From: Niels Möller Date: Mon, 29 Jan 2024 16:56:27 +0000 (+0100) Subject: Merge branch 'aes-noreverse-decrypt-subkeys' into master X-Git-Tag: nettle_3.10rc1~35 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df93af1bb514d55431fccc73324a550f867b15fa;p=thirdparty%2Fnettle.git Merge branch 'aes-noreverse-decrypt-subkeys' into master --- df93af1bb514d55431fccc73324a550f867b15fa diff --cc ChangeLog index d9166612,86a87e1b..a1243072 --- a/ChangeLog +++ b/ChangeLog @@@ -1,9 -1,29 +1,35 @@@ +2024-01-28 Niels Möller + + * powerpc64/p8/aes-encrypt-internal.asm: Use r10-r12 consistently + for indexing, and reducing number of used callee-save registers. + * powerpc64/p8/aes-decrypt-internal.asm: Likewise. + + 2024-01-27 Niels Möller + + * aes-invert-internal.c (_nettle_aes_invert): Don't reorder the subkeys. + * aes-decrypt-internal.c (_nettle_aes_decrypt): Updated to process + subkeys starting from the end, and let subkeys pointer point at + the subkey for the first decrypt round, located at the end of the + array. + * aes128-decrypt.c (nettle_aes128_decrypt): Updated accordingly. + * aes192-decrypt.c (nettle_aes192_decrypt): Likewise. + * aes256-decrypt.c (nettle_aes256_decrypt): Likewise. + * arm/aes.m4 (AES_LOAD_INCR): New macro, specifying desired + increment of key pointer. + * arm/aes-decrypt-internal.asm: Updated for new conventions. + * arm/v6/aes-decrypt-internal.asm: Likewise. + * arm64/crypto/aes128-decrypt.asm: Likewise. + * arm64/crypto/aes192-decrypt.asm: Likewise. + * arm64/crypto/aes256-decrypt.asm: Likewise. + * powerpc64/p8/aes-decrypt-internal.asm: Likewise. + * sparc64/aes-decrypt-internal.asm: Likewise. + * x86/aes-decrypt-internal.asm: Likewise. + * x86_64/aes-decrypt-internal.asm: Likewise. + * x86_64/aes-decrypt-internal.asm: Likewise. + * x86_64/aesni/aes128-decrypt.asm: Likewise. + * x86_64/aesni/aes192-decrypt.asm: Likewise. + * x86_64/aesni/aes256-decrypt.asm: Likewise. + 2024-01-26 Niels Möller Delete all sparc32 assembly. diff --cc powerpc64/p8/aes-decrypt-internal.asm index 6336e5b7,1dc66628..d2a07a38 --- a/powerpc64/p8/aes-decrypt-internal.asm +++ b/powerpc64/p8/aes-decrypt-internal.asm @@@ -115,18 -115,17 +115,18 @@@ IF_LE(`OPN_XXXY(vperm, SWAP_MASK, S0,S1 OPN_XXY(vxor, K, S0, S1, S2, S3, S4, S5, S6, S7) mtctr ROUNDS - li r9,0x10 - li r10,-0x10 ++ li r9,-0x10 + .align 5 L8x_round_loop: - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK OPN_XXY(vncipher, ZERO, S0, S1, S2, S3, S4, S5, S6, S7) OPN_XXY(vxor, K, S0, S1, S2, S3, S4, S5, S6, S7) - addi r9,r9,0x10 - subi r10,r10,0x10 ++ subi r9,r9,0x10 bdnz L8x_round_loop - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK OPN_XXY(vncipherlast, K, S0, S1, S2, S3, S4, S5, S6, S7) @@@ -172,17 -176,17 +172,17 @@@ IF_LE(`OPN_XXXY(vperm, SWAP_MASK, S0,S1 OPN_XXY(vxor, K, S0, S1, S2, S3) mtctr ROUNDS - li r9,0x10 - li r10,-0x10 ++ li r9,-0x10 .align 5 L4x_round_loop: - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK OPN_XXY(vncipher, ZERO, S0, S1, S2, S3) OPN_XXY(vxor, K, S0, S1, S2, S3) - addi r9,r9,0x10 - subi r10,r10,0x10 ++ subi r9,r9,0x10 bdnz L4x_round_loop - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK OPN_XXY(vncipherlast, K, S0, S1, S2, S3) @@@ -216,19 -224,19 +216,19 @@@ IF_LE(`vperm S0,S0,S0,SWAP_MAS vxor S1,S1,K mtctr ROUNDS - li r9,0x10 - li r10,-0x10 ++ li r9,-0x10 .align 5 L2x_round_loop: - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK vncipher S0,S0,ZERO vncipher S1,S1,ZERO vxor S0,S0,K vxor S1,S1,K - addi r9,r9,0x10 - subi r10,r10,0x10 ++ subi r9,r9,0x10 bdnz L2x_round_loop - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK vncipherlast S0,S0,K vncipherlast S1,S1,K @@@ -258,17 -267,17 +258,17 @@@ IF_LE(`vperm S0,S0,S0,SWAP_MASK' vxor S0,S0,K mtctr ROUNDS - li r9,0x10 - li r10,-0x10 ++ li r9,-0x10 .align 5 L1x_round_loop: - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK vncipher S0,S0,ZERO vxor S0,S0,K - addi r9,r9,0x10 - subi r10,r10,0x10 ++ subi r9,r9,0x10 bdnz L1x_round_loop - lxvd2x VSR(K),r10,KEYS + lxvd2x VSR(K),r9,KEYS vperm K,K,K,SWAP_MASK vncipherlast S0,S0,K