Lines Matching +full:- +full:t
2 * AES-NI support functions
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 …* [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encrypti…
10 …CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication…
47 * AES-NI support detection routine
53 * https://github.com/Mbed-TLS/mbedtls/issues/9840 in mbedtls_aesni_has_support()
58 * (See example 8-1 in Sewell et al., "x86-TSO: A Rigorous and Usable in mbedtls_aesni_has_support()
75 asm ("movl $1, %%eax \n\t" in mbedtls_aesni_has_support()
76 "cpuid \n\t" in mbedtls_aesni_has_support()
91 * AES-NI AES-ECB block en(de)cryption
98 const __m128i *rk = (const __m128i *) (ctx->buf + ctx->rk_offset); in mbedtls_aesni_crypt_ecb()
99 unsigned nr = ctx->nr; // Number of remaining rounds in mbedtls_aesni_crypt_ecb()
106 --nr; in mbedtls_aesni_crypt_ecb()
113 --nr; in mbedtls_aesni_crypt_ecb()
124 --nr; in mbedtls_aesni_crypt_ecb()
135 * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
143 * using [CLMUL-WP] algorithm 1 (p. 12). in gcm_clmul()
159 /* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left, in gcm_shift()
160 * taking advantage of [CLMUL-WP] eq 27 (p. 18). */ in gcm_shift()
178 /* [CLMUL-WP] Algorithm 5 Step 2 */ in gcm_reduce()
188 /* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */ in gcm_mix()
209 /* The inputs are in big-endian order, so byte-reverse them */ in mbedtls_aesni_gcm_mult()
211 ((uint8_t *) &aa)[i] = a[15 - i]; in mbedtls_aesni_gcm_mult()
212 ((uint8_t *) &bb)[i] = b[15 - i]; in mbedtls_aesni_gcm_mult()
219 * using [CLMUL-WP] algorithm 5 (p. 18). in mbedtls_aesni_gcm_mult()
226 /* Now byte-reverse the outputs */ in mbedtls_aesni_gcm_mult()
228 c[i] = ((uint8_t *) &cc)[15 - i]; in mbedtls_aesni_gcm_mult()
245 for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) { in mbedtls_aesni_inverse_key()
253 * Key expansion, 128-bit case
297 * Key expansion, 192-bit case
304 * Finish generating the next 6 quarter-keys. in aesni_set_rk_192()
330 * an array of 24-byte elements. Since 24 is not a multiple of 16, in aesni_set_rk_192()
331 * rk is not necessarily aligned so just `*rk = *state0` doesn't work. */ in aesni_set_rk_192()
341 /* aes.c guarantees that rk is aligned on a 16-byte boundary. */ in aesni_setkey_enc_192()
357 * Key expansion, 256-bit case
405 * Main "loop" - Generating one more key than necessary, in aesni_setkey_enc_256()
437 * Binutils needs to be at least 2.19 to support AES-NI instructions.
438 * Unfortunately, a lot of users have a lower version now (2014-04).
442 * We always use registers, so we don't need prefixes for memory operands.
446 #define AESDEC(regs) ".byte 0x66,0x0F,0x38,0xDE," regs "\n\t"
447 #define AESDECLAST(regs) ".byte 0x66,0x0F,0x38,0xDF," regs "\n\t"
448 #define AESENC(regs) ".byte 0x66,0x0F,0x38,0xDC," regs "\n\t"
449 #define AESENCLAST(regs) ".byte 0x66,0x0F,0x38,0xDD," regs "\n\t"
450 #define AESIMC(regs) ".byte 0x66,0x0F,0x38,0xDB," regs "\n\t"
451 #define AESKEYGENA(regs, imm) ".byte 0x66,0x0F,0x3A,0xDF," regs "," imm "\n\t"
452 #define PCLMULQDQ(regs, imm) ".byte 0x66,0x0F,0x3A,0x44," regs "," imm "\n\t"
463 * AES-NI AES-ECB block en(de)cryption
470 asm ("movdqu (%3), %%xmm0 \n\t" // load input in mbedtls_aesni_crypt_ecb()
471 "movdqu (%1), %%xmm1 \n\t" // load round key 0 in mbedtls_aesni_crypt_ecb()
472 "pxor %%xmm1, %%xmm0 \n\t" // round 0 in mbedtls_aesni_crypt_ecb()
473 "add $16, %1 \n\t" // point to next round key in mbedtls_aesni_crypt_ecb()
474 "subl $1, %0 \n\t" // normal rounds = nr - 1 in mbedtls_aesni_crypt_ecb()
475 "test %2, %2 \n\t" // mode? in mbedtls_aesni_crypt_ecb()
476 "jz 2f \n\t" // 0 = decrypt in mbedtls_aesni_crypt_ecb()
478 "1: \n\t" // encryption loop in mbedtls_aesni_crypt_ecb()
479 "movdqu (%1), %%xmm1 \n\t" // load round key in mbedtls_aesni_crypt_ecb()
481 "add $16, %1 \n\t" // point to next round key in mbedtls_aesni_crypt_ecb()
482 "subl $1, %0 \n\t" // loop in mbedtls_aesni_crypt_ecb()
483 "jnz 1b \n\t" in mbedtls_aesni_crypt_ecb()
484 "movdqu (%1), %%xmm1 \n\t" // load round key in mbedtls_aesni_crypt_ecb()
487 "jmp 3f \n\t" in mbedtls_aesni_crypt_ecb()
489 "2: \n\t" // decryption loop in mbedtls_aesni_crypt_ecb()
490 "movdqu (%1), %%xmm1 \n\t" in mbedtls_aesni_crypt_ecb()
492 "add $16, %1 \n\t" in mbedtls_aesni_crypt_ecb()
493 "subl $1, %0 \n\t" in mbedtls_aesni_crypt_ecb()
494 "jnz 2b \n\t" in mbedtls_aesni_crypt_ecb()
495 "movdqu (%1), %%xmm1 \n\t" // load round key in mbedtls_aesni_crypt_ecb()
499 "3: \n\t" in mbedtls_aesni_crypt_ecb()
500 "movdqu %%xmm0, (%4) \n\t" // export output in mbedtls_aesni_crypt_ecb()
502 : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output) in mbedtls_aesni_crypt_ecb()
511 * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
520 /* The inputs are in big-endian order, so byte-reverse them */ in mbedtls_aesni_gcm_mult()
522 aa[i] = a[15 - i]; in mbedtls_aesni_gcm_mult()
523 bb[i] = b[15 - i]; in mbedtls_aesni_gcm_mult()
526 asm ("movdqu (%0), %%xmm0 \n\t" // a1:a0 in mbedtls_aesni_gcm_mult()
527 "movdqu (%1), %%xmm1 \n\t" // b1:b0 in mbedtls_aesni_gcm_mult()
531 * using [CLMUL-WP] algorithm 1 (p. 12). in mbedtls_aesni_gcm_mult()
533 "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0 in mbedtls_aesni_gcm_mult()
534 "movdqa %%xmm1, %%xmm3 \n\t" // same in mbedtls_aesni_gcm_mult()
535 "movdqa %%xmm1, %%xmm4 \n\t" // same in mbedtls_aesni_gcm_mult()
540 "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0 in mbedtls_aesni_gcm_mult()
541 "movdqa %%xmm4, %%xmm3 \n\t" // same in mbedtls_aesni_gcm_mult()
542 "psrldq $8, %%xmm4 \n\t" // 0:e1+f1 in mbedtls_aesni_gcm_mult()
543 "pslldq $8, %%xmm3 \n\t" // e0+f0:0 in mbedtls_aesni_gcm_mult()
544 "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1 in mbedtls_aesni_gcm_mult()
545 "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0 in mbedtls_aesni_gcm_mult()
549 * taking advantage of [CLMUL-WP] eq 27 (p. 18) in mbedtls_aesni_gcm_mult()
551 "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0 in mbedtls_aesni_gcm_mult()
552 "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2 in mbedtls_aesni_gcm_mult()
553 "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1 in mbedtls_aesni_gcm_mult()
554 "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1 in mbedtls_aesni_gcm_mult()
555 "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63 in mbedtls_aesni_gcm_mult()
556 "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63 in mbedtls_aesni_gcm_mult()
557 "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63 in mbedtls_aesni_gcm_mult()
558 "pslldq $8, %%xmm3 \n\t" // r0>>63:0 in mbedtls_aesni_gcm_mult()
559 "pslldq $8, %%xmm4 \n\t" // r2>>63:0 in mbedtls_aesni_gcm_mult()
560 "psrldq $8, %%xmm5 \n\t" // 0:r1>>63 in mbedtls_aesni_gcm_mult()
561 "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1 in mbedtls_aesni_gcm_mult()
562 "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1 in mbedtls_aesni_gcm_mult()
563 "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63 in mbedtls_aesni_gcm_mult()
567 * using [CLMUL-WP] algorithm 5 (p. 18). in mbedtls_aesni_gcm_mult()
571 "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0 in mbedtls_aesni_gcm_mult()
572 "movdqa %%xmm1, %%xmm4 \n\t" // same in mbedtls_aesni_gcm_mult()
573 "movdqa %%xmm1, %%xmm5 \n\t" // same in mbedtls_aesni_gcm_mult()
574 "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a in mbedtls_aesni_gcm_mult()
575 "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b in mbedtls_aesni_gcm_mult()
576 "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c in mbedtls_aesni_gcm_mult()
579 "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b in mbedtls_aesni_gcm_mult()
580 "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c in mbedtls_aesni_gcm_mult()
581 "pslldq $8, %%xmm3 \n\t" // a+b+c:0 in mbedtls_aesni_gcm_mult()
582 "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0 in mbedtls_aesni_gcm_mult()
585 "movdqa %%xmm1,%%xmm0 \n\t" // d:x0 in mbedtls_aesni_gcm_mult()
586 "movdqa %%xmm1,%%xmm4 \n\t" // same in mbedtls_aesni_gcm_mult()
587 "movdqa %%xmm1,%%xmm5 \n\t" // same in mbedtls_aesni_gcm_mult()
588 "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0' in mbedtls_aesni_gcm_mult()
589 "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0' in mbedtls_aesni_gcm_mult()
590 "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0' in mbedtls_aesni_gcm_mult()
591 "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0' in mbedtls_aesni_gcm_mult()
592 "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0' in mbedtls_aesni_gcm_mult()
594 // bits carried from d. Now get those\t bits back in. in mbedtls_aesni_gcm_mult()
595 "movdqa %%xmm1,%%xmm3 \n\t" // d:x0 in mbedtls_aesni_gcm_mult()
596 "movdqa %%xmm1,%%xmm4 \n\t" // same in mbedtls_aesni_gcm_mult()
597 "movdqa %%xmm1,%%xmm5 \n\t" // same in mbedtls_aesni_gcm_mult()
598 "psllq $63, %%xmm3 \n\t" // d<<63:stuff in mbedtls_aesni_gcm_mult()
599 "psllq $62, %%xmm4 \n\t" // d<<62:stuff in mbedtls_aesni_gcm_mult()
600 "psllq $57, %%xmm5 \n\t" // d<<57:stuff in mbedtls_aesni_gcm_mult()
601 "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff in mbedtls_aesni_gcm_mult()
602 "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff in mbedtls_aesni_gcm_mult()
603 "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d in mbedtls_aesni_gcm_mult()
604 "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0 in mbedtls_aesni_gcm_mult()
605 "pxor %%xmm1, %%xmm0 \n\t" // h1:h0 in mbedtls_aesni_gcm_mult()
606 "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0 in mbedtls_aesni_gcm_mult()
608 "movdqu %%xmm0, (%2) \n\t" // done in mbedtls_aesni_gcm_mult()
613 /* Now byte-reverse the outputs */ in mbedtls_aesni_gcm_mult()
615 c[i] = cc[15 - i]; in mbedtls_aesni_gcm_mult()
633 for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) { in mbedtls_aesni_inverse_key()
634 asm ("movdqu (%0), %%xmm0 \n\t" in mbedtls_aesni_inverse_key()
636 "movdqu %%xmm0, (%1) \n\t" in mbedtls_aesni_inverse_key()
647 * Key expansion, 128-bit case
652 asm ("movdqu (%1), %%xmm0 \n\t" // copy the original key in aesni_setkey_enc_128()
653 "movdqu %%xmm0, (%0) \n\t" // as round key 0 in aesni_setkey_enc_128()
654 "jmp 2f \n\t" // skip auxiliary routine in aesni_setkey_enc_128()
666 "1: \n\t" in aesni_setkey_enc_128()
667 "pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X in aesni_setkey_enc_128()
668 "pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4 in aesni_setkey_enc_128()
669 "pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0 in aesni_setkey_enc_128()
670 "pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4 in aesni_setkey_enc_128()
671 "pslldq $4, %%xmm0 \n\t" // etc in aesni_setkey_enc_128()
672 "pxor %%xmm0, %%xmm1 \n\t" in aesni_setkey_enc_128()
673 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_128()
674 "pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time! in aesni_setkey_enc_128()
675 "add $16, %0 \n\t" // point to next round key in aesni_setkey_enc_128()
676 "movdqu %%xmm0, (%0) \n\t" // write it in aesni_setkey_enc_128()
677 "ret \n\t" in aesni_setkey_enc_128()
680 "2: \n\t" in aesni_setkey_enc_128()
681 AESKEYGENA(xmm0_xmm1, "0x01") "call 1b \n\t" in aesni_setkey_enc_128()
682 AESKEYGENA(xmm0_xmm1, "0x02") "call 1b \n\t" in aesni_setkey_enc_128()
683 AESKEYGENA(xmm0_xmm1, "0x04") "call 1b \n\t" in aesni_setkey_enc_128()
684 AESKEYGENA(xmm0_xmm1, "0x08") "call 1b \n\t" in aesni_setkey_enc_128()
685 AESKEYGENA(xmm0_xmm1, "0x10") "call 1b \n\t" in aesni_setkey_enc_128()
686 AESKEYGENA(xmm0_xmm1, "0x20") "call 1b \n\t" in aesni_setkey_enc_128()
687 AESKEYGENA(xmm0_xmm1, "0x40") "call 1b \n\t" in aesni_setkey_enc_128()
688 AESKEYGENA(xmm0_xmm1, "0x80") "call 1b \n\t" in aesni_setkey_enc_128()
689 AESKEYGENA(xmm0_xmm1, "0x1B") "call 1b \n\t" in aesni_setkey_enc_128()
690 AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t" in aesni_setkey_enc_128()
697 * Key expansion, 192-bit case
703 asm ("movdqu (%1), %%xmm0 \n\t" // copy original round key in aesni_setkey_enc_192()
704 "movdqu %%xmm0, (%0) \n\t" in aesni_setkey_enc_192()
705 "add $16, %0 \n\t" in aesni_setkey_enc_192()
706 "movq 16(%1), %%xmm1 \n\t" in aesni_setkey_enc_192()
707 "movq %%xmm1, (%0) \n\t" in aesni_setkey_enc_192()
708 "add $8, %0 \n\t" in aesni_setkey_enc_192()
709 "jmp 2f \n\t" // skip auxiliary routine in aesni_setkey_enc_192()
712 * Finish generating the next 6 quarter-keys. in aesni_setkey_enc_192()
720 "1: \n\t" in aesni_setkey_enc_192()
721 "pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X in aesni_setkey_enc_192()
722 "pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4 in aesni_setkey_enc_192()
723 "pslldq $4, %%xmm0 \n\t" // etc in aesni_setkey_enc_192()
724 "pxor %%xmm0, %%xmm2 \n\t" in aesni_setkey_enc_192()
725 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_192()
726 "pxor %%xmm0, %%xmm2 \n\t" in aesni_setkey_enc_192()
727 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_192()
728 "pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6 in aesni_setkey_enc_192()
729 "movdqu %%xmm0, (%0) \n\t" in aesni_setkey_enc_192()
730 "add $16, %0 \n\t" in aesni_setkey_enc_192()
731 "pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9 in aesni_setkey_enc_192()
732 "pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10 in aesni_setkey_enc_192()
733 "pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0 in aesni_setkey_enc_192()
734 "pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10 in aesni_setkey_enc_192()
735 "movq %%xmm1, (%0) \n\t" in aesni_setkey_enc_192()
736 "add $8, %0 \n\t" in aesni_setkey_enc_192()
737 "ret \n\t" in aesni_setkey_enc_192()
739 "2: \n\t" in aesni_setkey_enc_192()
740 AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" in aesni_setkey_enc_192()
741 AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" in aesni_setkey_enc_192()
742 AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" in aesni_setkey_enc_192()
743 AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" in aesni_setkey_enc_192()
744 AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" in aesni_setkey_enc_192()
745 AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" in aesni_setkey_enc_192()
746 AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" in aesni_setkey_enc_192()
747 AESKEYGENA(xmm1_xmm2, "0x80") "call 1b \n\t" in aesni_setkey_enc_192()
756 * Key expansion, 256-bit case
762 asm ("movdqu (%1), %%xmm0 \n\t" in aesni_setkey_enc_256()
763 "movdqu %%xmm0, (%0) \n\t" in aesni_setkey_enc_256()
764 "add $16, %0 \n\t" in aesni_setkey_enc_256()
765 "movdqu 16(%1), %%xmm1 \n\t" in aesni_setkey_enc_256()
766 "movdqu %%xmm1, (%0) \n\t" in aesni_setkey_enc_256()
767 "jmp 2f \n\t" // skip auxiliary routine in aesni_setkey_enc_256()
778 "1: \n\t" in aesni_setkey_enc_256()
779 "pshufd $0xff, %%xmm2, %%xmm2 \n\t" in aesni_setkey_enc_256()
780 "pxor %%xmm0, %%xmm2 \n\t" in aesni_setkey_enc_256()
781 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_256()
782 "pxor %%xmm0, %%xmm2 \n\t" in aesni_setkey_enc_256()
783 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_256()
784 "pxor %%xmm0, %%xmm2 \n\t" in aesni_setkey_enc_256()
785 "pslldq $4, %%xmm0 \n\t" in aesni_setkey_enc_256()
786 "pxor %%xmm2, %%xmm0 \n\t" in aesni_setkey_enc_256()
787 "add $16, %0 \n\t" in aesni_setkey_enc_256()
788 "movdqu %%xmm0, (%0) \n\t" in aesni_setkey_enc_256()
793 "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" in aesni_setkey_enc_256()
794 "pxor %%xmm1, %%xmm2 \n\t" in aesni_setkey_enc_256()
795 "pslldq $4, %%xmm1 \n\t" in aesni_setkey_enc_256()
796 "pxor %%xmm1, %%xmm2 \n\t" in aesni_setkey_enc_256()
797 "pslldq $4, %%xmm1 \n\t" in aesni_setkey_enc_256()
798 "pxor %%xmm1, %%xmm2 \n\t" in aesni_setkey_enc_256()
799 "pslldq $4, %%xmm1 \n\t" in aesni_setkey_enc_256()
800 "pxor %%xmm2, %%xmm1 \n\t" in aesni_setkey_enc_256()
801 "add $16, %0 \n\t" in aesni_setkey_enc_256()
802 "movdqu %%xmm1, (%0) \n\t" in aesni_setkey_enc_256()
803 "ret \n\t" in aesni_setkey_enc_256()
806 * Main "loop" - Generating one more key than necessary, in aesni_setkey_enc_256()
809 "2: \n\t" in aesni_setkey_enc_256()
810 AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" in aesni_setkey_enc_256()
811 AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" in aesni_setkey_enc_256()
812 AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" in aesni_setkey_enc_256()
813 AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" in aesni_setkey_enc_256()
814 AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" in aesni_setkey_enc_256()
815 AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" in aesni_setkey_enc_256()
816 AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" in aesni_setkey_enc_256()