From 59cf8c81e43f0c9c21c9c20555890d68e18c87b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> Date: Tue, 14 May 2002 18:41:21 +0200 Subject: [PATCH] * x86/aes-encrypt.asm (aes_encrypt): Move code here... * x86/aes.asm: ...from here. Rev: src/nettle/ChangeLog:1.86 Rev: src/nettle/x86/aes-encrypt.asm:1.2 Rev: src/nettle/x86/aes.asm:1.8 --- ChangeLog | 6 + x86/aes-encrypt.asm | 280 +++++++++++++++++++++++++++++++++++++++++++- x86/aes.asm | 279 ------------------------------------------- 3 files changed, 285 insertions(+), 280 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed9329ad..ba6a61a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ 2002-05-14 Niels M�ller <niels@s3.kth.se> + * x86/aes-encrypt.asm (aes_encrypt): Move code here... + * x86/aes.asm: ...from here. + + * x86/aes.asm: Use addl and subl, not add and sub. Replaced + references to dtbl1-4 with references to _aes_encrypt_table. + * configure.ac (asm_path): Enable x86 assembler. * x86/aes.asm (aes_decrypt): Adapted to the current interface. diff --git a/x86/aes-encrypt.asm b/x86/aes-encrypt.asm index a28f44c8..b5b93cce 100644 --- a/x86/aes-encrypt.asm +++ b/x86/aes-encrypt.asm @@ -17,4 +17,282 @@ C along with the nettle library; see the file COPYING.LIB. If not, write to C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, C MA 02111-1307, USA. -C Dummy file, all code is currently in aes.asm +C Register usage: +C +C The aes state is kept in %eax, %ebx, %ecx and %edx +C +C %esi is used as temporary, to point to the input, and to the +C subkeys, etc. +C +C %ebp is used as the round counter, and as a temporary in the final round. +C +C %edi is a temporary, often used as an accumulator. + + .file "aes-encrypt.asm" + + C aes_encrypt(struct aes_context *ctx, + C unsigned length, uint8_t *dst, + C uint8_t *src) + .text + .align 16 + .globl aes_encrypt + .type aes_encrypt,@function +aes_encrypt: + C // save all registers that need to be saved + pushl %ebx C 16(%esp) + pushl %ebp C 12(%esp) + pushl %esi C 8(%esp) + pushl %edi C 4(%esp) + + C ctx = 20(%esp) + C length = 24(%esp) + C dst = 28(%esp) + C src = 32(%esp) + + movl 24(%esp), %ebp + C What's the right way to set the flags? + addl $0, %ebp + jz .Lencrypt_end + +.Lencrypt_block_loop: + movl 32(%esp),%esi C address of plaintext + movl (%esi),%eax C load plaintext into registers + movl 4(%esi),%ebx + movl 8(%esi),%ecx + movl 12(%esi),%edx + + addl $16, 32(%esp) C Increment src pointer +C .Laes_got_plain: + movl 20(%esp),%esi C address of context struct ctx + xorl (%esi),%eax C add first key to plaintext + xorl 4(%esi),%ebx + xorl 8(%esi),%ecx + xorl 12(%esi),%edx +C .Laes_xored_initial: + C FIXME: Use %esi instead + movl 20(%esp),%ebp C address of context struct + movl AES_NROUNDS (%ebp),%ebp C get number of rounds to do from struct + + subl $1,%ebp + addl $16,%esi C point to next key +.Laes_encrypt_loop: + pushl %esi C save this first: we'll clobber it later + + C Computation of the new %eax is broken, in the first test case, + C first round, we get 0xb3b638c6, not dfd5b20f, just + C before adding the subkey + + C First column, IDXi = 0, 1, 2, 3 + C T[0] = table[0][B0(%eax)] + C ^ table[1][B1(%ebx)] + C ^ table[2][B2(%ebx)] + C ^ table[3][B3(%ebx)] + C + C a b c d + movl %eax, %esi + andl $0xff, %esi + shll $2,%esi C index in table + movl AES_TABLE0 + _aes_encrypt_table (%esi),%edi + movl %ebx, %esi + shrl $6,%esi + andl $0x000003fc,%esi C clear all but offset bytes + xorl AES_TABLE1 + _aes_encrypt_table (%esi),%edi + movl %ecx,%esi C third one + shrl $14,%esi + andl $0x000003fc,%esi + xorl AES_TABLE2 + _aes_encrypt_table (%esi),%edi + movl %edx,%esi C fourth one + shrl $22,%esi + andl $0x000003fc,%esi + xorl AES_TABLE3 + _aes_encrypt_table (%esi),%edi + pushl %edi C save first on stack + + C // Second column + C b c d a + movl %ebx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in table + movl AES_TABLE0 + _aes_encrypt_table (%esi),%edi + movl %ecx,%esi C second one + shrl $6,%esi + andl $0x000003fc,%esi C clear all but offset bytes + xorl AES_TABLE1 + _aes_encrypt_table (%esi),%edi + movl %edx,%esi C third one + shrl $14,%esi + andl $0x000003fc,%esi + xorl AES_TABLE2 + _aes_encrypt_table (%esi),%edi + movl %eax,%esi C fourth one + shrl $22,%esi + andl $0x000003fc,%esi + xorl AES_TABLE3 + _aes_encrypt_table (%esi),%edi + pushl %edi C save first on stack + + C // Third column + C c d a b + movl %ecx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in table + movl AES_TABLE0 + _aes_encrypt_table (%esi),%edi + movl %edx,%esi C second one + shrl $6,%esi + andl $0x000003fc,%esi C clear all but offset bytes + xorl AES_TABLE1 + _aes_encrypt_table (%esi),%edi + movl %eax,%esi C third one + shrl $14,%esi + andl $0x000003fc,%esi + xorl AES_TABLE2 + _aes_encrypt_table (%esi),%edi + movl %ebx,%esi C fourth one + shrl $22,%esi + andl $0x000003fc,%esi + xorl AES_TABLE3 + _aes_encrypt_table (%esi),%edi + pushl %edi C save first on stack + + C // Fourth column + C d a b c + movl %edx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in table + movl AES_TABLE0 + _aes_encrypt_table (%esi),%edi + movl %eax,%esi C second one + shrl $6,%esi + andl $0x000003fc,%esi C clear all but offset bytes + xorl AES_TABLE1 + _aes_encrypt_table (%esi),%edi + movl %ebx,%esi C third one + shrl $14,%esi + andl $0x000003fc,%esi + xorl AES_TABLE2 + _aes_encrypt_table (%esi),%edi + movl %ecx,%esi C fourth one + shrl $22,%esi + andl $0x000003fc,%esi + xorl AES_TABLE3 + _aes_encrypt_table (%esi),%edi + + movl %edi,%edx + popl %ecx + popl %ebx + popl %eax + popl %esi +C .Laes_got_t: + xorl (%esi),%eax C add current session key to plaintext + xorl 4(%esi),%ebx + xorl 8(%esi),%ecx + xorl 12(%esi),%edx + addl $16,%esi C point to next key + decl %ebp + jnz .Laes_encrypt_loop + + C // last round + C // first column + C a b c d + movl %eax,%edi + andl $0x000000ff,%edi + movl %ebx,%ebp + andl $0x0000ff00,%ebp + orl %ebp,%edi + movl %ecx,%ebp + andl $0x00ff0000,%ebp + orl %ebp,%edi + movl %edx,%ebp + andl $0xff000000,%ebp + orl %ebp,%edi + pushl %edi + + C // second column + C d a b c + movl %eax,%edi + andl $0x0000ff00,%edi + movl %ebx,%ebp + andl $0x00ff0000,%ebp + orl %ebp,%edi + movl %ecx,%ebp + andl $0xff000000,%ebp + orl %ebp,%edi + movl %edx,%ebp + andl $0x000000ff,%ebp + orl %ebp,%edi + pushl %edi + + C c d a b + C // third column + movl %eax,%edi + andl $0x00ff0000,%edi + movl %ebx,%ebp + andl $0xff000000,%ebp + orl %ebp,%edi + movl %ecx,%ebp + andl $0x000000ff,%ebp + orl %ebp,%edi + movl %edx,%ebp + andl $0x0000ff00,%ebp + orl %ebp,%edi + pushl %edi + + C // fourth column + C b c d a + movl %eax,%edi + andl $0xff000000,%edi + movl %ebx,%ebp + andl $0x000000ff,%ebp + orl %ebp,%edi + movl %ecx,%ebp + andl $0x0000ff00,%ebp + orl %ebp,%edi + movl %edx,%ebp + andl $0x00ff0000,%ebp + orl %ebp,%edi + movl %edi,%edx + popl %ecx + popl %ebx + popl %eax + xchgl %ebx,%edx + + C // S-box substitution + mov $4,%edi +.Lsubst: + movl %eax,%ebp + andl $0x000000ff,%ebp + movb AES_SBOX + _aes_encrypt_table (%ebp),%al + roll $8,%eax + + movl %ebx,%ebp + andl $0x000000ff,%ebp + movb AES_SBOX + _aes_encrypt_table (%ebp),%bl + roll $8,%ebx + + movl %ecx,%ebp + andl $0x000000ff,%ebp + movb AES_SBOX + _aes_encrypt_table (%ebp),%cl + roll $8,%ecx + + movl %edx,%ebp + andl $0x000000ff,%ebp + movb AES_SBOX + _aes_encrypt_table (%ebp),%dl + roll $8,%edx + + decl %edi + jnz .Lsubst + +C .Laes_got_tlast: + xorl (%esi),%eax C add last key to plaintext + xorl 4(%esi),%ebx + xorl 8(%esi),%ecx + xorl 12(%esi),%edx +C .Laes_got_result: + C // store encrypted data back to caller's buffer + movl 28(%esp),%edi + movl %eax,(%edi) + movl %ebx,4(%edi) + movl %ecx,8(%edi) + movl %edx,12(%edi) + + addl $16, 28(%esp) C Increment destination pointer + subl $16, 24(%esp) + jnz .Lencrypt_block_loop + +.Lencrypt_end: + popl %edi + popl %esi + popl %ebp + popl %ebx + ret +.eore: + .size aes_encrypt,.eore-aes_encrypt diff --git a/x86/aes.asm b/x86/aes.asm index a51e5fad..8b861f42 100644 --- a/x86/aes.asm +++ b/x86/aes.asm @@ -24,285 +24,6 @@ C MA 02111-1307, USA. include_src(<x86/aes_tables.asm>) - .text - -C Register usage: -C -C The aes state is kept in %eax, %ebx, %ecx and %edx -C -C %esi is used as temporary, to point to the input, and to the -C subkeys, etc. -C -C %ebp is used as the round counter, and as a temporary in the final round. -C -C %edi is a temporary, often used as an accumulator. - - C aes_encrypt(struct aes_context *ctx, - C unsigned length, uint8_t *dst, - C uint8_t *src) - .align 16 -.globl aes_encrypt - .type aes_encrypt,@function -aes_encrypt: - C // save all registers that need to be saved - pushl %ebx C 16(%esp) - pushl %ebp C 12(%esp) - pushl %esi C 8(%esp) - pushl %edi C 4(%esp) - - C ctx = 20(%esp) - C length = 24(%esp) - C dst = 28(%esp) - C src = 32(%esp) - - movl 24(%esp), %ebp - C What's the right way to set the flags? - addl $0, %ebp - jz .Lencrypt_end - -.Lencrypt_block_loop: - movl 32(%esp),%esi C address of plaintext - movl (%esi),%eax C load plaintext into registers - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - - addl $16, 32(%esp) C Increment src pointer -C .Laes_got_plain: - movl 20(%esp),%esi C address of context struct ctx - xorl (%esi),%eax C add first key to plaintext - xorl 4(%esi),%ebx - xorl 8(%esi),%ecx - xorl 12(%esi),%edx -C .Laes_xored_initial: - C FIXME: Use %esi instead - movl 20(%esp),%ebp C address of context struct - movl AES_NROUNDS (%ebp),%ebp C get number of rounds to do from struct - - subl $1,%ebp - addl $16,%esi C point to next key -.Laes_encrypt_loop: - pushl %esi C save this first: we'll clobber it later - - C Computation of the new %eax is broken, in the first test case, - C first round, we get 0xb3b638c6, not dfd5b20f, just - C before adding the subkey - - C First column, IDXi = 0, 1, 2, 3 - C T[0] = table[0][B0(%eax)] - C ^ table[1][B1(%ebx)] - C ^ table[2][B2(%ebx)] - C ^ table[3][B3(%ebx)] - C - C a b c d - movl %eax, %esi - andl $0xff, %esi - shll $2,%esi C index in dtbl1 - C movl dtbl1(%esi),%edi - movl AES_TABLE0 + _aes_encrypt_table (%esi),%edi - movl %ebx, %esi - shrl $6,%esi - andl $0x000003fc,%esi C clear all but offset bytes - xorl AES_TABLE1 + _aes_encrypt_table (%esi),%edi - movl %ecx,%esi C third one - shrl $14,%esi - andl $0x000003fc,%esi - xorl AES_TABLE2 + _aes_encrypt_table (%esi),%edi - movl %edx,%esi C fourth one - shrl $22,%esi - andl $0x000003fc,%esi - xorl AES_TABLE3 + _aes_encrypt_table (%esi),%edi - pushl %edi C save first on stack - - C // Second column - C b c d a - movl %ebx,%esi C copy first in - andl $0x000000ff,%esi C clear all but offset - shll $2,%esi C index in dtbl1 - movl dtbl1(%esi),%edi - movl %ecx,%esi C second one - shrl $6,%esi - andl $0x000003fc,%esi C clear all but offset bytes - xorl dtbl2(%esi),%edi - movl %edx,%esi C third one - shrl $14,%esi - andl $0x000003fc,%esi - xorl dtbl3(%esi),%edi - movl %eax,%esi C fourth one - shrl $22,%esi - andl $0x000003fc,%esi - xorl dtbl4(%esi),%edi - pushl %edi C save first on stack - - C // Third column - C c d a b - movl %ecx,%esi C copy first in - andl $0x000000ff,%esi C clear all but offset - shll $2,%esi C index in dtbl1 - movl dtbl1(%esi),%edi - movl %edx,%esi C second one - shrl $6,%esi - andl $0x000003fc,%esi C clear all but offset bytes - xorl dtbl2(%esi),%edi - movl %eax,%esi C third one - shrl $14,%esi - andl $0x000003fc,%esi - xorl dtbl3(%esi),%edi - movl %ebx,%esi C fourth one - shrl $22,%esi - andl $0x000003fc,%esi - xorl dtbl4(%esi),%edi - pushl %edi C save first on stack - - C // Fourth column - C d a b c - movl %edx,%esi C copy first in - andl $0x000000ff,%esi C clear all but offset - shll $2,%esi C index in dtbl1 - movl dtbl1(%esi),%edi - movl %eax,%esi C second one - shrl $6,%esi - andl $0x000003fc,%esi C clear all but offset bytes - xorl dtbl2(%esi),%edi - movl %ebx,%esi C third one - shrl $14,%esi - andl $0x000003fc,%esi - xorl dtbl3(%esi),%edi - movl %ecx,%esi C fourth one - shrl $22,%esi - andl $0x000003fc,%esi - xorl dtbl4(%esi),%edi - - movl %edi,%edx - popl %ecx - popl %ebx - popl %eax - popl %esi -C .Laes_got_t: - xorl (%esi),%eax C add current session key to plaintext - xorl 4(%esi),%ebx - xorl 8(%esi),%ecx - xorl 12(%esi),%edx - addl $16,%esi C point to next key - decl %ebp - jnz .Laes_encrypt_loop - - C // last round - C // first column - C a b c d - movl %eax,%edi - andl $0x000000ff,%edi - movl %ebx,%ebp - andl $0x0000ff00,%ebp - orl %ebp,%edi - movl %ecx,%ebp - andl $0x00ff0000,%ebp - orl %ebp,%edi - movl %edx,%ebp - andl $0xff000000,%ebp - orl %ebp,%edi - pushl %edi - - C // second column - C d a b c - movl %eax,%edi - andl $0x0000ff00,%edi - movl %ebx,%ebp - andl $0x00ff0000,%ebp - orl %ebp,%edi - movl %ecx,%ebp - andl $0xff000000,%ebp - orl %ebp,%edi - movl %edx,%ebp - andl $0x000000ff,%ebp - orl %ebp,%edi - pushl %edi - - C c d a b - C // third column - movl %eax,%edi - andl $0x00ff0000,%edi - movl %ebx,%ebp - andl $0xff000000,%ebp - orl %ebp,%edi - movl %ecx,%ebp - andl $0x000000ff,%ebp - orl %ebp,%edi - movl %edx,%ebp - andl $0x0000ff00,%ebp - orl %ebp,%edi - pushl %edi - - C // fourth column - C b c d a - movl %eax,%edi - andl $0xff000000,%edi - movl %ebx,%ebp - andl $0x000000ff,%ebp - orl %ebp,%edi - movl %ecx,%ebp - andl $0x0000ff00,%ebp - orl %ebp,%edi - movl %edx,%ebp - andl $0x00ff0000,%ebp - orl %ebp,%edi - movl %edi,%edx - popl %ecx - popl %ebx - popl %eax - xchgl %ebx,%edx - - C // S-box substitution - mov $4,%edi -.Lsubst: - movl %eax,%ebp - andl $0x000000ff,%ebp - movb AES_SBOX + _aes_encrypt_table (%ebp),%al - roll $8,%eax - - movl %ebx,%ebp - andl $0x000000ff,%ebp - movb sbox(%ebp),%bl - roll $8,%ebx - - movl %ecx,%ebp - andl $0x000000ff,%ebp - movb sbox(%ebp),%cl - roll $8,%ecx - - movl %edx,%ebp - andl $0x000000ff,%ebp - movb sbox(%ebp),%dl - roll $8,%edx - - decl %edi - jnz .Lsubst - -C .Laes_got_tlast: - xorl (%esi),%eax C add last key to plaintext - xorl 4(%esi),%ebx - xorl 8(%esi),%ecx - xorl 12(%esi),%edx -C .Laes_got_result: - C // store encrypted data back to caller's buffer - movl 28(%esp),%edi - movl %eax,(%edi) - movl %ebx,4(%edi) - movl %ecx,8(%edi) - movl %edx,12(%edi) - - addl $16, 28(%esp) C Increment destination pointer - subl $16, 24(%esp) - jnz .Lencrypt_block_loop - -.Lencrypt_end: - popl %edi - popl %esi - popl %ebp - popl %ebx - ret -.eore: - .size aes_encrypt,.eore-aes_encrypt C aes_encrypt(struct aes_context *ctx, -- GitLab