* x86/aes.asm: Use C for comments, include the tables using

include_src, and commented out the key setup functions.
Fixed the processing of the first handling of the round function.
Now, encryption of a single block works! Multiple blocks, and
decryption, is still broken.

Rev: src/nettle/x86/aes.asm:1.4

diff --git a/x86/aes.asm b/x86/aes.asm
index 1466a82545f903ba03df3810d565833362198dd1..f0774985bfc176d866bf3781ff9695f44ffd2e59 100644 (file)
--- a/x86/aes.asm
+++ b/x86/aes.asm
@@ -30,8 +30,6 @@ include_src(<x86/aes_tables.asm>)
        C aes_encrypt(struct aes_context *ctx, 
        C             unsigned length, uint8_t *dst,
        C             uint8_t *src)
-       C  const UINT8 *plaintext
-       C //                UINT8 *ciphertext)
        .align 16
 .globl aes_encrypt
        .type   aes_encrypt,@function
@@ -41,27 +39,46 @@ aes_encrypt:
        pushl   %ebp            C  12(%esp)
        pushl   %esi            C  8(%esp)
        pushl   %edi            C  4(%esp)
-       movl    24(%esp),%esi   C  address of plaintext
+
+       C ctx = 20(%esp)
+       C length = 24(%esp)
+       C dst = 28(%esp)
+       C src = 32(%esp)
+       
+       movl    32(%esp),%esi   C  address of plaintext
        movl    (%esi),%eax     C  load plaintext into registers
        movl    4(%esi),%ebx
        movl    8(%esi),%ecx
        movl    12(%esi),%edx
+aes_got_plain: 
        movl    20(%esp),%esi   C  address of context struct ctx
        xorl    (%esi),%eax     C  add first key to plaintext
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
+aes_xored_initial: 
        movl    20(%esp),%ebp   C  address of context struct
-       movl    480(%ebp),%ebp  C  get number of rounds to do from struct
+       movl    AES_NROUNDS (%ebp),%ebp C  get number of rounds to do from struct
 
        subl    $1,%ebp
        addl    $16,%esi        C  point to next key
-.encrypt_loop:
+aes_encrypt_loop:
        pushl   %esi            C  save this first: we'll clobber it later
 
-       C // First column
+       C Computation of the new %eax is broken, in the first test case, 
+       C first round, we get 0xb3b638c6, not dfd5b20f, just
+       C before adding the subkey
+       
+       C First column, IDXi = 0, 1, 2, 3
+       C T[0] = table[0][B0(%eax)]
+       C      ^ table[1][B1(%ebx)]
+       C      ^ table[2][B2(%ebx)]
+       C      ^ table[3][B3(%ebx)]
+       movl    %eax, %esi
+       andl    $0xff, %esi
        shll    $2,%esi         C  index in dtbl1
        movl    dtbl1(%esi),%edi
+       movl    %ebx, %esi
        shrl    $6,%esi
        andl    $0x000003fc,%esi C  clear all but offset bytes
        xorl    dtbl2(%esi),%edi
@@ -136,13 +153,14 @@ aes_encrypt:
        popl    %ebx
        popl    %eax
        popl    %esi
+aes_got_t: 
        xorl    (%esi),%eax     C  add current session key to plaintext
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
        addl    $16,%esi        C  point to next key
        decl    %ebp
-       jnz     .encrypt_loop
+       jnz     aes_encrypt_loop
 
        C // last round
        C // first column
@@ -231,11 +249,12 @@ aes_encrypt:
        decl    %edi
        jnz     .sb_sub
 
+aes_got_tlast:         
        xorl    (%esi),%eax     C  add last key to plaintext
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
-
+aes_got_result:
        C // store encrypted data back to caller's buffer
        movl    28(%esp),%edi
        movl    %eax,(%edi)