RubyGems - ring-native - Versions diffs - 0.0.0 → 0.1.0 - Mend

ring-native 0.0.0 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (267) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/CHANGES.md +7 -0
data/Makefile +5 -0
data/README.md +12 -5
data/Rakefile +4 -0
data/ext/ring/extconf.rb +4 -5
data/lib/ring/native.rb +3 -1
data/lib/ring/native/version.rb +5 -1
data/ring-native.gemspec +6 -6
data/vendor/ring-ffi/Cargo.lock +26 -0
data/vendor/ring-ffi/Cargo.toml +45 -0
data/vendor/ring-ffi/LICENSE +16 -0
data/vendor/ring-ffi/README.md +59 -0
data/vendor/ring-ffi/src/lib.rs +79 -0
metadata +10 -255
data/vendor/ring/BUILDING.md +0 -40
data/vendor/ring/Cargo.toml +0 -43
data/vendor/ring/LICENSE +0 -185
data/vendor/ring/Makefile +0 -35
data/vendor/ring/PORTING.md +0 -163
data/vendor/ring/README.md +0 -113
data/vendor/ring/STYLE.md +0 -197
data/vendor/ring/appveyor.yml +0 -27
data/vendor/ring/build.rs +0 -108
data/vendor/ring/crypto/aes/aes.c +0 -1142
data/vendor/ring/crypto/aes/aes_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/aes/aes_test.cc +0 -93
data/vendor/ring/crypto/aes/asm/aes-586.pl +0 -2368
data/vendor/ring/crypto/aes/asm/aes-armv4.pl +0 -1249
data/vendor/ring/crypto/aes/asm/aes-x86_64.pl +0 -2246
data/vendor/ring/crypto/aes/asm/aesni-x86.pl +0 -1318
data/vendor/ring/crypto/aes/asm/aesni-x86_64.pl +0 -2084
data/vendor/ring/crypto/aes/asm/aesv8-armx.pl +0 -675
data/vendor/ring/crypto/aes/asm/bsaes-armv7.pl +0 -1364
data/vendor/ring/crypto/aes/asm/bsaes-x86_64.pl +0 -1565
data/vendor/ring/crypto/aes/asm/vpaes-x86.pl +0 -841
data/vendor/ring/crypto/aes/asm/vpaes-x86_64.pl +0 -1116
data/vendor/ring/crypto/aes/internal.h +0 -87
data/vendor/ring/crypto/aes/mode_wrappers.c +0 -61
data/vendor/ring/crypto/bn/add.c +0 -394
data/vendor/ring/crypto/bn/asm/armv4-mont.pl +0 -694
data/vendor/ring/crypto/bn/asm/armv8-mont.pl +0 -1503
data/vendor/ring/crypto/bn/asm/bn-586.pl +0 -774
data/vendor/ring/crypto/bn/asm/co-586.pl +0 -287
data/vendor/ring/crypto/bn/asm/rsaz-avx2.pl +0 -1882
data/vendor/ring/crypto/bn/asm/x86-mont.pl +0 -592
data/vendor/ring/crypto/bn/asm/x86_64-gcc.c +0 -599
data/vendor/ring/crypto/bn/asm/x86_64-mont.pl +0 -1393
data/vendor/ring/crypto/bn/asm/x86_64-mont5.pl +0 -3507
data/vendor/ring/crypto/bn/bn.c +0 -352
data/vendor/ring/crypto/bn/bn_asn1.c +0 -74
data/vendor/ring/crypto/bn/bn_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bn/bn_test.cc +0 -1696
data/vendor/ring/crypto/bn/cmp.c +0 -200
data/vendor/ring/crypto/bn/convert.c +0 -433
data/vendor/ring/crypto/bn/ctx.c +0 -311
data/vendor/ring/crypto/bn/div.c +0 -594
data/vendor/ring/crypto/bn/exponentiation.c +0 -1335
data/vendor/ring/crypto/bn/gcd.c +0 -711
data/vendor/ring/crypto/bn/generic.c +0 -1019
data/vendor/ring/crypto/bn/internal.h +0 -316
data/vendor/ring/crypto/bn/montgomery.c +0 -516
data/vendor/ring/crypto/bn/mul.c +0 -888
data/vendor/ring/crypto/bn/prime.c +0 -829
data/vendor/ring/crypto/bn/random.c +0 -334
data/vendor/ring/crypto/bn/rsaz_exp.c +0 -262
data/vendor/ring/crypto/bn/rsaz_exp.h +0 -53
data/vendor/ring/crypto/bn/shift.c +0 -276
data/vendor/ring/crypto/bytestring/bytestring_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bytestring/bytestring_test.cc +0 -421
data/vendor/ring/crypto/bytestring/cbb.c +0 -399
data/vendor/ring/crypto/bytestring/cbs.c +0 -227
data/vendor/ring/crypto/bytestring/internal.h +0 -46
data/vendor/ring/crypto/chacha/chacha_generic.c +0 -140
data/vendor/ring/crypto/chacha/chacha_vec.c +0 -323
data/vendor/ring/crypto/chacha/chacha_vec_arm.S +0 -1447
data/vendor/ring/crypto/chacha/chacha_vec_arm_generate.go +0 -153
data/vendor/ring/crypto/cipher/cipher_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/cipher/e_aes.c +0 -390
data/vendor/ring/crypto/cipher/e_chacha20poly1305.c +0 -208
data/vendor/ring/crypto/cipher/internal.h +0 -173
data/vendor/ring/crypto/cipher/test/aes_128_gcm_tests.txt +0 -543
data/vendor/ring/crypto/cipher/test/aes_128_key_wrap_tests.txt +0 -9
data/vendor/ring/crypto/cipher/test/aes_256_gcm_tests.txt +0 -475
data/vendor/ring/crypto/cipher/test/aes_256_key_wrap_tests.txt +0 -23
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_old_tests.txt +0 -422
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_tests.txt +0 -484
data/vendor/ring/crypto/cipher/test/cipher_test.txt +0 -100
data/vendor/ring/crypto/constant_time_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/constant_time_test.c +0 -304
data/vendor/ring/crypto/cpu-arm-asm.S +0 -32
data/vendor/ring/crypto/cpu-arm.c +0 -199
data/vendor/ring/crypto/cpu-intel.c +0 -261
data/vendor/ring/crypto/crypto.c +0 -151
data/vendor/ring/crypto/curve25519/asm/x25519-arm.S +0 -2118
data/vendor/ring/crypto/curve25519/curve25519.c +0 -4888
data/vendor/ring/crypto/curve25519/x25519_test.cc +0 -128
data/vendor/ring/crypto/digest/md32_common.h +0 -181
data/vendor/ring/crypto/ec/asm/p256-x86_64-asm.pl +0 -2725
data/vendor/ring/crypto/ec/ec.c +0 -193
data/vendor/ring/crypto/ec/ec_curves.c +0 -61
data/vendor/ring/crypto/ec/ec_key.c +0 -228
data/vendor/ring/crypto/ec/ec_montgomery.c +0 -114
data/vendor/ring/crypto/ec/example_mul.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ec/internal.h +0 -243
data/vendor/ring/crypto/ec/oct.c +0 -253
data/vendor/ring/crypto/ec/p256-64.c +0 -1794
data/vendor/ring/crypto/ec/p256-x86_64-table.h +0 -9548
data/vendor/ring/crypto/ec/p256-x86_64.c +0 -509
data/vendor/ring/crypto/ec/simple.c +0 -1007
data/vendor/ring/crypto/ec/util-64.c +0 -183
data/vendor/ring/crypto/ec/wnaf.c +0 -508
data/vendor/ring/crypto/ecdh/ecdh.c +0 -155
data/vendor/ring/crypto/ecdsa/ecdsa.c +0 -304
data/vendor/ring/crypto/ecdsa/ecdsa_asn1.c +0 -193
data/vendor/ring/crypto/ecdsa/ecdsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ecdsa/ecdsa_test.cc +0 -327
data/vendor/ring/crypto/header_removed.h +0 -17
data/vendor/ring/crypto/internal.h +0 -495
data/vendor/ring/crypto/libring.Windows.vcxproj +0 -101
data/vendor/ring/crypto/mem.c +0 -98
data/vendor/ring/crypto/modes/asm/aesni-gcm-x86_64.pl +0 -1045
data/vendor/ring/crypto/modes/asm/ghash-armv4.pl +0 -517
data/vendor/ring/crypto/modes/asm/ghash-x86.pl +0 -1393
data/vendor/ring/crypto/modes/asm/ghash-x86_64.pl +0 -1741
data/vendor/ring/crypto/modes/asm/ghashv8-armx.pl +0 -422
data/vendor/ring/crypto/modes/ctr.c +0 -226
data/vendor/ring/crypto/modes/gcm.c +0 -1206
data/vendor/ring/crypto/modes/gcm_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/modes/gcm_test.c +0 -348
data/vendor/ring/crypto/modes/internal.h +0 -299
data/vendor/ring/crypto/perlasm/arm-xlate.pl +0 -170
data/vendor/ring/crypto/perlasm/readme +0 -100
data/vendor/ring/crypto/perlasm/x86_64-xlate.pl +0 -1164
data/vendor/ring/crypto/perlasm/x86asm.pl +0 -292
data/vendor/ring/crypto/perlasm/x86gas.pl +0 -263
data/vendor/ring/crypto/perlasm/x86masm.pl +0 -200
data/vendor/ring/crypto/perlasm/x86nasm.pl +0 -187
data/vendor/ring/crypto/poly1305/poly1305.c +0 -331
data/vendor/ring/crypto/poly1305/poly1305_arm.c +0 -301
data/vendor/ring/crypto/poly1305/poly1305_arm_asm.S +0 -2015
data/vendor/ring/crypto/poly1305/poly1305_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/poly1305/poly1305_test.cc +0 -80
data/vendor/ring/crypto/poly1305/poly1305_test.txt +0 -52
data/vendor/ring/crypto/poly1305/poly1305_vec.c +0 -892
data/vendor/ring/crypto/rand/asm/rdrand-x86_64.pl +0 -75
data/vendor/ring/crypto/rand/internal.h +0 -32
data/vendor/ring/crypto/rand/rand.c +0 -189
data/vendor/ring/crypto/rand/urandom.c +0 -219
data/vendor/ring/crypto/rand/windows.c +0 -56
data/vendor/ring/crypto/refcount_c11.c +0 -66
data/vendor/ring/crypto/refcount_lock.c +0 -53
data/vendor/ring/crypto/refcount_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/refcount_test.c +0 -58
data/vendor/ring/crypto/rsa/blinding.c +0 -462
data/vendor/ring/crypto/rsa/internal.h +0 -108
data/vendor/ring/crypto/rsa/padding.c +0 -300
data/vendor/ring/crypto/rsa/rsa.c +0 -450
data/vendor/ring/crypto/rsa/rsa_asn1.c +0 -261
data/vendor/ring/crypto/rsa/rsa_impl.c +0 -944
data/vendor/ring/crypto/rsa/rsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/rsa/rsa_test.cc +0 -437
data/vendor/ring/crypto/sha/asm/sha-armv8.pl +0 -436
data/vendor/ring/crypto/sha/asm/sha-x86_64.pl +0 -2390
data/vendor/ring/crypto/sha/asm/sha256-586.pl +0 -1275
data/vendor/ring/crypto/sha/asm/sha256-armv4.pl +0 -735
data/vendor/ring/crypto/sha/asm/sha256-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha256-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-586.pl +0 -911
data/vendor/ring/crypto/sha/asm/sha512-armv4.pl +0 -666
data/vendor/ring/crypto/sha/asm/sha512-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/sha1.c +0 -271
data/vendor/ring/crypto/sha/sha256.c +0 -204
data/vendor/ring/crypto/sha/sha512.c +0 -355
data/vendor/ring/crypto/test/file_test.cc +0 -326
data/vendor/ring/crypto/test/file_test.h +0 -181
data/vendor/ring/crypto/test/malloc.cc +0 -150
data/vendor/ring/crypto/test/scoped_types.h +0 -95
data/vendor/ring/crypto/test/test.Windows.vcxproj +0 -35
data/vendor/ring/crypto/test/test_util.cc +0 -46
data/vendor/ring/crypto/test/test_util.h +0 -41
data/vendor/ring/crypto/thread_none.c +0 -55
data/vendor/ring/crypto/thread_pthread.c +0 -165
data/vendor/ring/crypto/thread_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/thread_test.c +0 -200
data/vendor/ring/crypto/thread_win.c +0 -282
data/vendor/ring/examples/checkdigest.rs +0 -103
data/vendor/ring/include/openssl/aes.h +0 -121
data/vendor/ring/include/openssl/arm_arch.h +0 -129
data/vendor/ring/include/openssl/base.h +0 -156
data/vendor/ring/include/openssl/bn.h +0 -794
data/vendor/ring/include/openssl/buffer.h +0 -18
data/vendor/ring/include/openssl/bytestring.h +0 -235
data/vendor/ring/include/openssl/chacha.h +0 -37
data/vendor/ring/include/openssl/cmac.h +0 -76
data/vendor/ring/include/openssl/cpu.h +0 -184
data/vendor/ring/include/openssl/crypto.h +0 -43
data/vendor/ring/include/openssl/curve25519.h +0 -88
data/vendor/ring/include/openssl/ec.h +0 -225
data/vendor/ring/include/openssl/ec_key.h +0 -129
data/vendor/ring/include/openssl/ecdh.h +0 -110
data/vendor/ring/include/openssl/ecdsa.h +0 -156
data/vendor/ring/include/openssl/err.h +0 -201
data/vendor/ring/include/openssl/mem.h +0 -101
data/vendor/ring/include/openssl/obj_mac.h +0 -71
data/vendor/ring/include/openssl/opensslfeatures.h +0 -68
data/vendor/ring/include/openssl/opensslv.h +0 -18
data/vendor/ring/include/openssl/ossl_typ.h +0 -18
data/vendor/ring/include/openssl/poly1305.h +0 -51
data/vendor/ring/include/openssl/rand.h +0 -70
data/vendor/ring/include/openssl/rsa.h +0 -399
data/vendor/ring/include/openssl/thread.h +0 -133
data/vendor/ring/include/openssl/type_check.h +0 -71
data/vendor/ring/mk/Common.props +0 -63
data/vendor/ring/mk/Windows.props +0 -42
data/vendor/ring/mk/WindowsTest.props +0 -18
data/vendor/ring/mk/appveyor.bat +0 -62
data/vendor/ring/mk/bottom_of_makefile.mk +0 -54
data/vendor/ring/mk/ring.mk +0 -266
data/vendor/ring/mk/top_of_makefile.mk +0 -214
data/vendor/ring/mk/travis.sh +0 -40
data/vendor/ring/mk/update-travis-yml.py +0 -229
data/vendor/ring/ring.sln +0 -153
data/vendor/ring/src/aead.rs +0 -682
data/vendor/ring/src/agreement.rs +0 -248
data/vendor/ring/src/c.rs +0 -129
data/vendor/ring/src/constant_time.rs +0 -37
data/vendor/ring/src/der.rs +0 -96
data/vendor/ring/src/digest.rs +0 -690
data/vendor/ring/src/digest_tests.txt +0 -57
data/vendor/ring/src/ecc.rs +0 -28
data/vendor/ring/src/ecc_build.rs +0 -279
data/vendor/ring/src/ecc_curves.rs +0 -117
data/vendor/ring/src/ed25519_tests.txt +0 -2579
data/vendor/ring/src/exe_tests.rs +0 -46
data/vendor/ring/src/ffi.rs +0 -29
data/vendor/ring/src/file_test.rs +0 -187
data/vendor/ring/src/hkdf.rs +0 -153
data/vendor/ring/src/hkdf_tests.txt +0 -59
data/vendor/ring/src/hmac.rs +0 -414
data/vendor/ring/src/hmac_tests.txt +0 -97
data/vendor/ring/src/input.rs +0 -312
data/vendor/ring/src/lib.rs +0 -41
data/vendor/ring/src/pbkdf2.rs +0 -265
data/vendor/ring/src/pbkdf2_tests.txt +0 -113
data/vendor/ring/src/polyfill.rs +0 -57
data/vendor/ring/src/rand.rs +0 -28
data/vendor/ring/src/signature.rs +0 -314
data/vendor/ring/third-party/NIST/README.md +0 -9
data/vendor/ring/third-party/NIST/SHAVS/SHA1LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA1Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA1ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA224LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA224Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA224ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA256LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA256Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA256ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA384LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA384Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA384ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/SHAVS/SHA512LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA512Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA512ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/sha256sums.txt +0 -1

data/vendor/ring/crypto/aes/asm/aesv8-armx.pl DELETED

@@ -1,675 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# This module implements support for ARMv8 AES instructions. The
-# module is endian-agnostic in sense that it supports both big- and
-# little-endian cases. As does it support both 32- and 64-bit modes
-# of operation. Latter is achieved by limiting amount of utilized
-# registers to 16, which implies additional NEON load and integer
-# instructions. This has no effect on mighty Apple A7, where results
-# are literally equal to the theoretical estimates based on AES
-# instruction latencies and issue rates. On Cortex-A53, an in-order
-# execution core, this costs up to 10-15%, which is partially
-# compensated by implementing dedicated code path for 128-bit
-# CBC encrypt case. On Cortex-A57 parallelizable mode performance
-# seems to be limited by sheer amount of NEON instructions...
-#
-# Performance in cycles per byte processed with 128-bit key:
-#
-#		CBC enc		CBC dec		CTR
-# Apple A7	2.39		1.20		1.20
-# Cortex-A53	1.32		1.29		1.46
-# Cortex-A57(*)	1.95		0.85		0.93
-# Denver	1.96		0.86		0.80
-#
-# (*)	original 3.64/1.34/1.32 results were for r0p0 revision
-#	and are still same even for updated module;
-$flavour = shift;
-$output  = shift;
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
-die "can't locate arm-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-$prefix="aes_v8";
-$code=<<___;
-#include <openssl/arm_arch.h>
-#if __ARM_MAX_ARCH__>=7
-.text
-___
-$code.=<<___ if ($flavour =~ /64/);
-#if !defined(__clang__)
-.arch  armv8-a+crypto
-#endif
-___
-$code.=".arch	armv7-a\n.fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-		#^^^^^^ this is done to simplify adoption by not depending
-		#	on latest binutils.
-# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
-# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
-# maintain both 32- and 64-bit codes within single module and
-# transliterate common code to either flavour with regex vodoo.
-#
-{{{
-my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
-my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
-	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
-$code.=<<___;
-.align	5
-.Lrcon:
-.long	0x01,0x01,0x01,0x01
-.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
-.long	0x1b,0x1b,0x1b,0x1b
-.globl	${prefix}_set_encrypt_key
-.type	${prefix}_set_encrypt_key,%function
-.align	5
-${prefix}_set_encrypt_key:
-.Lenc_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___;
-	mov	$ptr,#-1
-	cmp	$inp,#0
-	b.eq	.Lenc_key_abort
-	cmp	$out,#0
-	b.eq	.Lenc_key_abort
-	mov	$ptr,#-2
-	cmp	$bits,#128
-	b.lt	.Lenc_key_abort
-	cmp	$bits,#256
-	b.gt	.Lenc_key_abort
-	tst	$bits,#0x3f
-	b.ne	.Lenc_key_abort
-	adr	$ptr,.Lrcon
-	cmp	$bits,#192
-	veor	$zero,$zero,$zero
-	vld1.8	{$in0},[$inp],#16
-	mov	$bits,#8		// reuse $bits
-	vld1.32	{$rcon,$mask},[$ptr],#32
-	b.lt	.Loop128
-	b.eq	.L192
-	b	.L256
-.align	4
-.Loop128:
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	b.ne	.Loop128
-	vld1.32	{$rcon},[$ptr]
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out]
-	add	$out,$out,#0x50
-	mov	$rounds,#10
-	b	.Ldone
-.align	4
-.L192:
-	vld1.8	{$in1},[$inp],#8
-	vmov.i8	$key,#8			// borrow $key
-	vst1.32	{$in0},[$out],#16
-	vsub.i8	$mask,$mask,$key	// adjust the mask
-.Loop192:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#8
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vdup.32	$tmp,${in0}[3]
-	veor	$tmp,$tmp,$in1
-	 veor	$key,$key,$rcon
-	vext.8	$in1,$zero,$in1,#12
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in1,$in1,$tmp
-	veor	$in0,$in0,$key
-	veor	$in1,$in1,$key
-	vst1.32	{$in0},[$out],#16
-	b.ne	.Loop192
-	mov	$rounds,#12
-	add	$out,$out,#0x20
-	b	.Ldone
-.align	4
-.L256:
-	vld1.8	{$in1},[$inp]
-	mov	$bits,#7
-	mov	$rounds,#14
-	vst1.32	{$in0},[$out],#16
-.Loop256:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out],#16
-	b.eq	.Ldone
-	vdup.32	$key,${in0}[3]		// just splat
-	vext.8	$tmp,$zero,$in1,#12
-	aese	$key,$zero
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-	veor	$in1,$in1,$key
-	b	.Loop256
-.Ldone:
-	str	$rounds,[$out]
-	mov	$ptr,#0
-.Lenc_key_abort:
-	mov	x0,$ptr			// return value
-	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
-	ret
-.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
-.globl	${prefix}_set_decrypt_key
-.type	${prefix}_set_decrypt_key,%function
-.align	5
-${prefix}_set_decrypt_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	stmdb	sp!,{r4,lr}
-___
-$code.=<<___;
-	bl	.Lenc_key
-	cmp	x0,#0
-	b.ne	.Ldec_key_abort
-	sub	$out,$out,#240		// restore original $out
-	mov	x4,#-16
-	add	$inp,$out,x12,lsl#4	// end of key schedule
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-.Loop_imc:
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-	cmp	$inp,$out
-	b.hi	.Loop_imc
-	vld1.32	{v0.16b},[$out]
-	aesimc	v0.16b,v0.16b
-	vst1.32	{v0.16b},[$inp]
-	eor	x0,x0,x0		// return value
-.Ldec_key_abort:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	ldmia	sp!,{r4,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldp	x29,x30,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
-___
-}}}
-{{{
-sub gen_block () {
-my $dir = shift;
-my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
-my ($inp,$out,$key)=map("x$_",(0..2));
-my $rounds="w3";
-my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
-$code.=<<___;
-.globl	${prefix}_${dir}crypt
-.type	${prefix}_${dir}crypt,%function
-.align	5
-${prefix}_${dir}crypt:
-	ldr	$rounds,[$key,#240]
-	vld1.32	{$rndkey0},[$key],#16
-	vld1.8	{$inout},[$inp]
-	sub	$rounds,$rounds,#2
-	vld1.32	{$rndkey1},[$key],#16
-.Loop_${dir}c:
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key],#16
-	subs	$rounds,$rounds,#2
-	aes$e	$inout,$rndkey1
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey1},[$key],#16
-	b.gt	.Loop_${dir}c
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key]
-	aes$e	$inout,$rndkey1
-	veor	$inout,$inout,$rndkey0
-	vst1.8	{$inout},[$out]
-	ret
-.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
-___
-}
-&gen_block("en");
-&gen_block("de");
-}}}
-{{{
-my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
-my ($rounds,$cnt,$key_)=("w5","w6","x7");
-my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12));
-my $step="x12";		# aliases with $tctr2
-my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
-my ($dat,$tmp)=($dat0,$tmp0);
-### q8-q15	preloaded key schedule
-$code.=<<___;
-.globl	${prefix}_ctr32_encrypt_blocks
-.type	${prefix}_ctr32_encrypt_blocks,%function
-.align	5
-${prefix}_ctr32_encrypt_blocks:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	mov		ip,sp
-	stmdb		sp!,{r4-r10,lr}
-	vstmdb		sp!,{d8-d15}            @ ABI specification says so
-	ldr		r4, [ip]		@ load remaining arg
-___
-$code.=<<___;
-	ldr		$rounds,[$key,#240]
-	ldr		$ctr, [$ivp, #12]
-	vld1.32		{$dat0},[$ivp]
-	vld1.32		{q8-q9},[$key]		// load key schedule...
-	sub		$rounds,$rounds,#4
-	mov		$step,#16
-	cmp		$len,#2
-	add		$key_,$key,x5,lsl#4	// pointer to last 5 round keys
-	sub		$rounds,$rounds,#2
-	vld1.32		{q12-q13},[$key_],#32
-	vld1.32		{q14-q15},[$key_],#32
-	vld1.32		{$rndlast},[$key_]
-	add		$key_,$key,#32
-	mov		$cnt,$rounds
-	cclr		$step,lo
-#ifndef __ARMEB__
-	rev		$ctr, $ctr
-#endif
-	vorr		$dat1,$dat0,$dat0
-	add		$tctr1, $ctr, #1
-	vorr		$dat2,$dat0,$dat0
-	add		$ctr, $ctr, #2
-	vorr		$ivec,$dat0,$dat0
-	rev		$tctr1, $tctr1
-	vmov.32		${dat1}[3],$tctr1
-	b.ls		.Lctr32_tail
-	rev		$tctr2, $ctr
-	sub		$len,$len,#3		// bias
-	vmov.32		${dat2}[3],$tctr2
-	b		.Loop3x_ctr32
-.align	4
-.Loop3x_ctr32:
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	aese		$dat2,q8
-	aesmc		$dat2,$dat2
-	vld1.32		{q8},[$key_],#16
-	subs		$cnt,$cnt,#2
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	aese		$dat2,q9
-	aesmc		$dat2,$dat2
-	vld1.32		{q9},[$key_],#16
-	b.gt		.Loop3x_ctr32
-	aese		$dat0,q8
-	aesmc		$tmp0,$dat0
-	aese		$dat1,q8
-	aesmc		$tmp1,$dat1
-	 vld1.8		{$in0},[$inp],#16
-	 vorr		$dat0,$ivec,$ivec
-	aese		$dat2,q8
-	aesmc		$dat2,$dat2
-	 vld1.8		{$in1},[$inp],#16
-	 vorr		$dat1,$ivec,$ivec
-	aese		$tmp0,q9
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q9
-	aesmc		$tmp1,$tmp1
-	 vld1.8		{$in2},[$inp],#16
-	 mov		$key_,$key
-	aese		$dat2,q9
-	aesmc		$tmp2,$dat2
-	 vorr		$dat2,$ivec,$ivec
-	 add		$tctr0,$ctr,#1
-	aese		$tmp0,q12
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q12
-	aesmc		$tmp1,$tmp1
-	 veor		$in0,$in0,$rndlast
-	 add		$tctr1,$ctr,#2
-	aese		$tmp2,q12
-	aesmc		$tmp2,$tmp2
-	 veor		$in1,$in1,$rndlast
-	 add		$ctr,$ctr,#3
-	aese		$tmp0,q13
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q13
-	aesmc		$tmp1,$tmp1
-	 veor		$in2,$in2,$rndlast
-	 rev		$tctr0,$tctr0
-	aese		$tmp2,q13
-	aesmc		$tmp2,$tmp2
-	 vmov.32	${dat0}[3], $tctr0
-	 rev		$tctr1,$tctr1
-	aese		$tmp0,q14
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q14
-	aesmc		$tmp1,$tmp1
-	 vmov.32	${dat1}[3], $tctr1
-	 rev		$tctr2,$ctr
-	aese		$tmp2,q14
-	aesmc		$tmp2,$tmp2
-	 vmov.32	${dat2}[3], $tctr2
-	 subs		$len,$len,#3
-	aese		$tmp0,q15
-	aese		$tmp1,q15
-	aese		$tmp2,q15
-	veor		$in0,$in0,$tmp0
-	 vld1.32	 {q8},[$key_],#16	// re-pre-load rndkey[0]
-	vst1.8		{$in0},[$out],#16
-	veor		$in1,$in1,$tmp1
-	 mov		$cnt,$rounds
-	vst1.8		{$in1},[$out],#16
-	veor		$in2,$in2,$tmp2
-	 vld1.32	 {q9},[$key_],#16	// re-pre-load rndkey[1]
-	vst1.8		{$in2},[$out],#16
-	b.hs		.Loop3x_ctr32
-	adds		$len,$len,#3
-	b.eq		.Lctr32_done
-	cmp		$len,#1
-	mov		$step,#16
-	cclr		$step,eq
-.Lctr32_tail:
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	vld1.32		{q8},[$key_],#16
-	subs		$cnt,$cnt,#2
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	vld1.32		{q9},[$key_],#16
-	b.gt		.Lctr32_tail
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	 vld1.8		{$in0},[$inp],$step
-	aese		$dat0,q12
-	aesmc		$dat0,$dat0
-	aese		$dat1,q12
-	aesmc		$dat1,$dat1
-	 vld1.8		{$in1},[$inp]
-	aese		$dat0,q13
-	aesmc		$dat0,$dat0
-	aese		$dat1,q13
-	aesmc		$dat1,$dat1
-	 veor		$in0,$in0,$rndlast
-	aese		$dat0,q14
-	aesmc		$dat0,$dat0
-	aese		$dat1,q14
-	aesmc		$dat1,$dat1
-	 veor		$in1,$in1,$rndlast
-	aese		$dat0,q15
-	aese		$dat1,q15
-	cmp		$len,#1
-	veor		$in0,$in0,$dat0
-	veor		$in1,$in1,$dat1
-	vst1.8		{$in0},[$out],#16
-	b.eq		.Lctr32_done
-	vst1.8		{$in1},[$out]
-.Lctr32_done:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	vldmia		sp!,{d8-d15}
-	ldmia		sp!,{r4-r10,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldr		x29,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
-___
-}}}
-$code.=<<___;
-#endif
-___
-########################################
-if ($flavour =~ /64/) {			######## 64-bit code
-    my %opcode = (
-	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
-	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
-	sprintf ".inst\t0x%08x\t//%s %s",
-			$opcode{$mnemonic}|$1|($2<<5),
-			$mnemonic,$arg;
-    };
-    foreach(split("\n",$code)) {
-	s/\`([^\`]*)\`/eval($1)/geo;
-	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-	s/@\s/\/\//o;			# old->new style commentary
-	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-	s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel	$2,$3,$2,$1/o	or
-	s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
-	s/vext\.8/ext/o		or
-	s/vrev32\.8/rev32/o	or
-	s/vtst\.8/cmtst/o	or
-	s/vshr/ushr/o		or
-	s/^(\s+)v/$1/o		or	# strip off v prefix
-	s/\bbx\s+lr\b/ret/o;
-	# fix up remainig legacy suffixes
-	s/\.[ui]?8//o;
-	m/\],#8/o and s/\.16b/\.8b/go;
-	s/\.[ui]?32//o and s/\.16b/\.4s/go;
-	s/\.[ui]?64//o and s/\.16b/\.2d/go;
-	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-	print $_,"\n";
-    }
-} else {				######## 32-bit code
-    my %opcode = (
-	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
-	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
-	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-					 |(($2&7)<<1) |(($2&8)<<2);
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    };
-    sub unvtbl {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
-	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
-		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;
-    }
-    sub unvdup32 {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
-    }
-    sub unvmov32 {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
-	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;
-    }
-    foreach(split("\n",$code)) {
-	s/\`([^\`]*)\`/eval($1)/geo;
-	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-	s/\/\/\s?/@ /o;				# new->old style commentary
-	# fix up remainig new-style suffixes
-	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
-	s/\],#[0-9]+/]!/o;
-	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
-	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
-	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
-	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
-	s/^(\s+)b\./$1b/o				or
-	s/^(\s+)mov\./$1mov/o				or
-	s/^(\s+)ret/$1bx\tlr/o;
-	print $_,"\n";
-    }
-}
-close STDOUT;