aes-decrypt-internal.asm 3.75 KB
Newer Older
1 2
C nettle, low-level cryptographics library
C 
Niels Möller's avatar
Niels Möller committed
3
C Copyright (C) 2001, 2002, 2005 Rafael R. Sevilla, Niels Möller
4 5 6 7 8 9 10 11 12 13 14 15 16
C  
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
17 18
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.
19

20 21
include_src(<x86/aes.m4>)

22 23 24 25 26 27 28 29 30 31 32 33 34
C Register usage:

C AES state
define(<SA>,<%eax>)
define(<SB>,<%ebx>)
define(<SC>,<%ecx>)
define(<SD>,<%edx>)

C Primary use of these registers. They're also used temporarily for other things.
define(<T>,<%ebp>)
define(<TMP>,<%edi>)
define(<KEY>,<%esi>)

35 36 37 38 39 40 41 42 43 44 45
define(<FRAME_CTX>,	<40(%esp)>)
define(<FRAME_TABLE>,	<44(%esp)>)
define(<FRAME_LENGTH>,	<48(%esp)>)
define(<FRAME_DST>,	<52(%esp)>)
define(<FRAME_SRC>,	<56(%esp)>)

define(<FRAME_KEY>,	<16(%esp)>)
define(<FRAME_COUNT>,	<12(%esp)>)
define(<TA>,		<8(%esp)>)
define(<TB>,		<4(%esp)>)
define(<TC>,		<(%esp)>)
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62

C The aes state is kept in %eax, %ebx, %ecx and %edx
C
C %esi is used as temporary, to point to the input, and to the
C subkeys, etc.
C
C %ebp is used as the round counter, and as a temporary in the final round.
C
C %edi is a temporary, often used as an accumulator.

	.file "aes-decrypt-internal.asm"
	
	C _aes_decrypt(struct aes_context *ctx, 
	C	       const struct aes_table *T,
	C	       unsigned length, uint8_t *dst,
	C	       uint8_t *src)
	.text
63
	ALIGN(16)
64 65 66 67 68 69 70
PROLOGUE(_nettle_aes_decrypt)
	C save all registers that need to be saved
	pushl	%ebx		C  20(%esp)
	pushl	%ebp		C  16(%esp)
	pushl	%esi		C  12(%esp)
	pushl	%edi		C  8(%esp)

71
	subl	$20, %esp	C  loop counter and save area for the key pointer
72 73 74 75 76

	movl	FRAME_LENGTH, %ebp
	testl	%ebp,%ebp
	jz	.Lend

77
	shrl	$4, FRAME_LENGTH
Niels Möller's avatar
Niels Möller committed
78

79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95
.Lblock_loop:
	movl	FRAME_CTX,KEY	C  address of context struct ctx
	
	movl	FRAME_SRC,TMP	C  address of plaintext
	AES_LOAD(SA, SB, SC, SD, TMP, KEY)
	addl	$16, FRAME_SRC	C Increment src pointer
	movl	FRAME_TABLE, T

	C  get number of rounds to do from ctx struct	
	movl	AES_NROUNDS (KEY),TMP
	subl	$1,TMP

	C Loop counter on stack
	movl	TMP, FRAME_COUNT

	addl	$16,KEY		C  point to next key
	movl	KEY,FRAME_KEY
96
	ALIGN(16)
97 98
.Lround_loop:
	AES_ROUND(T, SA,SD,SC,SB, TMP, KEY)
99
	movl	TMP, TA
100 101

	AES_ROUND(T, SB,SA,SD,SC, TMP, KEY)
102
	movl	TMP, TB
103 104

	AES_ROUND(T, SC,SB,SA,SD, TMP, KEY)
105
	movl	TMP, TC
106

107
	AES_ROUND(T, SD,SC,SB,SA, SD, KEY)
108
	
109 110 111
	movl	TA, SA
	movl	TB, SB
	movl	TC, SC
112 113 114 115 116 117 118 119 120 121 122 123 124
	
	movl	FRAME_KEY, KEY

	xorl	(KEY),SA	C  add current session key to plaintext
	xorl	4(KEY),SB
	xorl	8(KEY),SC
	xorl	12(KEY),SD
	addl	$16,FRAME_KEY	C  point to next key
	decl	FRAME_COUNT
	jnz	.Lround_loop

	C last round

125
	AES_FINAL_ROUND(SA,SD,SC,SB,T, TMP, KEY)
126
	movl	TMP, TA
127

128
	AES_FINAL_ROUND(SB,SA,SD,SC,T, TMP, KEY)
129
	movl	TMP, TB
130

131
	AES_FINAL_ROUND(SC,SB,SA,SD,T, TMP, KEY)
132
	movl	TMP, TC
133

134
	AES_FINAL_ROUND(SD,SC,SB,SA,T, SD, KEY)
135

136 137 138
	movl	TA, SA
	movl	TB, SB
	movl	TC, SC
139 140

	C Inverse S-box substitution
141
	mov	$3,TMP
142
.Lsubst:
143
	AES_SUBST_BYTE(SA,SB,SC,SD,T, KEY)
144 145 146 147 148 149 150 151 152 153

	decl	TMP
	jnz	.Lsubst

	C Add last subkey, and store decrypted data
	movl	FRAME_DST,TMP
	movl	FRAME_KEY, KEY
	AES_STORE(SA,SB,SC,SD, KEY, TMP)
	
	addl	$16, FRAME_DST		C Increment destination pointer
154
	decl	FRAME_LENGTH
155 156 157 158

	jnz	.Lblock_loop

.Lend:
159
	addl	$20, %esp
160 161 162 163 164 165
	popl	%edi
	popl	%esi
	popl	%ebp
	popl	%ebx
	ret
EPILOGUE(_nettle_aes_decrypt)