The Tor Browser: comparison security/nss/lib/freebl/intel-gcm-x64-masm.asm

--1:000000000000
+:20c9fdbdb80e
+; LICENSE:
+; This submission to NSS is to be made available under the terms of the
+; Mozilla Public License, v. 2.0. You can obtain one at http:
+; //mozilla.org/MPL/2.0/.
+;###############################################################################
+; Copyright(c) 2014, Intel Corp.
+; Developers and authors:
+; Shay Gueron and Vlad Krasnov
+; Intel Corporation, Israel Development Centre, Haifa, Israel
+; Please send feedback directly to crypto.feedback.alias@intel.com
+.DATA
+ALIGN 16
+Lone            dq 1,0
+Ltwo            dq 2,0
+Lbswap_mask     db 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+Lshuff_mask     dq 0f0f0f0f0f0f0f0fh, 0f0f0f0f0f0f0f0fh
+Lpoly           dq 01h, 0c200000000000000h
+.CODE
+GFMUL MACRO DST, SRC1, SRC2, TMP1, TMP2, TMP3, TMP4
+vpclmulqdq  TMP1, SRC2, SRC1, 0h
+vpclmulqdq  TMP4, SRC2, SRC1, 011h
+vpshufd     TMP2, SRC2, 78
+vpshufd     TMP3, SRC1, 78
+vpxor       TMP2, TMP2, SRC2
+vpxor       TMP3, TMP3, SRC1
+vpclmulqdq  TMP2, TMP2, TMP3, 0h
+vpxor       TMP2, TMP2, TMP1
+vpxor       TMP2, TMP2, TMP4
+vpslldq     TMP3, TMP2, 8
+vpsrldq     TMP2, TMP2, 8
+vpxor       TMP1, TMP1, TMP3
+vpxor       TMP4, TMP4, TMP2
+vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+vpshufd     TMP3, TMP1, 78
+vpxor       TMP1, TMP2, TMP3
+vpclmulqdq  TMP2, TMP1, [Lpoly], 010h
+vpshufd     TMP3, TMP1, 78
+vpxor       TMP1, TMP2, TMP3
+vpxor       DST, TMP1, TMP4
+ENDM
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the final GCM tag
+; void intel_aes_gcmTAG(unsigned char Htbl[16*16],
+;                       unsigned char *Tp,
+;                       unsigned int Mlen,
+;                       unsigned int Alen,
+;                       unsigned char *X0,
+;                       unsigned char *TAG);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ALIGN 16
+intel_aes_gcmTAG PROC
+Htbl    textequ <rcx>
+Tp      textequ <rdx>
+Mlen    textequ <r8>
+Alen    textequ <r9>
+X0      textequ <r10>
+TAG     textequ <r11>
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+mov     X0, [rsp + 1*8 + 4*8]
+mov     TAG, [rsp + 1*8 + 5*8]
+vzeroupper
+vmovdqu T, XMMWORD PTR[Tp]
+vpxor   TMP0, TMP0, TMP0
+shl     Mlen, 3
+shl     Alen, 3
+;vpinsrq    TMP0, TMP0, Mlen, 0
+;vpinsrq    TMP0, TMP0, Alen, 1
+; workaround the ml64.exe vpinsrq issue
+vpinsrd TMP0, TMP0, r8d, 0
+vpinsrd TMP0, TMP0, r9d, 2
+shr Mlen, 32
+shr Alen, 32
+vpinsrd TMP0, TMP0, r8d, 1
+vpinsrd TMP0, TMP0, r9d, 3
+vpxor   T, T, TMP0
+vmovdqu TMP0, XMMWORD PTR[Htbl]
+GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+vpshufb T, T, [Lbswap_mask]
+vpxor   T, T, [X0]
+vmovdqu XMMWORD PTR[TAG], T
+vzeroupper
+ret
+intel_aes_gcmTAG ENDP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Generates the H table
+; void intel_aes_gcmINIT(unsigned char Htbl[16*16], unsigned char *KS, int NR);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ALIGN 16
+intel_aes_gcmINIT PROC
+Htbl    textequ <rcx>
+KS      textequ <rdx>
+NR      textequ <r8d>
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+vzeroupper
+; AES-ENC(0)
+vmovdqu T, XMMWORD PTR[KS]
+lea KS, [16 + KS]
+dec NR
+Lenc_loop:
+vaesenc T, T, [KS]
+lea KS, [16 + KS]
+dec NR
+jnz Lenc_loop
+vaesenclast T, T, [KS]
+vpshufb T, T, [Lbswap_mask]
+;Calculate H` = GFMUL(H, 2)
+vpsrad  xmm3, T, 31
+vpshufd xmm3, xmm3, 0ffh
+vpand   xmm5, xmm3, [Lpoly]
+vpsrld  xmm3, T, 31
+vpslld  xmm4, T, 1
+vpslldq xmm3, xmm3, 4
+vpxor   T, xmm4, xmm3
+vpxor   T, T, xmm5
+vmovdqu TMP0, T
+vmovdqu XMMWORD PTR[Htbl + 0*16], T
+vpshufd xmm2, T, 78
+vpxor   xmm2, xmm2, T
+vmovdqu XMMWORD PTR[Htbl + 8*16 + 0*16], xmm2
+i = 1
+WHILE i LT 8
+GFMUL   T, T, TMP0, xmm2, xmm3, xmm4, xmm5
+vmovdqu XMMWORD PTR[Htbl + i*16], T
+vpshufd xmm2, T, 78
+vpxor   xmm2, xmm2, T
+vmovdqu XMMWORD PTR[Htbl + 8*16 + i*16], xmm2
+i = i+1
+ENDM
+vzeroupper
+ret
+intel_aes_gcmINIT ENDP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Authenticate only
+; void intel_aes_gcmAAD(unsigned char Htbl[16*16], unsigned char *AAD, unsigned int Alen, unsigned char *Tp);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ALIGN 16
+intel_aes_gcmAAD PROC
+Htbl    textequ <rcx>
+inp     textequ <rdx>
+len     textequ <r8>
+Tp      textequ <r9>
+hlp0    textequ <r10>
+DATA    textequ <xmm0>
+T       textequ <xmm1>
+TMP0    textequ <xmm2>
+TMP1    textequ <xmm3>
+TMP2    textequ <xmm4>
+TMP3    textequ <xmm5>
+TMP4    textequ <xmm6>
+Xhi     textequ <xmm7>
+KARATSUBA_AAD MACRO i
+vpclmulqdq  TMP3, DATA, [Htbl + i*16], 0h
+vpxor       TMP0, TMP0, TMP3
+vpclmulqdq  TMP3, DATA, [Htbl + i*16], 011h
+vpxor       TMP1, TMP1, TMP3
+vpshufd     TMP3, DATA, 78
+vpxor       TMP3, TMP3, DATA
+vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + i*16], 0h
+vpxor       TMP2, TMP2, TMP3
+ENDM
+test  len, len
+jnz   LbeginAAD
+ret
+LbeginAAD:
+vzeroupper
+sub rsp, 2*16
+vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+vpxor   Xhi, Xhi, Xhi
+vmovdqu T, XMMWORD PTR[Tp]
+;we hash 8 block each iteration, if the total amount of blocks is not a multiple of 8, we hash the first n%8 blocks first
+mov hlp0, len
+and hlp0, 128-1
+jz  Lmod_loop
+and len, -128
+sub hlp0, 16
+; Prefix block
+vmovdqu DATA, XMMWORD PTR[inp]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpxor   DATA, DATA, T
+vpclmulqdq  TMP0, DATA, [Htbl + hlp0], 0h
+vpclmulqdq  TMP1, DATA, [Htbl + hlp0], 011h
+vpshufd     TMP3, DATA, 78
+vpxor       TMP3, TMP3, DATA
+vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + hlp0], 0h
+lea     inp, [inp+16]
+test    hlp0, hlp0
+jnz     Lpre_loop
+jmp     Lred1
+;hash remaining prefix bocks (up to 7 total prefix blocks)
+Lpre_loop:
+sub hlp0, 16
+vmovdqu DATA, XMMWORD PTR[inp]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 0h
+vpxor       TMP0, TMP0, TMP3
+vpclmulqdq  TMP3, DATA, [Htbl + hlp0], 011h
+vpxor       TMP1, TMP1, TMP3
+vpshufd     TMP3, DATA, 78
+vpxor       TMP3, TMP3, DATA
+vpclmulqdq  TMP3, TMP3, [Htbl + 8*16 + hlp0], 0h
+vpxor       TMP2, TMP2, TMP3
+test    hlp0, hlp0
+lea     inp, [inp+16]
+jnz     Lpre_loop
+Lred1:
+vpxor       TMP2, TMP2, TMP0
+vpxor       TMP2, TMP2, TMP1
+vpsrldq     TMP3, TMP2, 8
+vpslldq     TMP2, TMP2, 8
+vpxor       Xhi, TMP1, TMP3
+vpxor       T, TMP0, TMP2
+Lmod_loop:
+sub len, 16*8
+jb  Ldone
+; Block #0
+vmovdqu DATA, XMMWORD PTR[inp + 16*7]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpclmulqdq  TMP0, DATA, [Htbl + 0*16], 0h
+vpclmulqdq  TMP1, DATA, [Htbl + 0*16], 011h
+vpshufd     TMP3, DATA, 78
+vpxor       TMP3, TMP3, DATA
+vpclmulqdq  TMP2, TMP3, [Htbl + 8*16 + 0*16], 0h
+; Block #1
+vmovdqu DATA, XMMWORD PTR[inp + 16*6]
+vpshufb DATA, DATA, [Lbswap_mask]
+KARATSUBA_AAD 1
+; Block #2
+vmovdqu DATA, XMMWORD PTR[inp + 16*5]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpclmulqdq  TMP4, T, [Lpoly], 010h         ;reduction stage 1a
+vpalignr    T, T, T, 8
+KARATSUBA_AAD 2
+vpxor       T, T, TMP4                          ;reduction stage 1b
+; Block #3
+vmovdqu DATA, XMMWORD PTR[inp + 16*4]
+vpshufb DATA, DATA, [Lbswap_mask]
+KARATSUBA_AAD 3
+; Block #4
+vmovdqu DATA, XMMWORD PTR[inp + 16*3]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpclmulqdq  TMP4, T, [Lpoly], 010h        ;reduction stage 2a
+vpalignr    T, T, T, 8
+KARATSUBA_AAD 4
+vpxor       T, T, TMP4                          ;reduction stage 2b
+; Block #5
+vmovdqu DATA, XMMWORD PTR[inp + 16*2]
+vpshufb DATA, DATA, [Lbswap_mask]
+KARATSUBA_AAD 5
+vpxor   T, T, Xhi                               ;reduction finalize
+; Block #6
+vmovdqu DATA, XMMWORD PTR[inp + 16*1]
+vpshufb DATA, DATA, [Lbswap_mask]
+KARATSUBA_AAD 6
+; Block #7
+vmovdqu DATA, XMMWORD PTR[inp + 16*0]
+vpshufb DATA, DATA, [Lbswap_mask]
+vpxor   DATA, DATA, T
+KARATSUBA_AAD 7
+; Aggregated 8 blocks, now karatsuba fixup
+vpxor   TMP2, TMP2, TMP0
+vpxor   TMP2, TMP2, TMP1
+vpsrldq TMP3, TMP2, 8
+vpslldq TMP2, TMP2, 8
+vpxor   Xhi, TMP1, TMP3
+vpxor   T, TMP0, TMP2
+lea inp, [inp + 16*8]
+jmp Lmod_loop
+Ldone:
+vpclmulqdq  TMP4, T, [Lpoly], 010h
+vpalignr    T, T, T, 8
+vpxor       T, T, TMP4
+vpclmulqdq  TMP4, T, [Lpoly], 010h
+vpalignr    T, T, T, 8
+vpxor       T, T, TMP4
+vpxor       T, T, Xhi
+vmovdqu     XMMWORD PTR[Tp], T
+vzeroupper
+vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+add rsp, 16*2
+ret
+intel_aes_gcmAAD ENDP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Encrypt and Authenticate
+; void intel_aes_gcmENC(unsigned char* PT, unsigned char* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ALIGN 16
+intel_aes_gcmENC PROC
+PT      textequ <rcx>
+CT      textequ <rdx>
+Htbl    textequ <r8>
+Gctx    textequ <r8>
+len     textequ <r9>
+KS      textequ <r10>
+NR      textequ <eax>
+aluCTR  textequ <r11d>
+aluKSl  textequ <r12d>
+aluTMP  textequ <r13d>
+T       textequ <xmm0>
+TMP0    textequ <xmm1>
+TMP1    textequ <xmm2>
+TMP2    textequ <xmm3>
+TMP3    textequ <xmm4>
+TMP4    textequ <xmm5>
+TMP5    textequ <xmm6>
+CTR0    textequ <xmm7>
+CTR1    textequ <xmm8>
+CTR2    textequ <xmm9>
+CTR3    textequ <xmm10>
+CTR4    textequ <xmm11>
+CTR5    textequ <xmm12>
+CTR6    textequ <xmm13>
+CTR7    textequ <xmm14>
+BSWAPMASK   textequ <xmm15>
+ROUND MACRO i
+vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+vaesenc CTR0, CTR0, TMP3
+vaesenc CTR1, CTR1, TMP3
+vaesenc CTR2, CTR2, TMP3
+vaesenc CTR3, CTR3, TMP3
+vaesenc CTR4, CTR4, TMP3
+vaesenc CTR5, CTR5, TMP3
+vaesenc CTR6, CTR6, TMP3
+vaesenc CTR7, CTR7, TMP3
+ENDM
+ROUNDMUL MACRO i
+vmovdqu TMP3, XMMWORD PTR[i*16 + KS]
+vaesenc CTR0, CTR0, TMP3
+vaesenc CTR1, CTR1, TMP3
+vaesenc CTR2, CTR2, TMP3
+vaesenc CTR3, CTR3, TMP3
+vpshufd TMP4, TMP5, 78
+vpxor   TMP4, TMP4, TMP5
+vaesenc CTR4, CTR4, TMP3
+vaesenc CTR5, CTR5, TMP3
+vaesenc CTR6, CTR6, TMP3
+vaesenc CTR7, CTR7, TMP3
+vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+vpxor       TMP0, TMP0, TMP3
+vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+vpclmulqdq  TMP3, TMP5, TMP4, 011h
+vpxor       TMP1, TMP1, TMP3
+vpclmulqdq  TMP3, TMP5, TMP4, 000h
+vpxor       TMP2, TMP2, TMP3
+ENDM
+KARATSUBA MACRO i
+vpshufd TMP4, TMP5, 78
+vpxor   TMP4, TMP4, TMP5
+vpclmulqdq  TMP3, TMP4, XMMWORD PTR[i*16 + 8*16 + Htbl], 000h
+vpxor       TMP0, TMP0, TMP3
+vmovdqu     TMP4, XMMWORD PTR[i*16 + Htbl]
+vpclmulqdq  TMP3, TMP5, TMP4, 011h
+vpxor       TMP1, TMP1, TMP3
+vpclmulqdq  TMP3, TMP5, TMP4, 000h
+vpxor       TMP2, TMP2, TMP3
+ENDM
+NEXTCTR MACRO i
+add aluCTR, 1
+mov aluTMP, aluCTR
+xor aluTMP, aluKSl
+bswap   aluTMP
+mov [3*4 + 8*16 + i*16 + rsp], aluTMP
+ENDM
+test  len, len
+jnz   LbeginENC
+ret
+LbeginENC:
+vzeroupper
+push    r11
+push    r12
+push    r13
+push    rbp
+sub rsp, 10*16
+vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+mov rbp, rsp
+sub rsp, 16*16
+and rsp, -16
+vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+mov     KS, [16*16 + 3*16 + Gctx]
+mov     NR, [4 + KS]
+lea     KS, [48 + KS]
+vpshufb CTR0, CTR0, BSWAPMASK
+mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+mov aluKSl, [3*4 + KS]
+bswap   aluCTR
+bswap   aluKSl
+vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+vmovdqu XMMWORD PTR[8*16 + 0*16 + rsp], TMP0
+cmp len, 128
+jb  LEncDataSingles
+; Prepare the "top" counters
+vmovdqu XMMWORD PTR[8*16 + 1*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 2*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 3*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 4*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 5*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 6*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[8*16 + 7*16 + rsp], TMP0
+; Encrypt the initial 8 blocks
+sub len, 128
+vpaddd  CTR1, CTR0, XMMWORD PTR[Lone]
+vpaddd  CTR2, CTR0, XMMWORD PTR[Ltwo]
+vpaddd  CTR3, CTR2, XMMWORD PTR[Lone]
+vpaddd  CTR4, CTR2, XMMWORD PTR[Ltwo]
+vpaddd  CTR5, CTR4, XMMWORD PTR[Lone]
+vpaddd  CTR6, CTR4, XMMWORD PTR[Ltwo]
+vpaddd  CTR7, CTR6, XMMWORD PTR[Lone]
+vpshufb CTR0, CTR0, BSWAPMASK
+vpshufb CTR1, CTR1, BSWAPMASK
+vpshufb CTR2, CTR2, BSWAPMASK
+vpshufb CTR3, CTR3, BSWAPMASK
+vpshufb CTR4, CTR4, BSWAPMASK
+vpshufb CTR5, CTR5, BSWAPMASK
+vpshufb CTR6, CTR6, BSWAPMASK
+vpshufb CTR7, CTR7, BSWAPMASK
+vmovdqu TMP3, XMMWORD PTR[0*16 + KS]
+vpxor   CTR0, CTR0, TMP3
+vpxor   CTR1, CTR1, TMP3
+vpxor   CTR2, CTR2, TMP3
+vpxor   CTR3, CTR3, TMP3
+vpxor   CTR4, CTR4, TMP3
+vpxor   CTR5, CTR5, TMP3
+vpxor   CTR6, CTR6, TMP3
+vpxor   CTR7, CTR7, TMP3
+ROUND   1
+add aluCTR, 8
+mov aluTMP, aluCTR
+xor aluTMP, aluKSl
+bswap   aluTMP
+mov [8*16 + 0*16 + 3*4 + rsp], aluTMP
+ROUND   2
+NEXTCTR 1
+ROUND   3
+NEXTCTR 2
+ROUND   4
+NEXTCTR 3
+ROUND   5
+NEXTCTR 4
+ROUND   6
+NEXTCTR 5
+ROUND   7
+NEXTCTR 6
+ROUND   8
+NEXTCTR 7
+ROUND   9
+vmovdqu TMP5, XMMWORD PTR[10*16 + KS]
+cmp     NR, 10
+je      @f
+ROUND   10
+ROUND   11
+vmovdqu TMP5, XMMWORD PTR[12*16 + KS]
+cmp     NR, 12
+je      @f
+ROUND   12
+ROUND   13
+vmovdqu TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+vaesenclast CTR0, CTR0, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+vaesenclast CTR1, CTR1, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+vaesenclast CTR2, CTR2, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+vaesenclast CTR3, CTR3, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+vaesenclast CTR4, CTR4, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+vaesenclast CTR5, CTR5, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+vaesenclast CTR6, CTR6, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+vaesenclast CTR7, CTR7, TMP3
+vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+vpshufb CTR0, CTR0, BSWAPMASK
+vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+vpshufb CTR1, CTR1, BSWAPMASK
+vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+vpshufb CTR2, CTR2, BSWAPMASK
+vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+vpshufb CTR3, CTR3, BSWAPMASK
+vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+vpshufb CTR4, CTR4, BSWAPMASK
+vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+vpshufb CTR5, CTR5, BSWAPMASK
+vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+vpshufb CTR6, CTR6, BSWAPMASK
+vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+vpshufb TMP5, CTR7, BSWAPMASK
+vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+lea CT, [8*16 + CT]
+lea PT, [8*16 + PT]
+jmp LEncDataOctets
+LEncDataOctets:
+cmp len, 128
+jb  LEndEncOctets
+sub len, 128
+vmovdqa CTR0, XMMWORD PTR[8*16 + 0*16 + rsp]
+vmovdqa CTR1, XMMWORD PTR[8*16 + 1*16 + rsp]
+vmovdqa CTR2, XMMWORD PTR[8*16 + 2*16 + rsp]
+vmovdqa CTR3, XMMWORD PTR[8*16 + 3*16 + rsp]
+vmovdqa CTR4, XMMWORD PTR[8*16 + 4*16 + rsp]
+vmovdqa CTR5, XMMWORD PTR[8*16 + 5*16 + rsp]
+vmovdqa CTR6, XMMWORD PTR[8*16 + 6*16 + rsp]
+vmovdqa CTR7, XMMWORD PTR[8*16 + 7*16 + rsp]
+vpshufd TMP4, TMP5, 78
+vpxor   TMP4, TMP4, TMP5
+vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+vpclmulqdq  TMP1, TMP5, TMP4, 011h
+vpclmulqdq  TMP2, TMP5, TMP4, 000h
+vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+ROUNDMUL 1
+NEXTCTR 0
+vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+ROUNDMUL 2
+NEXTCTR 1
+vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+ROUNDMUL 3
+NEXTCTR 2
+vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+ROUNDMUL 4
+NEXTCTR 3
+vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+ROUNDMUL 5
+NEXTCTR 4
+vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+ROUNDMUL 6
+NEXTCTR 5
+vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+ROUNDMUL 7
+NEXTCTR 6
+ROUND 8
+NEXTCTR 7
+vpxor   TMP0, TMP0, TMP1
+vpxor   TMP0, TMP0, TMP2
+vpsrldq TMP3, TMP0, 8
+vpxor   TMP4, TMP1, TMP3
+vpslldq TMP3, TMP0, 8
+vpxor   T, TMP2, TMP3
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+ROUND 9
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+cmp         NR, 10
+je          @f
+ROUND 10
+ROUND 11
+vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+cmp         NR, 12
+je          @f
+ROUND 12
+ROUND 13
+vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + PT]
+vaesenclast CTR0, CTR0, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + PT]
+vaesenclast CTR1, CTR1, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + PT]
+vaesenclast CTR2, CTR2, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + PT]
+vaesenclast CTR3, CTR3, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + PT]
+vaesenclast CTR4, CTR4, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + PT]
+vaesenclast CTR5, CTR5, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + PT]
+vaesenclast CTR6, CTR6, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + PT]
+vaesenclast CTR7, CTR7, TMP3
+vmovdqu XMMWORD PTR[0*16 + CT], CTR0
+vpshufb CTR0, CTR0, BSWAPMASK
+vmovdqu XMMWORD PTR[1*16 + CT], CTR1
+vpshufb CTR1, CTR1, BSWAPMASK
+vmovdqu XMMWORD PTR[2*16 + CT], CTR2
+vpshufb CTR2, CTR2, BSWAPMASK
+vmovdqu XMMWORD PTR[3*16 + CT], CTR3
+vpshufb CTR3, CTR3, BSWAPMASK
+vmovdqu XMMWORD PTR[4*16 + CT], CTR4
+vpshufb CTR4, CTR4, BSWAPMASK
+vmovdqu XMMWORD PTR[5*16 + CT], CTR5
+vpshufb CTR5, CTR5, BSWAPMASK
+vmovdqu XMMWORD PTR[6*16 + CT], CTR6
+vpshufb CTR6, CTR6, BSWAPMASK
+vmovdqu XMMWORD PTR[7*16 + CT], CTR7
+vpshufb TMP5, CTR7, BSWAPMASK
+vmovdqa XMMWORD PTR[1*16 + rsp], CTR6
+vmovdqa XMMWORD PTR[2*16 + rsp], CTR5
+vmovdqa XMMWORD PTR[3*16 + rsp], CTR4
+vmovdqa XMMWORD PTR[4*16 + rsp], CTR3
+vmovdqa XMMWORD PTR[5*16 + rsp], CTR2
+vmovdqa XMMWORD PTR[6*16 + rsp], CTR1
+vmovdqa XMMWORD PTR[7*16 + rsp], CTR0
+vpxor   T, T, TMP4
+lea CT, [8*16 + CT]
+lea PT, [8*16 + PT]
+jmp LEncDataOctets
+LEndEncOctets:
+vpshufd TMP4, TMP5, 78
+vpxor   TMP4, TMP4, TMP5
+vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+vpclmulqdq  TMP1, TMP5, TMP4, 011h
+vpclmulqdq  TMP2, TMP5, TMP4, 000h
+vmovdqu TMP5, XMMWORD PTR[1*16 + rsp]
+KARATSUBA 1
+vmovdqu TMP5, XMMWORD PTR[2*16 + rsp]
+KARATSUBA 2
+vmovdqu TMP5, XMMWORD PTR[3*16 + rsp]
+KARATSUBA 3
+vmovdqu TMP5, XMMWORD PTR[4*16 + rsp]
+KARATSUBA 4
+vmovdqu TMP5, XMMWORD PTR[5*16 + rsp]
+KARATSUBA 5
+vmovdqu TMP5, XMMWORD PTR[6*16 + rsp]
+KARATSUBA 6
+vpxor   TMP5, T, XMMWORD PTR[7*16 + rsp]
+KARATSUBA 7
+vpxor   TMP0, TMP0, TMP1
+vpxor   TMP0, TMP0, TMP2
+vpsrldq TMP3, TMP0, 8
+vpxor   TMP4, TMP1, TMP3
+vpslldq TMP3, TMP0, 8
+vpxor   T, TMP2, TMP3
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+vpxor       T, T, TMP4
+sub aluCTR, 7
+LEncDataSingles:
+cmp len, 16
+jb  LEncDataTail
+sub len, 16
+vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+NEXTCTR 0
+vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+cmp NR, 10
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+cmp NR, 12
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+vaesenclast TMP1, TMP1, TMP2
+vpxor   TMP1, TMP1, XMMWORD PTR[PT]
+vmovdqu XMMWORD PTR[CT], TMP1
+lea PT, [16+PT]
+lea CT, [16+CT]
+vpshufb TMP1, TMP1, BSWAPMASK
+vpxor   T, T, TMP1
+vmovdqu TMP0, XMMWORD PTR[Htbl]
+GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+jmp LEncDataSingles
+LEncDataTail:
+test    len, len
+jz  LEncDataEnd
+vmovdqa TMP1, XMMWORD PTR[8*16 + 0*16 + rsp]
+vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+cmp NR, 10
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+cmp NR, 12
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+vaesenclast TMP1, TMP1, TMP2
+; zero a temp location
+vpxor   TMP2, TMP2, TMP2
+vmovdqa XMMWORD PTR[rsp], TMP2
+; copy as many bytes as needed
+xor KS, KS
+@@:
+cmp len, KS
+je  @f
+mov al, [PT + KS]
+mov [rsp + KS], al
+inc KS
+jmp @b
+@@:
+vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+vmovdqa XMMWORD PTR[rsp], TMP1
+xor KS, KS
+@@:
+cmp len, KS
+je  @f
+mov al, [rsp + KS]
+mov [CT + KS], al
+inc KS
+jmp @b
+@@:
+cmp KS, 16
+je  @f
+mov BYTE PTR[rsp + KS], 0
+inc KS
+jmp @b
+@@:
+BAIL:
+vmovdqa TMP1, XMMWORD PTR[rsp]
+vpshufb TMP1, TMP1, BSWAPMASK
+vpxor   T, T, TMP1
+vmovdqu TMP0, XMMWORD PTR[Htbl]
+GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+LEncDataEnd:
+vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+bswap   aluCTR
+mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+mov rsp, rbp
+vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+add rsp, 10*16
+pop rbp
+pop r13
+pop r12
+pop r11
+vzeroupper
+ret
+intel_aes_gcmENC ENDP
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; Decrypt and Authenticate
+; void intel_aes_gcmDEC(uint8_t* PT, uint8_t* CT, void *Gctx, unsigned int len);
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+ALIGN 16
+intel_aes_gcmDEC PROC
+NEXTCTR MACRO i
+add aluCTR, 1
+mov aluTMP, aluCTR
+xor aluTMP, aluKSl
+bswap   aluTMP
+mov [3*4 + i*16 + rsp], aluTMP
+ENDM
+PT      textequ <rdx>
+CT      textequ <rcx>
+test  len, len
+jnz   LbeginDEC
+ret
+LbeginDEC:
+vzeroupper
+push    r11
+push    r12
+push    r13
+push    rbp
+sub rsp, 10*16
+vmovdqu XMMWORD PTR[rsp + 0*16], xmm6
+vmovdqu XMMWORD PTR[rsp + 1*16], xmm7
+vmovdqu XMMWORD PTR[rsp + 2*16], xmm8
+vmovdqu XMMWORD PTR[rsp + 3*16], xmm9
+vmovdqu XMMWORD PTR[rsp + 4*16], xmm10
+vmovdqu XMMWORD PTR[rsp + 5*16], xmm11
+vmovdqu XMMWORD PTR[rsp + 6*16], xmm12
+vmovdqu XMMWORD PTR[rsp + 7*16], xmm13
+vmovdqu XMMWORD PTR[rsp + 8*16], xmm14
+vmovdqu XMMWORD PTR[rsp + 9*16], xmm15
+mov rbp, rsp
+sub rsp, 8*16
+and rsp, -16
+vmovdqu T, XMMWORD PTR[16*16 + 1*16 + Gctx]
+vmovdqu CTR0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+vmovdqu BSWAPMASK, XMMWORD PTR[Lbswap_mask]
+mov     KS, [16*16 + 3*16 + Gctx]
+mov     NR, [4 + KS]
+lea     KS, [48 + KS]
+vpshufb CTR0, CTR0, BSWAPMASK
+mov aluCTR, [16*16 + 2*16 + 3*4 + Gctx]
+mov aluKSl, [3*4 + KS]
+bswap   aluCTR
+bswap   aluKSl
+vmovdqu TMP0, XMMWORD PTR[0*16 + KS]
+vpxor   TMP0, TMP0, XMMWORD PTR[16*16 + 2*16 + Gctx]
+vmovdqu XMMWORD PTR[0*16 + rsp], TMP0
+cmp len, 128
+jb  LDecDataSingles
+; Prepare the "top" counters
+vmovdqu XMMWORD PTR[1*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[2*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[3*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[4*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[5*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[6*16 + rsp], TMP0
+vmovdqu XMMWORD PTR[7*16 + rsp], TMP0
+NEXTCTR 1
+NEXTCTR 2
+NEXTCTR 3
+NEXTCTR 4
+NEXTCTR 5
+NEXTCTR 6
+NEXTCTR 7
+LDecDataOctets:
+cmp len, 128
+jb  LEndDecOctets
+sub len, 128
+vmovdqa CTR0, XMMWORD PTR[0*16 + rsp]
+vmovdqa CTR1, XMMWORD PTR[1*16 + rsp]
+vmovdqa CTR2, XMMWORD PTR[2*16 + rsp]
+vmovdqa CTR3, XMMWORD PTR[3*16 + rsp]
+vmovdqa CTR4, XMMWORD PTR[4*16 + rsp]
+vmovdqa CTR5, XMMWORD PTR[5*16 + rsp]
+vmovdqa CTR6, XMMWORD PTR[6*16 + rsp]
+vmovdqa CTR7, XMMWORD PTR[7*16 + rsp]
+vmovdqu TMP5, XMMWORD PTR[7*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+vpshufd TMP4, TMP5, 78
+vpxor   TMP4, TMP4, TMP5
+vpclmulqdq  TMP0, TMP4, XMMWORD PTR[0*16 + 8*16 + Htbl], 000h
+vmovdqu     TMP4, XMMWORD PTR[0*16 + Htbl]
+vpclmulqdq  TMP1, TMP5, TMP4, 011h
+vpclmulqdq  TMP2, TMP5, TMP4, 000h
+vmovdqu TMP5, XMMWORD PTR[6*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 1
+NEXTCTR 0
+vmovdqu TMP5, XMMWORD PTR[5*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 2
+NEXTCTR 1
+vmovdqu TMP5, XMMWORD PTR[4*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 3
+NEXTCTR 2
+vmovdqu TMP5, XMMWORD PTR[3*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 4
+NEXTCTR 3
+vmovdqu TMP5, XMMWORD PTR[2*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 5
+NEXTCTR 4
+vmovdqu TMP5, XMMWORD PTR[1*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+ROUNDMUL 6
+NEXTCTR 5
+vmovdqu TMP5, XMMWORD PTR[0*16 + CT]
+vpshufb TMP5, TMP5, BSWAPMASK
+vpxor   TMP5, TMP5, T
+ROUNDMUL 7
+NEXTCTR 6
+ROUND 8
+NEXTCTR 7
+vpxor   TMP0, TMP0, TMP1
+vpxor   TMP0, TMP0, TMP2
+vpsrldq TMP3, TMP0, 8
+vpxor   TMP4, TMP1, TMP3
+vpslldq TMP3, TMP0, 8
+vpxor   T, TMP2, TMP3
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+ROUND 9
+vpclmulqdq  TMP1, T, XMMWORD PTR[Lpoly], 010h
+vpalignr    T,T,T,8
+vpxor       T, T, TMP1
+vmovdqu     TMP5, XMMWORD PTR[10*16 + KS]
+cmp         NR, 10
+je          @f
+ROUND 10
+ROUND 11
+vmovdqu     TMP5, XMMWORD PTR[12*16 + KS]
+cmp         NR, 12
+je          @f
+ROUND 12
+ROUND 13
+vmovdqu     TMP5, XMMWORD PTR[14*16 + KS]
+@@:
+vpxor   TMP3, TMP5, XMMWORD PTR[0*16 + CT]
+vaesenclast CTR0, CTR0, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[1*16 + CT]
+vaesenclast CTR1, CTR1, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[2*16 + CT]
+vaesenclast CTR2, CTR2, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[3*16 + CT]
+vaesenclast CTR3, CTR3, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[4*16 + CT]
+vaesenclast CTR4, CTR4, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[5*16 + CT]
+vaesenclast CTR5, CTR5, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[6*16 + CT]
+vaesenclast CTR6, CTR6, TMP3
+vpxor   TMP3, TMP5, XMMWORD PTR[7*16 + CT]
+vaesenclast CTR7, CTR7, TMP3
+vmovdqu XMMWORD PTR[0*16 + PT], CTR0
+vmovdqu XMMWORD PTR[1*16 + PT], CTR1
+vmovdqu XMMWORD PTR[2*16 + PT], CTR2
+vmovdqu XMMWORD PTR[3*16 + PT], CTR3
+vmovdqu XMMWORD PTR[4*16 + PT], CTR4
+vmovdqu XMMWORD PTR[5*16 + PT], CTR5
+vmovdqu XMMWORD PTR[6*16 + PT], CTR6
+vmovdqu XMMWORD PTR[7*16 + PT], CTR7
+vpxor   T, T, TMP4
+lea CT, [8*16 + CT]
+lea PT, [8*16 + PT]
+jmp LDecDataOctets
+LEndDecOctets:
+sub aluCTR, 7
+LDecDataSingles:
+cmp len, 16
+jb  LDecDataTail
+sub len, 16
+vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+NEXTCTR 0
+vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+cmp NR, 10
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+cmp NR, 12
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+vaesenclast TMP1, TMP1, TMP2
+vmovdqu TMP2, XMMWORD PTR[CT]
+vpxor   TMP1, TMP1, TMP2
+vmovdqu XMMWORD PTR[PT], TMP1
+lea PT, [16+PT]
+lea CT, [16+CT]
+vpshufb TMP2, TMP2, BSWAPMASK
+vpxor   T, T, TMP2
+vmovdqu TMP0, XMMWORD PTR[Htbl]
+GFMUL   T, T, TMP0, TMP1, TMP2, TMP3, TMP4
+jmp LDecDataSingles
+LDecDataTail:
+test    len, len
+jz      LDecDataEnd
+vmovdqa TMP1, XMMWORD PTR[0*16 + rsp]
+inc aluCTR
+vaesenc TMP1, TMP1, XMMWORD PTR[1*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[2*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[3*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[4*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[5*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[6*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[7*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[8*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[9*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[10*16 + KS]
+cmp NR, 10
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[10*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[11*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[12*16 + KS]
+cmp NR, 12
+je  @f
+vaesenc TMP1, TMP1, XMMWORD PTR[12*16 + KS]
+vaesenc TMP1, TMP1, XMMWORD PTR[13*16 + KS]
+vmovdqu TMP2, XMMWORD PTR[14*16 + KS]
+@@:
+vaesenclast TMP1, TMP1, TMP2
+; copy as many bytes as needed
+xor KS, KS
+@@:
+cmp len, KS
+je  @f
+mov al, [CT + KS]
+mov [rsp + KS], al
+inc KS
+jmp @b
+@@:
+cmp KS, 16
+je  @f
+mov BYTE PTR[rsp + KS], 0
+inc KS
+jmp @b
+@@:
+vmovdqa TMP2, XMMWORD PTR[rsp]
+vpshufb TMP2, TMP2, BSWAPMASK
+vpxor   T, T, TMP2
+vmovdqu TMP0, XMMWORD PTR[Htbl]
+GFMUL   T, T, TMP0, TMP5, TMP2, TMP3, TMP4
+vpxor   TMP1, TMP1, XMMWORD PTR[rsp]
+vmovdqa XMMWORD PTR[rsp], TMP1
+xor KS, KS
+@@:
+cmp len, KS
+je  @f
+mov al, [rsp + KS]
+mov [PT + KS], al
+inc KS
+jmp @b
+@@:
+LDecDataEnd:
+vmovdqu XMMWORD PTR[16*16 + 1*16 + Gctx], T
+bswap   aluCTR
+mov     [16*16 + 2*16 + 3*4 + Gctx], aluCTR
+mov rsp, rbp
+vmovdqu xmm6, XMMWORD PTR[rsp + 0*16]
+vmovdqu xmm7, XMMWORD PTR[rsp + 1*16]
+vmovdqu xmm8, XMMWORD PTR[rsp + 2*16]
+vmovdqu xmm9, XMMWORD PTR[rsp + 3*16]
+vmovdqu xmm10, XMMWORD PTR[rsp + 4*16]
+vmovdqu xmm11, XMMWORD PTR[rsp + 5*16]
+vmovdqu xmm12, XMMWORD PTR[rsp + 6*16]
+vmovdqu xmm13, XMMWORD PTR[rsp + 7*16]
+vmovdqu xmm14, XMMWORD PTR[rsp + 8*16]
+vmovdqu xmm15, XMMWORD PTR[rsp + 9*16]
+add rsp, 10*16
+pop rbp
+pop r13
+pop r12
+pop r11
+vzeroupper
+ret
+ret
+intel_aes_gcmDEC ENDP
+END

The Tor Browser / file comparison

comparison: security/nss/lib/freebl/intel-gcm-x64-masm.asm

security/nss/lib/freebl/intel-gcm-x64-masm.asm