aes-decrypt.asm 3.15 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
C nettle, low-level cryptographics library
C 
C Copyright (C) 2001, 2002 Rafael R. Sevilla, Niels Mller
C  
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
C MA 02111-1307, USA.

20
21
22
	.file "aes-decrypt.asm"

	C aes_decrypt(struct aes_context *ctx, 
23
24
	C	      unsigned length, uint8_t *dst,
	C	      uint8_t *src)
25
	.text
26
	.align 16
27
28
29
	.globl C_NAME(nettle_aes_decrypt)
	.type  C_NAME(nettle_aes_decrypt),@function
C_NAME(nettle_aes_decrypt):
30
	C save all registers that need to be saved
31
32
33
34
35
36
37
38
39
40
41
	pushl	%ebx		C  16(%esp)
	pushl	%ebp		C  12(%esp)
	pushl	%esi		C  8(%esp)
	pushl	%edi		C  4(%esp)

	C ctx = 20(%esp)
	C length = 24(%esp)
	C dst = 28(%esp)
	C src = 32(%esp)

	movl	24(%esp), %ebp
42
	testl	%ebp,%ebp
Niels Möller's avatar
Niels Möller committed
43
	jz	.Lend
44
	
Niels Möller's avatar
Niels Möller committed
45
.Lblock_loop:
46
47
48
	movl	20(%esp),%esi	C  address of context struct ctx
	movl	32(%esp),%ebp	C  address of plaintext
	AES_LOAD(%esi, %ebp)
49
	addl	$16, 32(%esp)	C Increment src pointer
50
51
52

	C  get number of rounds to do from struct	
	movl	AES_NROUNDS (%esi),%ebp	
53
54
55

	subl	$1,%ebp		C  one round is complete
	addl	$16,%esi	C  point to next key
Niels Möller's avatar
Niels Möller committed
56
.Lround_loop:
57
58
	pushl	%esi		C  save this first: we'll clobber it later

Niels Möller's avatar
Niels Möller committed
59
60
61
	C In these patterns, note that each row, like
	C "a,d,c,b" corresponds to one *column* of the 
	C array _aes_decrypt_table.idx.
62
	AES_ROUND(C_NAME(_nettle_aes_decrypt_table),a,d,c,b)
63
64
	pushl	%edi		C  save first on stack

65
	AES_ROUND(C_NAME(_nettle_aes_decrypt_table),b,a,d,c)
66
67
	pushl	%edi

68
	AES_ROUND(C_NAME(_nettle_aes_decrypt_table),c,b,a,d)
69
70
	pushl	%edi		C  save first on stack

71
	AES_ROUND(C_NAME(_nettle_aes_decrypt_table),d,c,b,a)
72
73
74
75
76

	movl	%edi,%edx
	popl	%ecx
	popl	%ebx
	popl	%eax
77
	
78
	popl	%esi
79
	
80
81
82
83
84
85
	xorl	(%esi),%eax	C  add current session key to plaintext
	xorl	4(%esi),%ebx
	xorl	8(%esi),%ecx
	xorl	12(%esi),%edx
	addl	$16,%esi	C  point to next key
	decl	%ebp
Niels Möller's avatar
Niels Möller committed
86
	jnz	.Lround_loop
87

88
89
	C last round

90
	AES_FINAL_ROUND(a,d,c,b)
91
92
	pushl	%edi

93
	AES_FINAL_ROUND(b,a,d,c)
94
95
	pushl	%edi

96
	AES_FINAL_ROUND(c,b,a,d)
97
98
	pushl	%edi

99
	AES_FINAL_ROUND(d,c,b,a)
100
	
101
102
103
104
105
	movl	%edi,%edx
	popl	%ecx
	popl	%ebx
	popl	%eax

106
	C inverse S-box substitution
107
	mov	$4,%edi
Niels Möller's avatar
Niels Möller committed
108
.Lsubst:
109
	AES_SUBST_BYTE(_nettle_aes_decrypt_table)
110
111

	decl	%edi
Niels Möller's avatar
Niels Möller committed
112
	jnz	.Lsubst
113

Niels Möller's avatar
Niels Möller committed
114
	C Add last subkey, and store encrypted data
115
	movl	28(%esp),%edi
Niels Möller's avatar
Niels Möller committed
116
	AES_STORE(%esi, %edi)
117
118
	
	addl	$16, 28(%esp)	C Increment destination pointer
119
120
121
122
	subl	$16, 24(%esp)	C Length

	C NOTE: Will loop forever if input data is not an
	C integer number of blocks.
Niels Möller's avatar
Niels Möller committed
123
	jnz	.Lblock_loop
124

Niels Möller's avatar
Niels Möller committed
125
.Lend: 
126
127
128
129
130
	popl	%edi
	popl	%esi
	popl	%ebp
	popl	%ebx
	ret
131
.Leord:
132
	.size	C_NAME(nettle_aes_decrypt),.Leord-C_NAME(nettle_aes_decrypt)