536485: Do not do unnecessary 16th round of key expantion. r=rrelyea
authoralexei.volkov.bugs%sun.com
Fri, 07 May 2010 18:46:19 +0000
changeset 9656 fc8e971bc08019db771c7e8ec6fdb0b38f4ba4bb
parent 9655 0d05e5f019efb7e449ca09d34a80f9ee204a648d
child 9657 c59fddf5137217d459da88d1304542054d8ea651
push idunknown
push userunknown
push dateunknown
reviewersrrelyea
bugs536485
536485: Do not do unnecessary 16th round of key expantion. r=rrelyea
security/nss/lib/freebl/intel-aes.s
--- a/security/nss/lib/freebl/intel-aes.s
+++ b/security/nss/lib/freebl/intel-aes.s
@@ -1111,17 +1111,24 @@ intel_aes_encrypt_init_256:
 	call key_expansion256
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x08	/* aeskeygenassist $0x08, %xmm3, %xmm2 */
 	call key_expansion256
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x10	/* aeskeygenassist $0x10, %xmm3, %xmm2 */
 	call key_expansion256
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
 	call key_expansion256
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
-	call key_expansion256
+	pxor	%xmm6, %xmm6
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm6
+	pxor	%xmm6, %xmm1
+	shufps	$0x8c, %xmm1, %xmm6
+	pxor	%xmm2, %xmm1
+	pxor	%xmm6, %xmm1
+	movdqu	%xmm1, (%rsi)
 
 	ret
 	.size intel_aes_encrypt_init_256, .-intel_aes_encrypt_init_256
 
 
 /* in %rdi : the key
    in %rsi : buffer for expanded key
 */
@@ -1169,36 +1176,43 @@ intel_aes_decrypt_init_256:
 	movdqu	%xmm5, -16(%rsi)
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x20	/* aeskeygenassist $0x20, %xmm3, %xmm2 */
 	call key_expansion256
 	.byte 0x66,0x0f,0x38,0xdb,0xe1	/* aesimc	%xmm1, %xmm4 */
 	.byte 0x66,0x0f,0x38,0xdb,0xeb	/* aesimc	%xmm3, %xmm5 */
 	movdqu	%xmm4, -32(%rsi)
 	movdqu	%xmm5, -16(%rsi)
 	.byte 0x66,0x0f,0x3a,0xdf,0xd3,0x40	/* aeskeygenassist $0x40, %xmm3, %xmm2 */
-	call key_expansion256
+	pxor	%xmm6, %xmm6
+	pshufd	$0xff, %xmm2, %xmm2
+	shufps	$0x10, %xmm1, %xmm6
+	pxor	%xmm6, %xmm1
+	shufps	$0x8c, %xmm1, %xmm6
+	pxor	%xmm2, %xmm1
+	pxor	%xmm6, %xmm1
+	movdqu	%xmm1, (%rsi)
 
 	ret
 	.size intel_aes_decrypt_init_256, .-intel_aes_decrypt_init_256
 
 
 	.type key_expansion256,@function
 	.align	16
 key_expansion256:
 	movd	%eax, %xmm6
 	pshufd	$0xff, %xmm2, %xmm2
 	shufps	$0x10, %xmm1, %xmm6
 	pxor	%xmm6, %xmm1
 	shufps	$0x8c, %xmm1, %xmm6
 	pxor	%xmm2, %xmm1
 	pxor	%xmm6, %xmm1
 	movdqu	%xmm1, (%rsi)
+
 	addq	$16, %rsi
 	.byte 0x66,0x0f,0x3a,0xdf,0xe1,0x00	/* aeskeygenassist $0, %xmm1, %xmm4 */
-
 	pshufd	$0xaa, %xmm4, %xmm4
 	shufps	$0x10, %xmm3, %xmm6
 	pxor	%xmm6, %xmm3
 	shufps	$0x8c, %xmm3, %xmm6
 	pxor	%xmm4, %xmm3
 	pxor	%xmm6, %xmm3
 	movdqu	%xmm3, (%rsi)
 	addq	$16, %rsi