From 3a9e9046c92c3f270a23422ade2d56dcfb6b35a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 25 Jan 2024 21:02:26 +0100
Subject: [PATCH] Update arm (32-bit) aes decrypt.

---
 arm/aes-decrypt-internal.asm    |  5 +++--
 arm/aes.m4                      | 10 +++++++---
 arm/v6/aes-decrypt-internal.asm |  5 +++--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/arm/aes-decrypt-internal.asm b/arm/aes-decrypt-internal.asm
index 1b04ed9a..ed0d66f8 100644
--- a/arm/aes-decrypt-internal.asm
+++ b/arm/aes-decrypt-internal.asm
@@ -111,11 +111,12 @@ define(`AES_DECRYPT_ROUND', `
 	and	T0, MASK, $1, ror #22
 	ldr	T0, [TABLE, T0]
 
-	ldm	$9!, {$1,$2,$3,$4}
+	ldm	$9, {$1,$2,$3,$4}
 	eor	$8, $8, T0
 	sub	TABLE, TABLE, #3072
 	eor	$5, $5, $1
 	eor	$6, $6, $2
+	sub	$9, $9, #16
 	eor	$7, $7, $3
 	eor	$8, $8, $4
 ')
@@ -142,7 +143,7 @@ PROLOGUE(_nettle_aes_decrypt)
 	AES_LOAD(X0,KEY,W0)
 	AES_LOAD(X0,KEY,W1)
 	AES_LOAD(X0,KEY,W2)
-	AES_LOAD(X0,KEY,W3)
+	AES_LOAD_INCR(X0,KEY,W3, -28)
 
 	str	X0, FRAME_SRC
 
diff --git a/arm/aes.m4 b/arm/aes.m4
index 95382de2..59706ba9 100644
--- a/arm/aes.m4
+++ b/arm/aes.m4
@@ -1,6 +1,6 @@
 C Loads one word, and adds it to the subkey. Uses T0
-C AES_LOAD(SRC, KEY, REG)
-define(`AES_LOAD', `
+C AES_LOAD(SRC, KEY, REG, INCR)
+define(`AES_LOAD_INCR', `
 	ldrb	$3, [$1], #+1
 	ldrb	T0, [$1], #+1
 	orr	$3, T0, lsl #8
@@ -8,9 +8,13 @@ define(`AES_LOAD', `
 	orr	$3, T0, lsl #16
 	ldrb	T0, [$1], #+1
 	orr	$3, T0, lsl #24
-	ldr	T0, [$2], #+4
+	ldr	T0, [$2], #$4
 	eor	$3, T0
 ')
+C Loads one word, and adds it to the subkey. Uses T0
+C AES_LOAD(SRC, KEY, REG)
+define(`AES_LOAD', `AES_LOAD_INCR($1, $2, $3, +4)')
+
 C Stores one word. Destroys input.
 C AES_STORE(DST, X)
 define(`AES_STORE', `
diff --git a/arm/v6/aes-decrypt-internal.asm b/arm/v6/aes-decrypt-internal.asm
index e8c6e91a..10e0373e 100644
--- a/arm/v6/aes-decrypt-internal.asm
+++ b/arm/v6/aes-decrypt-internal.asm
@@ -114,11 +114,12 @@ define(`AES_DECRYPT_ROUND', `
 	uxtb	T0, $1, ror #24
 	ldr	T0, [TABLE, T0, lsl #2]
 
-	ldm	$9!, {$1,$2,$3,$4}
+	ldm	$9, {$1,$2,$3,$4}
 	eor	$8, $8, T0
 	sub	TABLE, TABLE, #3072
 	eor	$5, $5, $1
 	eor	$6, $6, $2
+	sub	$9, $9, #16
 	eor	$7, $7, $3
 	eor	$8, $8, $4
 ')
@@ -148,7 +149,7 @@ PROLOGUE(_nettle_aes_decrypt)
 	AES_LOAD(SRC,KEY,W0)
 	AES_LOAD(SRC,KEY,W1)
 	AES_LOAD(SRC,KEY,W2)
-	AES_LOAD(SRC,KEY,W3)
+	AES_LOAD_INCR(SRC,KEY,W3, -28)
 
 	str	SRC, FRAME_SRC
 
-- 
GitLab