diff --git a/x86/aes.asm b/x86/aes.asm index b3d362d10843c4978b8504d909daff4cb918a7e5..1466a82545f903ba03df3810d565833362198dd1 100644 --- a/x86/aes.asm +++ b/x86/aes.asm @@ -1,129 +1,132 @@ -! nettle, low-level cryptographics library -! -! Copyright (C) 2001, 2002 Rafael R. Sevilla -! -! The nettle library is free software; you can redistribute it and/or modify -! it under the terms of the GNU Lesser General Public License as published by -! the Free Software Foundation; either version 2.1 of the License, or (at your -! option) any later version. -! -! The nettle library is distributed in the hope that it will be useful, but -! WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -! or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public -! License for more details. -! -! You should have received a copy of the GNU Lesser General Public License -! along with the nettle library; see the file COPYING.LIB. If not, write to -! the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, -! MA 02111-1307, USA. - - .file "rijndael.s" +C nettle, low-level cryptographics library +C +C Copyright (C) 2001, 2002 Rafael R. Sevilla +C +C The nettle library is free software; you can redistribute it and/or modify +C it under the terms of the GNU Lesser General Public License as published by +C the Free Software Foundation; either version 2.1 of the License, or (at your +C option) any later version. +C +C The nettle library is distributed in the hope that it will be useful, but +C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +C License for more details. +C +C You should have received a copy of the GNU Lesser General Public License +C along with the nettle library; see the file COPYING.LIB. If not, write to +C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, +C MA 02111-1307, USA. + + .file "aes.asm" .data -#include "rijndaeltbls.S" +include_src(<x86/aes_tables.asm>) .text .globl print_word - //// rijndael_encrypt(RIJNDAEL_context *ctx, const UINT8 *plaintext - //// UINT8 *ciphertext) + C aes_encrypt(struct aes_context *ctx, + C unsigned length, uint8_t *dst, + C uint8_t *src) + C const UINT8 *plaintext + C // UINT8 *ciphertext) .align 16 -.globl rijndael_encrypt - .type rijndael_encrypt,@function -rijndael_encrypt: - //// save all registers that need to be saved - pushl %ebx // 16(%esp) - pushl %ebp // 12(%esp) - pushl %esi // 8(%esp) - pushl %edi // 4(%esp) - movl 24(%esp),%esi // address of plaintext - movl (%esi),%eax // load plaintext into registers +.globl aes_encrypt + .type aes_encrypt,@function +aes_encrypt: + C // save all registers that need to be saved + pushl %ebx C 16(%esp) + pushl %ebp C 12(%esp) + pushl %esi C 8(%esp) + pushl %edi C 4(%esp) + movl 24(%esp),%esi C address of plaintext + movl (%esi),%eax C load plaintext into registers movl 4(%esi),%ebx movl 8(%esi),%ecx movl 12(%esi),%edx - movl 20(%esp),%esi // address of context struct ctx - xorl (%esi),%eax // add first key to plaintext + movl 20(%esp),%esi C address of context struct ctx + xorl (%esi),%eax C add first key to plaintext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - movl 20(%esp),%ebp // address of context struct - movl 480(%ebp),%ebp // get number of rounds to do from struct + movl 20(%esp),%ebp C address of context struct + movl 480(%ebp),%ebp C get number of rounds to do from struct subl $1,%ebp - addl $16,%esi // point to next key + addl $16,%esi C point to next key .encrypt_loop: - pushl %esi // save this first: we'll clobber it later + pushl %esi C save this first: we'll clobber it later - //// First column - shll $2,%esi // index in dtbl1 + C // First column + shll $2,%esi C index in dtbl1 movl dtbl1(%esi),%edi shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl dtbl2(%esi),%edi - movl %ecx,%esi // third one + movl %ecx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl dtbl3(%esi),%edi - movl %edx,%esi // fourth one + movl %edx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl dtbl4(%esi),%edi - pushl %edi // save first on stack + pushl %edi C save first on stack - //// Second column - movl %ebx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in dtbl1 + C // Second column + movl %ebx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in dtbl1 movl dtbl1(%esi),%edi - movl %ecx,%esi // second one + movl %ecx,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl dtbl2(%esi),%edi - movl %edx,%esi // third one + movl %edx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl dtbl3(%esi),%edi - movl %eax,%esi // fourth one + movl %eax,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl dtbl4(%esi),%edi - pushl %edi // save first on stack + pushl %edi C save first on stack - //// Third column - movl %ecx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in dtbl1 + C // Third column + movl %ecx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in dtbl1 movl dtbl1(%esi),%edi - movl %edx,%esi // second one + movl %edx,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl dtbl2(%esi),%edi - movl %eax,%esi // third one + movl %eax,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl dtbl3(%esi),%edi - movl %ebx,%esi // fourth one + movl %ebx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl dtbl4(%esi),%edi - pushl %edi // save first on stack + pushl %edi C save first on stack - //// Fourth column - movl %edx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in dtbl1 + C // Fourth column + movl %edx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in dtbl1 movl dtbl1(%esi),%edi - movl %eax,%esi // second one + movl %eax,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl dtbl2(%esi),%edi - movl %ebx,%esi // third one + movl %ebx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl dtbl3(%esi),%edi - movl %ecx,%esi // fourth one + movl %ecx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl dtbl4(%esi),%edi @@ -133,16 +136,16 @@ rijndael_encrypt: popl %ebx popl %eax popl %esi - xorl (%esi),%eax // add current session key to plaintext + xorl (%esi),%eax C add current session key to plaintext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - addl $16,%esi // point to next key + addl $16,%esi C point to next key decl %ebp jnz .encrypt_loop - //// last round - //// first column + C // last round + C // first column movl %eax,%edi andl $0x000000ff,%edi movl %ebx,%ebp @@ -156,7 +159,7 @@ rijndael_encrypt: orl %ebp,%edi pushl %edi - //// second column + C // second column movl %eax,%edi andl $0x0000ff00,%edi movl %ebx,%ebp @@ -170,7 +173,7 @@ rijndael_encrypt: orl %ebp,%edi pushl %edi - //// third column + C // third column movl %eax,%edi andl $0x00ff0000,%edi movl %ebx,%ebp @@ -184,7 +187,7 @@ rijndael_encrypt: orl %ebp,%edi pushl %edi - //// fourth column + C // fourth column movl %eax,%edi andl $0xff000000,%edi movl %ebx,%ebp @@ -202,7 +205,7 @@ rijndael_encrypt: popl %eax xchgl %ebx,%edx - //// S-box substitution + C // S-box substitution mov $4,%edi .sb_sub: movl %eax,%ebp @@ -228,12 +231,12 @@ rijndael_encrypt: decl %edi jnz .sb_sub - xorl (%esi),%eax // add last key to plaintext + xorl (%esi),%eax C add last key to plaintext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - //// store encrypted data back to caller's buffer + C // store encrypted data back to caller's buffer movl 28(%esp),%edi movl %eax,(%edi) movl %ebx,4(%edi) @@ -245,112 +248,112 @@ rijndael_encrypt: popl %ebx ret .eore: - .size rijndael_encrypt,.eore-rijndael_encrypt + .size aes_encrypt,.eore-aes_encrypt - //// rijndael_decrypt(RIJNDAEL_context *ctx, const UINT8 *ciphertext - //// UINT8 *plaintext) + C // aes_decrypt(AES_context *ctx, const UINT8 *ciphertext + C // UINT8 *plaintext) .align 16 -.globl rijndael_decrypt - .type rijndael_decrypt,@function -rijndael_decrypt: - //// save all registers that need to be saved - pushl %ebx // 16(%esp) - pushl %ebp // 12(%esp) - pushl %esi // 8(%esp) - pushl %edi // 4(%esp) - movl 24(%esp),%esi // address of ciphertext - movl (%esi),%eax // load ciphertext into registers +.globl aes_decrypt + .type aes_decrypt,@function +aes_decrypt: + C // save all registers that need to be saved + pushl %ebx C 16(%esp) + pushl %ebp C 12(%esp) + pushl %esi C 8(%esp) + pushl %edi C 4(%esp) + movl 24(%esp),%esi C address of ciphertext + movl (%esi),%eax C load ciphertext into registers movl 4(%esi),%ebx movl 8(%esi),%ecx movl 12(%esi),%edx - movl 20(%esp),%esi // address of context struct ctx - movl 480(%esi),%ebp // get number of rounds to do from struct + movl 20(%esp),%esi C address of context struct ctx + movl 480(%esi),%ebp C get number of rounds to do from struct shll $4,%ebp leal 240(%esi, %ebp),%esi shrl $4,%ebp - xorl (%esi),%eax // add last key to ciphertext + xorl (%esi),%eax C add last key to ciphertext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - subl $1,%ebp // one round is complete - subl $16,%esi // point to previous key + subl $1,%ebp C one round is complete + subl $16,%esi C point to previous key .decrypt_loop: - pushl %esi // save this first: we'll clobber it later + pushl %esi C save this first: we'll clobber it later xchgl %ebx,%edx - //// First column - movl %eax,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in itbl1 + C // First column + movl %eax,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in itbl1 movl itbl1(%esi),%edi - movl %ebx,%esi // second one + movl %ebx,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl itbl2(%esi),%edi - movl %ecx,%esi // third one + movl %ecx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl itbl3(%esi),%edi - movl %edx,%esi // fourth one + movl %edx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl itbl4(%esi),%edi - pushl %edi // save first on stack + pushl %edi C save first on stack - //// Second column - movl %edx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in itbl1 + C // Second column + movl %edx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in itbl1 movl itbl1(%esi),%edi - movl %eax,%esi // second one + movl %eax,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl itbl2(%esi),%edi - movl %ebx,%esi // third one + movl %ebx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl itbl3(%esi),%edi - movl %ecx,%esi // fourth one + movl %ecx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl itbl4(%esi),%edi pushl %edi - //// Third column - movl %ecx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in itbl1 + C // Third column + movl %ecx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in itbl1 movl itbl1(%esi),%edi - movl %edx,%esi // second one + movl %edx,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl itbl2(%esi),%edi - movl %eax,%esi // third one + movl %eax,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl itbl3(%esi),%edi - movl %ebx,%esi // fourth one + movl %ebx,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl itbl4(%esi),%edi - pushl %edi // save first on stack + pushl %edi C save first on stack - //// Fourth column - movl %ebx,%esi // copy first in - andl $0x000000ff,%esi // clear all but offset - shll $2,%esi // index in itbl1 + C // Fourth column + movl %ebx,%esi C copy first in + andl $0x000000ff,%esi C clear all but offset + shll $2,%esi C index in itbl1 movl itbl1(%esi),%edi - movl %ecx,%esi // second one + movl %ecx,%esi C second one shrl $6,%esi - andl $0x000003fc,%esi // clear all but offset bytes + andl $0x000003fc,%esi C clear all but offset bytes xorl itbl2(%esi),%edi - movl %edx,%esi // third one + movl %edx,%esi C third one shrl $14,%esi andl $0x000003fc,%esi xorl itbl3(%esi),%edi - movl %eax,%esi // fourth one + movl %eax,%esi C fourth one shrl $22,%esi andl $0x000003fc,%esi xorl itbl4(%esi),%edi @@ -359,18 +362,18 @@ rijndael_decrypt: popl %ebx popl %eax popl %esi - xorl (%esi),%eax // add current session key to plaintext + xorl (%esi),%eax C add current session key to plaintext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - subl $16,%esi // point to previous key + subl $16,%esi C point to previous key decl %ebp jnz .decrypt_loop xchgl %ebx,%edx - //// last round - //// first column + C // last round + C // first column movl %eax,%edi andl $0x000000ff,%edi movl %ebx,%ebp @@ -384,7 +387,7 @@ rijndael_decrypt: orl %ebp,%edi pushl %edi - //// second column + C // second column movl %eax,%edi andl $0xff000000,%edi movl %ebx,%ebp @@ -398,7 +401,7 @@ rijndael_decrypt: orl %ebp,%edi pushl %edi - //// third column + C // third column movl %eax,%edi andl $0x00ff0000,%edi movl %ebx,%ebp @@ -412,7 +415,7 @@ rijndael_decrypt: orl %ebp,%edi pushl %edi - //// second column + C // second column movl %eax,%edi andl $0x0000ff00,%edi movl %ebx,%ebp @@ -430,7 +433,7 @@ rijndael_decrypt: popl %eax xchgl %ebx,%edx - //// inverse S-box substitution + C // inverse S-box substitution mov $4,%edi .isb_sub: movl %eax,%ebp @@ -456,12 +459,12 @@ rijndael_decrypt: decl %edi jnz .isb_sub - xorl (%esi),%eax // add first key to plaintext + xorl (%esi),%eax C add first key to plaintext xorl 4(%esi),%ebx xorl 8(%esi),%ecx xorl 12(%esi),%edx - //// store decrypted data back to caller's buffer + C // store decrypted data back to caller's buffer movl 28(%esp),%edi movl %eax,(%edi) movl %ebx,4(%edi) @@ -473,47 +476,47 @@ rijndael_decrypt: popl %ebx ret .eord: - .size rijndael_decrypt,.eord-rijndael_decrypt - - .align 16 -.globl rijndael_setup - .type rijndael_setup,@function -rijndael_decrypt: - //// save all registers that need to be saved - pushl %ebx // 16(%esp) - pushl %ebp // 12(%esp) - pushl %esi // 8(%esp) - pushl %edi // 4(%esp) - movl 20(%esp),%esi /* context structure */ - movl 24(%esp),%ecx /* key size */ - movl 28(%esp),%edi /* original key */ - /* This code assumes that the key length given is greater than - or equal to 4 words (128 bits). BAD THINGS WILL HAPPEN - OTHERWISE! */ - shrl $2,%ecx /* divide by 4 to get total key length */ - movl %ecx,%edx /* calculate the number of rounds */ - addl $6,%edx /* key length in words + 6 = num. rounds */ - /* copy the initial key into the context structure */ - pushl %ecx -.key_copy_loop: - movl (%edi),%eax - addl $4,%edi - movl %eax,(%esi) - addl $4,%esi - decl %ecx - jnz .key_copy_loop - popl %ecx - incl %edx /* number of rounds + 1 */ - shll $2,%edx /* times rijndael blk size 4words */ - subl %ecx,%edx /* # of other keys to make */ - movl %ecx,%ebp - decl %ecx /* turn ecx into a mask */ - movl $1,%ebx /* round constant */ -.keygen_loop: - movl -4(%esi),%eax /* previous key */ - testl %ecx,%ebp - jnz .testnk - /* rotate and substitute */ - roll $8,%eax - movl %eax,%edi - andl $0xff,%eax + .size aes_decrypt,.eord-aes_decrypt + +C .align 16 +C .globl aes_setup +C .type aes_setup,@function +C aes_decrypt: +C C // save all registers that need to be saved +C pushl %ebx C 16(%esp) +C pushl %ebp C 12(%esp) +C pushl %esi C 8(%esp) +C pushl %edi C 4(%esp) +C movl 20(%esp),%esi /* context structure */ +C movl 24(%esp),%ecx /* key size */ +C movl 28(%esp),%edi /* original key */ +C /* This code assumes that the key length given is greater than +C or equal to 4 words (128 bits). BAD THINGS WILL HAPPEN +C OTHERWISEC */ +C shrl $2,%ecx /* divide by 4 to get total key length */ +C movl %ecx,%edx /* calculate the number of rounds */ +C addl $6,%edx /* key length in words + 6 = num. rounds */ +C /* copy the initial key into the context structure */ +C pushl %ecx +C .key_copy_loop: +C movl (%edi),%eax +C addl $4,%edi +C movl %eax,(%esi) +C addl $4,%esi +C decl %ecx +C jnz .key_copy_loop +C popl %ecx +C incl %edx /* number of rounds + 1 */ +C shll $2,%edx /* times aes blk size 4words */ +C subl %ecx,%edx /* # of other keys to make */ +C movl %ecx,%ebp +C decl %ecx /* turn ecx into a mask */ +C movl $1,%ebx /* round constant */ +C .keygen_loop: +C movl -4(%esi),%eax /* previous key */ +C testl %ecx,%ebp +C jnz .testnk +C /* rotate and substitute */ +C roll $8,%eax +C movl %eax,%edi +C andl $0xff,%eax