RubyGems - ring-native - Versions diffs - 0.0.0 → 0.1.0 - Mend

ring-native 0.0.0 → 0.1.0

Files changed (267) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/CHANGES.md +7 -0
data/Makefile +5 -0
data/README.md +12 -5
data/Rakefile +4 -0
data/ext/ring/extconf.rb +4 -5
data/lib/ring/native.rb +3 -1
data/lib/ring/native/version.rb +5 -1
data/ring-native.gemspec +6 -6
data/vendor/ring-ffi/Cargo.lock +26 -0
data/vendor/ring-ffi/Cargo.toml +45 -0
data/vendor/ring-ffi/LICENSE +16 -0
data/vendor/ring-ffi/README.md +59 -0
data/vendor/ring-ffi/src/lib.rs +79 -0
metadata +10 -255
data/vendor/ring/BUILDING.md +0 -40
data/vendor/ring/Cargo.toml +0 -43
data/vendor/ring/LICENSE +0 -185
data/vendor/ring/Makefile +0 -35
data/vendor/ring/PORTING.md +0 -163
data/vendor/ring/README.md +0 -113
data/vendor/ring/STYLE.md +0 -197
data/vendor/ring/appveyor.yml +0 -27
data/vendor/ring/build.rs +0 -108
data/vendor/ring/crypto/aes/aes.c +0 -1142
data/vendor/ring/crypto/aes/aes_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/aes/aes_test.cc +0 -93
data/vendor/ring/crypto/aes/asm/aes-586.pl +0 -2368
data/vendor/ring/crypto/aes/asm/aes-armv4.pl +0 -1249
data/vendor/ring/crypto/aes/asm/aes-x86_64.pl +0 -2246
data/vendor/ring/crypto/aes/asm/aesni-x86.pl +0 -1318
data/vendor/ring/crypto/aes/asm/aesni-x86_64.pl +0 -2084
data/vendor/ring/crypto/aes/asm/aesv8-armx.pl +0 -675
data/vendor/ring/crypto/aes/asm/bsaes-armv7.pl +0 -1364
data/vendor/ring/crypto/aes/asm/bsaes-x86_64.pl +0 -1565
data/vendor/ring/crypto/aes/asm/vpaes-x86.pl +0 -841
data/vendor/ring/crypto/aes/asm/vpaes-x86_64.pl +0 -1116
data/vendor/ring/crypto/aes/internal.h +0 -87
data/vendor/ring/crypto/aes/mode_wrappers.c +0 -61
data/vendor/ring/crypto/bn/add.c +0 -394
data/vendor/ring/crypto/bn/asm/armv4-mont.pl +0 -694
data/vendor/ring/crypto/bn/asm/armv8-mont.pl +0 -1503
data/vendor/ring/crypto/bn/asm/bn-586.pl +0 -774
data/vendor/ring/crypto/bn/asm/co-586.pl +0 -287
data/vendor/ring/crypto/bn/asm/rsaz-avx2.pl +0 -1882
data/vendor/ring/crypto/bn/asm/x86-mont.pl +0 -592
data/vendor/ring/crypto/bn/asm/x86_64-gcc.c +0 -599
data/vendor/ring/crypto/bn/asm/x86_64-mont.pl +0 -1393
data/vendor/ring/crypto/bn/asm/x86_64-mont5.pl +0 -3507
data/vendor/ring/crypto/bn/bn.c +0 -352
data/vendor/ring/crypto/bn/bn_asn1.c +0 -74
data/vendor/ring/crypto/bn/bn_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bn/bn_test.cc +0 -1696
data/vendor/ring/crypto/bn/cmp.c +0 -200
data/vendor/ring/crypto/bn/convert.c +0 -433
data/vendor/ring/crypto/bn/ctx.c +0 -311
data/vendor/ring/crypto/bn/div.c +0 -594
data/vendor/ring/crypto/bn/exponentiation.c +0 -1335
data/vendor/ring/crypto/bn/gcd.c +0 -711
data/vendor/ring/crypto/bn/generic.c +0 -1019
data/vendor/ring/crypto/bn/internal.h +0 -316
data/vendor/ring/crypto/bn/montgomery.c +0 -516
data/vendor/ring/crypto/bn/mul.c +0 -888
data/vendor/ring/crypto/bn/prime.c +0 -829
data/vendor/ring/crypto/bn/random.c +0 -334
data/vendor/ring/crypto/bn/rsaz_exp.c +0 -262
data/vendor/ring/crypto/bn/rsaz_exp.h +0 -53
data/vendor/ring/crypto/bn/shift.c +0 -276
data/vendor/ring/crypto/bytestring/bytestring_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bytestring/bytestring_test.cc +0 -421
data/vendor/ring/crypto/bytestring/cbb.c +0 -399
data/vendor/ring/crypto/bytestring/cbs.c +0 -227
data/vendor/ring/crypto/bytestring/internal.h +0 -46
data/vendor/ring/crypto/chacha/chacha_generic.c +0 -140
data/vendor/ring/crypto/chacha/chacha_vec.c +0 -323
data/vendor/ring/crypto/chacha/chacha_vec_arm.S +0 -1447
data/vendor/ring/crypto/chacha/chacha_vec_arm_generate.go +0 -153
data/vendor/ring/crypto/cipher/cipher_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/cipher/e_aes.c +0 -390
data/vendor/ring/crypto/cipher/e_chacha20poly1305.c +0 -208
data/vendor/ring/crypto/cipher/internal.h +0 -173
data/vendor/ring/crypto/cipher/test/aes_128_gcm_tests.txt +0 -543
data/vendor/ring/crypto/cipher/test/aes_128_key_wrap_tests.txt +0 -9
data/vendor/ring/crypto/cipher/test/aes_256_gcm_tests.txt +0 -475
data/vendor/ring/crypto/cipher/test/aes_256_key_wrap_tests.txt +0 -23
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_old_tests.txt +0 -422
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_tests.txt +0 -484
data/vendor/ring/crypto/cipher/test/cipher_test.txt +0 -100
data/vendor/ring/crypto/constant_time_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/constant_time_test.c +0 -304
data/vendor/ring/crypto/cpu-arm-asm.S +0 -32
data/vendor/ring/crypto/cpu-arm.c +0 -199
data/vendor/ring/crypto/cpu-intel.c +0 -261
data/vendor/ring/crypto/crypto.c +0 -151
data/vendor/ring/crypto/curve25519/asm/x25519-arm.S +0 -2118
data/vendor/ring/crypto/curve25519/curve25519.c +0 -4888
data/vendor/ring/crypto/curve25519/x25519_test.cc +0 -128
data/vendor/ring/crypto/digest/md32_common.h +0 -181
data/vendor/ring/crypto/ec/asm/p256-x86_64-asm.pl +0 -2725
data/vendor/ring/crypto/ec/ec.c +0 -193
data/vendor/ring/crypto/ec/ec_curves.c +0 -61
data/vendor/ring/crypto/ec/ec_key.c +0 -228
data/vendor/ring/crypto/ec/ec_montgomery.c +0 -114
data/vendor/ring/crypto/ec/example_mul.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ec/internal.h +0 -243
data/vendor/ring/crypto/ec/oct.c +0 -253
data/vendor/ring/crypto/ec/p256-64.c +0 -1794
data/vendor/ring/crypto/ec/p256-x86_64-table.h +0 -9548
data/vendor/ring/crypto/ec/p256-x86_64.c +0 -509
data/vendor/ring/crypto/ec/simple.c +0 -1007
data/vendor/ring/crypto/ec/util-64.c +0 -183
data/vendor/ring/crypto/ec/wnaf.c +0 -508
data/vendor/ring/crypto/ecdh/ecdh.c +0 -155
data/vendor/ring/crypto/ecdsa/ecdsa.c +0 -304
data/vendor/ring/crypto/ecdsa/ecdsa_asn1.c +0 -193
data/vendor/ring/crypto/ecdsa/ecdsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ecdsa/ecdsa_test.cc +0 -327
data/vendor/ring/crypto/header_removed.h +0 -17
data/vendor/ring/crypto/internal.h +0 -495
data/vendor/ring/crypto/libring.Windows.vcxproj +0 -101
data/vendor/ring/crypto/mem.c +0 -98
data/vendor/ring/crypto/modes/asm/aesni-gcm-x86_64.pl +0 -1045
data/vendor/ring/crypto/modes/asm/ghash-armv4.pl +0 -517
data/vendor/ring/crypto/modes/asm/ghash-x86.pl +0 -1393
data/vendor/ring/crypto/modes/asm/ghash-x86_64.pl +0 -1741
data/vendor/ring/crypto/modes/asm/ghashv8-armx.pl +0 -422
data/vendor/ring/crypto/modes/ctr.c +0 -226
data/vendor/ring/crypto/modes/gcm.c +0 -1206
data/vendor/ring/crypto/modes/gcm_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/modes/gcm_test.c +0 -348
data/vendor/ring/crypto/modes/internal.h +0 -299
data/vendor/ring/crypto/perlasm/arm-xlate.pl +0 -170
data/vendor/ring/crypto/perlasm/readme +0 -100
data/vendor/ring/crypto/perlasm/x86_64-xlate.pl +0 -1164
data/vendor/ring/crypto/perlasm/x86asm.pl +0 -292
data/vendor/ring/crypto/perlasm/x86gas.pl +0 -263
data/vendor/ring/crypto/perlasm/x86masm.pl +0 -200
data/vendor/ring/crypto/perlasm/x86nasm.pl +0 -187
data/vendor/ring/crypto/poly1305/poly1305.c +0 -331
data/vendor/ring/crypto/poly1305/poly1305_arm.c +0 -301
data/vendor/ring/crypto/poly1305/poly1305_arm_asm.S +0 -2015
data/vendor/ring/crypto/poly1305/poly1305_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/poly1305/poly1305_test.cc +0 -80
data/vendor/ring/crypto/poly1305/poly1305_test.txt +0 -52
data/vendor/ring/crypto/poly1305/poly1305_vec.c +0 -892
data/vendor/ring/crypto/rand/asm/rdrand-x86_64.pl +0 -75
data/vendor/ring/crypto/rand/internal.h +0 -32
data/vendor/ring/crypto/rand/rand.c +0 -189
data/vendor/ring/crypto/rand/urandom.c +0 -219
data/vendor/ring/crypto/rand/windows.c +0 -56
data/vendor/ring/crypto/refcount_c11.c +0 -66
data/vendor/ring/crypto/refcount_lock.c +0 -53
data/vendor/ring/crypto/refcount_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/refcount_test.c +0 -58
data/vendor/ring/crypto/rsa/blinding.c +0 -462
data/vendor/ring/crypto/rsa/internal.h +0 -108
data/vendor/ring/crypto/rsa/padding.c +0 -300
data/vendor/ring/crypto/rsa/rsa.c +0 -450
data/vendor/ring/crypto/rsa/rsa_asn1.c +0 -261
data/vendor/ring/crypto/rsa/rsa_impl.c +0 -944
data/vendor/ring/crypto/rsa/rsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/rsa/rsa_test.cc +0 -437
data/vendor/ring/crypto/sha/asm/sha-armv8.pl +0 -436
data/vendor/ring/crypto/sha/asm/sha-x86_64.pl +0 -2390
data/vendor/ring/crypto/sha/asm/sha256-586.pl +0 -1275
data/vendor/ring/crypto/sha/asm/sha256-armv4.pl +0 -735
data/vendor/ring/crypto/sha/asm/sha256-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha256-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-586.pl +0 -911
data/vendor/ring/crypto/sha/asm/sha512-armv4.pl +0 -666
data/vendor/ring/crypto/sha/asm/sha512-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/sha1.c +0 -271
data/vendor/ring/crypto/sha/sha256.c +0 -204
data/vendor/ring/crypto/sha/sha512.c +0 -355
data/vendor/ring/crypto/test/file_test.cc +0 -326
data/vendor/ring/crypto/test/file_test.h +0 -181
data/vendor/ring/crypto/test/malloc.cc +0 -150
data/vendor/ring/crypto/test/scoped_types.h +0 -95
data/vendor/ring/crypto/test/test.Windows.vcxproj +0 -35
data/vendor/ring/crypto/test/test_util.cc +0 -46
data/vendor/ring/crypto/test/test_util.h +0 -41
data/vendor/ring/crypto/thread_none.c +0 -55
data/vendor/ring/crypto/thread_pthread.c +0 -165
data/vendor/ring/crypto/thread_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/thread_test.c +0 -200
data/vendor/ring/crypto/thread_win.c +0 -282
data/vendor/ring/examples/checkdigest.rs +0 -103
data/vendor/ring/include/openssl/aes.h +0 -121
data/vendor/ring/include/openssl/arm_arch.h +0 -129
data/vendor/ring/include/openssl/base.h +0 -156
data/vendor/ring/include/openssl/bn.h +0 -794
data/vendor/ring/include/openssl/buffer.h +0 -18
data/vendor/ring/include/openssl/bytestring.h +0 -235
data/vendor/ring/include/openssl/chacha.h +0 -37
data/vendor/ring/include/openssl/cmac.h +0 -76
data/vendor/ring/include/openssl/cpu.h +0 -184
data/vendor/ring/include/openssl/crypto.h +0 -43
data/vendor/ring/include/openssl/curve25519.h +0 -88
data/vendor/ring/include/openssl/ec.h +0 -225
data/vendor/ring/include/openssl/ec_key.h +0 -129
data/vendor/ring/include/openssl/ecdh.h +0 -110
data/vendor/ring/include/openssl/ecdsa.h +0 -156
data/vendor/ring/include/openssl/err.h +0 -201
data/vendor/ring/include/openssl/mem.h +0 -101
data/vendor/ring/include/openssl/obj_mac.h +0 -71
data/vendor/ring/include/openssl/opensslfeatures.h +0 -68
data/vendor/ring/include/openssl/opensslv.h +0 -18
data/vendor/ring/include/openssl/ossl_typ.h +0 -18
data/vendor/ring/include/openssl/poly1305.h +0 -51
data/vendor/ring/include/openssl/rand.h +0 -70
data/vendor/ring/include/openssl/rsa.h +0 -399
data/vendor/ring/include/openssl/thread.h +0 -133
data/vendor/ring/include/openssl/type_check.h +0 -71
data/vendor/ring/mk/Common.props +0 -63
data/vendor/ring/mk/Windows.props +0 -42
data/vendor/ring/mk/WindowsTest.props +0 -18
data/vendor/ring/mk/appveyor.bat +0 -62
data/vendor/ring/mk/bottom_of_makefile.mk +0 -54
data/vendor/ring/mk/ring.mk +0 -266
data/vendor/ring/mk/top_of_makefile.mk +0 -214
data/vendor/ring/mk/travis.sh +0 -40
data/vendor/ring/mk/update-travis-yml.py +0 -229
data/vendor/ring/ring.sln +0 -153
data/vendor/ring/src/aead.rs +0 -682
data/vendor/ring/src/agreement.rs +0 -248
data/vendor/ring/src/c.rs +0 -129
data/vendor/ring/src/constant_time.rs +0 -37
data/vendor/ring/src/der.rs +0 -96
data/vendor/ring/src/digest.rs +0 -690
data/vendor/ring/src/digest_tests.txt +0 -57
data/vendor/ring/src/ecc.rs +0 -28
data/vendor/ring/src/ecc_build.rs +0 -279
data/vendor/ring/src/ecc_curves.rs +0 -117
data/vendor/ring/src/ed25519_tests.txt +0 -2579
data/vendor/ring/src/exe_tests.rs +0 -46
data/vendor/ring/src/ffi.rs +0 -29
data/vendor/ring/src/file_test.rs +0 -187
data/vendor/ring/src/hkdf.rs +0 -153
data/vendor/ring/src/hkdf_tests.txt +0 -59
data/vendor/ring/src/hmac.rs +0 -414
data/vendor/ring/src/hmac_tests.txt +0 -97
data/vendor/ring/src/input.rs +0 -312
data/vendor/ring/src/lib.rs +0 -41
data/vendor/ring/src/pbkdf2.rs +0 -265
data/vendor/ring/src/pbkdf2_tests.txt +0 -113
data/vendor/ring/src/polyfill.rs +0 -57
data/vendor/ring/src/rand.rs +0 -28
data/vendor/ring/src/signature.rs +0 -314
data/vendor/ring/third-party/NIST/README.md +0 -9
data/vendor/ring/third-party/NIST/SHAVS/SHA1LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA1Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA1ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA224LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA224Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA224ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA256LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA256Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA256ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA384LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA384Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA384ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/SHAVS/SHA512LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA512Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA512ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/sha256sums.txt +0 -1

data/vendor/ring/crypto/aes/asm/aesv8-armx.pl DELETED

@@ -1,675 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# This module implements support for ARMv8 AES instructions. The
-# module is endian-agnostic in sense that it supports both big- and
-# little-endian cases. As does it support both 32- and 64-bit modes
-# of operation. Latter is achieved by limiting amount of utilized
-# registers to 16, which implies additional NEON load and integer
-# instructions. This has no effect on mighty Apple A7, where results
-# are literally equal to the theoretical estimates based on AES
-# instruction latencies and issue rates. On Cortex-A53, an in-order
-# execution core, this costs up to 10-15%, which is partially
-# compensated by implementing dedicated code path for 128-bit
-# CBC encrypt case. On Cortex-A57 parallelizable mode performance
-# seems to be limited by sheer amount of NEON instructions...
-#
-# Performance in cycles per byte processed with 128-bit key:
-#
-#		CBC enc		CBC dec		CTR
-# Apple A7	2.39		1.20		1.20
-# Cortex-A53	1.32		1.29		1.46
-# Cortex-A57(*)	1.95		0.85		0.93
-# Denver	1.96		0.86		0.80
-#
-# (*)	original 3.64/1.34/1.32 results were for r0p0 revision
-#	and are still same even for updated module;
-$flavour = shift;
-$output  = shift;
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or
-( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
-die "can't locate arm-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour $output";
-*STDOUT=*OUT;
-$prefix="aes_v8";
-$code=<<___;
-#include <openssl/arm_arch.h>
-#if __ARM_MAX_ARCH__>=7
-.text
-___
-$code.=<<___ if ($flavour =~ /64/);
-#if !defined(__clang__)
-.arch  armv8-a+crypto
-#endif
-___
-$code.=".arch	armv7-a\n.fpu	neon\n.code	32\n"	if ($flavour !~ /64/);
-		#^^^^^^ this is done to simplify adoption by not depending
-		#	on latest binutils.
-# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax,
-# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to
-# maintain both 32- and 64-bit codes within single module and
-# transliterate common code to either flavour with regex vodoo.
-#
-{{{
-my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12");
-my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)=
-	$flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10));
-$code.=<<___;
-.align	5
-.Lrcon:
-.long	0x01,0x01,0x01,0x01
-.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
-.long	0x1b,0x1b,0x1b,0x1b
-.globl	${prefix}_set_encrypt_key
-.type	${prefix}_set_encrypt_key,%function
-.align	5
-${prefix}_set_encrypt_key:
-.Lenc_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___;
-	mov	$ptr,#-1
-	cmp	$inp,#0
-	b.eq	.Lenc_key_abort
-	cmp	$out,#0
-	b.eq	.Lenc_key_abort
-	mov	$ptr,#-2
-	cmp	$bits,#128
-	b.lt	.Lenc_key_abort
-	cmp	$bits,#256
-	b.gt	.Lenc_key_abort
-	tst	$bits,#0x3f
-	b.ne	.Lenc_key_abort
-	adr	$ptr,.Lrcon
-	cmp	$bits,#192
-	veor	$zero,$zero,$zero
-	vld1.8	{$in0},[$inp],#16
-	mov	$bits,#8		// reuse $bits
-	vld1.32	{$rcon,$mask},[$ptr],#32
-	b.lt	.Loop128
-	b.eq	.L192
-	b	.L256
-.align	4
-.Loop128:
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	b.ne	.Loop128
-	vld1.32	{$rcon},[$ptr]
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	vtbl.8	$key,{$in0},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in0},[$out],#16
-	aese	$key,$zero
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out]
-	add	$out,$out,#0x50
-	mov	$rounds,#10
-	b	.Ldone
-.align	4
-.L192:
-	vld1.8	{$in1},[$inp],#8
-	vmov.i8	$key,#8			// borrow $key
-	vst1.32	{$in0},[$out],#16
-	vsub.i8	$mask,$mask,$key	// adjust the mask
-.Loop192:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#8
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vdup.32	$tmp,${in0}[3]
-	veor	$tmp,$tmp,$in1
-	 veor	$key,$key,$rcon
-	vext.8	$in1,$zero,$in1,#12
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in1,$in1,$tmp
-	veor	$in0,$in0,$key
-	veor	$in1,$in1,$key
-	vst1.32	{$in0},[$out],#16
-	b.ne	.Loop192
-	mov	$rounds,#12
-	add	$out,$out,#0x20
-	b	.Ldone
-.align	4
-.L256:
-	vld1.8	{$in1},[$inp]
-	mov	$bits,#7
-	mov	$rounds,#14
-	vst1.32	{$in0},[$out],#16
-.Loop256:
-	vtbl.8	$key,{$in1},$mask
-	vext.8	$tmp,$zero,$in0,#12
-	vst1.32	{$in1},[$out],#16
-	aese	$key,$zero
-	subs	$bits,$bits,#1
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in0,$in0,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	 veor	$key,$key,$rcon
-	veor	$in0,$in0,$tmp
-	vshl.u8	$rcon,$rcon,#1
-	veor	$in0,$in0,$key
-	vst1.32	{$in0},[$out],#16
-	b.eq	.Ldone
-	vdup.32	$key,${in0}[3]		// just splat
-	vext.8	$tmp,$zero,$in1,#12
-	aese	$key,$zero
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-	vext.8	$tmp,$zero,$tmp,#12
-	veor	$in1,$in1,$tmp
-	veor	$in1,$in1,$key
-	b	.Loop256
-.Ldone:
-	str	$rounds,[$out]
-	mov	$ptr,#0
-.Lenc_key_abort:
-	mov	x0,$ptr			// return value
-	`"ldr	x29,[sp],#16"		if ($flavour =~ /64/)`
-	ret
-.size	${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key
-.globl	${prefix}_set_decrypt_key
-.type	${prefix}_set_decrypt_key,%function
-.align	5
-${prefix}_set_decrypt_key:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	stmdb	sp!,{r4,lr}
-___
-$code.=<<___;
-	bl	.Lenc_key
-	cmp	x0,#0
-	b.ne	.Ldec_key_abort
-	sub	$out,$out,#240		// restore original $out
-	mov	x4,#-16
-	add	$inp,$out,x12,lsl#4	// end of key schedule
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-.Loop_imc:
-	vld1.32	{v0.16b},[$out]
-	vld1.32	{v1.16b},[$inp]
-	aesimc	v0.16b,v0.16b
-	aesimc	v1.16b,v1.16b
-	vst1.32	{v0.16b},[$inp],x4
-	vst1.32	{v1.16b},[$out],#16
-	cmp	$inp,$out
-	b.hi	.Loop_imc
-	vld1.32	{v0.16b},[$out]
-	aesimc	v0.16b,v0.16b
-	vst1.32	{v0.16b},[$inp]
-	eor	x0,x0,x0		// return value
-.Ldec_key_abort:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	ldmia	sp!,{r4,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldp	x29,x30,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key
-___
-}}}
-{{{
-sub gen_block () {
-my $dir = shift;
-my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
-my ($inp,$out,$key)=map("x$_",(0..2));
-my $rounds="w3";
-my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
-$code.=<<___;
-.globl	${prefix}_${dir}crypt
-.type	${prefix}_${dir}crypt,%function
-.align	5
-${prefix}_${dir}crypt:
-	ldr	$rounds,[$key,#240]
-	vld1.32	{$rndkey0},[$key],#16
-	vld1.8	{$inout},[$inp]
-	sub	$rounds,$rounds,#2
-	vld1.32	{$rndkey1},[$key],#16
-.Loop_${dir}c:
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key],#16
-	subs	$rounds,$rounds,#2
-	aes$e	$inout,$rndkey1
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey1},[$key],#16
-	b.gt	.Loop_${dir}c
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key]
-	aes$e	$inout,$rndkey1
-	veor	$inout,$inout,$rndkey0
-	vst1.8	{$inout},[$out]
-	ret
-.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
-___
-}
-&gen_block("en");
-&gen_block("de");
-}}}
-{{{
-my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
-my ($rounds,$cnt,$key_)=("w5","w6","x7");
-my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12));
-my $step="x12";		# aliases with $tctr2
-my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7));
-my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9));
-my ($dat,$tmp)=($dat0,$tmp0);
-### q8-q15	preloaded key schedule
-$code.=<<___;
-.globl	${prefix}_ctr32_encrypt_blocks
-.type	${prefix}_ctr32_encrypt_blocks,%function
-.align	5
-${prefix}_ctr32_encrypt_blocks:
-___
-$code.=<<___	if ($flavour =~ /64/);
-	stp		x29,x30,[sp,#-16]!
-	add		x29,sp,#0
-___
-$code.=<<___	if ($flavour !~ /64/);
-	mov		ip,sp
-	stmdb		sp!,{r4-r10,lr}
-	vstmdb		sp!,{d8-d15}            @ ABI specification says so
-	ldr		r4, [ip]		@ load remaining arg
-___
-$code.=<<___;
-	ldr		$rounds,[$key,#240]
-	ldr		$ctr, [$ivp, #12]
-	vld1.32		{$dat0},[$ivp]
-	vld1.32		{q8-q9},[$key]		// load key schedule...
-	sub		$rounds,$rounds,#4
-	mov		$step,#16
-	cmp		$len,#2
-	add		$key_,$key,x5,lsl#4	// pointer to last 5 round keys
-	sub		$rounds,$rounds,#2
-	vld1.32		{q12-q13},[$key_],#32
-	vld1.32		{q14-q15},[$key_],#32
-	vld1.32		{$rndlast},[$key_]
-	add		$key_,$key,#32
-	mov		$cnt,$rounds
-	cclr		$step,lo
-#ifndef __ARMEB__
-	rev		$ctr, $ctr
-#endif
-	vorr		$dat1,$dat0,$dat0
-	add		$tctr1, $ctr, #1
-	vorr		$dat2,$dat0,$dat0
-	add		$ctr, $ctr, #2
-	vorr		$ivec,$dat0,$dat0
-	rev		$tctr1, $tctr1
-	vmov.32		${dat1}[3],$tctr1
-	b.ls		.Lctr32_tail
-	rev		$tctr2, $ctr
-	sub		$len,$len,#3		// bias
-	vmov.32		${dat2}[3],$tctr2
-	b		.Loop3x_ctr32
-.align	4
-.Loop3x_ctr32:
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	aese		$dat2,q8
-	aesmc		$dat2,$dat2
-	vld1.32		{q8},[$key_],#16
-	subs		$cnt,$cnt,#2
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	aese		$dat2,q9
-	aesmc		$dat2,$dat2
-	vld1.32		{q9},[$key_],#16
-	b.gt		.Loop3x_ctr32
-	aese		$dat0,q8
-	aesmc		$tmp0,$dat0
-	aese		$dat1,q8
-	aesmc		$tmp1,$dat1
-	 vld1.8		{$in0},[$inp],#16
-	 vorr		$dat0,$ivec,$ivec
-	aese		$dat2,q8
-	aesmc		$dat2,$dat2
-	 vld1.8		{$in1},[$inp],#16
-	 vorr		$dat1,$ivec,$ivec
-	aese		$tmp0,q9
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q9
-	aesmc		$tmp1,$tmp1
-	 vld1.8		{$in2},[$inp],#16
-	 mov		$key_,$key
-	aese		$dat2,q9
-	aesmc		$tmp2,$dat2
-	 vorr		$dat2,$ivec,$ivec
-	 add		$tctr0,$ctr,#1
-	aese		$tmp0,q12
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q12
-	aesmc		$tmp1,$tmp1
-	 veor		$in0,$in0,$rndlast
-	 add		$tctr1,$ctr,#2
-	aese		$tmp2,q12
-	aesmc		$tmp2,$tmp2
-	 veor		$in1,$in1,$rndlast
-	 add		$ctr,$ctr,#3
-	aese		$tmp0,q13
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q13
-	aesmc		$tmp1,$tmp1
-	 veor		$in2,$in2,$rndlast
-	 rev		$tctr0,$tctr0
-	aese		$tmp2,q13
-	aesmc		$tmp2,$tmp2
-	 vmov.32	${dat0}[3], $tctr0
-	 rev		$tctr1,$tctr1
-	aese		$tmp0,q14
-	aesmc		$tmp0,$tmp0
-	aese		$tmp1,q14
-	aesmc		$tmp1,$tmp1
-	 vmov.32	${dat1}[3], $tctr1
-	 rev		$tctr2,$ctr
-	aese		$tmp2,q14
-	aesmc		$tmp2,$tmp2
-	 vmov.32	${dat2}[3], $tctr2
-	 subs		$len,$len,#3
-	aese		$tmp0,q15
-	aese		$tmp1,q15
-	aese		$tmp2,q15
-	veor		$in0,$in0,$tmp0
-	 vld1.32	 {q8},[$key_],#16	// re-pre-load rndkey[0]
-	vst1.8		{$in0},[$out],#16
-	veor		$in1,$in1,$tmp1
-	 mov		$cnt,$rounds
-	vst1.8		{$in1},[$out],#16
-	veor		$in2,$in2,$tmp2
-	 vld1.32	 {q9},[$key_],#16	// re-pre-load rndkey[1]
-	vst1.8		{$in2},[$out],#16
-	b.hs		.Loop3x_ctr32
-	adds		$len,$len,#3
-	b.eq		.Lctr32_done
-	cmp		$len,#1
-	mov		$step,#16
-	cclr		$step,eq
-.Lctr32_tail:
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	vld1.32		{q8},[$key_],#16
-	subs		$cnt,$cnt,#2
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	vld1.32		{q9},[$key_],#16
-	b.gt		.Lctr32_tail
-	aese		$dat0,q8
-	aesmc		$dat0,$dat0
-	aese		$dat1,q8
-	aesmc		$dat1,$dat1
-	aese		$dat0,q9
-	aesmc		$dat0,$dat0
-	aese		$dat1,q9
-	aesmc		$dat1,$dat1
-	 vld1.8		{$in0},[$inp],$step
-	aese		$dat0,q12
-	aesmc		$dat0,$dat0
-	aese		$dat1,q12
-	aesmc		$dat1,$dat1
-	 vld1.8		{$in1},[$inp]
-	aese		$dat0,q13
-	aesmc		$dat0,$dat0
-	aese		$dat1,q13
-	aesmc		$dat1,$dat1
-	 veor		$in0,$in0,$rndlast
-	aese		$dat0,q14
-	aesmc		$dat0,$dat0
-	aese		$dat1,q14
-	aesmc		$dat1,$dat1
-	 veor		$in1,$in1,$rndlast
-	aese		$dat0,q15
-	aese		$dat1,q15
-	cmp		$len,#1
-	veor		$in0,$in0,$dat0
-	veor		$in1,$in1,$dat1
-	vst1.8		{$in0},[$out],#16
-	b.eq		.Lctr32_done
-	vst1.8		{$in1},[$out]
-.Lctr32_done:
-___
-$code.=<<___	if ($flavour !~ /64/);
-	vldmia		sp!,{d8-d15}
-	ldmia		sp!,{r4-r10,pc}
-___
-$code.=<<___	if ($flavour =~ /64/);
-	ldr		x29,[sp],#16
-	ret
-___
-$code.=<<___;
-.size	${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
-___
-}}}
-$code.=<<___;
-#endif
-___
-########################################
-if ($flavour =~ /64/) {			######## 64-bit code
-    my %opcode = (
-	"aesd"	=>	0x4e285800,	"aese"	=>	0x4e284800,
-	"aesimc"=>	0x4e287800,	"aesmc"	=>	0x4e286800	);
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-	$arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o	&&
-	sprintf ".inst\t0x%08x\t//%s %s",
-			$opcode{$mnemonic}|$1|($2<<5),
-			$mnemonic,$arg;
-    };
-    foreach(split("\n",$code)) {
-	s/\`([^\`]*)\`/eval($1)/geo;
-	s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo;	# old->new registers
-	s/@\s/\/\//o;			# old->new style commentary
-	#s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel	$1$2,$1zr,$1$2,$3/o	or
-	s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel	$2,$3,$2,$1/o	or
-	s/vmov\.i8/movi/o	or	# fix up legacy mnemonics
-	s/vext\.8/ext/o		or
-	s/vrev32\.8/rev32/o	or
-	s/vtst\.8/cmtst/o	or
-	s/vshr/ushr/o		or
-	s/^(\s+)v/$1/o		or	# strip off v prefix
-	s/\bbx\s+lr\b/ret/o;
-	# fix up remainig legacy suffixes
-	s/\.[ui]?8//o;
-	m/\],#8/o and s/\.16b/\.8b/go;
-	s/\.[ui]?32//o and s/\.16b/\.4s/go;
-	s/\.[ui]?64//o and s/\.16b/\.2d/go;
-	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
-	print $_,"\n";
-    }
-} else {				######## 32-bit code
-    my %opcode = (
-	"aesd"	=>	0xf3b00340,	"aese"	=>	0xf3b00300,
-	"aesimc"=>	0xf3b003c0,	"aesmc"	=>	0xf3b00380	);
-    local *unaes = sub {
-	my ($mnemonic,$arg)=@_;
-	if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) {
-	    my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19)
-					 |(($2&7)<<1) |(($2&8)<<2);
-	    # since ARMv7 instructions are always encoded little-endian.
-	    # correct solution is to use .inst directive, but older
-	    # assemblers don't implement it:-(
-	    sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s",
-			$word&0xff,($word>>8)&0xff,
-			($word>>16)&0xff,($word>>24)&0xff,
-			$mnemonic,$arg;
-	}
-    };
-    sub unvtbl {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o &&
-	sprintf	"vtbl.8	d%d,{q%d},d%d\n\t".
-		"vtbl.8	d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1;
-    }
-    sub unvdup32 {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o &&
-	sprintf	"vdup.32	q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1;
-    }
-    sub unvmov32 {
-	my $arg=shift;
-	$arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o &&
-	sprintf	"vmov.32	d%d[%d],%s",2*$1+($2>>1),$2&1,$3;
-    }
-    foreach(split("\n",$code)) {
-	s/\`([^\`]*)\`/eval($1)/geo;
-	s/\b[wx]([0-9]+)\b/r$1/go;		# new->old registers
-	s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go;	# new->old registers
-	s/\/\/\s?/@ /o;				# new->old style commentary
-	# fix up remainig new-style suffixes
-	s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo	or
-	s/\],#[0-9]+/]!/o;
-	s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo	or
-	s/cclr\s+([^,]+),\s*([a-z]+)/mov$2	$1,#0/o	or
-	s/vtbl\.8\s+(.*)/unvtbl($1)/geo			or
-	s/vdup\.32\s+(.*)/unvdup32($1)/geo		or
-	s/vmov\.32\s+(.*)/unvmov32($1)/geo		or
-	s/^(\s+)b\./$1b/o				or
-	s/^(\s+)mov\./$1mov/o				or
-	s/^(\s+)ret/$1bx\tlr/o;
-	print $_,"\n";
-    }
-}
-close STDOUT;