aes-decrypt-internal.asm 3.15 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1 2
C nettle, low-level cryptographics library
C 
3 4 5
C Copyright (C) 2001, 2002, 2005, Rafael R. Sevilla, Niels Möller
C Copyright (C) 2008, 2013 Niels Möller
C
Niels Möller's avatar
Niels Möller committed
6 7 8 9 10 11 12 13 14 15 16 17
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
18 19
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.
Niels Möller's avatar
Niels Möller committed
20 21 22 23 24 25 26 27

include_src(<x86_64/aes.m4>)

C Register usage:

C AES state, use two of them
define(<SA>,<%eax>)
define(<SB>,<%ebx>)
28 29
define(<SC>,<%ecx>)
define(<SD>,<%edx>)
Niels Möller's avatar
Niels Möller committed
30 31 32 33 34

define(<TA>,<%r10d>)
define(<TB>,<%r11d>)
define(<TC>,<%r12d>)

35 36 37 38 39 40 41
C Input argument
define(<ROUNDS>, <%rdi>)
define(<KEYS>,	<%rsi>)
define(<PARAM_TABLE>,	<%rdx>)
define(<PARAM_LENGTH>,<%rcx>)
define(<DST>,	<%r8>)
define(<SRC>,	<%r9>)
Niels Möller's avatar
Niels Möller committed
42

43 44 45
define(<TABLE>, <%r13>) 
define(<LENGTH>,<%r14>)
define(<KEY>,	<%r15>)
Niels Möller's avatar
Niels Möller committed
46

47 48
C Must correspond to an old-style register, for movzb from %ah--%dh to
C work.
49
define(<TMP>,<%rbp>)
Niels Möller's avatar
Niels Möller committed
50 51 52

	.file "aes-decrypt-internal.asm"
	
53
	C _aes_decrypt(unsigned rounds, const uint32_t *keys,
Niels Möller's avatar
Niels Möller committed
54
	C	       const struct aes_table *T,
55
	C	       size_t length, uint8_t *dst,
Niels Möller's avatar
Niels Möller committed
56 57
	C	       uint8_t *src)
	.text
58
	ALIGN(16)
Niels Möller's avatar
Niels Möller committed
59
PROLOGUE(_nettle_aes_decrypt)
60
	W64_ENTRY(6, 0)
61
	test	PARAM_LENGTH, PARAM_LENGTH
Niels Möller's avatar
Niels Möller committed
62 63 64 65 66 67 68 69 70 71
	jz	.Lend

        C save all registers that need to be saved
	push	%rbx
	push	%rbp
	push	%r12
	push	%r13
	push	%r14
	push	%r15	

72 73 74 75 76 77
	subl	$1, XREG(ROUNDS)
	push	ROUNDS		C Rounds at (%rsp) 
	
	mov	PARAM_TABLE, TABLE
	mov	PARAM_LENGTH, LENGTH
	shr	$4, LENGTH
Niels Möller's avatar
Niels Möller committed
78
.Lblock_loop:
79
	mov	KEYS, KEY
Niels Möller's avatar
Niels Möller committed
80 81 82 83
	
	AES_LOAD(SA, SB, SC, SD, SRC, KEY)
	add	$16, SRC	C Increment src pointer

84
	movl	(%rsp), XREG(ROUNDS)
Niels Möller's avatar
Niels Möller committed
85

86
	add	$16, KEY	C  point to next key
87
	ALIGN(16)
Niels Möller's avatar
Niels Möller committed
88 89 90 91
.Lround_loop:
	AES_ROUND(TABLE, SA,SD,SC,SB, TA, TMP)
	AES_ROUND(TABLE, SB,SA,SD,SC, TB, TMP)
	AES_ROUND(TABLE, SC,SB,SA,SD, TC, TMP)
92
	AES_ROUND(TABLE, SD,SC,SB,SA, SD, TMP)
Niels Möller's avatar
Niels Möller committed
93

94 95 96
	movl	TA, SA
	movl	TB, SB
	movl	TC, SC
Niels Möller's avatar
Niels Möller committed
97

98 99 100 101
	xorl	(KEY),SA	C  add current session key to plaintext
	xorl	4(KEY),SB
	xorl	8(KEY),SC
	xorl	12(KEY),SD
Niels Möller's avatar
Niels Möller committed
102

103 104
	add	$16, KEY	C  point to next key
	decl	XREG(ROUNDS)
Niels Möller's avatar
Niels Möller committed
105 106
	jnz	.Lround_loop

107 108 109 110 111
	C last round
	AES_FINAL_ROUND(SA,SD,SC,SB, TABLE, TA, TMP)
	AES_FINAL_ROUND(SB,SA,SD,SC, TABLE, TB, TMP)
	AES_FINAL_ROUND(SC,SB,SA,SD, TABLE, TC, TMP)
	AES_FINAL_ROUND(SD,SC,SB,SA, TABLE, SD, TMP)
Niels Möller's avatar
Niels Möller committed
112 113

	C Inverse S-box substitution
114
	mov	$3, XREG(ROUNDS)
Niels Möller's avatar
Niels Möller committed
115
.Lsubst:
116
	AES_SUBST_BYTE(TA,TB,TC,SD, TABLE, TMP)
Niels Möller's avatar
Niels Möller committed
117

118
	decl	XREG(ROUNDS)
Niels Möller's avatar
Niels Möller committed
119 120 121
	jnz	.Lsubst

	C Add last subkey, and store decrypted data
122
	AES_STORE(TA,TB,TC,SD, KEY, DST)
Niels Möller's avatar
Niels Möller committed
123 124
	
	add	$16, DST
125
	dec	LENGTH
Niels Möller's avatar
Niels Möller committed
126 127 128

	jnz	.Lblock_loop

129 130
	lea	8(%rsp), %rsp	C Drop ROUNDS
	pop	%r15
Niels Möller's avatar
Niels Möller committed
131 132 133 134 135 136
	pop	%r14
	pop	%r13
	pop	%r12
	pop	%rbp
	pop	%rbx
.Lend:
137
	W64_EXIT(6, 0)
Niels Möller's avatar
Niels Möller committed
138 139
	ret
EPILOGUE(_nettle_aes_decrypt)