(aes_decrypt): Adapted to the current interface.

Notably, the order of the subkeys was reversed. Single block
encrypt/decrypt works now.

Rev: src/nettle/x86/aes.asm:1.5

diff --git a/x86/aes.asm b/x86/aes.asm
index f0774985bfc176d866bf3781ff9695f44ffd2e59..49e83cc8c254379e1ed8aed5350f2d6eb7395836 100644 (file)
--- a/x86/aes.asm
+++ b/x86/aes.asm
@@ -17,6 +17,7 @@ C along with the nettle library; see the file COPYING.LIB.  If not, write to
 C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 C MA 02111-1307, USA.
 
+
        .file   "aes.asm"
 
        .data
@@ -25,7 +26,16 @@ include_src(<x86/aes_tables.asm>)
 
        .text
 
-.globl print_word
+C Register usage:
+C
+C The aes state is kept in %eax, %ebx, %ecx and %edx
+C
+C %esi is used as temporary, to point to the input, and to the
+C subkeys, etc.
+C
+C %ebp is used as the round counter, and as a temporary in the final round.
+C
+C %edi is a temporary, often used as an accumulator.
 
        C aes_encrypt(struct aes_context *ctx, 
        C             unsigned length, uint8_t *dst,
@@ -56,7 +66,8 @@ aes_got_plain:
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
-aes_xored_initial: 
+aes_xored_initial:
+       C FIXME:        Use %esi instead
        movl    20(%esp),%ebp   C  address of context struct
        movl    AES_NROUNDS (%ebp),%ebp C  get number of rounds to do from struct
 
@@ -74,6 +85,8 @@ aes_encrypt_loop:
        C      ^ table[1][B1(%ebx)]
        C      ^ table[2][B2(%ebx)]
        C      ^ table[3][B3(%ebx)]
+       C
+       C a b c d
        movl    %eax, %esi
        andl    $0xff, %esi
        shll    $2,%esi         C  index in dtbl1
@@ -93,6 +106,7 @@ aes_encrypt_loop:
        pushl   %edi            C  save first on stack
 
        C // Second column
+       C b c d a
        movl    %ebx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in dtbl1
@@ -112,6 +126,7 @@ aes_encrypt_loop:
        pushl   %edi            C  save first on stack
 
        C // Third column
+       C c d a b
        movl    %ecx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in dtbl1
@@ -131,6 +146,7 @@ aes_encrypt_loop:
        pushl   %edi            C  save first on stack
 
        C // Fourth column
+       C d a b c
        movl    %edx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in dtbl1
@@ -164,6 +180,7 @@ aes_got_t:
 
        C // last round
        C // first column
+       C a b c d
        movl    %eax,%edi
        andl    $0x000000ff,%edi
        movl    %ebx,%ebp
@@ -178,6 +195,7 @@ aes_got_t:
        pushl   %edi
 
        C // second column
+       C d a b c
        movl    %eax,%edi
        andl    $0x0000ff00,%edi
        movl    %ebx,%ebp
@@ -191,6 +209,7 @@ aes_got_t:
        orl     %ebp,%edi
        pushl   %edi
 
+       C c d a b
        C // third column
        movl    %eax,%edi
        andl    $0x00ff0000,%edi
@@ -206,6 +225,7 @@ aes_got_t:
        pushl   %edi
 
        C // fourth column
+       C b c d a
        movl    %eax,%edi
        andl    $0xff000000,%edi
        movl    %ebx,%ebp
@@ -270,8 +290,9 @@ aes_got_result:
        .size   aes_encrypt,.eore-aes_encrypt
 
 
-       C // aes_decrypt(AES_context *ctx, const UINT8 *ciphertext
-       C //                UINT8 *plaintext)
+       C aes_encrypt(struct aes_context *ctx, 
+       C             unsigned length, uint8_t *dst,
+       C             uint8_t *src)
        .align 16
 .globl aes_decrypt
        .type   aes_decrypt,@function
@@ -281,28 +302,42 @@ aes_decrypt:
        pushl   %ebp            C  12(%esp)
        pushl   %esi            C  8(%esp)
        pushl   %edi            C  4(%esp)
-       movl    24(%esp),%esi   C  address of ciphertext
+
+       C ctx = 20(%esp)
+       C length = 24(%esp)
+       C dst = 28(%esp)
+       C src = 32(%esp)
+
+       movl    32(%esp),%esi   C  address of ciphertext
        movl    (%esi),%eax     C  load ciphertext into registers
        movl    4(%esi),%ebx
        movl    8(%esi),%ecx
        movl    12(%esi),%edx
+       
        movl    20(%esp),%esi   C  address of context struct ctx
-       movl    480(%esi),%ebp  C  get number of rounds to do from struct
-       shll    $4,%ebp
-       leal    240(%esi, %ebp),%esi
-       shrl    $4,%ebp
-       xorl    (%esi),%eax     C  add last key to ciphertext
+       xorl    (%esi),%eax     C  add first key to ciphertext
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
+       movl    AES_NROUNDS (%esi),%ebp C  get number of rounds to do from struct
+       C shll  $4,%ebp
+       C leal  240(%esi, %ebp),%esi
+       C shrl  $4,%ebp
+       C xorl  (%esi),%eax     C  add last key to ciphertext
+       C xorl  4(%esi),%ebx
+       C xorl  8(%esi),%ecx
+       C xorl  12(%esi),%edx
 
        subl    $1,%ebp         C  one round is complete
-       subl    $16,%esi        C  point to previous key
-.decrypt_loop:
+       addl    $16,%esi        C  point to next key
+Ldecrypt_loop:
        pushl   %esi            C  save this first: we'll clobber it later
+
+       C Why???
        xchgl   %ebx,%edx
 
        C // First column
+       C a b c d
        movl    %eax,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in itbl1
@@ -322,6 +357,7 @@ aes_decrypt:
        pushl   %edi            C  save first on stack
 
        C // Second column
+       C d a b c
        movl    %edx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in itbl1
@@ -341,6 +377,7 @@ aes_decrypt:
        pushl   %edi
 
        C // Third column
+       C c d a b
        movl    %ecx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in itbl1
@@ -360,6 +397,7 @@ aes_decrypt:
        pushl   %edi            C  save first on stack
 
        C // Fourth column
+       C b c d a
        movl    %ebx,%esi       C  copy first in
        andl    $0x000000ff,%esi C  clear all but offset
        shll    $2,%esi         C  index in itbl1
@@ -376,6 +414,7 @@ aes_decrypt:
        shrl    $22,%esi
        andl    $0x000003fc,%esi
        xorl    itbl4(%esi),%edi
+
        movl    %edi,%edx
        popl    %ecx
        popl    %ebx
@@ -385,14 +424,16 @@ aes_decrypt:
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx
-       subl    $16,%esi        C  point to previous key
+       addl    $16,%esi        C  point to next key
        decl    %ebp
-       jnz     .decrypt_loop
+       jnz     Ldecrypt_loop
 
+       C Foo?
        xchgl   %ebx,%edx
 
        C // last round
        C // first column
+       C a b c d
        movl    %eax,%edi
        andl    $0x000000ff,%edi
        movl    %ebx,%ebp
@@ -407,6 +448,7 @@ aes_decrypt:
        pushl   %edi
 
        C // second column
+       C b c d a
        movl    %eax,%edi
        andl    $0xff000000,%edi
        movl    %ebx,%ebp
@@ -421,6 +463,7 @@ aes_decrypt:
        pushl   %edi
 
        C // third column
+       C c d a b
        movl    %eax,%edi
        andl    $0x00ff0000,%edi
        movl    %ebx,%ebp
@@ -434,7 +477,8 @@ aes_decrypt:
        orl     %ebp,%edi
        pushl   %edi
 
-       C // second column
+       C // fourth column
+       C d a b c
        movl    %eax,%edi
        andl    $0x0000ff00,%edi
        movl    %ebx,%ebp
@@ -478,7 +522,7 @@ aes_decrypt:
        decl    %edi
        jnz     .isb_sub
 
-       xorl    (%esi),%eax     C  add first key to plaintext
+       xorl    (%esi),%eax     C  add last key to plaintext
        xorl    4(%esi),%ebx
        xorl    8(%esi),%ecx
        xorl    12(%esi),%edx