[ceph.git] / ceph / src / spdk / intel-ipsec-mb / aes_keyexp_192.asm

;;
;; Copyright (c) 2012-2018, Intel Corporation
;;
;; Redistribution and use in source and binary forms, with or without
;; modification, are permitted provided that the following conditions are met:
;;
;;     * Redistributions of source code must retain the above copyright notice,
;;       this list of conditions and the following disclaimer.
;;     * Redistributions in binary form must reproduce the above copyright
;;       notice, this list of conditions and the following disclaimer in the
;;       documentation and/or other materials provided with the distribution.
;;     * Neither the name of Intel Corporation nor the names of its contributors
;;       may be used to endorse or promote products derived from this software
;;       without specific prior written permission.
;;
;; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
;; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
;; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
;; DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
;; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
;; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
;; CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
;; OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
;; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
;;

%include "os.asm"
%define NO_AESNI_RENAME
%include "aesni_emu.inc"

%ifdef LINUX
%define KEY		rdi
%define EXP_ENC_KEYS	rsi
%define EXP_DEC_KEYS	rdx
%else
%define KEY		rcx
%define EXP_ENC_KEYS	rdx
%define EXP_DEC_KEYS	r8
%endif


%macro key_expansion_1_192_sse 1
	;; Assumes the xmm3 includes all zeros at this point.
        pshufd xmm2, xmm2, 11111111b
        shufps xmm3, xmm1, 00010000b
        pxor xmm1, xmm3
        shufps xmm3, xmm1, 10001100b
        pxor xmm1, xmm3
	pxor xmm1, xmm2
	movdqu [EXP_ENC_KEYS + %1], xmm1
%endmacro

; Calculate w10 and w11 using calculated w9 and known w4-w5
%macro key_expansion_2_192_sse 1
		movdqa xmm5, xmm4
		pslldq xmm5, 4
		shufps xmm6, xmm1, 11110000b
		pxor xmm6, xmm5
		pxor xmm4, xmm6
		pshufd xmm7, xmm4, 00001110b
		movdqu [EXP_ENC_KEYS + %1], xmm7
%endmacro

%macro key_dec_192_sse 1
  	movdqa  xmm0, [EXP_ENC_KEYS + 16 * %1]
	aesimc	xmm1, xmm0
	movdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
%endmacro

%macro key_dec_192_sse_no_aesni 1
  	movdqa  xmm0, [EXP_ENC_KEYS + 16 * %1]
	EMULATE_AESIMC	xmm1, xmm0
	movdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
%endmacro

%macro key_expansion_1_192_avx 1
	;; Assumes the xmm3 includes all zeros at this point.
        vpshufd xmm2, xmm2, 11111111b
        vshufps xmm3, xmm3, xmm1, 00010000b
        vpxor xmm1, xmm1, xmm3
        vshufps xmm3, xmm3, xmm1, 10001100b
        vpxor xmm1, xmm1, xmm3
	vpxor xmm1, xmm1, xmm2
	vmovdqu [EXP_ENC_KEYS + %1], xmm1
%endmacro

; Calculate w10 and w11 using calculated w9 and known w4-w5
%macro key_expansion_2_192_avx 1
		vmovdqa xmm5, xmm4
		vpslldq xmm5, xmm5, 4
		vshufps xmm6, xmm6, xmm1, 11110000b
		vpxor xmm6, xmm6, xmm5
		vpxor xmm4, xmm4, xmm6
		vpshufd xmm7, xmm4, 00001110b
		vmovdqu [EXP_ENC_KEYS + %1], xmm7
%endmacro

%macro key_dec_192_avx 1
  	vmovdqa  xmm0, [EXP_ENC_KEYS + 16 * %1]
	vaesimc	xmm1, xmm0
	vmovdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
%endmacro

section .text

; void aes_keyexp_192(UINT128 *key,
;                     UINT128 *enc_exp_keys,
;                     UINT128 *dec_exp_keys);
;
; arg 1: rcx: pointer to key
; arg 2: rdx: pointer to expanded key array for encrypt
; arg 3: r8:  pointer to expanded key array for decrypt
;
MKGLOBAL(aes_keyexp_192_sse,function,)
aes_keyexp_192_sse:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	movdqa	[rsp + 0*16], xmm6
	movdqa	[rsp + 1*16], xmm7
%endif

	movq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        movq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        pshufd xmm4, xmm7, 01001111b
        movdqu xmm1, [KEY]	; loading the AES key, 128 bits
        movdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion
        movdqa [EXP_DEC_KEYS + 16*0], xmm1
        movdqa [EXP_DEC_KEYS + 16*12], xmm1

        pxor xmm3, xmm3		; Set xmm3 to be all zeros. Required for the key_expansion
        pxor xmm6, xmm6		; Set xmm3 to be all zeros. Required for the key_expansion

        aeskeygenassist xmm2, xmm4, 0x1     ; Complete round key 1 and generate round key 2
        key_expansion_1_192_sse 24
		key_expansion_2_192_sse 40

        aeskeygenassist xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_sse 48
		key_expansion_2_192_sse 64

        aeskeygenassist xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_sse 72
		key_expansion_2_192_sse 88

        aeskeygenassist xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_sse 96
		key_expansion_2_192_sse 112

        aeskeygenassist xmm2, xmm4, 0x10     ; Complete round key 7 and generate round key 8
        key_expansion_1_192_sse 120
		key_expansion_2_192_sse 136

        aeskeygenassist xmm2, xmm4, 0x20     ; Generate round key 9 and part of round key 10
        key_expansion_1_192_sse 144
		key_expansion_2_192_sse 160

        aeskeygenassist xmm2, xmm4, 0x40     ; Complete round key 10 and generate round key 11
        key_expansion_1_192_sse 168
		key_expansion_2_192_sse 184

        aeskeygenassist xmm2, xmm4, 0x80     ; Generate round key 12
        key_expansion_1_192_sse 192

;;;  we have already saved the 12 th key, which is pure input on the
;;;  ENC key path
	movdqa  xmm0, [EXP_ENC_KEYS + 16 * 12]
	movdqa [EXP_DEC_KEYS + 16*0], xmm0
;;;  generate remaining decrypt keys
	key_dec_192_sse 1
	key_dec_192_sse 2
	key_dec_192_sse 3
	key_dec_192_sse 4
	key_dec_192_sse 5
	key_dec_192_sse 6
	key_dec_192_sse 7
	key_dec_192_sse 8
	key_dec_192_sse 9
	key_dec_192_sse 10
	key_dec_192_sse 11

%ifndef LINUX
	movdqa	xmm6, [rsp + 0*16]
	movdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

MKGLOBAL(aes_keyexp_192_sse_no_aesni,function,)
aes_keyexp_192_sse_no_aesni:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	movdqa	[rsp + 0*16], xmm6
	movdqa	[rsp + 1*16], xmm7
%endif

	movq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        movq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        pshufd xmm4, xmm7, 01001111b
        movdqu xmm1, [KEY]	; loading the AES key, 128 bits
        movdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion
        movdqa [EXP_DEC_KEYS + 16*0], xmm1
        movdqa [EXP_DEC_KEYS + 16*12], xmm1

        pxor xmm3, xmm3		; Set xmm3 to be all zeros. Required for the key_expansion
        pxor xmm6, xmm6		; Set xmm3 to be all zeros. Required for the key_expansion

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x1     ; Complete round key 1 and generate round key 2
        key_expansion_1_192_sse 24
		key_expansion_2_192_sse 40

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_sse 48
		key_expansion_2_192_sse 64

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_sse 72
		key_expansion_2_192_sse 88

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_sse 96
		key_expansion_2_192_sse 112

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x10     ; Complete round key 7 and generate round key 8
        key_expansion_1_192_sse 120
		key_expansion_2_192_sse 136

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x20     ; Generate round key 9 and part of round key 10
        key_expansion_1_192_sse 144
		key_expansion_2_192_sse 160

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x40     ; Complete round key 10 and generate round key 11
        key_expansion_1_192_sse 168
		key_expansion_2_192_sse 184

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x80     ; Generate round key 12
        key_expansion_1_192_sse 192

;;;  we have already saved the 12 th key, which is pure input on the
;;;  ENC key path
	movdqa  xmm0, [EXP_ENC_KEYS + 16 * 12]
	movdqa [EXP_DEC_KEYS + 16*0], xmm0
;;;  generate remaining decrypt keys
	key_dec_192_sse_no_aesni 1
	key_dec_192_sse_no_aesni 2
	key_dec_192_sse_no_aesni 3
	key_dec_192_sse_no_aesni 4
	key_dec_192_sse_no_aesni 5
	key_dec_192_sse_no_aesni 6
	key_dec_192_sse_no_aesni 7
	key_dec_192_sse_no_aesni 8
	key_dec_192_sse_no_aesni 9
	key_dec_192_sse_no_aesni 10
	key_dec_192_sse_no_aesni 11

%ifndef LINUX
	movdqa	xmm6, [rsp + 0*16]
	movdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

MKGLOBAL(aes_keyexp_192_avx,function,)
MKGLOBAL(aes_keyexp_192_avx2,function,)
MKGLOBAL(aes_keyexp_192_avx512,function,)
aes_keyexp_192_avx:
aes_keyexp_192_avx2:
aes_keyexp_192_avx512:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	vmovdqa	[rsp + 0*16], xmm6
	vmovdqa	[rsp + 1*16], xmm7
%endif

	vmovq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        vmovq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        vpshufd xmm4, xmm7, 01001111b
        vmovdqu xmm1, [KEY]	; loading the AES key, 128 bits
        vmovdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion
        vmovdqa [EXP_DEC_KEYS + 16*0], xmm1
        vmovdqa [EXP_DEC_KEYS + 16*12], xmm1

        vpxor xmm3, xmm3, xmm3
        vpxor xmm6, xmm6, xmm6

        vaeskeygenassist xmm2, xmm4, 0x1      ; Complete round key 1 and generate round key 2
        key_expansion_1_192_avx 24
		key_expansion_2_192_avx 40

        vaeskeygenassist xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_avx 48
		key_expansion_2_192_avx 64

        vaeskeygenassist xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_avx 72
		key_expansion_2_192_avx 88

        vaeskeygenassist xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_avx 96
		key_expansion_2_192_avx 112

        vaeskeygenassist xmm2, xmm4, 0x10    ; Complete round key 7 and generate round key 8
        key_expansion_1_192_avx 120
		key_expansion_2_192_avx 136

        vaeskeygenassist xmm2, xmm4, 0x20    ; Generate round key 9 and part of round key 10
        key_expansion_1_192_avx 144
		key_expansion_2_192_avx 160

        vaeskeygenassist xmm2, xmm4, 0x40    ; Complete round key 10 and generate round key 11
        key_expansion_1_192_avx 168
		key_expansion_2_192_avx 184

        vaeskeygenassist xmm2, xmm4, 0x80   ; Generate round key 12
        key_expansion_1_192_avx 192

;;;  we have already saved the 12 th key, which is pure input on the
;;;  ENC key path
	vmovdqa  xmm0, [EXP_ENC_KEYS + 16 * 12]
	vmovdqa [EXP_DEC_KEYS + 16*0], xmm0
;;;  generate remaining decrypt keys
	key_dec_192_avx 1
	key_dec_192_avx 2
	key_dec_192_avx 3
	key_dec_192_avx 4
	key_dec_192_avx 5
	key_dec_192_avx 6
	key_dec_192_avx 7
	key_dec_192_avx 8
	key_dec_192_avx 9
	key_dec_192_avx 10
	key_dec_192_avx 11

%ifndef LINUX
	vmovdqa	xmm6, [rsp + 0*16]
	vmovdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; void aes_keyexp_192_enc_sse(UINT128 *key,
;                             UINT128 *enc_exp_keys);
;
; arg 1: rcx: pointer to key
; arg 2: rdx: pointer to expanded key array for encrypt
;
MKGLOBAL(aes_keyexp_192_enc_sse,function,)
aes_keyexp_192_enc_sse:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	movdqa	[rsp + 0*16], xmm6
	movdqa	[rsp + 1*16], xmm7
%endif

	movq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        movq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        pshufd xmm4, xmm7, 01001111b
        movdqu xmm1, [KEY]	; loading the AES key, 128 bits
        movdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion

        pxor xmm3, xmm3		; Set xmm3 to be all zeros. Required for the key_expansion.
        pxor xmm6, xmm6		; Set xmm3 to be all zeros. Required for the key_expansion.

        aeskeygenassist xmm2, xmm4, 0x1     ; Complete round key 1 and generate round key 2
        key_expansion_1_192_sse 24
		key_expansion_2_192_sse 40

        aeskeygenassist xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_sse 48
		key_expansion_2_192_sse 64

        aeskeygenassist xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_sse 72
		key_expansion_2_192_sse 88

        aeskeygenassist xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_sse 96
		key_expansion_2_192_sse 112

        aeskeygenassist xmm2, xmm4, 0x10     ; Complete round key 7 and generate round key 8
        key_expansion_1_192_sse 120
		key_expansion_2_192_sse 136

        aeskeygenassist xmm2, xmm4, 0x20     ; Generate round key 9 and part of round key 10
        key_expansion_1_192_sse 144
		key_expansion_2_192_sse 160

        aeskeygenassist xmm2, xmm4, 0x40     ; Complete round key 10 and generate round key 11
        key_expansion_1_192_sse 168
		key_expansion_2_192_sse 184

        aeskeygenassist xmm2, xmm4, 0x80     ; Generate round key 12
        key_expansion_1_192_sse 192

%ifndef LINUX
	movdqa	xmm6, [rsp + 0*16]
	movdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

MKGLOBAL(aes_keyexp_192_enc_sse_no_aesni,function,)
aes_keyexp_192_enc_sse_no_aesni:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	movdqa	[rsp + 0*16], xmm6
	movdqa	[rsp + 1*16], xmm7
%endif

	movq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        movq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        pshufd xmm4, xmm7, 01001111b
        movdqu xmm1, [KEY]	; loading the AES key, 128 bits
        movdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion

        pxor xmm3, xmm3		; Set xmm3 to be all zeros. Required for the key_expansion.
        pxor xmm6, xmm6		; Set xmm3 to be all zeros. Required for the key_expansion.

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x1     ; Complete round key 1 and generate round key 2
        key_expansion_1_192_sse 24
		key_expansion_2_192_sse 40

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_sse 48
		key_expansion_2_192_sse 64

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_sse 72
		key_expansion_2_192_sse 88

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_sse 96
		key_expansion_2_192_sse 112

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x10     ; Complete round key 7 and generate round key 8
        key_expansion_1_192_sse 120
		key_expansion_2_192_sse 136

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x20     ; Generate round key 9 and part of round key 10
        key_expansion_1_192_sse 144
		key_expansion_2_192_sse 160

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x40     ; Complete round key 10 and generate round key 11
        key_expansion_1_192_sse 168
		key_expansion_2_192_sse 184

        EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x80     ; Generate round key 12
        key_expansion_1_192_sse 192

%ifndef LINUX
	movdqa	xmm6, [rsp + 0*16]
	movdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

MKGLOBAL(aes_keyexp_192_enc_avx,function,)
MKGLOBAL(aes_keyexp_192_enc_avx2,function,)
MKGLOBAL(aes_keyexp_192_enc_avx512,function,)
aes_keyexp_192_enc_avx:
aes_keyexp_192_enc_avx2:
aes_keyexp_192_enc_avx512:

%ifndef LINUX
	sub	rsp, 16*2 + 8
	vmovdqa	[rsp + 0*16], xmm6
	vmovdqa	[rsp + 1*16], xmm7
%endif

	vmovq xmm7, [KEY + 16]	; loading the AES key, 64 bits
        vmovq [EXP_ENC_KEYS + 16], xmm7  ; Storing key in memory where all key expansion
        vpshufd xmm4, xmm7, 01001111b
        vmovdqu xmm1, [KEY]	; loading the AES key, 128 bits
        vmovdqu [EXP_ENC_KEYS], xmm1  ; Storing key in memory where all key expansion

        vpxor xmm3, xmm3, xmm3
        vpxor xmm6, xmm6, xmm6

        vaeskeygenassist xmm2, xmm4, 0x1      ; Complete round key 1 and generate round key 2
        key_expansion_1_192_avx 24
		key_expansion_2_192_avx 40

        vaeskeygenassist xmm2, xmm4, 0x2     ; Generate round key 3 and part of round key 4
        key_expansion_1_192_avx 48
		key_expansion_2_192_avx 64

        vaeskeygenassist xmm2, xmm4, 0x4     ; Complete round key 4 and generate round key 5
        key_expansion_1_192_avx 72
		key_expansion_2_192_avx 88

        vaeskeygenassist xmm2, xmm4, 0x8     ; Generate round key 6 and part of round key 7
        key_expansion_1_192_avx 96
		key_expansion_2_192_avx 112

        vaeskeygenassist xmm2, xmm4, 0x10    ; Complete round key 7 and generate round key 8
        key_expansion_1_192_avx 120
		key_expansion_2_192_avx 136

        vaeskeygenassist xmm2, xmm4, 0x20    ; Generate round key 9 and part of round key 10
        key_expansion_1_192_avx 144
		key_expansion_2_192_avx 160

        vaeskeygenassist xmm2, xmm4, 0x40    ; Complete round key 10 and generate round key 11
        key_expansion_1_192_avx 168
		key_expansion_2_192_avx 184

        vaeskeygenassist xmm2, xmm4, 0x80   ; Generate round key 12
        key_expansion_1_192_avx 192

%ifndef LINUX
	vmovdqa	xmm6, [rsp + 0*16]
	vmovdqa	xmm7, [rsp + 1*16]
	add	rsp, 16*2 + 8
%endif

	ret

%ifdef LINUX
section .note.GNU-stack noalloc noexec nowrite progbits
%endif
Commit	Line	Data
11fdf7f2 TL	1	;;
	2	;; Copyright (c) 2012-2018, Intel Corporation
	3	;;
	4	;; Redistribution and use in source and binary forms, with or without
	5	;; modification, are permitted provided that the following conditions are met:
	6	;;
	7	;; * Redistributions of source code must retain the above copyright notice,
	8	;; this list of conditions and the following disclaimer.
	9	;; * Redistributions in binary form must reproduce the above copyright
	10	;; notice, this list of conditions and the following disclaimer in the
	11	;; documentation and/or other materials provided with the distribution.
	12	;; * Neither the name of Intel Corporation nor the names of its contributors
	13	;; may be used to endorse or promote products derived from this software
	14	;; without specific prior written permission.
	15	;;
	16	;; THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
	17	;; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	18	;; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	19	;; DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
	20	;; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	21	;; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
	22	;; SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	23	;; CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
	24	;; OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	25	;; OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	26	;;
	27
	28	%include "os.asm"
9f95a23c TL	29	%define NO_AESNI_RENAME
9f95a23c TL	30	%include "aesni_emu.inc"
11fdf7f2 TL	31
	32	%ifdef LINUX
	33	%define KEY rdi
	34	%define EXP_ENC_KEYS rsi
	35	%define EXP_DEC_KEYS rdx
	36	%else
	37	%define KEY rcx
	38	%define EXP_ENC_KEYS rdx
	39	%define EXP_DEC_KEYS r8
	40	%endif
	41
	42
	43
	44
	45	%macro key_expansion_1_192_sse 1
	46	;; Assumes the xmm3 includes all zeros at this point.
	47	pshufd xmm2, xmm2, 11111111b
	48	shufps xmm3, xmm1, 00010000b
	49	pxor xmm1, xmm3
	50	shufps xmm3, xmm1, 10001100b
	51	pxor xmm1, xmm3
	52	pxor xmm1, xmm2
	53	movdqu [EXP_ENC_KEYS + %1], xmm1
	54	%endmacro
	55
	56	; Calculate w10 and w11 using calculated w9 and known w4-w5
	57	%macro key_expansion_2_192_sse 1
	58	movdqa xmm5, xmm4
	59	pslldq xmm5, 4
	60	shufps xmm6, xmm1, 11110000b
	61	pxor xmm6, xmm5
	62	pxor xmm4, xmm6
	63	pshufd xmm7, xmm4, 00001110b
	64	movdqu [EXP_ENC_KEYS + %1], xmm7
	65	%endmacro
	66
	67	%macro key_dec_192_sse 1
	68	movdqa xmm0, [EXP_ENC_KEYS + 16 * %1]
	69	aesimc xmm1, xmm0
	70	movdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
	71	%endmacro
	72
9f95a23c TL	73	%macro key_dec_192_sse_no_aesni 1
	74	movdqa xmm0, [EXP_ENC_KEYS + 16 * %1]
	75	EMULATE_AESIMC xmm1, xmm0
	76	movdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
	77	%endmacro
	78
11fdf7f2 TL	79	%macro key_expansion_1_192_avx 1
	80	;; Assumes the xmm3 includes all zeros at this point.
	81	vpshufd xmm2, xmm2, 11111111b
	82	vshufps xmm3, xmm3, xmm1, 00010000b
	83	vpxor xmm1, xmm1, xmm3
	84	vshufps xmm3, xmm3, xmm1, 10001100b
	85	vpxor xmm1, xmm1, xmm3
	86	vpxor xmm1, xmm1, xmm2
	87	vmovdqu [EXP_ENC_KEYS + %1], xmm1
	88	%endmacro
	89
	90	; Calculate w10 and w11 using calculated w9 and known w4-w5
	91	%macro key_expansion_2_192_avx 1
	92	vmovdqa xmm5, xmm4
	93	vpslldq xmm5, xmm5, 4
	94	vshufps xmm6, xmm6, xmm1, 11110000b
	95	vpxor xmm6, xmm6, xmm5
	96	vpxor xmm4, xmm4, xmm6
	97	vpshufd xmm7, xmm4, 00001110b
	98	vmovdqu [EXP_ENC_KEYS + %1], xmm7
	99	%endmacro
	100
	101	%macro key_dec_192_avx 1
	102	vmovdqa xmm0, [EXP_ENC_KEYS + 16 * %1]
	103	vaesimc xmm1, xmm0
	104	vmovdqa [EXP_DEC_KEYS + 16 * (12 - %1)], xmm1
	105	%endmacro
	106
	107	section .text
	108
	109	; void aes_keyexp_192(UINT128 *key,
	110	; UINT128 *enc_exp_keys,
	111	; UINT128 *dec_exp_keys);
	112	;
	113	; arg 1: rcx: pointer to key
	114	; arg 2: rdx: pointer to expanded key array for encrypt
	115	; arg 3: r8: pointer to expanded key array for decrypt
	116	;
	117	MKGLOBAL(aes_keyexp_192_sse,function,)
	118	aes_keyexp_192_sse:
	119
	120	%ifndef LINUX
	121	sub rsp, 16*2 + 8
	122	movdqa [rsp + 0*16], xmm6
	123	movdqa [rsp + 1*16], xmm7
	124	%endif
	125
	126	movq xmm7, [KEY + 16] ; loading the AES key, 64 bits
	127	movq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
	128	pshufd xmm4, xmm7, 01001111b
	129	movdqu xmm1, [KEY] ; loading the AES key, 128 bits
	130	movdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
	131	movdqa [EXP_DEC_KEYS + 16*0], xmm1
	132	movdqa [EXP_DEC_KEYS + 16*12], xmm1
	133
	134	pxor xmm3, xmm3 ; Set xmm3 to be all zeros. Required for the key_expansion
	135	pxor xmm6, xmm6 ; Set xmm3 to be all zeros. Required for the key_expansion
	136
	137	aeskeygenassist xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
	138	key_expansion_1_192_sse 24
	139	key_expansion_2_192_sse 40
	140
	141	aeskeygenassist xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
	142	key_expansion_1_192_sse 48
143	key_expansion_2_192_sse 64
144
145	aeskeygenassist xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
146	key_expansion_1_192_sse 72
147	key_expansion_2_192_sse 88
148
149	aeskeygenassist xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
150	key_expansion_1_192_sse 96
151	key_expansion_2_192_sse 112
152
153	aeskeygenassist xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
154	key_expansion_1_192_sse 120
155	key_expansion_2_192_sse 136
156
157	aeskeygenassist xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
158	key_expansion_1_192_sse 144
159	key_expansion_2_192_sse 160
160
161	aeskeygenassist xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
162	key_expansion_1_192_sse 168
163	key_expansion_2_192_sse 184
164
165	aeskeygenassist xmm2, xmm4, 0x80 ; Generate round key 12
166	key_expansion_1_192_sse 192
167
168	;;; we have already saved the 12 th key, which is pure input on the
169	;;; ENC key path
170	movdqa xmm0, [EXP_ENC_KEYS + 16 * 12]
171	movdqa [EXP_DEC_KEYS + 16*0], xmm0
172	;;; generate remaining decrypt keys
173	key_dec_192_sse 1
174	key_dec_192_sse 2
175	key_dec_192_sse 3
176	key_dec_192_sse 4
177	key_dec_192_sse 5
178	key_dec_192_sse 6
179	key_dec_192_sse 7
180	key_dec_192_sse 8
181	key_dec_192_sse 9
182	key_dec_192_sse 10
183	key_dec_192_sse 11
184
185	%ifndef LINUX
186	movdqa xmm6, [rsp + 0*16]
187	movdqa xmm7, [rsp + 1*16]
188	add rsp, 16*2 + 8
189	%endif
190
191	ret
192
9f95a23c TL	193	MKGLOBAL(aes_keyexp_192_sse_no_aesni,function,)
	194	aes_keyexp_192_sse_no_aesni:
	195
	196	%ifndef LINUX
	197	sub rsp, 16*2 + 8
	198	movdqa [rsp + 0*16], xmm6
	199	movdqa [rsp + 1*16], xmm7
	200	%endif
	201
	202	movq xmm7, [KEY + 16] ; loading the AES key, 64 bits
	203	movq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
	204	pshufd xmm4, xmm7, 01001111b
	205	movdqu xmm1, [KEY] ; loading the AES key, 128 bits
	206	movdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
	207	movdqa [EXP_DEC_KEYS + 16*0], xmm1
	208	movdqa [EXP_DEC_KEYS + 16*12], xmm1
	209
	210	pxor xmm3, xmm3 ; Set xmm3 to be all zeros. Required for the key_expansion
	211	pxor xmm6, xmm6 ; Set xmm3 to be all zeros. Required for the key_expansion
	212
	213	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
	214	key_expansion_1_192_sse 24
	215	key_expansion_2_192_sse 40
	216
	217	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
	218	key_expansion_1_192_sse 48
	219	key_expansion_2_192_sse 64
	220
	221	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
	222	key_expansion_1_192_sse 72
	223	key_expansion_2_192_sse 88
	224
	225	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
	226	key_expansion_1_192_sse 96
	227	key_expansion_2_192_sse 112
	228
	229	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
	230	key_expansion_1_192_sse 120
	231	key_expansion_2_192_sse 136
	232
	233	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
	234	key_expansion_1_192_sse 144
	235	key_expansion_2_192_sse 160
	236
	237	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
	238	key_expansion_1_192_sse 168
	239	key_expansion_2_192_sse 184
	240
	241	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x80 ; Generate round key 12
	242	key_expansion_1_192_sse 192
	243
	244	;;; we have already saved the 12 th key, which is pure input on the
	245	;;; ENC key path
	246	movdqa xmm0, [EXP_ENC_KEYS + 16 * 12]
	247	movdqa [EXP_DEC_KEYS + 16*0], xmm0
	248	;;; generate remaining decrypt keys
	249	key_dec_192_sse_no_aesni 1
	250	key_dec_192_sse_no_aesni 2
	251	key_dec_192_sse_no_aesni 3
	252	key_dec_192_sse_no_aesni 4
	253	key_dec_192_sse_no_aesni 5
	254	key_dec_192_sse_no_aesni 6
	255	key_dec_192_sse_no_aesni 7
	256	key_dec_192_sse_no_aesni 8
257	key_dec_192_sse_no_aesni 9
258	key_dec_192_sse_no_aesni 10
259	key_dec_192_sse_no_aesni 11
260
261	%ifndef LINUX
262	movdqa xmm6, [rsp + 0*16]
263	movdqa xmm7, [rsp + 1*16]
264	add rsp, 16*2 + 8
265	%endif
11fdf7f2	266
9f95a23c	267	ret
11fdf7f2 TL	268
11fdf7f2 TL	269	MKGLOBAL(aes_keyexp_192_avx,function,)
9f95a23c TL	270	MKGLOBAL(aes_keyexp_192_avx2,function,)
9f95a23c TL	271	MKGLOBAL(aes_keyexp_192_avx512,function,)
11fdf7f2	272	aes_keyexp_192_avx:
9f95a23c TL	273	aes_keyexp_192_avx2:
9f95a23c TL	274	aes_keyexp_192_avx512:
11fdf7f2 TL	275
	276	%ifndef LINUX
	277	sub rsp, 16*2 + 8
	278	vmovdqa [rsp + 0*16], xmm6
	279	vmovdqa [rsp + 1*16], xmm7
	280	%endif
	281
	282	vmovq xmm7, [KEY + 16] ; loading the AES key, 64 bits
	283	vmovq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
	284	vpshufd xmm4, xmm7, 01001111b
	285	vmovdqu xmm1, [KEY] ; loading the AES key, 128 bits
	286	vmovdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
	287	vmovdqa [EXP_DEC_KEYS + 16*0], xmm1
	288	vmovdqa [EXP_DEC_KEYS + 16*12], xmm1
	289
	290	vpxor xmm3, xmm3, xmm3
	291	vpxor xmm6, xmm6, xmm6
	292
	293	vaeskeygenassist xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
	294	key_expansion_1_192_avx 24
	295	key_expansion_2_192_avx 40
	296
	297	vaeskeygenassist xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
	298	key_expansion_1_192_avx 48
	299	key_expansion_2_192_avx 64
	300
	301	vaeskeygenassist xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
	302	key_expansion_1_192_avx 72
	303	key_expansion_2_192_avx 88
	304
	305	vaeskeygenassist xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
	306	key_expansion_1_192_avx 96
	307	key_expansion_2_192_avx 112
	308
	309	vaeskeygenassist xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
	310	key_expansion_1_192_avx 120
	311	key_expansion_2_192_avx 136
	312
	313	vaeskeygenassist xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
	314	key_expansion_1_192_avx 144
	315	key_expansion_2_192_avx 160
	316
	317	vaeskeygenassist xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
	318	key_expansion_1_192_avx 168
	319	key_expansion_2_192_avx 184
	320
	321	vaeskeygenassist xmm2, xmm4, 0x80 ; Generate round key 12
	322	key_expansion_1_192_avx 192
	323
	324	;;; we have already saved the 12 th key, which is pure input on the
	325	;;; ENC key path
	326	vmovdqa xmm0, [EXP_ENC_KEYS + 16 * 12]
	327	vmovdqa [EXP_DEC_KEYS + 16*0], xmm0
	328	;;; generate remaining decrypt keys
	329	key_dec_192_avx 1
	330	key_dec_192_avx 2
	331	key_dec_192_avx 3
	332	key_dec_192_avx 4
	333	key_dec_192_avx 5
	334	key_dec_192_avx 6
	335	key_dec_192_avx 7
	336	key_dec_192_avx 8
	337	key_dec_192_avx 9
	338	key_dec_192_avx 10
339	key_dec_192_avx 11
340
341	%ifndef LINUX
342	vmovdqa xmm6, [rsp + 0*16]
343	vmovdqa xmm7, [rsp + 1*16]
344	add rsp, 16*2 + 8
345	%endif
346
347	ret
348
349	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
350	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
351	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
352	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
353
354	; void aes_keyexp_192_enc_sse(UINT128 *key,
355	; UINT128 *enc_exp_keys);
356	;
357	; arg 1: rcx: pointer to key
358	; arg 2: rdx: pointer to expanded key array for encrypt
359	;
360	MKGLOBAL(aes_keyexp_192_enc_sse,function,)
361	aes_keyexp_192_enc_sse:
362
363	%ifndef LINUX
364	sub rsp, 16*2 + 8
365	movdqa [rsp + 0*16], xmm6
366	movdqa [rsp + 1*16], xmm7
367	%endif
368
369	movq xmm7, [KEY + 16] ; loading the AES key, 64 bits
370	movq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
371	pshufd xmm4, xmm7, 01001111b
372	movdqu xmm1, [KEY] ; loading the AES key, 128 bits
373	movdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
374
375	pxor xmm3, xmm3 ; Set xmm3 to be all zeros. Required for the key_expansion.
376	pxor xmm6, xmm6 ; Set xmm3 to be all zeros. Required for the key_expansion.
377
378	aeskeygenassist xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
379	key_expansion_1_192_sse 24
380	key_expansion_2_192_sse 40
381
382	aeskeygenassist xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
383	key_expansion_1_192_sse 48
384	key_expansion_2_192_sse 64
385
386	aeskeygenassist xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
387	key_expansion_1_192_sse 72
388	key_expansion_2_192_sse 88
389
390	aeskeygenassist xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
391	key_expansion_1_192_sse 96
392	key_expansion_2_192_sse 112
393
394	aeskeygenassist xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
395	key_expansion_1_192_sse 120
396	key_expansion_2_192_sse 136
397
398	aeskeygenassist xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
399	key_expansion_1_192_sse 144
400	key_expansion_2_192_sse 160
401
402	aeskeygenassist xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
403	key_expansion_1_192_sse 168
404	key_expansion_2_192_sse 184
405
406	aeskeygenassist xmm2, xmm4, 0x80 ; Generate round key 12
407	key_expansion_1_192_sse 192
408
409	%ifndef LINUX
410	movdqa xmm6, [rsp + 0*16]
411	movdqa xmm7, [rsp + 1*16]
412	add rsp, 16*2 + 8
413	%endif
414
415	ret
416
9f95a23c TL	417	MKGLOBAL(aes_keyexp_192_enc_sse_no_aesni,function,)
	418	aes_keyexp_192_enc_sse_no_aesni:
	419
	420	%ifndef LINUX
	421	sub rsp, 16*2 + 8
	422	movdqa [rsp + 0*16], xmm6
	423	movdqa [rsp + 1*16], xmm7
	424	%endif
	425
	426	movq xmm7, [KEY + 16] ; loading the AES key, 64 bits
	427	movq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
	428	pshufd xmm4, xmm7, 01001111b
	429	movdqu xmm1, [KEY] ; loading the AES key, 128 bits
	430	movdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
	431
	432	pxor xmm3, xmm3 ; Set xmm3 to be all zeros. Required for the key_expansion.
	433	pxor xmm6, xmm6 ; Set xmm3 to be all zeros. Required for the key_expansion.
	434
	435	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
	436	key_expansion_1_192_sse 24
	437	key_expansion_2_192_sse 40
	438
	439	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
	440	key_expansion_1_192_sse 48
	441	key_expansion_2_192_sse 64
	442
	443	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
	444	key_expansion_1_192_sse 72
	445	key_expansion_2_192_sse 88
	446
	447	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
	448	key_expansion_1_192_sse 96
	449	key_expansion_2_192_sse 112
	450
	451	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
	452	key_expansion_1_192_sse 120
	453	key_expansion_2_192_sse 136
	454
	455	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
	456	key_expansion_1_192_sse 144
	457	key_expansion_2_192_sse 160
	458
	459	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
	460	key_expansion_1_192_sse 168
	461	key_expansion_2_192_sse 184
	462
	463	EMULATE_AESKEYGENASSIST xmm2, xmm4, 0x80 ; Generate round key 12
	464	key_expansion_1_192_sse 192
	465
	466	%ifndef LINUX
	467	movdqa xmm6, [rsp + 0*16]
	468	movdqa xmm7, [rsp + 1*16]
	469	add rsp, 16*2 + 8
	470	%endif
	471
	472	ret
	473
11fdf7f2	474	MKGLOBAL(aes_keyexp_192_enc_avx,function,)
9f95a23c TL	475	MKGLOBAL(aes_keyexp_192_enc_avx2,function,)
9f95a23c TL	476	MKGLOBAL(aes_keyexp_192_enc_avx512,function,)
11fdf7f2	477	aes_keyexp_192_enc_avx:
9f95a23c TL	478	aes_keyexp_192_enc_avx2:
9f95a23c TL	479	aes_keyexp_192_enc_avx512:
11fdf7f2 TL	480
	481	%ifndef LINUX
	482	sub rsp, 16*2 + 8
	483	vmovdqa [rsp + 0*16], xmm6
	484	vmovdqa [rsp + 1*16], xmm7
	485	%endif
	486
	487	vmovq xmm7, [KEY + 16] ; loading the AES key, 64 bits
	488	vmovq [EXP_ENC_KEYS + 16], xmm7 ; Storing key in memory where all key expansion
	489	vpshufd xmm4, xmm7, 01001111b
	490	vmovdqu xmm1, [KEY] ; loading the AES key, 128 bits
	491	vmovdqu [EXP_ENC_KEYS], xmm1 ; Storing key in memory where all key expansion
	492
	493	vpxor xmm3, xmm3, xmm3
	494	vpxor xmm6, xmm6, xmm6
	495
	496	vaeskeygenassist xmm2, xmm4, 0x1 ; Complete round key 1 and generate round key 2
	497	key_expansion_1_192_avx 24
	498	key_expansion_2_192_avx 40
	499
	500	vaeskeygenassist xmm2, xmm4, 0x2 ; Generate round key 3 and part of round key 4
	501	key_expansion_1_192_avx 48
	502	key_expansion_2_192_avx 64
	503
	504	vaeskeygenassist xmm2, xmm4, 0x4 ; Complete round key 4 and generate round key 5
	505	key_expansion_1_192_avx 72
	506	key_expansion_2_192_avx 88
	507
	508	vaeskeygenassist xmm2, xmm4, 0x8 ; Generate round key 6 and part of round key 7
	509	key_expansion_1_192_avx 96
	510	key_expansion_2_192_avx 112
	511
	512	vaeskeygenassist xmm2, xmm4, 0x10 ; Complete round key 7 and generate round key 8
	513	key_expansion_1_192_avx 120
	514	key_expansion_2_192_avx 136
	515
	516	vaeskeygenassist xmm2, xmm4, 0x20 ; Generate round key 9 and part of round key 10
	517	key_expansion_1_192_avx 144
	518	key_expansion_2_192_avx 160
	519
	520	vaeskeygenassist xmm2, xmm4, 0x40 ; Complete round key 10 and generate round key 11
	521	key_expansion_1_192_avx 168
	522	key_expansion_2_192_avx 184
	523
	524	vaeskeygenassist xmm2, xmm4, 0x80 ; Generate round key 12
	525	key_expansion_1_192_avx 192
	526
	527	%ifndef LINUX
	528	vmovdqa xmm6, [rsp + 0*16]
	529	vmovdqa xmm7, [rsp + 1*16]
	530	add rsp, 16*2 + 8
	531	%endif
	532
	533	ret
	534
	535	%ifdef LINUX
	536	section .note.GNU-stack noalloc noexec nowrite progbits
	537	%endif