, n) \ 170 call EXT(f); \ 171 addl $(n), %esp; 172 173/* 174 * finite field multiplies by {02}, {04} and {08} 175 */ 176#define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) 177#define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) 178#define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) 179 180/* 181 * finite field multiplies required in table generation 182 */ 183#define f3(x) (f2(x) ^ x) 184#define f9(x) (f8(x) ^ x) 185#define fb(x) (f8(x) ^ f2(x) ^ x) 186#define fd(x) (f8(x) ^ f4(x) ^ x) 187#define fe(x) (f8(x) ^ f4(x) ^ f2(x)) 188 189#define etab_0(x) enc_tab+4(,x,8) 190#define etab_1(x) enc_tab+3(,x,8) 191#define etab_2(x) enc_tab+2(,x,8) 192#define etab_3(x) enc_tab+1(,x,8) 193 194#define etab_b(x) etab_3(x) 195 196#define btab_0(x) enc_tab+6(,x,8) 197#define btab_1(x) enc_tab+5(,x,8) 198#define btab_2(x) enc_tab+4(,x,8) 199#define btab_3(x) enc_tab+3(,x,8) 200 201/* 202 * ROUND FUNCTION. Build column[2] on ESI and column[3] on EDI that have the 203 * round keys pre-loaded. Build column[0] in EBP and column[1] in EBX. 204 * 205 * Input: 206 * 207 * EAX column[0] 208 * EBX column[1] 209 * ECX column[2] 210 * EDX column[3] 211 * ESI column key[round][2] 212 * EDI column key[round][3] 213 * EBP scratch 214 * 215 * Output: 216 * 217 * EBP column[0] unkeyed 218 * EBX column[1] unkeyed 219 * ESI column[2] keyed 220 * EDI column[3] keyed 221 * EAX scratch 222 * ECX scratch 223 * EDX scratch 224 */ 225#define rnd_fun(m1, m2) \ 226 roll $16, %ebx; \ 227 \ 228 ## m1 ## _zo(esi, cl, 0, ebp); \ 229 m1(esi, dh, 1, ebp); \ 230 m1(esi, bh, 3, ebp); \ 231 ## m1 ## _zo(edi, dl, 0, ebp); \ 232 m1(edi, ah, 1, ebp); \ 233 m1(edi, bl, 2, ebp); \ 234 ## m2 ## _zo(ebp, al, 0, ebp); \ 235 \ 236 shrl $16, %ebx; \ 237 andl $0xffff0000, %eax; \ 238 orl %ebx, %eax; \ 239 shrl $16, %edx; \ 240 \ 241 m1(ebp, ah, 1, ebx); \ 242 m1(ebp, dh, 3, ebx); \ 243 m2(ebx, dl, 2, ebx); \ 244 m1(ebx, ch, 1, edx); \ 245 ## m1 ## _zo(ebx, al, 0, edx); \ 246 \ 247 shrl $16, %eax; \ 248 shrl $16, %ecx; \ 249 \ 250 m1(ebp, cl, 2, edx); \ 251 m1(edi, ch, 3, edx); \ 252 m1(esi, al, 2, edx); \ 253 m1(ebx, ah, 3, edx) 254 255/* 256 * Basic MOV and XOR Operations for normal rounds 257 */ 258#define nr_xor_zo nr_xor 259#define nr_xor(r1, r2, r3, r4) \ 260 movzbl %r2, %r4; \ 261 xorl etab_ ## r3(%r4), %r1; 262 263#define nr_mov_zo nr_mov 264#define nr_mov(r1, r2, r3, r4) \ 265 movzbl %r2, %r4; \ 266 movl etab_ ## r3(%r4), %r1; 267 268/* 269 * Basic MOV and XOR Operations for last round 270 */ 271 272#if 1 273 274#define lr_xor_zo(r1, r2, r3, r4) \ 275 movzbl %r2, %r4; \ 276 movzbl etab_b(%r4), %r4; \ 277 xor %r4, %r1; 278 279#define lr_xor(r1, r2, r3, r4) \ 280 movzbl %r2, %r4; \ 281 movzbl etab_b(%r4), %r4; \ 282 shll $(8*r3), %r4; \ 283 xor %r4, %r1; 284 285#define lr_mov_zo(r1, r2, r3, r4) \ 286 movzbl %r2, %r4; \ 287 movzbl etab_b(%r4), %r1; 288 289#define lr_mov(r1, r2, r3, r4) \ 290 movzbl %r2, %r4; \ 291 movzbl etab_b(%r4), %r1; \ 292 shll $(8*r3), %r1; 293 294#else /* less effective but worth leaving as an option */ 295 296#define lr_xor_zo lr_xor 297#define lr_xor(r1, r2, r3, r4) \ 298 movzbl %r2, %r4; \ 299 mov btab_ ## r3(%r4), %r4; \ 300 andl $(0x000000ff << 8 * r3), %r4; \ 301 xor %r4, %r1; 302 303#define lr_mov_zo lr_mov 304#define lr_mov(r1, r2, r3, r4) \ 305 movzbl %r2, %r4; \ 306 mov btab_ ## r3(%r4), %r1; \ 307 andl $(0x000000ff << 8 * r3), %r1; 308 309#endif 310 311/* 312 * Apply S-Box to the 4 bytes in a 32-bit word and rotate left 3 byte positions 313 * 314 * r1 : output is xored into this register 315 * r2 : input: a => eax, b => ebx, c => ecx, d => edx 316 * r3 : scratch register 317 */ 318 319#define l3s_col(r1, r2, r3) \ 320 lr_xor_zo(r1, ## r2 ## h, 0, r3); \ 321 lr_xor(r1, ## r2 ## l, 3, r3); \ 322 shrl $16, %e ## r2 ## x; \ 323 lr_xor(r1, ## r2 ## h, 2, r3); \ 324 lr_xor(r1, ## r2 ## l, 1, r3); 325 326/* 327 * offsets to parameters 328 */ 329#define in_blk 4 /* input byte array address parameter */ 330#define out_blk 8 /* output byte array address parameter */ 331#define ctx 12 /* AES context structure */ 332#define stk_spc 20 /* stack space */ 333 334#ifdef ENCRYPTION 335 336#define ENCRYPTION_TABLE 337 338#define enc_round \ 339 addl $16, %ebp; \ 340 save(ebp); \ 341 movl 8(%ebp), %esi; \ 342 movl 12(%ebp), %edi; \ 343 \ 344 rnd_fun(nr_xor, nr_mov); \ 345 \ 346 movl %ebp, %eax; \ 347 movl %esi, %ecx; \ 348 movl %edi, %edx; \ 349 restore(ebp); \ 350 xorl (%ebp), %eax; \ 351 xorl 4(%ebp), %ebx; 352 353#define enc_last_round \ 354 addl $16, %ebp; \ 355 save(ebp); \ 356 movl 8(%ebp), %esi; \ 357 movl 12(%ebp), %edi; \ 358 \ 359 rnd_fun(lr_xor, lr_mov); \ 360 \ 361 movl %ebp, %eax; \ 362 restore(ebp); \ 363 xorl (%ebp), %eax; \ 364 xorl 4(%ebp), %ebx; 365 366 .section __TEXT, __text 367 368/* 369 * AES Encryption Subroutine 370 */ 371Entry(aes_encrypt) 372 373 subl $stk_spc, %esp 374 movl %ebp, 16(%esp) 375 movl %ebx, 12(%esp) 376 movl %esi, 8(%esp) 377 movl %edi, 4(%esp) 378 379 movl in_blk+stk_spc(%esp), %esi /* input pointer */ 380 movl (%esi), %eax 381 movl 4(%esi), %ebx 382 movl 8(%esi), %ecx 383 movl 12(%esi), %edx 384 385 movl ctx+stk_spc(%esp), %ebp /* key pointer */ 386 movzbl 4*KS_LENGTH(%ebp), %edi 387 xorl (%ebp), %eax 388 xorl 4(%ebp), %ebx 389 xorl 8(%ebp), %ecx 390 xorl 12(%ebp), %edx 391 392 /* 393 * determine the number of rounds 394 */ 395 cmpl $10*16, %edi 396 je aes_encrypt.3 397 cmpl $12*16, %edi 398 je aes_encrypt.2 399 cmpl $14*16, %edi 400 je aes_encrypt.1 401 movl $-1, %eax 402 jmp aes_encrypt.5 403 404aes_encrypt.1: 405 enc_round 406 enc_round 407aes_encrypt.2: 408 enc_round 409 enc_round 410aes_encrypt.3: 411 enc_round 412 enc_round 413 enc_round 414 enc_round 415 enc_round 416 enc_round 417 enc_round 418 enc_round 419 enc_round 420 enc_last_round 421 422 movl out_blk+stk_spc(%esp), %edx 423 movl %eax, (%edx) 424 movl %ebx, 4(%edx) 425 movl %esi, 8(%edx) 426 movl %edi, 12(%edx) 427 xorl %eax, %eax 428 429aes_encrypt.5: 430 movl 16(%esp), %ebp 431 movl 12(%esp), %ebx 432 movl 8(%esp), %esi 433 movl 4(%esp), %edi 434 addl $stk_spc, %esp 435 ret 436 437#endif 438 439/* 440 * For r2 == 16, or r2 == 24 && r1 == 7, or r2 ==32 && r1 == 6 441 */ 442#define f_key(r1, r2, rc_val) \ 443 l3s_col(esi, a, ebx); \ 444 xorl $rc_val, %esi; \ 445 \ 446 movl %esi, r1*r2(%ebp); \ 447 xorl %esi, %edi; \ 448 movl %edi, r1*r2+4(%ebp); \ 449 xorl %edi, %ecx; \ 450 movl %ecx, r1*r2+8(%ebp); \ 451 xorl %ecx, %edx; \ 452 movl %edx, r1*r2+12(%ebp); \ 453 movl %edx, %eax; 454 455/* 456 * For r2 == 24 && r1 == 0 to 6 457 */ 458#define f_key_24(r1, r2, rc_val) \ 459 f_key(r1, r2, rc_val); \ 460 \ 461 xorl r1*r2+16-r2(%ebp), %eax; \ 462 movl %eax, r1*r2+16(%ebp); \ 463 xorl r1*r2+20-r2(%ebp), %eax; \ 464 movl %eax, r1*r2+20(%ebp); 465 466/* 467 * For r2 ==32 && r1 == 0 to 5 468 */ 469#define f_key_32(r1, r2, rc_val) \ 470 f_key(r1, r2, rc_val); \ 471 \ 472 roll $8, %eax; \ 473 pushl %edx; \ 474 movl r1*r2+16-r2(%ebp), %edx; \ 475 l3s_col(edx, a, ebx); \ 476 movl %edx, %eax; \ 477 popl %edx; \ 478 movl %eax, r1*r2+16(%ebp); \ 479 xorl r1*r2+20-r2(%ebp), %eax; \ 480 movl %eax, r1*r2+20(%ebp); \ 481 xorl r1*r2+24-r2(%ebp), %eax; \ 482 movl %eax, r1*r2+24(%ebp); \ 483 xorl r1*r2+28-r2(%ebp), %eax; \ 484 movl %eax, r1*r2+28(%ebp); 485 486#ifdef ENCRYPTION_KEY_SCHEDULE 487 488#ifdef AES_128 489 490#ifndef ENCRYPTION_TABLE 491#define ENCRYPTION_TABLE 492#endif 493 494Entry(aes_encrypt_key128) 495 496 pushl %ebp 497 pushl %ebx 498 pushl %esi 499 pushl %edi 500 501 movl 24(%esp), %ebp 502 movl $10*16, 4*KS_LENGTH(%ebp) 503 movl 20(%esp), %ebx 504 505 movl (%ebx), %esi 506 movl %esi, (%ebp) 507 movl 4(%ebx), %edi 508 movl %edi, 4(%ebp) 509 movl 8(%ebx), %ecx 510 movl %ecx, 8(%ebp) 511 movl 12(%ebx), %edx 512 movl %edx, 12(%ebp) 513 addl $16, %ebp 514 movl %edx, %eax 515 516 f_key(0, 16, 1) 517 f_key(1, 16, 2) 518 f_key(2, 16, 4) 519 f_key(3, 16, 8) 520 f_key(4, 16, 16) 521 f_key(5, 16, 32) 522 f_key(6, 16, 64) 523 f_key(7, 16, 128) 524 f_key(8, 16, 27) 525 f_key(9, 16, 54) 526 527 popl %edi 528 popl %esi 529 popl %ebx 530 popl %ebp 531 xorl %eax, %eax 532 ret 533 534#endif 535 536#ifdef AES_192 537 538#ifndef ENCRYPTION_TABLE 539#define ENCRYPTION_TABLE 540#endif 541 542Entry(aes_encrypt_key192) 543 544 pushl %ebp 545 pushl %ebx 546 pushl %esi 547 pushl %edi 548 549 movl 24(%esp), %ebp 550 movl $12*16, 4*KS_LENGTH(%ebp) 551 movl 20(%esp), %ebx 552 553 movl (%ebx), %esi 554 movl %esi, (%ebp) 555 movl 4(%ebx), %edi 556 movl %edi, 4(%ebp) 557 movl 8(%ebx), %ecx 558 movl %ecx, 8(%ebp) 559 movl 12(%ebx), %edx 560 movl %edx, 12(%ebp) 561 movl 16(%ebx), %eax 562 movl %eax, 16(%ebp) 563 movl 20(%ebx), %eax 564 movl %eax, 20(%ebp) 565 addl $24, %ebp 566 567 f_key_24(0, 24, 1) 568 f_key_24(1, 24, 2) 569 f_key_24(2, 24, 4) 570 f_key_24(3, 24, 8) 571 f_key_24(4, 24, 16) 572 f_key_24(5, 24, 32) 573 f_key_24(6, 24, 64) 574 f_key(7, 24, 128) 575 576 popl %edi 577 popl %esi 578 popl %ebx 579 popl %ebp 580 xorl %eax, %eax 581 ret 582 583#endif 584 585#ifdef AES_256 586 587#ifndef ENCRYPTION_TABLE 588#define ENCRYPTION_TABLE 589#endif 590 591Entry(aes_encrypt_key256) 592 593 pushl %ebp 594 pushl %ebx 595 pushl %esi 596 pushl %edi 597 598 movl 24(%esp), %ebp 599 movl $14*16, 4*KS_LENGTH(%ebp) 600 movl 20(%esp), %ebx 601 602 movl (%ebx), %esi 603 movl %esi, (%ebp) 604 movl 4(%ebx), %edi 605 movl %edi, 4(%ebp) 606 movl 8(%ebx), %ecx 607 movl %ecx, 8(%ebp) 608 movl 12(%ebx), %edx 609 movl %edx, 12(%ebp) 610 movl 16(%ebx), %eax 611 movl %eax, 16(%ebp) 612 movl 20(%ebx), %eax 613 movl %eax, 20(%ebp) 614 movl 24(%ebx), %eax 615 movl %eax, 24(%ebp) 616 movl 28(%ebx), %eax 617 movl %eax, 28(%ebp) 618 addl $32, %ebp 619 620 f_key_32(0, 32, 1) 621 f_key_32(1, 32, 2) 622 f_key_32(2, 32, 4) 623 f_key_32(3, 32, 8) 624 f_key_32(4, 32, 16) 625 f_key_32(5, 32, 32) 626 f_key(6, 32, 64) 627 628 popl %edi 629 popl %esi 630 popl %ebx 631 popl %ebp 632 xorl %eax, %eax 633 ret 634 635#endif 636 637#ifdef AES_VAR 638 639#ifndef ENCRYPTION_TABLE 640#define ENCRYPTION_TABLE 641#endif 642 643Entry(aes_encrypt_key) 644 645 movl 4(%esp), %ecx 646 movl 8(%esp), %eax 647 movl 12(%esp), %edx 648 pushl %edx 649 pushl %ecx 650 651 cmpl $16, %eax 652 je aes_encrypt_key.1 653 cmpl $128, %eax 654 je aes_encrypt_key.1 655 656 cmpl $24, %eax 657 je aes_encrypt_key.2 658 cmpl $192, %eax 659 je aes_encrypt_key.2 660 661 cmpl $32, %eax 662 je aes_encrypt_key.3 663 cmpl $256, %eax 664 je aes_encrypt_key.3 665 movl $-1, %eax 666 addl $8, %esp 667 ret 668 669aes_encrypt_key.1: 670 do_call(aes_encrypt_key128, 8) 671 ret 672aes_encrypt_key.2: 673 do_call(aes_encrypt_key192, 8) 674 ret 675aes_encrypt_key.3: 676 do_call(aes_encrypt_key256, 8) 677 ret 678 679#endif 680 681#endif 682 683#ifdef ENCRYPTION_TABLE 684 685# S-box data - 256 entries 686 687 .section __DATA, __data 688 .align ALIGN 689 690#define u8(x) 0, x, x, f3(x), f2(x), x, x, f3(x) 691 692enc_tab: 693 .byte u8(0x63),u8(0x7c),u8(0x77),u8(0x7b),u8(0xf2),u8(0x6b),u8(0x6f),u8(0xc5) 694 .byte u8(0x30),u8(0x01),u8(0x67),u8(0x2b),u8(0xfe),u8(0xd7),u8(0xab),u8(0x76) 695 .byte u8(0xca),u8(0x82),u8(0xc9),u8(0x7d),u8(0xfa),u8(0x59),u8(0x47),u8(0xf0) 696 .byte u8(0xad),u8(0xd4),u8(0xa2),u8(0xaf),u8(0x9c),u8(0xa4),u8(0x72),u8(0xc0) 697 .byte u8(0xb7),u8(0xfd),u8(0x93),u8(0x26),u8(0x36),u8(0x3f),u8(0xf7),u8(0xcc) 698 .byte u8(0x34),u8(0xa5),u8(0xe5),u8(0xf1),u8(0x71),u8(0xd8),u8(0x31),u8(0x15) 699 .byte u8(0x04),u8(0xc7),u8(0x23),u8(0xc3),u8(0x18),u8(0x96),u8(0x05),u8(0x9a) 700 .byte u8(0x07),u8(0x12),u8(0x80),u8(0xe2),u8(0xeb),u8(0x27),u8(0xb2),u8(0x75) 701 .byte u8(0x09),u8(0x83),u8(0x2c),u8(0x1a),u8(0x1b),u8(0x6e),u8(0x5a),u8(0xa0) 702 .byte u8(0x52),u8(0x3b),u8(0xd6),u8(0xb3),u8(0x29),u8(0xe3),u8(0x2f),u8(0x84) 703 .byte u8(0x53),u8(0xd1),u8(0x00),u8(0xed),u8(0x20),u8(0xfc),u8(0xb1),u8(0x5b) 704 .byte u8(0x6a),u8(0xcb),u8(0xbe),u8(0x39),u8(0x4a),u8(0x4c),u8(0x58),u8(0xcf) 705 .byte u8(0xd0),u8(0xef),u8(0xaa),u8(0xfb),u8(0x43),u8(0x4d),u8(0x33),u8(0x85) 706 .byte u8(0x45),u8(0xf9),u8(0x02),u8(0x7f),u8(0x50),u8(0x3c),u8(0x9f),u8(0xa8) 707 .byte u8(0x51),u8(0xa3),u8(0x40),u8(0x8f),u8(0x92),u8(0x9d),u8(0x38),u8(0xf5) 708 .byte u8(0xbc),u8(0xb6),u8(0xda),u8(0x21),u8(0x10),u8(0xff),u8(0xf3),u8(0xd2) 709 .byte u8(0xcd),u8(0x0c),u8(0x13),u8(0xec),u8(0x5f),u8(0x97),u8(0x44),u8(0x17) 710 .byte u8(0xc4),u8(0xa7),u8(0x7e),u8(0x3d),u8(0x64),u8(0x5d),u8(0x19),u8(0x73) 711 .byte u8(0x60),u8(0x81),u8(0x4f),u8(0xdc),u8(0x22),u8(0x2a),u8(0x90),u8(0x88) 712 .byte u8(0x46),u8(0xee),u8(0xb8),u8(0x14),u8(0xde),u8(0x5e),u8(0x0b),u8(0xdb) 713 .byte u8(0xe0),u8(0x32),u8(0x3a),u8(0x0a),u8(0x49),u8(0x06),u8(0x24),u8(0x5c) 714 .byte u8(0xc2),u8(0xd3),u8(0xac),u8(0x62),u8(0x91),u8(0x95),u8(0xe4),u8(0x79) 715 .byte u8(0xe7),u8(0xc8),u8(0x37),u8(0x6d),u8(0x8d),u8(0xd5),u8(0x4e),u8(0xa9) 716 .byte u8(0x6c),u8(0x56),u8(0xf4),u8(0xea),u8(0x65),u8(0x7a),u8(0xae),u8(0x08) 717 .byte u8(0xba),u8(0x78),u8(0x25),u8(0x2e),u8(0x1c),u8(0xa6),u8(0xb4),u8(0xc6) 718 .byte u8(0xe8),u8(0xdd),u8(0x74),u8(0x1f),u8(0x4b),u8(0xbd),u8(0x8b),u8(0x8a) 719 .byte u8(0x70),u8(0x3e),u8(0xb5),u8(0x66),u8(0x48),u8(0x03),u8(0xf6),u8(0x0e) 720 .byte u8(0x61),u8(0x35),u8(0x57),u8(0xb9),u8(0x86),u8(0xc1),u8(0x1d),u8(0x9e) 721 .byte u8(0xe1),u8(0xf8),u8(0x98),u8(0x11),u8(0x69),u8(0xd9),u8(0x8e),u8(0x94) 722 .byte u8(0x9b),u8(0x1e),u8(0x87),u8(0xe9),u8(0xce),u8(0x55),u8(0x28),u8(0xdf) 723 .byte u8(0x8c),u8(0xa1),u8(0x89),u8(0x0d),u8(0xbf),u8(0xe6),u8(0x42),u8(0x68) 724 .byte u8(0x41),u8(0x99),u8(0x2d),u8(0x0f),u8(0xb0),u8(0x54),u8(0xbb),u8(0x16) 725 726#endif 727 728#ifdef DECRYPTION 729 730#define DECRYPTION_TABLE 731 732#define dtab_0(x) dec_tab(,x,8) 733#define dtab_1(x) dec_tab+3(,x,8) 734#define dtab_2(x) dec_tab+2(,x,8) 735#define dtab_3(x) dec_tab+1(,x,8) 736#define dtab_x(x) dec_tab+7(,x,8) 737 738#define irn_fun(m1, m2) \ 739 roll $16, %eax; \ 740 \ 741 ## m1 ## _zo(esi, cl, 0, ebp); \ 742 m1(esi, bh, 1, ebp); \ 743 m1(esi, al, 2, ebp); \ 744 ## m1 ## _zo(edi, dl, 0, ebp); \ 745 m1(edi, ch, 1, ebp); \ 746 m1(edi, ah, 3, ebp); \ 747 ## m2 ## _zo(ebp, bl, 0, ebp); \ 748 \ 749 shrl $16, %eax; \ 750 andl $0xffff0000, %ebx; \ 751 orl %eax, %ebx; \ 752 shrl $16, %ecx; \ 753 \ 754 m1(ebp, bh, 1, eax); \ 755 m1(ebp, ch, 3, eax); \ 756 m2(eax, cl, 2, ecx); \ 757 ## m1 ## _zo(eax, bl, 0, ecx); \ 758 m1(eax, dh, 1, ecx); \ 759 \ 760 shrl $16, %ebx; \ 761 shrl $16, %edx; \ 762 \ 763 m1(esi, dh, 3, ecx); \ 764 m1(ebp, dl, 2, ecx); \ 765 m1(eax, bh, 3, ecx); \ 766 m1(edi, bl, 2, ecx); 767 768/* 769 * Basic MOV and XOR Operations for normal rounds 770 */ 771#define ni_xor_zo ni_xor 772#define ni_xor(r1, r2, r3, r4) \ 773 movzbl %r2, %r4; \ 774 xorl dtab_ ## r3 ## (%r4), %r1; 775 776#define ni_mov_zo ni_mov 777#define ni_mov(r1, r2, r3, r4) \ 778 movzbl %r2, %r4; \ 779 movl dtab_ ## r3 ## (%r4), %r1; 780 781/* 782 * Basic MOV and XOR Operations for last round 783 */ 784 785#define li_xor_zo(r1, r2, r3, r4) \ 786 movzbl %r2, %r4; \ 787 movzbl dtab_x(%r4), %r4; \ 788 xor %r4, %r1; 789 790#define li_xor(r1, r2, r3, r4) \ 791 movzbl %r2, %r4; \ 792 movzbl dtab_x(%r4), %r4; \ 793 shll $(8*r3), %r4; \ 794 xor %r4, %r1; 795 796#define li_mov_zo(r1, r2, r3, r4) \ 797 movzbl %r2, %r4; \ 798 movzbl dtab_x(%r4), %r1; 799 800#define li_mov(r1, r2, r3, r4) \ 801 movzbl %r2, %r4; \ 802 movzbl dtab_x(%r4), %r1; \ 803 shl $(8*r3), %r1; 804 805#ifdef AES_REV_DKS 806 807#define dec_round \ 808 addl $16, %ebp; \ 809 save(ebp); \ 810 movl 8(%ebp), %esi; \ 811 movl 12(%ebp), %edi; \ 812 \ 813 irn_fun(ni_xor, ni_mov); \ 814 \ 815 movl %ebp, %ebx; \ 816 movl %esi, %ecx; \ 817 movl %edi, %edx; \ 818 restore(ebp); \ 819 xorl (%ebp), %eax; \ 820 xorl 4(%ebp), %ebx; 821 822#define dec_last_round \ 823 addl $16, %ebp; \ 824 save(ebp); \ 825 movl 8(%ebp), %esi; \ 826 movl 12(%ebp), %edi; \ 827 \ 828 irn_fun(li_xor, li_mov); \ 829 \ 830 movl %ebp, %ebx; \ 831 restore(ebp); \ 832 xorl (%ebp), %eax; \ 833 xorl 4(%ebp), %ebx; 834 835#else 836 837#define dec_round \ 838 subl $16, %ebp; \ 839 save(ebp); \ 840 movl 8(%ebp), %esi; \ 841 movl 12(%ebp), %edi; \ 842 \ 843 irn_fun(ni_xor, ni_mov); \ 844 \ 845 movl %ebp, %ebx; \ 846 movl %esi, %ecx; \ 847 movl %edi, %edx; \ 848 restore(ebp); \ 849 xorl (%ebp), %eax; \ 850 xorl 4(%ebp), %ebx; 851 852#define dec_last_round \ 853 subl $16, %ebp; \ 854 save(ebp); \ 855 movl 8(%ebp), %esi; \ 856 movl 12(%ebp), %edi; \ 857 \ 858 irn_fun(li_xor, li_mov); \ 859 \ 860 movl %ebp, %ebx; \ 861 restore(ebp); \ 862 xorl (%ebp), %eax; \ 863 xorl 4(%ebp), %ebx; 864 865#endif /* AES_REV_DKS */ 866 867 .section __TEXT, __text 868 869/* 870 * AES Decryption Subroutine 871 */ 872Entry(aes_decrypt) 873 874 subl $stk_spc, %esp 875 movl %ebp, 16(%esp) 876 movl %ebx, 12(%esp) 877 movl %esi, 8(%esp) 878 movl %edi, 4(%esp) 879 880 /* 881 * input four columns and xor in first round key 882 */ 883 movl in_blk+stk_spc(%esp), %esi /* input pointer */ 884 movl (%esi), %eax 885 movl 4(%esi), %ebx 886 movl 8(%esi), %ecx 887 movl 12(%esi), %edx 888 leal 16(%esi), %esi 889 890 movl ctx+stk_spc(%esp), %ebp /* key pointer */ 891 movzbl 4*KS_LENGTH(%ebp), %edi 892#ifndef AES_REV_DKS /* if decryption key schedule is not reversed */ 893 leal (%ebp,%edi), %ebp /* we have to access it from the top down */ 894#endif 895 xorl (%ebp), %eax /* key schedule */ 896 xorl 4(%ebp), %ebx 897 xorl 8(%ebp), %ecx 898 xorl 12(%ebp), %edx 899 900 /* 901 * determine the number of rounds 902 */ 903 cmpl $10*16, %edi 904 je aes_decrypt.3 905 cmpl $12*16, %edi 906 je aes_decrypt.2 907 cmpl $14*16, %edi 908 je aes_decrypt.1 909 movl $-1, %eax 910 jmp aes_decrypt.5 911 912aes_decrypt.1: 913 dec_round 914 dec_round 915aes_decrypt.2: 916 dec_round 917 dec_round 918aes_decrypt.3: 919 dec_round 920 dec_round 921 dec_round 922 dec_round 923 dec_round 924 dec_round 925 dec_round 926 dec_round 927 dec_round 928 dec_last_round 929 930 /* 931 * move final values to the output array. 932 */ 933 movl out_blk+stk_spc(%esp), %ebp 934 movl %eax, (%ebp) 935 movl %ebx, 4(%ebp) 936 movl %esi, 8(%ebp) 937 movl %edi, 12(%ebp) 938 xorl %eax, %eax 939 940aes_decrypt.5: 941 movl 16(%esp), %ebp 942 movl 12(%esp), %ebx 943 movl 8(%esp), %esi 944 movl 4(%esp), %edi 945 addl $stk_spc, %esp 946 ret 947 948#endif 949 950#define inv_mix_col \ 951 movzbl %dl, %ebx; \ 952 movzbl etab_b(%ebx), %ebx; \ 953 movl dtab_0(%ebx), %eax; \ 954 movzbl %dh, %ebx; \ 955 shrl $16, %edx; \ 956 movzbl etab_b(%ebx), %ebx; \ 957 xorl dtab_1(%ebx), %eax; \ 958 movzbl %dl, %ebx; \ 959 movzbl etab_b(%ebx), %ebx; \ 960 xorl dtab_2(%ebx), %eax; \ 961 movzbl %dh, %ebx; \ 962 movzbl etab_b(%ebx), %ebx; \ 963 xorl dtab_3(%ebx), %eax; 964 965#ifdef DECRYPTION_KEY_SCHEDULE 966 967#ifdef AES_128 968 969#ifndef DECRYPTION_TABLE 970#define DECRYPTION_TABLE 971#endif 972 973Entry(aes_decrypt_key128) 974 975 pushl %ebp 976 pushl %ebx 977 pushl %esi 978 pushl %edi 979 movl 24(%esp), %eax /* context */ 980 movl 20(%esp), %edx /* key */ 981 pushl %eax 982 pushl %edx 983 do_call(aes_encrypt_key128, 8) 984 movl $10*16, %eax 985 movl 24(%esp), %esi /* pointer to first round key */ 986 leal (%esi,%eax), %edi /* pointer to last round key */ 987 addl $32, %esi 988 /* the inverse mix column transformation */ 989 movl -16(%esi), %edx /* needs to be applied to all round keys */ 990 inv_mix_col 991 movl %eax, -16(%esi) /* transforming the four sub-keys in the */ 992 movl -12(%esi), %edx /* second round key */ 993 inv_mix_col 994 movl %eax, -12(%esi) /* transformations for subsequent rounds */ 995 movl -8(%esi), %edx /* can then be made more efficient by */ 996 inv_mix_col 997 movl %eax, -8(%esi) /* in the encryption round key ek[r]: */ 998 movl -4(%esi), %edx 999 inv_mix_col 1000 movl %eax, -4(%esi) /* where n is 1..3. Hence the corresponding */ 1001 1002aes_decrypt_key128.0: 1003 movl (%esi), %edx /* subkeys in the decryption round key dk[r] */ 1004 inv_mix_col 1005 movl %eax, (%esi) /* GF(256): */ 1006 xorl -12(%esi), %eax 1007 movl %eax, 4(%esi) /* dk[r][n] = dk[r][n-1] ^ dk[r-1][n] */ 1008 xorl -8(%esi), %eax 1009 movl %eax, 8(%esi) /* So we only need one inverse mix column */ 1010 xorl -4(%esi), %eax /* operation (n = 0) for each four word cycle */ 1011 movl %eax, 12(%esi) /* in the expanded key. */ 1012 addl $16, %esi 1013 cmpl %esi, %edi 1014 jg aes_decrypt_key128.0 1015 jmp dec_end 1016 1017#endif 1018 1019#ifdef AES_192 1020 1021#ifndef DECRYPTION_TABLE 1022#define DECRYPTION_TABLE 1023#endif 1024 1025Entry(aes_decrypt_key192) 1026 1027 pushl %ebp 1028 pushl %ebx 1029 pushl %esi 1030 pushl %edi 1031 movl 24(%esp), %eax /* context */ 1032 movl 20(%esp), %edx /* key */ 1033 pushl %eax 1034 pushl %edx 1035 do_call(aes_encrypt_key192, 8) 1036 movl $12*16, %eax 1037 movl 24(%esp), %esi /* first round key */ 1038 leal (%esi,%eax), %edi /* last round key */ 1039 addl $48, %esi /* the first 6 words are the key, of */ 1040 /* which the top 2 words are part of */ 1041 movl -32(%esi), %edx /* the second round key and hence */ 1042 inv_mix_col 1043 movl %eax, -32(%esi) /* need to do a further six values prior */ 1044 movl -28(%esi), %edx /* to using a more efficient technique */ 1045 inv_mix_col 1046 movl %eax, -28(%esi) 1047 /* dk[r][n] = dk[r][n-1] ^ dk[r-1][n] */ 1048 movl -24(%esi), %edx 1049 inv_mix_col 1050 movl %eax, -24(%esi) /* cycle is now 6 words long */ 1051 movl -20(%esi), %edx 1052 inv_mix_col 1053 movl %eax, -20(%esi) 1054 movl -16(%esi), %edx 1055 inv_mix_col 1056 movl %eax, -16(%esi) 1057 movl -12(%esi), %edx 1058 inv_mix_col 1059 movl %eax, -12(%esi) 1060 movl -8(%esi), %edx 1061 inv_mix_col 1062 movl %eax, -8(%esi) 1063 movl -4(%esi), %edx 1064 inv_mix_col 1065 movl %eax, -4(%esi) 1066 1067aes_decrypt_key192.0: 1068 movl (%esi), %edx /* expanded key is 13 * 4 = 44 32-bit words */ 1069 inv_mix_col 1070 movl %eax, (%esi) /* using inv_mix_col. We have already done 8 */ 1071 xorl -20(%esi), %eax /* of these so 36 are left - hence we need */ 1072 movl %eax, 4(%esi) /* exactly 6 loops of six here */ 1073 xorl -16(%esi), %eax 1074 movl %eax, 8(%esi) 1075 xorl -12(%esi), %eax 1076 movl %eax, 12(%esi) 1077 xorl -8(%esi), %eax 1078 movl %eax, 16(%esi) 1079 xorl -4(%esi), %eax 1080 movl %eax, 20(%esi) 1081 addl $24, %esi 1082 cmpl %esi, %edi 1083 jg aes_decrypt_key192.0 1084 jmp dec_end 1085 1086#endif 1087 1088#ifdef AES_256 1089 1090#ifndef DECRYPTION_TABLE 1091#define DECRYPTION_TABLE 1092#endif 1093 1094Entry(aes_decrypt_key256) 1095 1096 pushl %ebp 1097 pushl %ebx 1098 pushl %esi 1099 pushl %edi 1100 movl 24(%esp), %eax 1101 movl 20(%esp), %edx 1102 pushl %eax 1103 pushl %edx 1104 do_call(aes_encrypt_key256, 8) 1105 movl $14*16, %eax 1106 movl 24(%esp), %esi 1107 leal (%esi,%eax), %edi 1108 addl $64, %esi 1109 1110 movl -48(%esi), %edx /* the primary key is 8 words, of which */ 1111 inv_mix_col 1112 movl %eax, -48(%esi) 1113 movl -44(%esi), %edx 1114 inv_mix_col 1115 movl %eax, -44(%esi) 1116 movl -40(%esi), %edx 1117 inv_mix_col 1118 movl %eax, -40(%esi) 1119 movl -36(%esi), %edx 1120 inv_mix_col 1121 movl %eax, -36(%esi) 1122 1123 movl -32(%esi), %edx /* the encryption key expansion cycle is */ 1124 inv_mix_col 1125 movl %eax, -32(%esi) /* start by doing one complete block */ 1126 movl -28(%esi), %edx 1127 inv_mix_col 1128 movl %eax, -28(%esi) 1129 movl -24(%esi), %edx 1130 inv_mix_col 1131 movl %eax, -24(%esi) 1132 movl -20(%esi), %edx 1133 inv_mix_col 1134 movl %eax, -20(%esi) 1135 movl -16(%esi), %edx 1136 inv_mix_col 1137 movl %eax, -16(%esi) 1138 movl -12(%esi), %edx 1139 inv_mix_col 1140 movl %eax, -12(%esi) 1141 movl -8(%esi), %edx 1142 inv_mix_col 1143 movl %eax, -8(%esi) 1144 movl -4(%esi), %edx 1145 inv_mix_col 1146 movl %eax, -4(%esi) 1147 1148aes_decrypt_key256.0: 1149 movl (%esi), %edx /* we can now speed up the remaining */ 1150 inv_mix_col 1151 movl %eax, (%esi) /* outlined earlier. But note that */ 1152 xorl -28(%esi), %eax /* there is one extra inverse mix */ 1153 movl %eax, 4(%esi) /* column operation as the 256 bit */ 1154 xorl -24(%esi), %eax /* key has an extra non-linear step */ 1155 movl %eax, 8(%esi) /* for the midway element. */ 1156 xorl -20(%esi), %eax 1157 movl %eax, 12(%esi) /* the expanded key is 15 * 4 = 60 */ 1158 movl 16(%esi), %edx /* 32-bit words of which 52 need to */ 1159 inv_mix_col 1160 movl %eax, 16(%esi) /* 12 so 40 are left - which means */ 1161 xorl -12(%esi), %eax /* that we need exactly 5 loops of 8 */ 1162 movl %eax, 20(%esi) 1163 xorl -8(%esi), %eax 1164 movl %eax, 24(%esi) 1165 xorl -4(%esi), %eax 1166 movl %eax, 28(%esi) 1167 addl $32, %esi 1168 cmpl %esi, %edi 1169 jg aes_decrypt_key256.0 1170 1171#endif 1172 1173dec_end: 1174 1175#ifdef AES_REV_DKS 1176 1177 movl 24(%esp), %esi /* this reverses the order of the */ 1178dec_end.1: 1179 movl (%esi), %eax /* round keys if required */ 1180 movl 4(%esi), %ebx 1181 movl (%edi), %ebp 1182 movl 4(%edi), %edx 1183 movl %ebp, (%esi) 1184 movl %edx, 4(%esi) 1185 movl %eax, (%edi) 1186 movl %ebx, 4(%edi) 1187 1188 movl 8(%esi), %eax 1189 movl 12(%esi), %ebx 1190 movl 8(%edi), %ebp 1191 movl 12(%edi), %edx 1192 movl %ebp, 8(%esi) 1193 movl %edx, 12(%esi) 1194 movl %eax, 8(%edi) 1195 movl %ebx, 12(%edi) 1196 1197 addl $16, %esi 1198 subl $16, %edi 1199 cmpl %esi, %edi 1200 jg dec_end.1 1201 1202#endif 1203 1204 popl %edi 1205 popl %esi 1206 popl %ebx 1207 popl %ebp 1208 xorl %eax, %eax 1209 ret 1210 1211#ifdef AES_VAR 1212 1213Entry(aes_decrypt_key) 1214 1215 movl 4(%esp), %ecx 1216 movl 8(%esp), %eax 1217 movl 12(%esp), %edx 1218 pushl %edx 1219 pushl %ecx 1220 1221 cmpl $16, %eax 1222 je aes_decrypt_key.1 1223 cmpl $128, %eax 1224 je aes_decrypt_key.1 1225 1226 cmpl $24, %eax 1227 je aes_decrypt_key.2 1228 cmpl $192, %eax 1229 je aes_decrypt_key.2 1230 1231 cmpl $32, %eax 1232 je aes_decrypt_key.3 1233 cmpl $256, %eax 1234 je aes_decrypt_key.3 1235 movl $-1, %eax 1236 addl $8, %esp 1237 ret 1238 1239aes_decrypt_key.1: 1240 do_call(aes_decrypt_key128, 8) 1241 ret 1242aes_decrypt_key.2: 1243 do_call(aes_decrypt_key192, 8) 1244 ret 1245aes_decrypt_key.3: 1246 do_call(aes_decrypt_key256, 8) 1247 ret 1248 1249#endif 1250 1251#endif 1252 1253#ifdef DECRYPTION_TABLE 1254 1255/* 1256 * Inverse S-box data - 256 entries 1257 */ 1258 1259 .section __DATA, __data 1260 .align ALIGN 1261 1262#define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x 1263 1264dec_tab: 1265 .byte v8(0x52),v8(0x09),v8(0x6a),v8(0xd5),v8(0x30),v8(0x36),v8(0xa5),v8(0x38) 1266 .byte v8(0xbf),v8(0x40),v8(0xa3),v8(0x9e),v8(0x81),v8(0xf3),v8(0xd7),v8(0xfb) 1267 .byte v8(0x7c),v8(0xe3),v8(0x39),v8(0x82),v8(0x9b),v8(0x2f),v8(0xff),v8(0x87) 1268 .byte v8(0x34),v8(0x8e),v8(0x43),v8(0x44),v8(0xc4),v8(0xde),v8(0xe9),v8(0xcb) 1269 .byte v8(0x54),v8(0x7b),v8(0x94),v8(0x32),v8(0xa6),v8(0xc2),v8(0x23),v8(0x3d) 1270 .byte v8(0xee),v8(0x4c),v8(0x95),v8(0x0b),v8(0x42),v8(0xfa),v8(0xc3),v8(0x4e) 1271 .byte v8(0x08),v8(0x2e),v8(0xa1),v8(0x66),v8(0x28),v8(0xd9),v8(0x24),v8(0xb2) 1272 .byte v8(0x76),v8(0x5b),v8(0xa2),v8(0x49),v8(0x6d),v8(0x8b),v8(0xd1),v8(0x25) 1273 .byte v8(0x72),v8(0xf8),v8(0xf6),v8(0x64),v8(0x86),v8(0x68),v8(0x98),v8(0x16) 1274 .byte v8(0xd4),v8(0xa4),v8(0x5c),v8(0xcc),v8(0x5d),v8(0x65),v8(0xb6),v8(0x92) 1275 .byte v8(0x6c),v8(0x70),v8(0x48),v8(0x50),v8(0xfd),v8(0xed),v8(0xb9),v8(0xda) 1276 .byte v8(0x5e),v8(0x15),v8(0x46),v8(0x57),v8(0xa7),v8(0x8d),v8(0x9d),v8(0x84) 1277 .byte v8(0x90),v8(0xd8),v8(0xab),v8(0x00),v8(0x8c),v8(0xbc),v8(0xd3),v8(0x0a) 1278 .byte v8(0xf7),v8(0xe4),v8(0x58),v8(0x05),v8(0xb8),v8(0xb3),v8(0x45),v8(0x06) 1279 .byte v8(0xd0),v8(0x2c),v8(0x1e),v8(0x8f),v8(0xca),v8(0x3f),v8(0x0f),v8(0x02) 1280 .byte v8(0xc1),v8(0xaf),v8(0xbd),v8(0x03),v8(0x01),v8(0x13),v8(0x8a),v8(0x6b) 1281 .byte v8(0x3a),v8(0x91),v8(0x11),v8(0x41),v8(0x4f),v8(0x67),v8(0xdc),v8(0xea) 1282 .byte v8(0x97),v8(0xf2),v8(0xcf),v8(0xce),v8(0xf0),v8(0xb4),v8(0xe6),v8(0x73) 1283 .byte v8(0x96),v8(0xac),v8(0x74),v8(0x22),v8(0xe7),v8(0xad),v8(0x35),v8(0x85) 1284 .byte v8(0xe2),v8(0xf9),v8(0x37),v8(0xe8),v8(0x1c),v8(0x75),v8(0xdf),v8(0x6e) 1285 .byte v8(0x47),v8(0xf1),v8(0x1a),v8(0x71),v8(0x1d),v8(0x29),v8(0xc5),v8(0x89) 1286 .byte v8(0x6f),v8(0xb7),v8(0x62),v8(0x0e),v8(0xaa),v8(0x18),v8(0xbe),v8(0x1b) 1287 .byte v8(0xfc),v8(0x56),v8(0x3e),v8(0x4b),v8(0xc6),v8(0xd2),v8(0x79),v8(0x20) 1288 .byte v8(0x9a),v8(0xdb),v8(0xc0),v8(0xfe),v8(0x78),v8(0xcd),v8(0x5a),v8(0xf4) 1289 .byte v8(0x1f),v8(0xdd),v8(0xa8),v8(0x33),v8(0x88),v8(0x07),v8(0xc7),v8(0x31) 1290 .byte v8(0xb1),v8(0x12),v8(0x10),v8(0x59),v8(0x27),v8(0x80),v8(0xec),v8(0x5f) 1291 .byte v8(0x60),v8(0x51),v8(0x7f),v8(0xa9),v8(0x19),v8(0xb5),v8(0x4a),v8(0x0d) 1292 .byte v8(0x2d),v8(0xe5),v8(0x7a),v8(0x9f),v8(0x93),v8(0xc9),v8(0x9c),v8(0xef) 1293 .byte v8(0xa0),v8(0xe0),v8(0x3b),v8(0x4d),v8(0xae),v8(0x2a),v8(0xf5),v8(0xb0) 1294 .byte v8(0xc8),v8(0xeb),v8(0xbb),v8(0x3c),v8(0x83),v8(0x53),v8(0x99),v8(0x61) 1295 .byte v8(0x17),v8(0x2b),v8(0x04),v8(0x7e),v8(0xba),v8(0x77),v8(0xd6),v8(0x26) 1296 .byte v8(0xe1),v8(0x69),v8(0x14),v8(0x63),v8(0x55),v8(0x21),v8(0x0c),v8(0x7d) 1297 1298#endif 1299