Skip to content
Snippets Groups Projects
Commit bce70674 authored by Niels Möller's avatar Niels Möller
Browse files

(aes_decrypt): Adapted to the current interface.

Notably, the order of the subkeys was reversed. Single block
encrypt/decrypt works now.

Rev: src/nettle/x86/aes.asm:1.5
parent 94628b71
No related branches found
No related tags found
No related merge requests found
...@@ -17,6 +17,7 @@ C along with the nettle library; see the file COPYING.LIB. If not, write to ...@@ -17,6 +17,7 @@ C along with the nettle library; see the file COPYING.LIB. If not, write to
C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
C MA 02111-1307, USA. C MA 02111-1307, USA.
.file "aes.asm" .file "aes.asm"
.data .data
...@@ -25,7 +26,16 @@ include_src(<x86/aes_tables.asm>) ...@@ -25,7 +26,16 @@ include_src(<x86/aes_tables.asm>)
.text .text
.globl print_word C Register usage:
C
C The aes state is kept in %eax, %ebx, %ecx and %edx
C
C %esi is used as temporary, to point to the input, and to the
C subkeys, etc.
C
C %ebp is used as the round counter, and as a temporary in the final round.
C
C %edi is a temporary, often used as an accumulator.
C aes_encrypt(struct aes_context *ctx, C aes_encrypt(struct aes_context *ctx,
C unsigned length, uint8_t *dst, C unsigned length, uint8_t *dst,
...@@ -57,6 +67,7 @@ aes_got_plain: ...@@ -57,6 +67,7 @@ aes_got_plain:
xorl 8(%esi),%ecx xorl 8(%esi),%ecx
xorl 12(%esi),%edx xorl 12(%esi),%edx
aes_xored_initial: aes_xored_initial:
C FIXME: Use %esi instead
movl 20(%esp),%ebp C address of context struct movl 20(%esp),%ebp C address of context struct
movl AES_NROUNDS (%ebp),%ebp C get number of rounds to do from struct movl AES_NROUNDS (%ebp),%ebp C get number of rounds to do from struct
...@@ -74,6 +85,8 @@ aes_encrypt_loop: ...@@ -74,6 +85,8 @@ aes_encrypt_loop:
C ^ table[1][B1(%ebx)] C ^ table[1][B1(%ebx)]
C ^ table[2][B2(%ebx)] C ^ table[2][B2(%ebx)]
C ^ table[3][B3(%ebx)] C ^ table[3][B3(%ebx)]
C
C a b c d
movl %eax, %esi movl %eax, %esi
andl $0xff, %esi andl $0xff, %esi
shll $2,%esi C index in dtbl1 shll $2,%esi C index in dtbl1
...@@ -93,6 +106,7 @@ aes_encrypt_loop: ...@@ -93,6 +106,7 @@ aes_encrypt_loop:
pushl %edi C save first on stack pushl %edi C save first on stack
C // Second column C // Second column
C b c d a
movl %ebx,%esi C copy first in movl %ebx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in dtbl1 shll $2,%esi C index in dtbl1
...@@ -112,6 +126,7 @@ aes_encrypt_loop: ...@@ -112,6 +126,7 @@ aes_encrypt_loop:
pushl %edi C save first on stack pushl %edi C save first on stack
C // Third column C // Third column
C c d a b
movl %ecx,%esi C copy first in movl %ecx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in dtbl1 shll $2,%esi C index in dtbl1
...@@ -131,6 +146,7 @@ aes_encrypt_loop: ...@@ -131,6 +146,7 @@ aes_encrypt_loop:
pushl %edi C save first on stack pushl %edi C save first on stack
C // Fourth column C // Fourth column
C d a b c
movl %edx,%esi C copy first in movl %edx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in dtbl1 shll $2,%esi C index in dtbl1
...@@ -164,6 +180,7 @@ aes_got_t: ...@@ -164,6 +180,7 @@ aes_got_t:
C // last round C // last round
C // first column C // first column
C a b c d
movl %eax,%edi movl %eax,%edi
andl $0x000000ff,%edi andl $0x000000ff,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -178,6 +195,7 @@ aes_got_t: ...@@ -178,6 +195,7 @@ aes_got_t:
pushl %edi pushl %edi
C // second column C // second column
C d a b c
movl %eax,%edi movl %eax,%edi
andl $0x0000ff00,%edi andl $0x0000ff00,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -191,6 +209,7 @@ aes_got_t: ...@@ -191,6 +209,7 @@ aes_got_t:
orl %ebp,%edi orl %ebp,%edi
pushl %edi pushl %edi
C c d a b
C // third column C // third column
movl %eax,%edi movl %eax,%edi
andl $0x00ff0000,%edi andl $0x00ff0000,%edi
...@@ -206,6 +225,7 @@ aes_got_t: ...@@ -206,6 +225,7 @@ aes_got_t:
pushl %edi pushl %edi
C // fourth column C // fourth column
C b c d a
movl %eax,%edi movl %eax,%edi
andl $0xff000000,%edi andl $0xff000000,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -270,8 +290,9 @@ aes_got_result: ...@@ -270,8 +290,9 @@ aes_got_result:
.size aes_encrypt,.eore-aes_encrypt .size aes_encrypt,.eore-aes_encrypt
C // aes_decrypt(AES_context *ctx, const UINT8 *ciphertext C aes_encrypt(struct aes_context *ctx,
C // UINT8 *plaintext) C unsigned length, uint8_t *dst,
C uint8_t *src)
.align 16 .align 16
.globl aes_decrypt .globl aes_decrypt
.type aes_decrypt,@function .type aes_decrypt,@function
...@@ -281,28 +302,42 @@ aes_decrypt: ...@@ -281,28 +302,42 @@ aes_decrypt:
pushl %ebp C 12(%esp) pushl %ebp C 12(%esp)
pushl %esi C 8(%esp) pushl %esi C 8(%esp)
pushl %edi C 4(%esp) pushl %edi C 4(%esp)
movl 24(%esp),%esi C address of ciphertext
C ctx = 20(%esp)
C length = 24(%esp)
C dst = 28(%esp)
C src = 32(%esp)
movl 32(%esp),%esi C address of ciphertext
movl (%esi),%eax C load ciphertext into registers movl (%esi),%eax C load ciphertext into registers
movl 4(%esi),%ebx movl 4(%esi),%ebx
movl 8(%esi),%ecx movl 8(%esi),%ecx
movl 12(%esi),%edx movl 12(%esi),%edx
movl 20(%esp),%esi C address of context struct ctx movl 20(%esp),%esi C address of context struct ctx
movl 480(%esi),%ebp C get number of rounds to do from struct xorl (%esi),%eax C add first key to ciphertext
shll $4,%ebp
leal 240(%esi, %ebp),%esi
shrl $4,%ebp
xorl (%esi),%eax C add last key to ciphertext
xorl 4(%esi),%ebx xorl 4(%esi),%ebx
xorl 8(%esi),%ecx xorl 8(%esi),%ecx
xorl 12(%esi),%edx xorl 12(%esi),%edx
movl AES_NROUNDS (%esi),%ebp C get number of rounds to do from struct
C shll $4,%ebp
C leal 240(%esi, %ebp),%esi
C shrl $4,%ebp
C xorl (%esi),%eax C add last key to ciphertext
C xorl 4(%esi),%ebx
C xorl 8(%esi),%ecx
C xorl 12(%esi),%edx
subl $1,%ebp C one round is complete subl $1,%ebp C one round is complete
subl $16,%esi C point to previous key addl $16,%esi C point to next key
.decrypt_loop: Ldecrypt_loop:
pushl %esi C save this first: we'll clobber it later pushl %esi C save this first: we'll clobber it later
C Why???
xchgl %ebx,%edx xchgl %ebx,%edx
C // First column C // First column
C a b c d
movl %eax,%esi C copy first in movl %eax,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in itbl1 shll $2,%esi C index in itbl1
...@@ -322,6 +357,7 @@ aes_decrypt: ...@@ -322,6 +357,7 @@ aes_decrypt:
pushl %edi C save first on stack pushl %edi C save first on stack
C // Second column C // Second column
C d a b c
movl %edx,%esi C copy first in movl %edx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in itbl1 shll $2,%esi C index in itbl1
...@@ -341,6 +377,7 @@ aes_decrypt: ...@@ -341,6 +377,7 @@ aes_decrypt:
pushl %edi pushl %edi
C // Third column C // Third column
C c d a b
movl %ecx,%esi C copy first in movl %ecx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in itbl1 shll $2,%esi C index in itbl1
...@@ -360,6 +397,7 @@ aes_decrypt: ...@@ -360,6 +397,7 @@ aes_decrypt:
pushl %edi C save first on stack pushl %edi C save first on stack
C // Fourth column C // Fourth column
C b c d a
movl %ebx,%esi C copy first in movl %ebx,%esi C copy first in
andl $0x000000ff,%esi C clear all but offset andl $0x000000ff,%esi C clear all but offset
shll $2,%esi C index in itbl1 shll $2,%esi C index in itbl1
...@@ -376,6 +414,7 @@ aes_decrypt: ...@@ -376,6 +414,7 @@ aes_decrypt:
shrl $22,%esi shrl $22,%esi
andl $0x000003fc,%esi andl $0x000003fc,%esi
xorl itbl4(%esi),%edi xorl itbl4(%esi),%edi
movl %edi,%edx movl %edi,%edx
popl %ecx popl %ecx
popl %ebx popl %ebx
...@@ -385,14 +424,16 @@ aes_decrypt: ...@@ -385,14 +424,16 @@ aes_decrypt:
xorl 4(%esi),%ebx xorl 4(%esi),%ebx
xorl 8(%esi),%ecx xorl 8(%esi),%ecx
xorl 12(%esi),%edx xorl 12(%esi),%edx
subl $16,%esi C point to previous key addl $16,%esi C point to next key
decl %ebp decl %ebp
jnz .decrypt_loop jnz Ldecrypt_loop
C Foo?
xchgl %ebx,%edx xchgl %ebx,%edx
C // last round C // last round
C // first column C // first column
C a b c d
movl %eax,%edi movl %eax,%edi
andl $0x000000ff,%edi andl $0x000000ff,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -407,6 +448,7 @@ aes_decrypt: ...@@ -407,6 +448,7 @@ aes_decrypt:
pushl %edi pushl %edi
C // second column C // second column
C b c d a
movl %eax,%edi movl %eax,%edi
andl $0xff000000,%edi andl $0xff000000,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -421,6 +463,7 @@ aes_decrypt: ...@@ -421,6 +463,7 @@ aes_decrypt:
pushl %edi pushl %edi
C // third column C // third column
C c d a b
movl %eax,%edi movl %eax,%edi
andl $0x00ff0000,%edi andl $0x00ff0000,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -434,7 +477,8 @@ aes_decrypt: ...@@ -434,7 +477,8 @@ aes_decrypt:
orl %ebp,%edi orl %ebp,%edi
pushl %edi pushl %edi
C // second column C // fourth column
C d a b c
movl %eax,%edi movl %eax,%edi
andl $0x0000ff00,%edi andl $0x0000ff00,%edi
movl %ebx,%ebp movl %ebx,%ebp
...@@ -478,7 +522,7 @@ aes_decrypt: ...@@ -478,7 +522,7 @@ aes_decrypt:
decl %edi decl %edi
jnz .isb_sub jnz .isb_sub
xorl (%esi),%eax C add first key to plaintext xorl (%esi),%eax C add last key to plaintext
xorl 4(%esi),%ebx xorl 4(%esi),%ebx
xorl 8(%esi),%ecx xorl 8(%esi),%ecx
xorl 12(%esi),%edx xorl 12(%esi),%edx
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment