[platform/upstream/nettle.git] / x86 / camellia-crypt-internal.asm

C x86/camellia-crypt-internal.asm

ifelse(<
   Copyright (C) 2010, Niels Möller

   This file is part of GNU Nettle.

   GNU Nettle is free software: you can redistribute it and/or
   modify it under the terms of either:

     * the GNU Lesser General Public License as published by the Free
       Software Foundation; either version 3 of the License, or (at your
       option) any later version.

   or

     * the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your
       option) any later version.

   or both in parallel, as here.

   GNU Nettle is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received copies of the GNU General Public License and
   the GNU Lesser General Public License along with this program.  If
   not, see http://www.gnu.org/licenses/.
>)

C Register usage:

C Camellia state, 128-bit value in little endian order.
C L0, H0 corresponds to D1 in the spec and i0 in the C implementation.
C while L1, H1 corresponds to D2/i1.
define(<L0>,<%eax>)
define(<H0>,<%ebx>)
define(<L1>,<%ecx>)
define(<H1>,<%edx>)

define(<TMP>,<%ebp>)
define(<KEY>,<%esi>)
define(<T>,<%edi>)

C Locals on the stack

define(<FRAME_L0>,      <(%esp)>)
define(<FRAME_H0>,      <4(%esp)>)
define(<FRAME_L1>,      <8(%esp)>)
define(<FRAME_H1>,      <12(%esp)>)
define(<FRAME_CNT>,     <16(%esp)>)
        
C Arguments on stack.
define(<FRAME_NKEYS>,   <40(%esp)>)
define(<FRAME_KEYS>,    <44(%esp)>)
define(<FRAME_TABLE>,   <48(%esp)>)
define(<FRAME_LENGTH>,  <52(%esp)>)
define(<FRAME_DST>,     <56(%esp)>)
define(<FRAME_SRC>,     <60(%esp)>)

define(<SP1110>, <(T,$1,4)>)
define(<SP0222>, <1024(T,$1,4)>)
define(<SP3033>, <2048(T,$1,4)>)
define(<SP4404>, <3072(T,$1,4)>)

C ROUND(xl, xh, yl, yh, key-offset)
C xl and xh are rotated 16 bits at the end
C yl and yh are read from stack, and left in registers
define(<ROUND>, <
        movzbl  LREG($1), TMP
        movl    SP1110(TMP), $4
        movzbl  HREG($1), TMP
        xorl    SP4404(TMP), $4
        roll    <$>16, $1

        movzbl  LREG($2), TMP
        movl    SP4404(TMP), $3
        movzbl  HREG($2), TMP
        xorl    SP3033(TMP), $3
        roll    <$>16, $2

        movzbl  LREG($1), TMP
        xorl    SP3033(TMP), $4
        movzbl  HREG($1), TMP
        xorl    SP0222(TMP), $4

        movzbl  LREG($2), TMP
        xorl    SP0222(TMP), $3
        movzbl  HREG($2), TMP
        xorl    SP1110(TMP), $3

        xorl    $5(KEY), $4
        xorl    $5 + 4(KEY), $3

        xorl    $3, $4
        rorl    <$>8, $3
        xorl    $4, $3

        xorl    FRAME_$3, $3
        xorl    FRAME_$4, $4
>)

C Six rounds, with inputs and outputs in registers.
define(<ROUND6>, <
        movl    L0, FRAME_L0
        movl    H0, FRAME_H0
        movl    L1, FRAME_L1
        movl    H1, FRAME_H1

        ROUND(L0,H0,<L1>,<H1>,0)
        movl    L1, FRAME_L1
        movl    H1, FRAME_H1
        ROUND(L1,H1,<L0>,<H0>,8)
        movl    L0, FRAME_L0
        movl    H0, FRAME_H0
        ROUND(L0,H0,<L1>,<H1>,16)
        movl    L1, FRAME_L1
        movl    H1, FRAME_H1
        ROUND(L1,H1,<L0>,<H0>,24)
        movl    L0, FRAME_L0
        movl    H0, FRAME_H0
        ROUND(L0,H0,<L1>,<H1>,32)
        ROUND(L1,H1,<L0>,<H0>,40)
        roll    <$>16, L1
        roll    <$>16, H1
>)

C FL(x0, x1, key-offset)
define(<FL>, <
        movl    $3 + 4(KEY), TMP
        andl    $2, TMP
        roll    <$>1, TMP
        xorl    TMP, $1
        movl    $3(KEY), TMP
        orl     $1, TMP
        xorl    TMP, $2
>)
C FLINV(x0, x1, key-offset)
define(<FLINV>, <
        movl    $3(KEY), TMP
        orl     $1, TMP
        xorl    TMP, $2
        movl    $3 + 4(KEY), TMP
        andl    $2, TMP
        roll    <$>1, TMP
        xorl    TMP, $1
>)

.file "camellia-crypt-internal.asm"
        
        C _camellia_crypt(unsigned nkeys, const uint64_t *keys,
        C                 const struct camellia_table *T,
        C                 size_t length, uint8_t *dst,
        C                 uint8_t *src)
        .text
        ALIGN(16)
PROLOGUE(_nettle_camellia_crypt)
        C save all registers that need to be saved
        pushl   %ebx            C  32(%esp)
        pushl   %ebp            C  28(%esp)
        pushl   %esi            C  24(%esp)
        pushl   %edi            C  20(%esp)

        subl    $20, %esp 

        movl    FRAME_LENGTH, %ebp
        testl   %ebp,%ebp
        jz      .Lend

.Lblock_loop:
        C Load data, note that we'll happily do unaligned loads
        movl    FRAME_SRC, TMP
        movl    (TMP), H0
        bswap   H0
        movl    4(TMP), L0
        bswap   L0
        movl    8(TMP), H1
        bswap   H1
        movl    12(TMP), L1
        bswap   L1
        addl    $16, FRAME_SRC
        movl    FRAME_KEYS, KEY
        movl    FRAME_NKEYS, TMP
        subl    $8, TMP
        movl    TMP, FRAME_CNT
        xorl    (KEY), L0
        xorl    4(KEY), H0
        addl    $8, KEY

        movl    FRAME_TABLE, T

        ROUND6
.Lround_loop:
        addl    $64, KEY
        FL(L0, H0, -16)
        FLINV(L1, H1, -8)
        ROUND6
        subl    $8, FRAME_CNT   
        ja      .Lround_loop

        movl    FRAME_DST, TMP
        bswap   H0
        movl    H0,8(TMP)
        bswap   L0
        movl    L0,12(TMP)
        xorl    52(KEY), H1
        bswap   H1
        movl    H1, 0(TMP)
        xorl    48(KEY), L1
        bswap   L1
        movl    L1, 4(TMP)
        addl    $16, FRAME_DST
        subl    $16, FRAME_LENGTH
        ja      .Lblock_loop

.Lend:
        addl    $20, %esp
        popl    %edi
        popl    %esi
        popl    %ebp
        popl    %ebx
        ret
EPILOGUE(_nettle_camellia_crypt)