1 C x86/aes-decrypt-internal.asm
4 Copyright (C) 2001, 2002, 2005, Rafael R. Sevilla, Niels Möller
5 Copyright (C) 2008, 2013 Niels Möller
7 This file is part of GNU Nettle.
9 GNU Nettle is free software: you can redistribute it and/or
10 modify it under the terms of either:
12 * the GNU Lesser General Public License as published by the Free
13 Software Foundation; either version 3 of the License, or (at your
14 option) any later version.
18 * the GNU General Public License as published by the Free
19 Software Foundation; either version 2 of the License, or (at your
20 option) any later version.
22 or both in parallel, as here.
24 GNU Nettle is distributed in the hope that it will be useful,
25 but WITHOUT ANY WARRANTY; without even the implied warranty of
26 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
27 General Public License for more details.
29 You should have received copies of the GNU General Public License and
30 the GNU Lesser General Public License along with this program. If
31 not, see http://www.gnu.org/licenses/.
34 include_src(<x86/aes.m4>)
44 C Primary use of these registers. They're also used temporarily for other things.
49 define(<PARAM_ROUNDS>, <40(%esp)>)
50 define(<PARAM_KEYS>, <44(%esp)>)
51 define(<PARAM_TABLE>, <48(%esp)>)
52 define(<PARAM_LENGTH>, <52(%esp)>)
53 define(<PARAM_DST>, <56(%esp)>)
54 define(<PARAM_SRC>, <60(%esp)>)
56 define(<FRAME_KEY>, <16(%esp)>)
57 define(<FRAME_COUNT>, <12(%esp)>)
58 define(<TA>, <8(%esp)>)
59 define(<TB>, <4(%esp)>)
60 define(<TC>, <(%esp)>)
62 C The aes state is kept in %eax, %ebx, %ecx and %edx
64 C %esi is used as temporary, to point to the input, and to the
67 C %ebp is used as the round counter, and as a temporary in the final round.
69 C %edi is a temporary, often used as an accumulator.
71 .file "aes-decrypt-internal.asm"
73 C _aes_decrypt(unsigned rounds, const uint32_t *keys,
74 C const struct aes_table *T,
75 C size_t length, uint8_t *dst,
79 PROLOGUE(_nettle_aes_decrypt)
80 C save all registers that need to be saved
86 subl $20, %esp C loop counter and save area for the key pointer
88 movl PARAM_LENGTH, %ebp
95 movl PARAM_KEYS, KEY C address of subkeys
97 movl PARAM_SRC, TMP C address of plaintext
98 AES_LOAD(SA, SB, SC, SD, TMP, KEY)
99 addl $16, PARAM_SRC C Increment src pointer
102 movl PARAM_ROUNDS, TMP
103 C Loop counter on stack
104 movl TMP, FRAME_COUNT
106 addl $16,KEY C point to next key
110 AES_ROUND(T, SA,SD,SC,SB, TMP, KEY)
113 AES_ROUND(T, SB,SA,SD,SC, TMP, KEY)
116 AES_ROUND(T, SC,SB,SA,SD, TMP, KEY)
119 AES_ROUND(T, SD,SC,SB,SA, SD, KEY)
127 xorl (KEY),SA C add current session key to plaintext
131 addl $16,FRAME_KEY C point to next key
137 AES_FINAL_ROUND(SA,SD,SC,SB,T, TMP, KEY)
140 AES_FINAL_ROUND(SB,SA,SD,SC,T, TMP, KEY)
143 AES_FINAL_ROUND(SC,SB,SA,SD,T, TMP, KEY)
146 AES_FINAL_ROUND(SD,SC,SB,SA,T, SD, KEY)
152 C Inverse S-box substitution
155 AES_SUBST_BYTE(SA,SB,SC,SD, T, KEY)
160 C Add last subkey, and store decrypted data
163 AES_STORE(SA,SB,SC,SD, KEY, TMP)
165 addl $16, PARAM_DST C Increment destination pointer
177 EPILOGUE(_nettle_aes_decrypt)