54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Written by Intel Corporation for the OpenSSL project to add support
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * for Intel AES-NI instructions. Rights for redistribution and usage
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * in source and binary forms are granted according to the OpenSSL
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Author: Huang Ying <ying.huang at intel dot com>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Vinodh Gopal <vinodh.gopal at intel dot com>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Kahraman Akdemir
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Intel AES-NI is a new set of Single Instruction Multiple Data (SIMD)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * instructions that are going to be introduced in the next generation
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * of Intel processor, as of 2009. These instructions enable fast and
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * secure data encryption and decryption, using the Advanced Encryption
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Standard (AES), defined by FIPS Publication number 197. The
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * architecture introduces six instructions that offer full hardware
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * support for AES. Four of them support high performance data
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * encryption and decryption, and the other two instructions support
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * the AES key expansion procedure.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Redistribution and use in source and binary forms, with or without
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * modification, are permitted provided that the following conditions
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 1. Redistributions of source code must retain the above copyright
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * notice, this list of conditions and the following disclaimer.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 2. Redistributions in binary form must reproduce the above copyright
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * notice, this list of conditions and the following disclaimer in
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * the documentation and/or other materials provided with the
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * distribution.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 3. All advertising materials mentioning features or use of this
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson * software must display the following acknowledgment:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * "This product includes software developed by the OpenSSL Project
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * endorse or promote products derived from this software without
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * prior written permission. For written permission, please contact
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * openssl-core@openssl.org.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 5. Products derived from this software may not be called "OpenSSL"
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * nor may "OpenSSL" appear in their names without prior written
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * permission of the OpenSSL Project.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 6. Redistributions of any form whatsoever must retain the following
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * acknowledgment:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * "This product includes software developed by the OpenSSL Project
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OF THE POSSIBILITY OF SUCH DAMAGE.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OpenSolaris OS modifications
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * This source originates as files aes-intel.S and eng_aesni_asm.pl, in
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * patches sent sent Dec. 9, 2008 and Dec. 24, 2008, respectively, by
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Huang Ying of Intel to the openssl-dev mailing list under the subject
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * of "Add support to Intel AES-NI instruction set for x86_64 platform".
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * This OpenSolaris version has these major changes from the original source:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 1. Added OpenSolaris ENTRY_NP/SET_SIZE macros from
694c35faa87b858ecdadfe4fc592615f4eefbb07Josef 'Jeff' Sipek * /usr/include/sys/asm_linkage.h, lint(1B) guards, and dummy C function
694c35faa87b858ecdadfe4fc592615f4eefbb07Josef 'Jeff' Sipek * definitions for lint.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * 2. Formatted code, added comments, and added #includes and #defines.
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson * 3. If bit CR0.TS is set, clear and set the TS bit, after and before
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * calling kpreempt_disable() and kpreempt_enable().
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * If the TS bit is not set, Save and restore %xmm registers at the beginning
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * and end of function calls (%xmm* registers are not saved and restored by
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * during kernel thread preemption).
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson * 4. Renamed functions, reordered parameters, and changed return value
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * to match OpenSolaris:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OpenSSL interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int intel_AES_set_encrypt_key(const unsigned char *userKey,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const int bits, AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int intel_AES_set_decrypt_key(const unsigned char *userKey,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const int bits, AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return values for above are non-zero on error, 0 on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void intel_AES_encrypt(const unsigned char *in, unsigned char *out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void intel_AES_decrypt(const unsigned char *in, unsigned char *out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * typedef struct aes_key_st {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * unsigned int rd_key[4 *(AES_MAXNR + 1)];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * unsigned int pad[3];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Note: AES_LONG is undefined (that is, Intel uses 32-bit key schedules
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * (ks32) instead of 64-bit (ks64).
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Number of rounds (aka round count) is at offset 240 of AES_KEY.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OpenSolaris OS interface (#ifdefs removed for readability):
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int rijndael_key_setup_dec_intel(uint32_t rk[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t cipherKey[], uint64_t keyBits);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int rijndael_key_setup_enc_intel(uint32_t rk[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t cipherKey[], uint64_t keyBits);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return values for above are 0 on error, number of rounds on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void aes_encrypt_intel(const aes_ks_t *ks, int Nr,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t pt[4], uint32_t ct[4]);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void aes_decrypt_intel(const aes_ks_t *ks, int Nr,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t pt[4], uint32_t ct[4]);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * typedef union {uint64_t ks64[(MAX_AES_NR + 1) * 4];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * uint32_t ks32[(MAX_AES_NR + 1) * 4]; } aes_ks_t;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * typedef union {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * uint32_t ks32[((MAX_AES_NR) + 1) * (MAX_AES_NB)];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * typedef struct aes_key {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * aes_ks_t encr_ks, decr_ks;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * long double align128;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int flags, nr, type;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Note: ks is the AES key schedule, Nr is number of rounds, pt is plain text,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ct is crypto text, and MAX_AES_NR is 14.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * For the x86 64-bit architecture, OpenSolaris OS uses ks32 instead of ks64.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Note2: aes_ks_t must be aligned on a 0 mod 128 byte boundary.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * ====================================================================
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#if defined(lint) || defined(__lint)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_encrypt_intel(const uint32_t rk[], int Nr, const uint32_t pt[4],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_decrypt_intel(const uint32_t rk[], int Nr, const uint32_t ct[4],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonrijndael_key_setup_enc_intel(uint32_t rk[], const uint32_t cipherKey[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonrijndael_key_setup_dec_intel(uint32_t rk[], const uint32_t cipherKey[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* lint */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Note: the CLTS macro clobbers P2 (%rsi) under i86xpv. That is,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * it calls HYPERVISOR_fpu_taskswitch() which modifies %rsi when it
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * uses it to pass P2 to syscall.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * This also occurs with the STTS macro, but we don't care if
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * P2 (%rsi) is modified just before function exit.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * The CLTS and STTS macros push and pop P1 (%rdi) already.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* __xpv */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define CLEAR_TS_OR_PUSH_XMM0_XMM1(tmpreg) \
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * If CR0_TS was not set above, pop %xmm0 and %xmm1 off stack,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * otherwise set CR0_TS.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define SET_TS_OR_POP_XMM0_XMM1(tmpreg) \
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * If CR0_TS is not set, align stack (with push %rbp) and push
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * %xmm0 - %xmm6 on stack, otherwise clear CR0_TS
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define CLEAR_TS_OR_PUSH_XMM0_TO_XMM6(tmpreg) \
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * If CR0_TS was not set above, pop %xmm0 - %xmm6 off stack,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * otherwise set CR0_TS.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define SET_TS_OR_POP_XMM0_TO_XMM6(tmpreg) \
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define CLEAR_TS_OR_PUSH_XMM0_XMM1(tmpreg)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define SET_TS_OR_POP_XMM0_XMM1(tmpreg)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define CLEAR_TS_OR_PUSH_XMM0_TO_XMM6(tmpreg)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define SET_TS_OR_POP_XMM0_TO_XMM6(tmpreg)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* _KERNEL */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * _key_expansion_128(), * _key_expansion_192a(), _key_expansion_192b(),
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * _key_expansion_256a(), _key_expansion_256b()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Helper functions called by rijndael_key_setup_inc_intel().
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Also used indirectly by rijndael_key_setup_dec_intel().
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * %xmm0 User-provided cipher key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * %xmm1 Round constant
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * (%rcx) AES key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * rijndael_key_setup_enc_intel()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Expand the cipher key into the encryption key schedule.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * For kernel code, caller is responsible for ensuring kpreempt_disable()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * has been called. This is because %xmm registers are not saved/restored.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Clear and set the CR0.TS bit on entry and exit, respectively, if TS is set
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on entry. Otherwise, if TS is not set, save and restore %xmm registers
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on the stack.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OpenSolaris interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int rijndael_key_setup_enc_intel(uint32_t rk[], const uint32_t cipherKey[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * uint64_t keyBits);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return value is 0 on error, number of rounds on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original Intel OpenSSL interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int intel_AES_set_encrypt_key(const unsigned char *userKey,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const int bits, AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return value is non-zero on error, 0 on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define rijndael_key_setup_enc_intel intel_AES_set_encrypt_key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define rijndael_key_setup_dec_intel intel_AES_set_decrypt_key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define USERCIPHERKEY rdi /* P1, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define KEYSIZE32 esi /* P2, 32 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define KEYSIZE64 rsi /* P2, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define AESKEY rdx /* P3, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define AESKEY rdi /* P1, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define USERCIPHERKEY rsi /* P2, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define KEYSIZE32 edx /* P3, 32 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define KEYSIZE64 rdx /* P3, 64 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define ROUNDS32 KEYSIZE32 /* temp */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define ROUNDS64 KEYSIZE64 /* temp */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define ENDAESKEY USERCIPHERKEY /* temp */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris AndersonENTRY_NP(rijndael_key_setup_enc_intel)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson CLEAR_TS_OR_PUSH_XMM0_TO_XMM6(%r10)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson test %USERCIPHERKEY, %USERCIPHERKEY
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movups (%USERCIPHERKEY), %xmm0 / user key (first 16 bytes)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson pxor %xmm4, %xmm4 / xmm4 is assumed 0 in _key_expansion_x
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / AES 256: 14 rounds in encryption key schedule
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movl %ROUNDS32, 240(%AESKEY) / key.rounds = 14
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movups 0x10(%USERCIPHERKEY), %xmm2 / other user key (2nd 16 bytes)
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x1, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x2, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x4, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x8, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x10, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x10, %xmm0, %xmm1
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x20, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x20, %xmm0, %xmm1
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x40, %xmm2, %xmm1 / expand the key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* Open Solaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov $14, %rax / return # rounds = 14
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / AES 192: 12 rounds in encryption key schedule
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movl %ROUNDS32, 240(%AESKEY) / key.rounds = 12
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movq 0x10(%USERCIPHERKEY), %xmm2 / other user key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x1, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x2, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x4, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x8, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x10, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x20, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x40, %xmm2, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x80, %xmm2, %xmm1 / expand the key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov $12, %rax / return # rounds = 12
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / AES 128: 10 rounds in encryption key schedule
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson movl %ROUNDS32, 240(%AESKEY) / key.rounds = 10
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x1, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x2, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x4, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x8, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x10, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x20, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x40, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x80, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x1b, %xmm0, %xmm1 / expand the key
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aeskeygenassist $0x36, %xmm0, %xmm1 / expand the key
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov $10, %rax / return # rounds = 10
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov $-1, %rax / user key or AES key pointer is NULL
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson /* FALLTHROUGH */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* Open Solaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson xor %rax, %rax / a key pointer is NULL or invalid keysize
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson SET_SIZE(rijndael_key_setup_enc_intel)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * rijndael_key_setup_dec_intel()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Expand the cipher key into the decryption key schedule.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * For kernel code, caller is responsible for ensuring kpreempt_disable()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * has been called. This is because %xmm registers are not saved/restored.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Clear and set the CR0.TS bit on entry and exit, respectively, if TS is set
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on entry. Otherwise, if TS is not set, save and restore %xmm registers
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on the stack.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * OpenSolaris interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int rijndael_key_setup_dec_intel(uint32_t rk[], const uint32_t cipherKey[],
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * uint64_t keyBits);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return value is 0 on error, number of rounds on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * P1->P2, P2->P3, P3->P1
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original Intel OpenSSL interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * int intel_AES_set_decrypt_key(const unsigned char *userKey,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const int bits, AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Return value is non-zero on error, 0 on success.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris AndersonENTRY_NP(rijndael_key_setup_dec_intel)
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / Generate round keys used for encryption
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson jnz .Ldec_key_exit / Failed if returned non-0
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson jz .Ldec_key_exit / Failed if returned 0
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson * Convert round keys used for encryption
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson * to a form usable for decryption
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#ifndef OPENSSL_INTERFACE /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov %rax, %ROUNDS64 / set # rounds (10, 12, or 14)
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / Convert an encryption round key to a form usable for decryption
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson / with the "AES Inverse Mix Columns" instruction
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson / OpenSolaris: rax = # rounds (10, 12, or 14) or 0 for error
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson / OpenSSL: rax = 0 for OK, or non-zero for error
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson SET_SIZE(rijndael_key_setup_dec_intel)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * aes_encrypt_intel()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Encrypt a single block (in and out can overlap).
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * For kernel code, caller is responsible for ensuring kpreempt_disable()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * has been called. This is because %xmm registers are not saved/restored.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Clear and set the CR0.TS bit on entry and exit, respectively, if TS is set
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on entry. Otherwise, if TS is not set, save and restore %xmm registers
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on the stack.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Temporary register usage:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original OpenSolaris Interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void aes_encrypt_intel(const aes_ks_t *ks, int Nr,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t pt[4], uint32_t ct[4])
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original Intel OpenSSL Interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void intel_AES_encrypt(const unsigned char *in, unsigned char *out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const AES_KEY *key)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define aes_encrypt_intel intel_AES_encrypt
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define aes_decrypt_intel intel_AES_decrypt
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/* No NROUNDS parameter--offset 240 from KEYP saved in %ecx: */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define NROUNDS32 ecx /* temporary, 32 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define NROUNDS cl /* temporary, 8 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define NROUNDS esi /* P2, 32 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define STATE xmm0 /* temporary, 128 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#define KEY xmm1 /* temporary, 128 bits */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov 240(%KEYP), %NROUNDS32 / round count
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson /* Round count is already present as P2 in %rsi/%esi */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aesenclast %KEY, %STATE / last round
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * aes_decrypt_intel()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Decrypt a single block (in and out can overlap).
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * For kernel code, caller is responsible for ensuring kpreempt_disable()
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * has been called. This is because %xmm registers are not saved/restored.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Clear and set the CR0.TS bit on entry and exit, respectively, if TS is set
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on entry. Otherwise, if TS is not set, save and restore %xmm registers
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * on the stack.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Temporary register usage:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original OpenSolaris Interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void aes_decrypt_intel(const aes_ks_t *ks, int Nr,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const uint32_t pt[4], uint32_t ct[4])/
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Original Intel OpenSSL Interface:
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * void intel_AES_decrypt(const unsigned char *in, unsigned char *out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * const AES_KEY *key);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson mov 240(%KEYP), %NROUNDS32 / round count
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#else /* OpenSolaris Interface */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson /* Round count is already present as P2 in %rsi/%esi */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif /* OPENSSL_INTERFACE */
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson aesdeclast %KEY, %STATE / last round
8de5c4f463386063e184a851437d58080c6c626cDan OpenSolaris Anderson#endif /* lint || __lint */