1 C arm/aes-decrypt-internal.asm
4 Copyright (C) 2013 Niels Möller
6 This file is part of GNU Nettle.
8 GNU Nettle is free software: you can redistribute it and/or
9 modify it under the terms of either:
11 * the GNU Lesser General Public License as published by the Free
12 Software Foundation; either version 3 of the License, or (at your
13 option) any later version.
17 * the GNU General Public License as published by the Free
18 Software Foundation; either version 2 of the License, or (at your
19 option) any later version.
21 or both in parallel, as here.
23 GNU Nettle is distributed in the hope that it will be useful,
24 but WITHOUT ANY WARRANTY; without even the implied warranty of
25 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
26 General Public License for more details.
28 You should have received copies of the GNU General Public License and
29 the GNU Lesser General Public License along with this program. If
30 not, see http://www.gnu.org/licenses/.
33 include_src(<arm/aes.m4>)
35 define(<PARAM_ROUNDS>, <r0>)
36 define(<PARAM_KEYS>, <r1>)
38 define(<PARAM_LENGTH>, <r3>)
46 define(<COUNT>, <r10>)
49 define(<MASK>, <r0>) C Overlaps inputs, except TABLE
53 define(<X3>, <r14>) C lr
55 define(<FRAME_ROUNDS>, <[sp]>)
56 define(<FRAME_KEYS>, <[sp, #+4]>)
57 define(<FRAME_LENGTH>, <[sp, #+8]>)
59 define(<FRAME_DST>, <[sp, #+44]>)
60 define(<FRAME_SRC>, <[sp, #+48]>)
63 define(<AES_DECRYPT_ROUND>, <
64 and T0, MASK, $1, lsl #2
66 and T0, MASK, $2, lsl #2
68 and T0, MASK, $3, lsl #2
70 and T0, MASK, $4, lsl #2
73 and T0, MASK, $4, ror #6
74 add TABLE, TABLE, #1024
77 and T0, MASK, $1, ror #6
80 and T0, MASK, $2, ror #6
83 and T0, MASK, $3, ror #6
87 and T0, MASK, $3, ror #14
88 add TABLE, TABLE, #1024
91 and T0, MASK, $4, ror #14
94 and T0, MASK, $1, ror #14
97 and T0, MASK, $2, ror #14
101 and T0, MASK, $2, ror #22
102 add TABLE, TABLE, #1024
105 and T0, MASK, $3, ror #22
108 and T0, MASK, $4, ror #22
111 and T0, MASK, $1, ror #22
114 ldm $9!, {$1,$2,$3,$4}
116 sub TABLE, TABLE, #3072
123 .file "aes-decrypt-internal.asm"
125 C _aes_decrypt(unsigned rounds, const uint32_t *keys,
126 C const struct aes_table *T,
127 C size_t length, uint8_t *dst,
131 PROLOGUE(_nettle_aes_decrypt)
135 push {r0,r1,r3, r4,r5,r6,r7,r8,r10,r11,lr}
139 ldr X0, FRAME_SRC C Use X0 as SRC pointer
149 add TABLE, TABLE, #AES_TABLE0
155 AES_DECRYPT_ROUND(X0, X1, X2, X3, W0, W1, W2, W3, KEY)
160 AES_DECRYPT_ROUND(W0, W1, W2, W3, X0, X1, X2, X3, KEY)
164 lsr COUNT, MASK, #2 C Put the needed mask in the unused COUNT register
165 sub TABLE, TABLE, #AES_TABLE0
167 AES_FINAL_ROUND_V5(X0, X3, X2, X1, KEY, W0, COUNT)
168 AES_FINAL_ROUND_V5(X1, X0, X3, X2, KEY, W1, COUNT)
169 AES_FINAL_ROUND_V5(X2, X1, X0, X3, KEY, W2, COUNT)
170 AES_FINAL_ROUND_V5(X3, X2, X1, X0, KEY, W3, COUNT)
186 add sp, sp, #12 C Drop saved r0, r1, r3
187 pop {r4,r5,r6,r7,r8,r10,r11,pc}
191 EPILOGUE(_nettle_aes_decrypt)