Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Brian Smith
nettle
Commits
f6360a08
Commit
f6360a08
authored
May 16, 2013
by
Niels Möller
Browse files
arm: Added AES code for pre-v6 processors.
parent
444c99c1
Changes
4
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
f6360a08
2013-05-16 Niels Möller <nisse@lysator.liu.se>
* arm/aes.m4 (AES_FINAL_ROUND_V6): New name, updated callers.
(AES_FINAL_ROUND_): ... old name. Also eliminated one uxtb
* arm/aes-encrypt-internal.asm: New file, for pre-v6 processors.
* arm/aes-decrypt-internal.asm: New file, likewise.
* arm/aes.m4 (AES_FINAL_ROUND_V5): Variant without using uxtb.
(AES_FINAL_ROUND_V6): New name, updated callers.
(AES_FINAL_ROUND): ... old name. Also eliminated one uxtb
instruction.
(AES_ENCRYPT_ROUND, AES_DECRYPT): Moved macros to the
files using them.
...
...
arm/aes-decrypt-internal.asm
0 → 100644
View file @
f6360a08
C
nettle
,
low
-
level
cryptographics
library
C
C
Copyright
(
C
)
2013
Niels
M
ö
ller
C
C
The
nettle
library
is
free
software
; you can redistribute it and/or modify
C
it
under
the
terms
of
the
GNU
Lesser
General
Public
License
as
published
by
C
the
Free
Software
Foundation
; either version 2.1 of the License, or (at your
C
option
)
any
later
version.
C
C
The
nettle
library
is
di
stributed
in
the
hope
that
it
will
be
useful
,
but
C
WITHOUT
ANY
WARRANTY
; without even the implied warranty of MERCHANTABILITY
C
or
FITNESS
FOR
A
PARTICULAR
PURPOSE.
See
the
GNU
Lesser
General
Public
C
License
for
more
details.
C
C
You
should
have
received
a
copy
of
the
GNU
Lesser
General
Public
License
C
al
ong
with
the
nettle
library
; see the file COPYING.LIB. If not, write to
C
the
Free
Software
Foundation
,
Inc.
,
51
Franklin
Street
,
Fifth
Floor
,
Boston
,
C
MA
02111
-
1301
,
USA.
include_src
(
<
arm
/
aes.m4
>
)
C
define
(
<
CTX
>
,
<
r0
>
)
define
(
<
TABLE
>
,
<
r1
>
)
define
(
<
LENGTH
>
,
<
r2
>
)
define
(
<
DS
T
>
,
<
r3
>
)
define
(
<
SRC
>
,
<
r12
>
)
define
(
<
W0
>
,
<
r4
>
)
define
(
<
W1
>
,
<
r5
>
)
define
(
<
W2
>
,
<
r6
>
)
define
(
<
W3
>
,
<
r7
>
)
define
(
<
T0
>
,
<
r8
>
)
define
(
<
KEY
>
,
<
r10
>
)
define
(
<
ROUND
>
,
<
r11
>
)
define
(
<
X0
>
,
<
r2
>
)
C
Overlaps
LENGTH
,
SRC
,
DS
T
define
(
<
X1
>
,
<
r3
>
)
define
(
<
X2
>
,
<
r12
>
)
define
(
<
X3
>
,
<
r14
>
)
C
lr
define
(
<
MASK
>
,
<
r0
>
)
C
Overlaps
CTX
input
define
(
<
CTX
>
,
<
[
sp
]
>
)
define
(
<
AES_DECRYPT_ROUND
>
,
<
and
T0
,
MASK
,
$
1
,
lsl
#
2
ldr
$
5
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
2
,
lsl
#
2
ldr
$
6
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
3
,
lsl
#
2
ldr
$
7
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
4
,
lsl
#
2
ldr
$
8
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
4
,
ror
#
6
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
2
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
8
,
$
8
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
14
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
4
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
2
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
8
,
$
8
,
T0
and
T0
,
MASK
,
$
2
,
ror
#
22
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
4
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
ldm
$
9
!
,
{
$
1
,
$
2
,
$
3
,
$
4
}
eor
$
8
,
$
8
,
T0
sub
TABLE
,
TABLE
,
#
3072
eor
$
5
,
$
5
,
$
1
eor
$
6
,
$
6
,
$
2
eor
$
7
,
$
7
,
$
3
eor
$
8
,
$
8
,
$
4
>)
.file
"
aes
-
decrypt
-
internal.asm
"
C
_aes_decrypt
(
struct
aes_context
*
ctx
,
C
const
struct
aes_table
*
T
,
C
si
ze_t
length
,
uint8_t
*
ds
t
,
C
uint8_t
*
src
)
.text
ALIGN
(
4
)
PROLOGUE
(
_nettle_aes_decrypt
)
teq
LENGTH
,
#
0
beq
.Lend
ldr
SRC
,
[
sp
]
push
{
r0
,
r4
,
r5
,
r6
,
r7
,
r8
,
r10
,
r11
,
lr
}
mov
MASK
,
#
0x3fc
ALIGN
(
16
)
.Lblock_loop:
ldr
KEY
,
CTX
ldr
ROUND
,
[
KEY
,
#
+
AES_NROUNDS
]
AES_LOAD
(
SRC
,
KEY
,
W0
)
AES_LOAD
(
SRC
,
KEY
,
W1
)
AES_LOAD
(
SRC
,
KEY
,
W2
)
AES_LOAD
(
SRC
,
KEY
,
W3
)
push
{
LENGTH
,
DS
T
,
SRC
}
add
TABLE
,
TABLE
,
#
AES_TABLE0
b
.Lentry
ALIGN
(
16
)
.Lround_loop:
C
Transform
X
->
W
AES_DECRYPT_ROUND
(
X0
,
X1
,
X2
,
X3
,
W0
,
W1
,
W2
,
W3
,
KEY
)
.Lentry:
subs
ROUND
,
ROUND
,
#
2
C
Transform
W
->
X
AES_DECRYPT_ROUND
(
W0
,
W1
,
W2
,
W3
,
X0
,
X1
,
X2
,
X3
,
KEY
)
bne
.Lround_loop
lsr
ROUND
,
MASK
,
#
2
C
Put
the
needed
mask
in
the
unused
ROUND
register
sub
TABLE
,
TABLE
,
#
AES_TABLE0
C
Final
round
AES_FINAL_ROUND_V5
(
X0
,
X3
,
X2
,
X1
,
KEY
,
W0
,
ROUND
)
AES_FINAL_ROUND_V5
(
X1
,
X0
,
X3
,
X2
,
KEY
,
W1
,
ROUND
)
AES_FINAL_ROUND_V5
(
X2
,
X1
,
X0
,
X3
,
KEY
,
W2
,
ROUND
)
AES_FINAL_ROUND_V5
(
X3
,
X2
,
X1
,
X0
,
KEY
,
W3
,
ROUND
)
pop
{
LENGTH
,
DS
T
,
SRC
}
AES_STORE
(
DS
T
,
W0
)
AES_STORE
(
DS
T
,
W1
)
AES_STORE
(
DS
T
,
W2
)
AES_STORE
(
DS
T
,
W3
)
subs
LENGTH
,
LENGTH
,
#
16
bhi
.Lblock_loop
add
sp
,
sp
,
#
4
C
Drop
saved
r0
pop
{
r4
,
r5
,
r6
,
r7
,
r8
,
r10
,
r11
,
pc
}
.Lend:
bx
lr
EPILOGUE
(
_nettle_aes_decrypt
)
arm/aes-encrypt-internal.asm
0 → 100644
View file @
f6360a08
C
nettle
,
low
-
level
cryptographics
library
C
C
Copyright
(
C
)
2013
Niels
M
ö
ller
C
C
The
nettle
library
is
free
software
; you can redistribute it and/or modify
C
it
under
the
terms
of
the
GNU
Lesser
General
Public
License
as
published
by
C
the
Free
Software
Foundation
; either version 2.1 of the License, or (at your
C
option
)
any
later
version.
C
C
The
nettle
library
is
di
stributed
in
the
hope
that
it
will
be
useful
,
but
C
WITHOUT
ANY
WARRANTY
; without even the implied warranty of MERCHANTABILITY
C
or
FITNESS
FOR
A
PARTICULAR
PURPOSE.
See
the
GNU
Lesser
General
Public
C
License
for
more
details.
C
C
You
should
have
received
a
copy
of
the
GNU
Lesser
General
Public
License
C
al
ong
with
the
nettle
library
; see the file COPYING.LIB. If not, write to
C
the
Free
Software
Foundation
,
Inc.
,
51
Franklin
Street
,
Fifth
Floor
,
Boston
,
C
MA
02111
-
1301
,
USA.
include_src
(
<
arm
/
aes.m4
>
)
C
Benchmarked
at
at
725
,
930
,
990
cycles
/
bl
ock
on
cortex
A9
,
C
for
128
,
192
and
256
bit
key
si
zes.
C
Possible
improvements
:
More
efficient
load
and
store
with
C
al
igned
accesses.
Better
scheduling.
C
define
(
<
CTX
>
,
<
r0
>
)
define
(
<
TABLE
>
,
<
r1
>
)
define
(
<
LENGTH
>
,
<
r2
>
)
define
(
<
DS
T
>
,
<
r3
>
)
define
(
<
SRC
>
,
<
r12
>
)
define
(
<
W0
>
,
<
r4
>
)
define
(
<
W1
>
,
<
r5
>
)
define
(
<
W2
>
,
<
r6
>
)
define
(
<
W3
>
,
<
r7
>
)
define
(
<
T0
>
,
<
r8
>
)
define
(
<
KEY
>
,
<
r10
>
)
define
(
<
ROUND
>
,
<
r11
>
)
define
(
<
X0
>
,
<
r2
>
)
C
Overlaps
LENGTH
,
SRC
,
DS
T
define
(
<
X1
>
,
<
r3
>
)
define
(
<
X2
>
,
<
r12
>
)
define
(
<
X3
>
,
<
r14
>
)
C
lr
define
(
<
MASK
>
,
<
r0
>
)
C
Overlaps
CTX
input
define
(
<
CTX
>
,
<
[
sp
]
>
)
C
AES_ENCRYPT_ROUND
(
x0
,
x1
,
x2
,
x3
,
w0
,
w1
,
w2
,
w3
,
key
)
C
MASK
should
hold
the
constant
0x3fc
.
define
(
<
AES_ENCRYPT_ROUND
>
,
<
and
T0
,
MASK
,
$
1
,
lsl
#
2
ldr
$
5
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
2
,
lsl
#
2
ldr
$
6
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
3
,
lsl
#
2
ldr
$
7
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
4
,
lsl
#
2
ldr
$
8
,
[
TABLE
,
T0
]
and
T0
,
MASK
,
$
2
,
ror
#
6
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
4
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
6
ldr
T0
,
[
TABLE
,
T0
]
eor
$
8
,
$
8
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
14
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
4
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
2
,
ror
#
14
ldr
T0
,
[
TABLE
,
T0
]
eor
$
8
,
$
8
,
T0
and
T0
,
MASK
,
$
4
,
ror
#
22
add
TABLE
,
TABLE
,
#
1024
ldr
T0
,
[
TABLE
,
T0
]
eor
$
5
,
$
5
,
T0
and
T0
,
MASK
,
$
1
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
eor
$
6
,
$
6
,
T0
and
T0
,
MASK
,
$
2
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
eor
$
7
,
$
7
,
T0
and
T0
,
MASK
,
$
3
,
ror
#
22
ldr
T0
,
[
TABLE
,
T0
]
ldm
$
9
!
,
{
$
1
,
$
2
,
$
3
,
$
4
}
eor
$
8
,
$
8
,
T0
sub
TABLE
,
TABLE
,
#
3072
eor
$
5
,
$
5
,
$
1
eor
$
6
,
$
6
,
$
2
eor
$
7
,
$
7
,
$
3
eor
$
8
,
$
8
,
$
4
>)
.file
"
aes
-
encrypt
-
internal.asm
"
C
_aes_encrypt
(
struct
aes_context
*
ctx
,
C
const
struct
aes_table
*
T
,
C
si
ze_t
length
,
uint8_t
*
ds
t
,
C
uint8_t
*
src
)
.text
ALIGN
(
4
)
PROLOGUE
(
_nettle_aes_encrypt
)
teq
LENGTH
,
#
0
beq
.Lend
ldr
SRC
,
[
sp
]
push
{
r0
,
r4
,
r5
,
r6
,
r7
,
r8
,
r10
,
r11
,
lr
}
mov
MASK
,
#
0x3fc
ALIGN
(
16
)
.Lblock_loop:
ldr
KEY
,
CTX
ldr
ROUND
,
[
KEY
,
#
+
AES_NROUNDS
]
AES_LOAD
(
SRC
,
KEY
,
W0
)
AES_LOAD
(
SRC
,
KEY
,
W1
)
AES_LOAD
(
SRC
,
KEY
,
W2
)
AES_LOAD
(
SRC
,
KEY
,
W3
)
push
{
LENGTH
,
DS
T
,
SRC
}
add
TABLE
,
TABLE
,
#
AES_TABLE0
b
.Lentry
ALIGN
(
16
)
.Lround_loop:
C
Transform
X
->
W
AES_ENCRYPT_ROUND
(
X0
,
X1
,
X2
,
X3
,
W0
,
W1
,
W2
,
W3
,
KEY
)
.Lentry:
subs
ROUND
,
ROUND
,
#
2
C
Transform
W
->
X
AES_ENCRYPT_ROUND
(
W0
,
W1
,
W2
,
W3
,
X0
,
X1
,
X2
,
X3
,
KEY
)
bne
.Lround_loop
lsr
ROUND
,
MASK
,
#
2
C
Put
the
needed
mask
in
the
unused
ROUND
register
sub
TABLE
,
TABLE
,
#
AES_TABLE0
C
Final
round
AES_FINAL_ROUND_V5
(
X0
,
X1
,
X2
,
X3
,
KEY
,
W0
,
ROUND
)
AES_FINAL_ROUND_V5
(
X1
,
X2
,
X3
,
X0
,
KEY
,
W1
,
ROUND
)
AES_FINAL_ROUND_V5
(
X2
,
X3
,
X0
,
X1
,
KEY
,
W2
,
ROUND
)
AES_FINAL_ROUND_V5
(
X3
,
X0
,
X1
,
X2
,
KEY
,
W3
,
ROUND
)
pop
{
LENGTH
,
DS
T
,
SRC
}
AES_STORE
(
DS
T
,
W0
)
AES_STORE
(
DS
T
,
W1
)
AES_STORE
(
DS
T
,
W2
)
AES_STORE
(
DS
T
,
W3
)
subs
LENGTH
,
LENGTH
,
#
16
bhi
.Lblock_loop
add
sp
,
sp
,
#
4
C
Drop
saved
r0
pop
{
r4
,
r5
,
r6
,
r7
,
r8
,
r10
,
r11
,
pc
}
.Lend:
bx
lr
EPILOGUE
(
_nettle_aes_encrypt
)
arm/aes.m4
View file @
f6360a08
...
...
@@ -38,3 +38,21 @@ define(<AES_FINAL_ROUND_V6>, <
ldr T0, [$5], #+4
eor $6, $6, T0
>)
C AES_FINAL_ROUND_V5(a,b,c,d,key,res,mask)
C Avoids the uxtb instruction, introduced in ARMv6.
C The mask argument should hold the constant 0xff
define(<AES_FINAL_ROUND_V5>, <
and T0, $7, $1
ldrb $6, [TABLE, T0]
and T0, $7, $2, ror #8
ldrb T0, [TABLE, T0]
eor $6, $6, T0, lsl #8
and T0, $7, $3, ror #16
ldrb T0, [TABLE, T0]
eor $6, $6, T0, lsl #16
ldrb T0, [TABLE, $4, lsr #24]
eor $6, $6, T0, lsl #24
ldr T0, [$5], #+4
eor $6, T0
>)
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment