Revert "Merge branch 'upstream' into tizen"

[platform/upstream/nettle.git] / x86_64 / aes-decrypt-internal.asm

C nettle, low-level cryptographics library
C 
C Copyright (C) 2001, 2002, 2005, 2008 Rafael R. Sevilla, Niels Möller
C  
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C the Free Software Foundation; either version 2.1 of the License, or (at your
C option) any later version.
C 
C The nettle library is distributed in the hope that it will be useful, but
C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
C or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
C License for more details.
C 
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB.  If not, write to
C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
C MA 02111-1301, USA.

include_src(<x86_64/aes.m4>)

C Register usage:

C AES state, use two of them
define(<SA>,<%eax>)
define(<SB>,<%ebx>)
define(<SC>,<%ecx>)
define(<SD>,<%edx>)

define(<TA>,<%r10d>)
define(<TB>,<%r11d>)
define(<TC>,<%r12d>)

define(<CTX>,   <%rdi>)
define(<TABLE>, <%rsi>)
define(<PARAM_LENGTH>,<%edx>)           C Length is only 32 bits
define(<PARAM_DST>,     <%rcx>)
define(<SRC>,   <%r8>)

define(<DST>, <%r9>) 
define(<KEY>,<%r14>)
define(<COUNT>, <%r15d>)
define(<BLOCK_COUNT>, <%r13d>)

C Must correspond to an old-style register, for movzb from %ah--%dh to
C work.
define(<TMP>,<%rbp>)

        .file "aes-decrypt-internal.asm"
        
        C _aes_decrypt(struct aes_context *ctx, 
        C              const struct aes_table *T,
        C              unsigned length, uint8_t *dst,
        C              uint8_t *src)
        .text
        ALIGN(16)
PROLOGUE(_nettle_aes_decrypt)
        W64_ENTRY(5, 0)
        test    PARAM_LENGTH, PARAM_LENGTH
        jz      .Lend

        C save all registers that need to be saved
        push    %rbx
        push    %rbp
        push    %r12
        push    %r13
        push    %r14
        push    %r15    

        mov     PARAM_DST, DST
        movl    PARAM_LENGTH, BLOCK_COUNT
        shrl    $4, BLOCK_COUNT
.Lblock_loop:
        mov     CTX,KEY
        
        AES_LOAD(SA, SB, SC, SD, SRC, KEY)
        add     $16, SRC        C Increment src pointer

        C  get number of rounds to do from ctx struct   
        movl    AES_NROUNDS (CTX), COUNT
        subl    $1, COUNT

        add     $16,KEY         C  point to next key
        ALIGN(16)
.Lround_loop:
        AES_ROUND(TABLE, SA,SD,SC,SB, TA, TMP)
        AES_ROUND(TABLE, SB,SA,SD,SC, TB, TMP)
        AES_ROUND(TABLE, SC,SB,SA,SD, TC, TMP)
        AES_ROUND(TABLE, SD,SC,SB,SA, SD, TMP)

        movl    TA, SA
        movl    TB, SB
        movl    TC, SC

        xorl    (KEY),SA        C  add current session key to plaintext
        xorl    4(KEY),SB
        xorl    8(KEY),SC
        xorl    12(KEY),SD

        add     $16,KEY C  point to next key
        decl    COUNT
        jnz     .Lround_loop

        C last round
        AES_FINAL_ROUND(SA,SD,SC,SB, TABLE, TA, TMP)
        AES_FINAL_ROUND(SB,SA,SD,SC, TABLE, TB, TMP)
        AES_FINAL_ROUND(SC,SB,SA,SD, TABLE, TC, TMP)
        AES_FINAL_ROUND(SD,SC,SB,SA, TABLE, SD, TMP)

        C Inverse S-box substitution
        mov     $3, COUNT
.Lsubst:
        AES_SUBST_BYTE(TA,TB,TC,SD, TABLE, TMP)

        decl    COUNT
        jnz     .Lsubst

        C Add last subkey, and store decrypted data
        AES_STORE(TA,TB,TC,SD, KEY, DST)
        
        add     $16, DST
        decl    BLOCK_COUNT

        jnz     .Lblock_loop

        pop     %r15    
        pop     %r14
        pop     %r13
        pop     %r12
        pop     %rbp
        pop     %rbx
.Lend:
        W64_EXIT(5, 0)
        ret
EPILOGUE(_nettle_aes_decrypt)