aes-decrypt-internal.asm 3.96 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
C nettle, low-level cryptographics library
C 
C Copyright (C) 2013 Niels Möller
C  
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.

20
include_src(<arm/aes.m4>)
Niels Möller's avatar
Niels Möller committed
21

22 23 24 25 26
define(<PARAM_ROUNDS>, <r0>)
define(<PARAM_KEYS>, <r1>)
define(<TABLE>, <r2>)
define(<LENGTH>, <r3>)
C On stack: DST, SRC
Niels Möller's avatar
Niels Möller committed
27 28 29 30 31 32

define(<W0>, <r4>)
define(<W1>, <r5>)
define(<W2>, <r6>)
define(<W3>, <r7>)
define(<T0>, <r8>)
33 34
define(<COUNT>, <r10>)
define(<KEY>, <r11>)
Niels Möller's avatar
Niels Möller committed
35

36 37
define(<X0>, <r0>)	C Overlaps PARAM_ROUNDS and PARAM_KEYS
define(<X1>, <r1>)
Niels Möller's avatar
Niels Möller committed
38 39 40
define(<X2>, <r12>)
define(<X3>, <r14>)	C lr

41 42 43 44 45 46 47 48
define(<FRAME_ROUNDS>>,  <[sp]>)
define(<FRAME_KEYS>,  <[sp, #+4]>)
C 8 saved registers
define(<FRAME_DST>,  <[sp, #+40]>)
define(<FRAME_SRC>,  <[sp, #+44]>)

define(<SRC>, <%r12>)	C Overlap registers used in inner loop.
define(<DST>, <COUNT>)
Niels Möller's avatar
Niels Möller committed
49

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
C AES_DECRYPT_ROUND(x0,x1,x2,x3,w0,w1,w2,w3,key)
define(<AES_DECRYPT_ROUND>, <
	uxtb	T0, $1
	ldr	$5, [TABLE, T0, lsl #2]
	uxtb	T0, $2
	ldr	$6, [TABLE, T0, lsl #2]
	uxtb	T0, $3
	ldr	$7, [TABLE, T0, lsl #2]
	uxtb	T0, $4
	ldr	$8, [TABLE, T0, lsl #2]

	uxtb	T0, $4, ror #8
	add	TABLE, TABLE, #1024
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$5, $5, T0
	uxtb	T0, $1, ror #8
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$6, $6, T0
	uxtb	T0, $2, ror #8
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$7, $7, T0
	uxtb	T0, $3, ror #8
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$8, $8, T0

	uxtb	T0, $3, ror #16
	add	TABLE, TABLE, #1024
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$5, $5, T0
	uxtb	T0, $4, ror #16
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$6, $6, T0
	uxtb	T0, $1, ror #16
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$7, $7, T0
	uxtb	T0, $2, ror #16
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$8, $8, T0

	uxtb	T0, $2, ror #24
	add	TABLE, TABLE, #1024
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$5, $5, T0
	uxtb	T0, $3, ror #24
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$6, $6, T0
	uxtb	T0, $4, ror #24
	ldr	T0, [TABLE, T0, lsl #2]
	eor	$7, $7, T0
	uxtb	T0, $1, ror #24
	ldr	T0, [TABLE, T0, lsl #2]

	ldm	$9!, {$1,$2,$3,$4}
	eor	$8, $8, T0
	sub	TABLE, TABLE, #3072
	eor	$5, $5, $1
	eor	$6, $6, $2
	eor	$7, $7, $3
	eor	$8, $8, $4
>)

Niels Möller's avatar
Niels Möller committed
111 112
	.file "aes-decrypt-internal.asm"
	
113
	C _aes_decrypt(unsigned rounds, const uint32_t *keys,
Niels Möller's avatar
Niels Möller committed
114
	C	       const struct aes_table *T,
Niels Möller's avatar
Niels Möller committed
115
	C	       size_t length, uint8_t *dst,
Niels Möller's avatar
Niels Möller committed
116 117
	C	       uint8_t *src)
	.text
118
	ALIGN(4)
Niels Möller's avatar
Niels Möller committed
119 120 121 122
PROLOGUE(_nettle_aes_decrypt)
	teq	LENGTH, #0
	beq	.Lend

123 124 125 126
	ldr	SRC, [sp, #+4]

	push	{r0,r1, r4,r5,r6,r7,r8,r10,r11,lr}

127
	ALIGN(16)
Niels Möller's avatar
Niels Möller committed
128
.Lblock_loop:
129 130 131 132
	ldm	sp, {COUNT, KEY}

	add	TABLE, TABLE, #AES_TABLE0

Niels Möller's avatar
Niels Möller committed
133 134 135 136 137
	AES_LOAD(SRC,KEY,W0)
	AES_LOAD(SRC,KEY,W1)
	AES_LOAD(SRC,KEY,W2)
	AES_LOAD(SRC,KEY,W3)

138
	str	SRC, FRAME_SRC
Niels Möller's avatar
Niels Möller committed
139 140

	b	.Lentry
141
	ALIGN(16)
Niels Möller's avatar
Niels Möller committed
142 143 144 145 146
.Lround_loop:
	C	Transform X -> W
	AES_DECRYPT_ROUND(X0, X1, X2, X3, W0, W1, W2, W3, KEY)
	
.Lentry:
147
	subs	COUNT, COUNT,#2
Niels Möller's avatar
Niels Möller committed
148 149 150 151 152 153
	C	Transform W -> X
	AES_DECRYPT_ROUND(W0, W1, W2, W3, X0, X1, X2, X3, KEY)

	bne	.Lround_loop

	sub	TABLE, TABLE, #AES_TABLE0
154

Niels Möller's avatar
Niels Möller committed
155
	C	Final round
156 157
	ldr	DST, FRAME_DST

Niels Möller's avatar
Niels Möller committed
158 159 160 161
	AES_FINAL_ROUND_V6(X0, X3, X2, X1, KEY, W0)
	AES_FINAL_ROUND_V6(X1, X0, X3, X2, KEY, W1)
	AES_FINAL_ROUND_V6(X2, X1, X0, X3, KEY, W2)
	AES_FINAL_ROUND_V6(X3, X2, X1, X0, KEY, W3)
Niels Möller's avatar
Niels Möller committed
162

163
	ldr	SRC, FRAME_SRC
Niels Möller's avatar
Niels Möller committed
164 165 166 167 168 169
	
	AES_STORE(DST,W0)
	AES_STORE(DST,W1)
	AES_STORE(DST,W2)
	AES_STORE(DST,W3)

170
	str	DST, FRAME_DST
Niels Möller's avatar
Niels Möller committed
171 172 173
	subs	LENGTH, LENGTH, #16
	bhi	.Lblock_loop

174
	add	sp, sp, #8	C Drop saved r0, r1
Niels Möller's avatar
Niels Möller committed
175 176 177 178 179
	pop	{r4,r5,r6,r7,r8,r10,r11,pc}
	
.Lend:
	bx	lr
EPILOGUE(_nettle_aes_decrypt)