2 # Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
5 # this file except in compliance with the License. You can obtain a copy
6 # in the file LICENSE in the source distribution or at
7 # https://www.openssl.org/source/license.html
10 # ====================================================================
11 # Copyright (c) 2008 Andy Polyakov <appro@openssl.org>
13 # This module may be used under the terms of either the GNU General
14 # Public License version 2 or later, the GNU Lesser General Public
15 # License version 2.1 or later, the Mozilla Public License version
16 # 1.1 or the BSD License. The exact terms of either license are
17 # distributed along with this module. For further details see
18 # http://www.openssl.org/~appro/camellia/.
19 # ====================================================================
21 # Performance in cycles per processed byte (less is better) in
22 # 'openssl speed ...' benchmark:
25 # -evp camellia-128-ecb 16.7 21.0 22.7
26 # + over gcc 3.4.6 +25% +5% 0%
28 # camellia-128-cbc 15.7 20.4 21.1
30 # 128-bit key setup 128 216 205 cycles/key
31 # + over gcc 3.4.6 +54% +39% +15%
33 # Numbers in "+" rows represent performance improvement over compiler
34 # generated code. Key setup timings are impressive on AMD and Core2
35 # thanks to 64-bit operations being covertly deployed. Improvement on
36 # EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it
37 # apparently emulates some of 64-bit operations in [32-bit] microcode.
39 # $output is the last argument if it looks like a file (it has an extension)
40 # $flavour is the first argument if it doesn't look like a file
41 $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
42 $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
44 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
46 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
47 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
48 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
49 die "can't locate x86_64-xlate.pl";
51 open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""
52 or die "can't call $xlate: $!";
55 sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; }
56 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;
57 $r =~ s/%[er]([sd]i)/%\1l/;
58 $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; }
60 $t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx";
61 @S=("%r8d","%r9d","%r10d","%r11d");
64 $Tbl="%rbp"; # size optimization
69 $arg0d=$win64?"%ecx":"%edi";
71 # const unsigned int Camellia_SBOX[4][256];
72 # Well, sort of... Camellia_SBOX[0][] is interleaved with [1][],
73 # and [2][] - with [3][]. This is done to minimize code size.
74 $SBOX1_1110=0; # Camellia_SBOX[0]
75 $SBOX4_4404=4; # Camellia_SBOX[1]
76 $SBOX2_0222=2048; # Camellia_SBOX[2]
77 $SBOX3_3033=2052; # Camellia_SBOX[3]
79 sub Camellia_Feistel {
81 my $seed=defined(@_[1])?@_[1]:0;
82 my $scale=$seed<0?-8:8;
84 my ($s0,$s1,$s2,$s3)=(@S[($j)%4],@S[($j+1)%4],@S[($j+2)%4],@S[($j+3)%4]);
87 xor $s0,$t0 # t0^=key[0]
88 xor $s1,$t1 # t1^=key[1]
89 movz `&hi("$t0")`,$i0 # (t0>>8)&0xff
90 movz `&lo("$t1")`,$i1 # (t1>>0)&0xff
91 mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0]
92 mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1]
93 movz `&lo("$t0")`,$i0 # (t0>>0)&0xff
95 movz `&hi("$t1")`,$i1 # (t1>>8)&0xff
96 xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0]
98 xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1]
99 movz `&hi("$t0")`,$i0 # (t0>>24)&0xff
100 movz `&lo("$t1")`,$i1 # (t1>>16)&0xff
101 xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0]
102 xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1]
103 movz `&lo("$t0")`,$i0 # (t0>>16)&0xff
104 movz `&hi("$t1")`,$i1 # (t1>>24)&0xff
105 xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0]
106 xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1]
107 mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1]
108 mov `$seed+($i+1)*$scale+4`($key),$t0
110 ror \$8,$t3 # t3=RightRotate(t3,8)
117 # void Camellia_EncryptBlock_Rounds(
119 # const Byte plaintext[],
120 # const KEY_TABLE_TYPE keyTable,
126 .globl Camellia_EncryptBlock
127 .type Camellia_EncryptBlock,\@abi-omnipotent
129 Camellia_EncryptBlock:
133 adcl \$0,$arg0d # keyBitLength==128?3:4
135 .size Camellia_EncryptBlock,.-Camellia_EncryptBlock
137 .globl Camellia_EncryptBlock_Rounds
138 .type Camellia_EncryptBlock_Rounds,\@function,4
141 Camellia_EncryptBlock_Rounds:
155 #mov %rsi,$inp # put away arguments
159 shl \$6,%edi # process grandRounds
160 lea .LCamellia_SBOX(%rip),$Tbl
161 lea ($key,%rdi),$keyend
163 mov 0(%rsi),@S[0] # load plaintext
172 call _x86_64_Camellia_encrypt
194 .cfi_adjust_cfa_offset -40
198 .size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
200 .type _x86_64_Camellia_encrypt,\@abi-omnipotent
202 _x86_64_Camellia_encrypt:
204 xor 4($key),@S[0] # ^=key[0-3]
209 mov 16($key),$t1 # prefetch key[4-5]
213 for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); }
217 mov 8($key),$t3 # prefetch key[2-3]
224 xor $t3,@S[2] # s2^=s3|key[3];
225 xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
229 xor $t1,@S[0] # s0^=s1|key[1];
230 xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
235 xor @S[2],$t0 # SwapHalf
245 .byte 0xf3,0xc3 # rep ret
246 .size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
249 .globl Camellia_DecryptBlock
250 .type Camellia_DecryptBlock,\@abi-omnipotent
252 Camellia_DecryptBlock:
256 adcl \$0,$arg0d # keyBitLength==128?3:4
258 .size Camellia_DecryptBlock,.-Camellia_DecryptBlock
260 .globl Camellia_DecryptBlock_Rounds
261 .type Camellia_DecryptBlock_Rounds,\@function,4
264 Camellia_DecryptBlock_Rounds:
278 #mov %rsi,$inp # put away arguments
282 shl \$6,%edi # process grandRounds
283 lea .LCamellia_SBOX(%rip),$Tbl
284 lea ($keyend,%rdi),$key
286 mov 0(%rsi),@S[0] # load plaintext
295 call _x86_64_Camellia_decrypt
317 .cfi_adjust_cfa_offset -40
321 .size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
323 .type _x86_64_Camellia_decrypt,\@abi-omnipotent
325 _x86_64_Camellia_decrypt:
327 xor 4($key),@S[0] # ^=key[0-3]
332 mov -8($key),$t1 # prefetch key[4-5]
336 for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); }
340 mov 0($key),$t3 # prefetch key[2-3]
347 xor $t3,@S[2] # s2^=s3|key[3];
348 xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1);
352 xor $t1,@S[0] # s0^=s1|key[1];
353 xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1);
364 mov $t2,@S[0] # SwapHalf
369 .byte 0xf3,0xc3 # rep ret
370 .size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
374 my ($rnd,$key,@T)=@_;
375 my $bias=int(@T[0])?shift(@T):0;
379 mov @T[1],`$bias+$rnd*8+0`($key)
380 mov @T[0],`$bias+$rnd*8+4`($key)
381 mov @T[3],`$bias+$rnd*8+8`($key)
382 mov @T[2],`$bias+$rnd*8+12`($key)
385 $code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n";
386 $code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1);
391 my ($rnd,$key,@T)=@_;
392 my $bias=int(@T[0])?shift(@T):0;
394 $code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n";
395 $code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1);
398 # shld is very slow on Intel EM64T family. Even on AMD it limits
399 # instruction decode rate [because it's VectorPath] and consequently
402 my ($i0,$i1,$rot)=@_;
413 # ... Implementing 128-bit rotate without shld gives 80% better
414 # performance EM64T, +15% on AMD64 and only ~7% degradation on
415 # Core2. This is therefore preferred.
417 my ($i0,$i1,$rot)=@_;
436 .globl Camellia_Ekeygen
437 .type Camellia_Ekeygen,\@function,3
453 mov %edi,${keyend}d # put away arguments, keyBitLength
454 mov %rdx,$out # keyTable
456 mov 0(%rsi),@S[0] # load 0-127 bits
466 &_saveround (0,$out,@S); # KL<<<0
468 cmp \$128,$keyend # check keyBitLength
471 mov 16(%rsi),@S[0] # load 128-191 bits
475 mov 24(%rsi),@S[2] # load 192-255 bits
489 &_saveround (4,$out,@S); # temp storage for KR!
491 xor 0($out),@S[1] # KR^KL
497 lea .LCamellia_SIGMA(%rip),$key
498 lea .LCamellia_SBOX(%rip),$Tbl
503 &Camellia_Feistel($step++);
504 &Camellia_Feistel($step++);
506 xor 0($out),@S[1] # ^KL
511 &Camellia_Feistel($step++);
512 &Camellia_Feistel($step++);
517 lea 128($out),$out # size optimization
518 shl \$32,%r8 # @S[0]||
519 shl \$32,%r10 # @S[2]||
521 or %r11,%r10 # ||@S[3]
523 &_loadround (0,$out,-128,"%rax","%rbx"); # KL
524 &_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0
525 &_rotl128 ("%rax","%rbx",15);
526 &_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15
527 &_rotl128 ("%r8","%r10",15);
528 &_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15
529 &_rotl128 ("%r8","%r10",15); # 15+15=30
530 &_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30
531 &_rotl128 ("%rax","%rbx",30); # 15+30=45
532 &_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45
533 &_rotl128 ("%r8","%r10",15); # 30+15=45
534 &_saveround (12,$out,-128,"%r8"); # KA<<<45
535 &_rotl128 ("%rax","%rbx",15); # 45+15=60
536 &_saveround (13,$out,-128,"%rbx"); # KL<<<60
537 &_rotl128 ("%r8","%r10",15); # 45+15=60
538 &_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60
539 &_rotl128 ("%rax","%rbx",17); # 60+17=77
540 &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77
541 &_rotl128 ("%rax","%rbx",17); # 77+17=94
542 &_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94
543 &_rotl128 ("%r8","%r10",34); # 60+34=94
544 &_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94
545 &_rotl128 ("%rax","%rbx",17); # 94+17=111
546 &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111
547 &_rotl128 ("%r8","%r10",17); # 94+17=111
548 &_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111
555 &_saveround (6,$out,@S); # temp storage for KA!
557 xor `4*8+0`($out),@S[1] # KA^KR
558 xor `4*8+4`($out),@S[0]
559 xor `5*8+0`($out),@S[3]
560 xor `5*8+4`($out),@S[2]
562 &Camellia_Feistel($step++);
563 &Camellia_Feistel($step++);
565 &_loadround (0,$out,"%rax","%rbx"); # KL
566 &_loadround (4,$out,"%rcx","%rdx"); # KR
567 &_loadround (6,$out,"%r14","%r15"); # KA
569 lea 128($out),$out # size optimization
570 shl \$32,%r8 # @S[0]||
571 shl \$32,%r10 # @S[2]||
573 or %r11,%r10 # ||@S[3]
575 &_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0
576 &_rotl128 ("%rcx","%rdx",15);
577 &_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15
578 &_rotl128 ("%r14","%r15",15);
579 &_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15
580 &_rotl128 ("%rcx","%rdx",15); # 15+15=30
581 &_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30
582 &_rotl128 ("%r8","%r10",30);
583 &_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30
584 &_rotl128 ("%rax","%rbx",45);
585 &_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45
586 &_rotl128 ("%r14","%r15",30); # 15+30=45
587 &_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45
588 &_rotl128 ("%rax","%rbx",15); # 45+15=60
589 &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60
590 &_rotl128 ("%rcx","%rdx",30); # 30+30=60
591 &_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60
592 &_rotl128 ("%r8","%r10",30); # 30+30=60
593 &_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60
594 &_rotl128 ("%rax","%rbx",17); # 60+17=77
595 &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77
596 &_rotl128 ("%r14","%r15",32); # 45+32=77
597 &_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77
598 &_rotl128 ("%rcx","%rdx",34); # 60+34=94
599 &_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94
600 &_rotl128 ("%r14","%r15",17); # 77+17=94
601 &_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77
602 &_rotl128 ("%rax","%rbx",34); # 77+34=111
603 &_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111
604 &_rotl128 ("%r8","%r10",51); # 60+51=111
605 &_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111
620 .cfi_adjust_cfa_offset -40
624 .size Camellia_Ekeygen,.-Camellia_Ekeygen
629 112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
630 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
631 134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
632 166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77,
633 139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
634 223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215,
635 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
636 254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80,
637 170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
638 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148,
639 135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226,
640 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
641 233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
642 120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
643 114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
644 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);
646 sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }
647 sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }
648 sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }
649 sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
654 .long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
655 .long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
656 .long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
660 # tables are interleaved, remember?
661 sub data_word { $code.=".long\t".join(',',@_)."\n"; }
662 for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }
663 for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }
665 # void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,
666 # size_t length, const CAMELLIA_KEY *key,
667 # unsigned char *ivp,const int enc);
670 $_end="8(%rsp)"; # inp+len&~15
671 $_res="16(%rsp)"; # len&15
677 .globl Camellia_cbc_encrypt
678 .type Camellia_cbc_encrypt,\@function,6
680 Camellia_cbc_encrypt:
699 .cfi_def_cfa_register %rbp
703 # place stack frame just "above mod 1024" the key schedule,
704 # this ensures that cache associativity suffices
705 lea -64-63(%rcx),%r10
710 #add \$8,%rsp # 8 is reserved for callee's ra
712 mov %rdi,$inp # inp argument
713 mov %rsi,$out # out argument
714 mov %r8,%rbx # ivp argument
715 mov %rcx,$key # key argument
716 mov 272(%rcx),${keyend}d # grandRounds
720 .cfi_cfa_expression $_rsp,deref,+56
723 lea .LCamellia_SBOX(%rip),$Tbl
733 loop .Lcbc_prefetch_sbox
736 mov %rdx,%rcx # len argument
737 lea ($key,$keyend),$keyend
739 cmp \$0,%r9d # enc argument
743 and \$15,%rcx # length residue
750 mov 0(%rbx),@S[0] # load IV
768 call _x86_64_Camellia_encrypt
770 mov $_key,$key # "rewind" the key
790 mov @S[0],0($out) # write out IV residue
808 .long 0x9066A4F3 # rep movsb
815 jmp .Lcbc_eloop # one more time
821 and \$15,%rcx # length residue
828 mov (%rbx),%rax # load IV
839 mov %rax,0+$ivec # save IV to temporary storage
844 call _x86_64_Camellia_decrypt
846 mov $_key,$key # "rewind" the key
851 mov ($inp),%rax # load IV for next iteration
883 mov %rax,(%rdx) # write out IV residue
898 .long 0x9066A4F3 # rep movsb
902 mov %rax,(%rdx) # write out IV residue
927 .size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
929 .asciz "Camellia for x86_64 by <appro\@openssl.org>"
933 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
934 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
942 .extern __imp_RtlVirtualUnwind
943 .type common_se_handler,\@abi-omnipotent
957 mov 120($context),%rax # pull context->Rax
958 mov 248($context),%rbx # pull context->Rip
960 mov 8($disp),%rsi # disp->ImageBase
961 mov 56($disp),%r11 # disp->HandlerData
963 mov 0(%r11),%r10d # HandlerData[0]
964 lea (%rsi,%r10),%r10 # prologue label
965 cmp %r10,%rbx # context->Rip<prologue label
968 mov 152($context),%rax # pull context->Rsp
970 mov 4(%r11),%r10d # HandlerData[1]
971 lea (%rsi,%r10),%r10 # epilogue label
972 cmp %r10,%rbx # context->Rip>=epilogue label
981 mov %rbx,144($context) # restore context->Rbx
982 mov %rbp,160($context) # restore context->Rbp
983 mov %r13,224($context) # restore context->R13
984 mov %r14,232($context) # restore context->R14
985 mov %r15,240($context) # restore context->R15
990 mov %rax,152($context) # restore context->Rsp
991 mov %rsi,168($context) # restore context->Rsi
992 mov %rdi,176($context) # restore context->Rdi
994 jmp .Lcommon_seh_exit
995 .size common_se_handler,.-common_se_handler
997 .type cbc_se_handler,\@abi-omnipotent
1011 mov 120($context),%rax # pull context->Rax
1012 mov 248($context),%rbx # pull context->Rip
1014 lea .Lcbc_prologue(%rip),%r10
1015 cmp %r10,%rbx # context->Rip<.Lcbc_prologue
1016 jb .Lin_cbc_prologue
1018 lea .Lcbc_body(%rip),%r10
1019 cmp %r10,%rbx # context->Rip<.Lcbc_body
1020 jb .Lin_cbc_frame_setup
1022 mov 152($context),%rax # pull context->Rsp
1024 lea .Lcbc_abort(%rip),%r10
1025 cmp %r10,%rbx # context->Rip>=.Lcbc_abort
1026 jae .Lin_cbc_prologue
1028 # handle pushf/popf in Camellia_cbc_encrypt
1029 lea .Lcbc_enc_pushf(%rip),%r10
1030 cmp %r10,%rbx # context->Rip<=.Lcbc_enc_pushf
1031 jbe .Lin_cbc_no_flag
1033 lea .Lcbc_enc_popf(%rip),%r10
1034 cmp %r10,%rbx # context->Rip<.Lcbc_enc_popf
1037 lea .Lcbc_dec_pushf(%rip),%r10
1038 cmp %r10,%rbx # context->Rip<=.Lcbc_dec_pushf
1039 jbe .Lin_cbc_no_flag
1041 lea .Lcbc_dec_popf(%rip),%r10
1042 cmp %r10,%rbx # context->Rip<.Lcbc_dec_popf
1047 mov 48(%rax),%rax # $_rsp
1050 .Lin_cbc_frame_setup:
1057 mov %rbx,144($context) # restore context->Rbx
1058 mov %rbp,160($context) # restore context->Rbp
1059 mov %r12,216($context) # restore context->R12
1060 mov %r13,224($context) # restore context->R13
1061 mov %r14,232($context) # restore context->R14
1062 mov %r15,240($context) # restore context->R15
1067 mov %rax,152($context) # restore context->Rsp
1068 mov %rsi,168($context) # restore context->Rsi
1069 mov %rdi,176($context) # restore context->Rdi
1074 mov 40($disp),%rdi # disp->ContextRecord
1075 mov $context,%rsi # context
1076 mov \$`1232/8`,%ecx # sizeof(CONTEXT)
1077 .long 0xa548f3fc # cld; rep movsq
1080 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1081 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1082 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1083 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1084 mov 40(%rsi),%r10 # disp->ContextRecord
1085 lea 56(%rsi),%r11 # &disp->HandlerData
1086 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1087 mov %r10,32(%rsp) # arg5
1088 mov %r11,40(%rsp) # arg6
1089 mov %r12,48(%rsp) # arg7
1090 mov %rcx,56(%rsp) # arg8, (NULL)
1091 call *__imp_RtlVirtualUnwind(%rip)
1093 mov \$1,%eax # ExceptionContinueSearch
1105 .size cbc_se_handler,.-cbc_se_handler
1109 .rva .LSEH_begin_Camellia_EncryptBlock_Rounds
1110 .rva .LSEH_end_Camellia_EncryptBlock_Rounds
1111 .rva .LSEH_info_Camellia_EncryptBlock_Rounds
1113 .rva .LSEH_begin_Camellia_DecryptBlock_Rounds
1114 .rva .LSEH_end_Camellia_DecryptBlock_Rounds
1115 .rva .LSEH_info_Camellia_DecryptBlock_Rounds
1117 .rva .LSEH_begin_Camellia_Ekeygen
1118 .rva .LSEH_end_Camellia_Ekeygen
1119 .rva .LSEH_info_Camellia_Ekeygen
1121 .rva .LSEH_begin_Camellia_cbc_encrypt
1122 .rva .LSEH_end_Camellia_cbc_encrypt
1123 .rva .LSEH_info_Camellia_cbc_encrypt
1127 .LSEH_info_Camellia_EncryptBlock_Rounds:
1129 .rva common_se_handler
1130 .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[]
1131 .LSEH_info_Camellia_DecryptBlock_Rounds:
1133 .rva common_se_handler
1134 .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[]
1135 .LSEH_info_Camellia_Ekeygen:
1137 .rva common_se_handler
1138 .rva .Lkey_prologue,.Lkey_epilogue # HandlerData[]
1139 .LSEH_info_Camellia_cbc_encrypt:
1145 $code =~ s/\`([^\`]*)\`/eval $1/gem;