![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to aessmall_x86.asm CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [truecrypt] / truecrypt / crypto|
Return to aessmall_x86.asm CVS log | Up to [truecrypt] / truecrypt / crypto |
1.1 ! root 1: ! 2: ; --------------------------------------------------------------------------- ! 3: ; Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved. ! 4: ; ! 5: ; LICENSE TERMS ! 6: ; ! 7: ; The free distribution and use of this software is allowed (with or without ! 8: ; changes) provided that: ! 9: ; ! 10: ; 1. source code distributions include the above copyright notice, this ! 11: ; list of conditions and the following disclaimer; ! 12: ; ! 13: ; 2. binary distributions include the above copyright notice, this list ! 14: ; of conditions and the following disclaimer in their documentation; ! 15: ; ! 16: ; 3. the name of the copyright holder is not used to endorse products ! 17: ; built using this software without specific written permission. ! 18: ; ! 19: ; DISCLAIMER ! 20: ; ! 21: ; This software is provided 'as is' with no explicit or implied warranties ! 22: ; in respect of its properties, including, but not limited to, correctness ! 23: ; and/or fitness for purpose. ! 24: ; --------------------------------------------------------------------------- ! 25: ; Issue 20/12/2007 ! 26: ; ! 27: ; This code requires either ASM_X86_V2 or ASM_X86_V2C to be set in aesopt.h ! 28: ; and the same define to be set here as well. If AES_V2C is set this file ! 29: ; requires the C files aeskey.c and aestab.c for support. ! 30: ! 31: ; An AES implementation for x86 processors using the YASM (or NASM) assembler. ! 32: ; This is a full assembler implementation covering encryption, decryption and ! 33: ; key scheduling. It uses 2k bytes of tables but its encryption and decryption ! 34: ; performance is very close to that obtained using large tables. Key schedule ! 35: ; expansion is slower for both encryption and decryption but this is likely to ! 36: ; be offset by the much smaller load that this version places on the processor ! 37: ; cache. I acknowledge the contribution made by Daniel Bernstein to aspects of ! 38: ; the design of the AES round function used here. ! 39: ; ! 40: ; This code provides the standard AES block size (128 bits, 16 bytes) and the ! 41: ; three standard AES key sizes (128, 192 and 256 bits). It has the same call ! 42: ; interface as my C implementation. The ebx, esi, edi and ebp registers are ! 43: ; preserved across calls but eax, ecx and edx and the artihmetic status flags ! 44: ; are not. Although this is a full assembler implementation, it can be used ! 45: ; in conjunction with my C code which provides faster key scheduling using ! 46: ; large tables. In this case aeskey.c should be compiled with ASM_X86_V2C ! 47: ; defined. It is also important that the defines below match those used in the ! 48: ; C code. This code uses the VC++ register saving conentions; if it is used ! 49: ; with another compiler, conventions for using and saving registers may need ! 50: ; to be checked (and calling conventions). The YASM command line for the VC++ ! 51: ; custom build step is: ! 52: ; ! 53: ; yasm -Xvc -f win32 -D <Z> -o "$(TargetDir)\$(InputName).obj" "$(InputPath)" ! 54: ; ! 55: ; For the cryptlib build this is (pcg): ! 56: ; ! 57: ; yasm -Xvc -f win32 -D ASM_X86_V2C -o aescrypt2.obj aes_x86_v2.asm ! 58: ; ! 59: ; where <Z> is ASM_X86_V2 or ASM_X86_V2C. The calling intefaces are: ! 60: ; ! 61: ; AES_RETURN aes_encrypt(const unsigned char in_blk[], ! 62: ; unsigned char out_blk[], const aes_encrypt_ctx cx[1]); ! 63: ; ! 64: ; AES_RETURN aes_decrypt(const unsigned char in_blk[], ! 65: ; unsigned char out_blk[], const aes_decrypt_ctx cx[1]); ! 66: ; ! 67: ; AES_RETURN aes_encrypt_key<NNN>(const unsigned char key[], ! 68: ; const aes_encrypt_ctx cx[1]); ! 69: ; ! 70: ; AES_RETURN aes_decrypt_key<NNN>(const unsigned char key[], ! 71: ; const aes_decrypt_ctx cx[1]); ! 72: ; ! 73: ; AES_RETURN aes_encrypt_key(const unsigned char key[], ! 74: ; unsigned int len, const aes_decrypt_ctx cx[1]); ! 75: ; ! 76: ; AES_RETURN aes_decrypt_key(const unsigned char key[], ! 77: ; unsigned int len, const aes_decrypt_ctx cx[1]); ! 78: ; ! 79: ; where <NNN> is 128, 102 or 256. In the last two calls the length can be in ! 80: ; either bits or bytes. ! 81: ! 82: ; The DLL interface must use the _stdcall convention in which the number ! 83: ; of bytes of parameter space is added after an @ to the sutine's name. ! 84: ; We must also remove our parameters from the stack before return (see ! 85: ; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version. ! 86: ! 87: ; ! 88: ; Adapted for TrueCrypt by the TrueCrypt Foundation: ! 89: ; - All tables generated at run-time ! 90: ; - Adapted for 16-bit environment ! 91: ; ! 92: ! 93: CPU 386 ! 94: USE16 ! 95: SEGMENT _TEXT PUBLIC CLASS=CODE USE16 ! 96: SEGMENT _DATA PUBLIC CLASS=DATA USE16 ! 97: ! 98: GROUP DGROUP _TEXT _DATA ! 99: ! 100: extern _aes_dec_tab ; Aestab.c ! 101: extern _aes_enc_tab ! 102: ! 103: ; %define DLL_EXPORT ! 104: ! 105: ; The size of the code can be reduced by using functions for the encryption ! 106: ; and decryption rounds in place of macro expansion ! 107: ! 108: %define REDUCE_CODE_SIZE ! 109: ! 110: ; Comment in/out the following lines to obtain the desired subroutines. These ! 111: ; selections MUST match those in the C header file aes.h ! 112: ! 113: ; %define AES_128 ; define if AES with 128 bit keys is needed ! 114: ; %define AES_192 ; define if AES with 192 bit keys is needed ! 115: %define AES_256 ; define if AES with 256 bit keys is needed ! 116: ; %define AES_VAR ; define if a variable key size is needed ! 117: %define ENCRYPTION ; define if encryption is needed ! 118: %define DECRYPTION ; define if decryption is needed ! 119: ; %define AES_REV_DKS ; define if key decryption schedule is reversed ! 120: ! 121: %ifndef ASM_X86_V2C ! 122: %define ENCRYPTION_KEY_SCHEDULE ; define if encryption key expansion is needed ! 123: %define DECRYPTION_KEY_SCHEDULE ; define if decryption key expansion is needed ! 124: %endif ! 125: ! 126: ; The encryption key schedule has the following in memory layout where N is the ! 127: ; number of rounds (10, 12 or 14): ! 128: ; ! 129: ; lo: | input key (round 0) | ; each round is four 32-bit words ! 130: ; | encryption round 1 | ! 131: ; | encryption round 2 | ! 132: ; .... ! 133: ; | encryption round N-1 | ! 134: ; hi: | encryption round N | ! 135: ; ! 136: ; The decryption key schedule is normally set up so that it has the same ! 137: ; layout as above by actually reversing the order of the encryption key ! 138: ; schedule in memory (this happens when AES_REV_DKS is set): ! 139: ; ! 140: ; lo: | decryption round 0 | = | encryption round N | ! 141: ; | decryption round 1 | = INV_MIX_COL[ | encryption round N-1 | ] ! 142: ; | decryption round 2 | = INV_MIX_COL[ | encryption round N-2 | ] ! 143: ; .... .... ! 144: ; | decryption round N-1 | = INV_MIX_COL[ | encryption round 1 | ] ! 145: ; hi: | decryption round N | = | input key (round 0) | ! 146: ; ! 147: ; with rounds except the first and last modified using inv_mix_column() ! 148: ; But if AES_REV_DKS is NOT set the order of keys is left as it is for ! 149: ; encryption so that it has to be accessed in reverse when used for ! 150: ; decryption (although the inverse mix column modifications are done) ! 151: ; ! 152: ; lo: | decryption round 0 | = | input key (round 0) | ! 153: ; | decryption round 1 | = INV_MIX_COL[ | encryption round 1 | ] ! 154: ; | decryption round 2 | = INV_MIX_COL[ | encryption round 2 | ] ! 155: ; .... .... ! 156: ; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ] ! 157: ; hi: | decryption round N | = | encryption round N | ! 158: ; ! 159: ; This layout is faster when the assembler key scheduling provided here ! 160: ; is used. ! 161: ; ! 162: ; End of user defines ! 163: ! 164: %ifdef AES_VAR ! 165: %ifndef AES_128 ! 166: %define AES_128 ! 167: %endif ! 168: %ifndef AES_192 ! 169: %define AES_192 ! 170: %endif ! 171: %ifndef AES_256 ! 172: %define AES_256 ! 173: %endif ! 174: %endif ! 175: ! 176: %ifdef AES_VAR ! 177: %define KS_LENGTH 60 ! 178: %elifdef AES_256 ! 179: %define KS_LENGTH 60 ! 180: %elifdef AES_192 ! 181: %define KS_LENGTH 52 ! 182: %else ! 183: %define KS_LENGTH 44 ! 184: %endif ! 185: ! 186: ; These macros implement stack based local variables ! 187: ! 188: %macro save 2 ! 189: mov [esp+4*%1],%2 ! 190: %endmacro ! 191: ! 192: %macro restore 2 ! 193: mov %1,[esp+4*%2] ! 194: %endmacro ! 195: ! 196: %ifdef REDUCE_CODE_SIZE ! 197: %macro mf_call 1 ! 198: call %1 ! 199: %endmacro ! 200: %else ! 201: %macro mf_call 1 ! 202: %1 ! 203: %endmacro ! 204: %endif ! 205: ! 206: ; the DLL has to implement the _stdcall calling interface on return ! 207: ; In this case we have to take our parameters (3 4-byte pointers) ! 208: ; off the stack ! 209: ! 210: %define parms 12 ! 211: ! 212: %macro do_name 1-2 parms ! 213: %ifndef DLL_EXPORT ! 214: global %1 ! 215: %1: ! 216: %else ! 217: global %1@%2 ! 218: export %1@%2 ! 219: %1@%2: ! 220: %endif ! 221: %endmacro ! 222: ! 223: %macro do_call 1-2 parms ! 224: %ifndef DLL_EXPORT ! 225: call %1 ! 226: add esp,%2 ! 227: %else ! 228: call %1@%2 ! 229: %endif ! 230: %endmacro ! 231: ! 232: %macro do_exit 0-1 parms ! 233: %ifdef DLL_EXPORT ! 234: ret %1 ! 235: %else ! 236: ret ! 237: %endif ! 238: %endmacro ! 239: ! 240: ; finite field multiplies by {02}, {04} and {08} ! 241: ! 242: %define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) ! 243: %define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) ! 244: %define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) ! 245: ! 246: ; finite field multiplies required in table generation ! 247: ! 248: %define f3(x) (f2(x) ^ x) ! 249: %define f9(x) (f8(x) ^ x) ! 250: %define fb(x) (f8(x) ^ f2(x) ^ x) ! 251: %define fd(x) (f8(x) ^ f4(x) ^ x) ! 252: %define fe(x) (f8(x) ^ f4(x) ^ f2(x)) ! 253: ! 254: %define etab_0(x) [_aes_enc_tab+4+8*x] ! 255: %define etab_1(x) [_aes_enc_tab+3+8*x] ! 256: %define etab_2(x) [_aes_enc_tab+2+8*x] ! 257: %define etab_3(x) [_aes_enc_tab+1+8*x] ! 258: %define etab_b(x) byte [_aes_enc_tab+1+8*x] ; used with movzx for 0x000000xx ! 259: %define etab_w(x) word [_aes_enc_tab+8*x] ; used with movzx for 0x0000xx00 ! 260: ! 261: %define btab_0(x) [_aes_enc_tab+6+8*x] ! 262: %define btab_1(x) [_aes_enc_tab+5+8*x] ! 263: %define btab_2(x) [_aes_enc_tab+4+8*x] ! 264: %define btab_3(x) [_aes_enc_tab+3+8*x] ! 265: ! 266: ; ROUND FUNCTION. Build column[2] on ESI and column[3] on EDI that have the ! 267: ; round keys pre-loaded. Build column[0] in EBP and column[1] in EBX. ! 268: ; ! 269: ; Input: ! 270: ; ! 271: ; EAX column[0] ! 272: ; EBX column[1] ! 273: ; ECX column[2] ! 274: ; EDX column[3] ! 275: ; ESI column key[round][2] ! 276: ; EDI column key[round][3] ! 277: ; EBP scratch ! 278: ; ! 279: ; Output: ! 280: ; ! 281: ; EBP column[0] unkeyed ! 282: ; EBX column[1] unkeyed ! 283: ; ESI column[2] keyed ! 284: ; EDI column[3] keyed ! 285: ; EAX scratch ! 286: ; ECX scratch ! 287: ; EDX scratch ! 288: ! 289: %macro rnd_fun 2 ! 290: ! 291: rol ebx,16 ! 292: %1 esi, cl, 0, ebp ! 293: %1 esi, dh, 1, ebp ! 294: %1 esi, bh, 3, ebp ! 295: %1 edi, dl, 0, ebp ! 296: %1 edi, ah, 1, ebp ! 297: %1 edi, bl, 2, ebp ! 298: %2 ebp, al, 0, ebp ! 299: shr ebx,16 ! 300: and eax,0xffff0000 ! 301: or eax,ebx ! 302: shr edx,16 ! 303: %1 ebp, ah, 1, ebx ! 304: %1 ebp, dh, 3, ebx ! 305: %2 ebx, dl, 2, ebx ! 306: %1 ebx, ch, 1, edx ! 307: %1 ebx, al, 0, edx ! 308: shr eax,16 ! 309: shr ecx,16 ! 310: %1 ebp, cl, 2, edx ! 311: %1 edi, ch, 3, edx ! 312: %1 esi, al, 2, edx ! 313: %1 ebx, ah, 3, edx ! 314: ! 315: %endmacro ! 316: ! 317: ; Basic MOV and XOR Operations for normal rounds ! 318: ! 319: %macro nr_xor 4 ! 320: movzx %4,%2 ! 321: xor %1,etab_%3(%4) ! 322: %endmacro ! 323: ! 324: %macro nr_mov 4 ! 325: movzx %4,%2 ! 326: mov %1,etab_%3(%4) ! 327: %endmacro ! 328: ! 329: ; Basic MOV and XOR Operations for last round ! 330: ! 331: %if 1 ! 332: ! 333: %macro lr_xor 4 ! 334: movzx %4,%2 ! 335: movzx %4,etab_b(%4) ! 336: %if %3 != 0 ! 337: shl %4,8*%3 ! 338: %endif ! 339: xor %1,%4 ! 340: %endmacro ! 341: ! 342: %macro lr_mov 4 ! 343: movzx %4,%2 ! 344: movzx %1,etab_b(%4) ! 345: %if %3 != 0 ! 346: shl %1,8*%3 ! 347: %endif ! 348: %endmacro ! 349: ! 350: %else ; less effective but worth leaving as an option ! 351: ! 352: %macro lr_xor 4 ! 353: movzx %4,%2 ! 354: mov %4,btab_%3(%4) ! 355: and %4,0x000000ff << 8 * %3 ! 356: xor %1,%4 ! 357: %endmacro ! 358: ! 359: %macro lr_mov 4 ! 360: movzx %4,%2 ! 361: mov %1,btab_%3(%4) ! 362: and %1,0x000000ff << 8 * %3 ! 363: %endmacro ! 364: ! 365: %endif ! 366: ! 367: ; Apply S-Box to the 4 bytes in a 32-bit word and rotate byte positions ! 368: ! 369: %ifdef REDUCE_CODE_SIZE ! 370: ! 371: l3s_col: ! 372: movzx ecx,al ; in eax ! 373: movzx ecx, etab_b(ecx) ; out eax ! 374: xor edx,ecx ; scratch ecx,edx ! 375: movzx ecx,ah ! 376: movzx ecx, etab_b(ecx) ! 377: shl ecx,8 ! 378: xor edx,ecx ! 379: shr eax,16 ! 380: movzx ecx,al ! 381: movzx ecx, etab_b(ecx) ! 382: shl ecx,16 ! 383: xor edx,ecx ! 384: movzx ecx,ah ! 385: movzx ecx, etab_b(ecx) ! 386: shl ecx,24 ! 387: xor edx,ecx ! 388: mov eax,edx ! 389: ret ! 390: ! 391: %else ! 392: ! 393: %macro l3s_col 0 ! 394: ! 395: movzx ecx,al ; in eax ! 396: movzx ecx, etab_b(ecx) ; out eax ! 397: xor edx,ecx ; scratch ecx,edx ! 398: movzx ecx,ah ! 399: movzx ecx, etab_b(ecx) ! 400: shl ecx,8 ! 401: xor edx,ecx ! 402: shr eax,16 ! 403: movzx ecx,al ! 404: movzx ecx, etab_b(ecx) ! 405: shl ecx,16 ! 406: xor edx,ecx ! 407: movzx ecx,ah ! 408: movzx ecx, etab_b(ecx) ! 409: shl ecx,24 ! 410: xor edx,ecx ! 411: mov eax,edx ! 412: ! 413: %endmacro ! 414: ! 415: %endif ! 416: ! 417: ; offsets to parameters ! 418: ! 419: in_blk equ 2 ; input byte array address parameter ! 420: out_blk equ 4 ; output byte array address parameter ! 421: ctx equ 6 ; AES context structure ! 422: stk_spc equ 20 ; stack space ! 423: ! 424: %ifdef ENCRYPTION ! 425: ! 426: ; %define ENCRYPTION_TABLE ! 427: ! 428: %ifdef REDUCE_CODE_SIZE ! 429: ! 430: enc_round: ! 431: sub sp, 2 ! 432: add ebp,16 ! 433: save 1,ebp ! 434: mov esi,[ebp+8] ! 435: mov edi,[ebp+12] ! 436: ! 437: rnd_fun nr_xor, nr_mov ! 438: ! 439: mov eax,ebp ! 440: mov ecx,esi ! 441: mov edx,edi ! 442: restore ebp,1 ! 443: xor eax,[ebp] ! 444: xor ebx,[ebp+4] ! 445: add sp, 2 ! 446: ret ! 447: ! 448: %else ! 449: ! 450: %macro enc_round 0 ! 451: ! 452: add ebp,16 ! 453: save 0,ebp ! 454: mov esi,[ebp+8] ! 455: mov edi,[ebp+12] ! 456: ! 457: rnd_fun nr_xor, nr_mov ! 458: ! 459: mov eax,ebp ! 460: mov ecx,esi ! 461: mov edx,edi ! 462: restore ebp,0 ! 463: xor eax,[ebp] ! 464: xor ebx,[ebp+4] ! 465: ! 466: %endmacro ! 467: ! 468: %endif ! 469: ! 470: %macro enc_last_round 0 ! 471: ! 472: add ebp,16 ! 473: save 0,ebp ! 474: mov esi,[ebp+8] ! 475: mov edi,[ebp+12] ! 476: ! 477: rnd_fun lr_xor, lr_mov ! 478: ! 479: mov eax,ebp ! 480: restore ebp,0 ! 481: xor eax,[ebp] ! 482: xor ebx,[ebp+4] ! 483: ! 484: %endmacro ! 485: ! 486: section _TEXT ! 487: ! 488: ; AES Encryption Subroutine ! 489: ! 490: do_name _aes_encrypt,12 ! 491: ! 492: mov ax, sp ! 493: movzx esp, ax ! 494: ! 495: sub esp,stk_spc ! 496: mov [esp+16],ebp ! 497: mov [esp+12],ebx ! 498: mov [esp+ 8],esi ! 499: mov [esp+ 4],edi ! 500: ! 501: movzx esi,word [esp+in_blk+stk_spc] ; input pointer ! 502: mov eax,[esi ] ! 503: mov ebx,[esi+ 4] ! 504: mov ecx,[esi+ 8] ! 505: mov edx,[esi+12] ! 506: ! 507: movzx ebp,word [esp+ctx+stk_spc] ; key pointer ! 508: movzx edi,byte [ebp+4*KS_LENGTH] ! 509: xor eax,[ebp ] ! 510: xor ebx,[ebp+ 4] ! 511: xor ecx,[ebp+ 8] ! 512: xor edx,[ebp+12] ! 513: ! 514: ; determine the number of rounds ! 515: ! 516: %ifndef AES_256 ! 517: cmp edi,10*16 ! 518: je .3 ! 519: cmp edi,12*16 ! 520: je .2 ! 521: cmp edi,14*16 ! 522: je .1 ! 523: mov eax,-1 ! 524: jmp .5 ! 525: %endif ! 526: ! 527: .1: mf_call enc_round ! 528: mf_call enc_round ! 529: .2: mf_call enc_round ! 530: mf_call enc_round ! 531: .3: mf_call enc_round ! 532: mf_call enc_round ! 533: mf_call enc_round ! 534: mf_call enc_round ! 535: mf_call enc_round ! 536: mf_call enc_round ! 537: mf_call enc_round ! 538: mf_call enc_round ! 539: mf_call enc_round ! 540: enc_last_round ! 541: ! 542: movzx edx,word [esp+out_blk+stk_spc] ! 543: mov [edx],eax ! 544: mov [edx+4],ebx ! 545: mov [edx+8],esi ! 546: mov [edx+12],edi ! 547: xor eax,eax ! 548: ! 549: .5: mov ebp,[esp+16] ! 550: mov ebx,[esp+12] ! 551: mov esi,[esp+ 8] ! 552: mov edi,[esp+ 4] ! 553: add esp,stk_spc ! 554: do_exit 12 ! 555: ! 556: %endif ! 557: ! 558: %macro f_key 2 ! 559: ! 560: push ecx ! 561: push edx ! 562: mov edx,esi ! 563: ror eax,8 ! 564: mf_call l3s_col ! 565: mov esi,eax ! 566: pop edx ! 567: pop ecx ! 568: xor esi,rc_val ! 569: ! 570: mov [ebp+%1*%2],esi ! 571: xor edi,esi ! 572: mov [ebp+%1*%2+4],edi ! 573: xor ecx,edi ! 574: mov [ebp+%1*%2+8],ecx ! 575: xor edx,ecx ! 576: mov [ebp+%1*%2+12],edx ! 577: mov eax,edx ! 578: ! 579: %if %2 == 24 ! 580: ! 581: %if %1 < 7 ! 582: xor eax,[ebp+%1*%2+16-%2] ! 583: mov [ebp+%1*%2+16],eax ! 584: xor eax,[ebp+%1*%2+20-%2] ! 585: mov [ebp+%1*%2+20],eax ! 586: %endif ! 587: ! 588: %elif %2 == 32 ! 589: ! 590: %if %1 < 6 ! 591: push ecx ! 592: push edx ! 593: mov edx,[ebp+%1*%2+16-%2] ! 594: mf_call l3s_col ! 595: pop edx ! 596: pop ecx ! 597: mov [ebp+%1*%2+16],eax ! 598: xor eax,[ebp+%1*%2+20-%2] ! 599: mov [ebp+%1*%2+20],eax ! 600: xor eax,[ebp+%1*%2+24-%2] ! 601: mov [ebp+%1*%2+24],eax ! 602: xor eax,[ebp+%1*%2+28-%2] ! 603: mov [ebp+%1*%2+28],eax ! 604: %endif ! 605: ! 606: %endif ! 607: ! 608: %assign rc_val f2(rc_val) ! 609: ! 610: %endmacro ! 611: ! 612: %ifdef ENCRYPTION_KEY_SCHEDULE ! 613: ! 614: %ifdef AES_128 ! 615: ! 616: %ifndef ENCRYPTION_TABLE ! 617: ; %define ENCRYPTION_TABLE ! 618: %endif ! 619: ! 620: %assign rc_val 1 ! 621: ! 622: do_name _aes_encrypt_key128,8 ! 623: ! 624: push ebp ! 625: push ebx ! 626: push esi ! 627: push edi ! 628: ! 629: mov ebp,[esp+24] ! 630: mov [ebp+4*KS_LENGTH],dword 10*16 ! 631: mov ebx,[esp+20] ! 632: ! 633: mov esi,[ebx] ! 634: mov [ebp],esi ! 635: mov edi,[ebx+4] ! 636: mov [ebp+4],edi ! 637: mov ecx,[ebx+8] ! 638: mov [ebp+8],ecx ! 639: mov edx,[ebx+12] ! 640: mov [ebp+12],edx ! 641: add ebp,16 ! 642: mov eax,edx ! 643: ! 644: f_key 0,16 ; 11 * 4 = 44 unsigned longs ! 645: f_key 1,16 ; 4 + 4 * 10 generated = 44 ! 646: f_key 2,16 ! 647: f_key 3,16 ! 648: f_key 4,16 ! 649: f_key 5,16 ! 650: f_key 6,16 ! 651: f_key 7,16 ! 652: f_key 8,16 ! 653: f_key 9,16 ! 654: ! 655: pop edi ! 656: pop esi ! 657: pop ebx ! 658: pop ebp ! 659: xor eax,eax ! 660: do_exit 8 ! 661: ! 662: %endif ! 663: ! 664: %ifdef AES_192 ! 665: ! 666: %ifndef ENCRYPTION_TABLE ! 667: ; %define ENCRYPTION_TABLE ! 668: %endif ! 669: ! 670: %assign rc_val 1 ! 671: ! 672: do_name _aes_encrypt_key192,8 ! 673: ! 674: push ebp ! 675: push ebx ! 676: push esi ! 677: push edi ! 678: ! 679: mov ebp,[esp+24] ! 680: mov [ebp+4*KS_LENGTH],dword 12 * 16 ! 681: mov ebx,[esp+20] ! 682: ! 683: mov esi,[ebx] ! 684: mov [ebp],esi ! 685: mov edi,[ebx+4] ! 686: mov [ebp+4],edi ! 687: mov ecx,[ebx+8] ! 688: mov [ebp+8],ecx ! 689: mov edx,[ebx+12] ! 690: mov [ebp+12],edx ! 691: mov eax,[ebx+16] ! 692: mov [ebp+16],eax ! 693: mov eax,[ebx+20] ! 694: mov [ebp+20],eax ! 695: add ebp,24 ! 696: ! 697: f_key 0,24 ; 13 * 4 = 52 unsigned longs ! 698: f_key 1,24 ; 6 + 6 * 8 generated = 54 ! 699: f_key 2,24 ! 700: f_key 3,24 ! 701: f_key 4,24 ! 702: f_key 5,24 ! 703: f_key 6,24 ! 704: f_key 7,24 ! 705: ! 706: pop edi ! 707: pop esi ! 708: pop ebx ! 709: pop ebp ! 710: xor eax,eax ! 711: do_exit 8 ! 712: ! 713: %endif ! 714: ! 715: %ifdef AES_256 ! 716: ! 717: %ifndef ENCRYPTION_TABLE ! 718: ; %define ENCRYPTION_TABLE ! 719: %endif ! 720: ! 721: %assign rc_val 1 ! 722: ! 723: do_name _aes_encrypt_key256,8 ! 724: ! 725: mov ax, sp ! 726: movzx esp, ax ! 727: ! 728: push ebp ! 729: push ebx ! 730: push esi ! 731: push edi ! 732: ! 733: movzx ebp, word [esp+20] ; ks ! 734: mov [ebp+4*KS_LENGTH],dword 14 * 16 ! 735: movzx ebx, word [esp+18] ; key ! 736: ! 737: mov esi,[ebx] ! 738: mov [ebp],esi ! 739: mov edi,[ebx+4] ! 740: mov [ebp+4],edi ! 741: mov ecx,[ebx+8] ! 742: mov [ebp+8],ecx ! 743: mov edx,[ebx+12] ! 744: mov [ebp+12],edx ! 745: mov eax,[ebx+16] ! 746: mov [ebp+16],eax ! 747: mov eax,[ebx+20] ! 748: mov [ebp+20],eax ! 749: mov eax,[ebx+24] ! 750: mov [ebp+24],eax ! 751: mov eax,[ebx+28] ! 752: mov [ebp+28],eax ! 753: add ebp,32 ! 754: ! 755: f_key 0,32 ; 15 * 4 = 60 unsigned longs ! 756: f_key 1,32 ; 8 + 8 * 7 generated = 64 ! 757: f_key 2,32 ! 758: f_key 3,32 ! 759: f_key 4,32 ! 760: f_key 5,32 ! 761: f_key 6,32 ! 762: ! 763: pop edi ! 764: pop esi ! 765: pop ebx ! 766: pop ebp ! 767: xor eax,eax ! 768: do_exit 8 ! 769: ! 770: %endif ! 771: ! 772: %ifdef AES_VAR ! 773: ! 774: %ifndef ENCRYPTION_TABLE ! 775: ; %define ENCRYPTION_TABLE ! 776: %endif ! 777: ! 778: do_name _aes_encrypt_key,12 ! 779: ! 780: mov ecx,[esp+4] ! 781: mov eax,[esp+8] ! 782: mov edx,[esp+12] ! 783: push edx ! 784: push ecx ! 785: ! 786: cmp eax,16 ! 787: je .1 ! 788: cmp eax,128 ! 789: je .1 ! 790: ! 791: cmp eax,24 ! 792: je .2 ! 793: cmp eax,192 ! 794: je .2 ! 795: ! 796: cmp eax,32 ! 797: je .3 ! 798: cmp eax,256 ! 799: je .3 ! 800: mov eax,-1 ! 801: add esp,8 ! 802: do_exit 12 ! 803: ! 804: .1: do_call _aes_encrypt_key128,8 ! 805: do_exit 12 ! 806: .2: do_call _aes_encrypt_key192,8 ! 807: do_exit 12 ! 808: .3: do_call _aes_encrypt_key256,8 ! 809: do_exit 12 ! 810: ! 811: %endif ! 812: ! 813: %endif ! 814: ! 815: %ifdef ENCRYPTION_TABLE ! 816: ! 817: ; S-box data - 256 entries ! 818: ! 819: section _DATA ! 820: ! 821: %define u8(x) 0, x, x, f3(x), f2(x), x, x, f3(x) ! 822: ! 823: _aes_enc_tab: ! 824: db u8(0x63),u8(0x7c),u8(0x77),u8(0x7b),u8(0xf2),u8(0x6b),u8(0x6f),u8(0xc5) ! 825: db u8(0x30),u8(0x01),u8(0x67),u8(0x2b),u8(0xfe),u8(0xd7),u8(0xab),u8(0x76) ! 826: db u8(0xca),u8(0x82),u8(0xc9),u8(0x7d),u8(0xfa),u8(0x59),u8(0x47),u8(0xf0) ! 827: db u8(0xad),u8(0xd4),u8(0xa2),u8(0xaf),u8(0x9c),u8(0xa4),u8(0x72),u8(0xc0) ! 828: db u8(0xb7),u8(0xfd),u8(0x93),u8(0x26),u8(0x36),u8(0x3f),u8(0xf7),u8(0xcc) ! 829: db u8(0x34),u8(0xa5),u8(0xe5),u8(0xf1),u8(0x71),u8(0xd8),u8(0x31),u8(0x15) ! 830: db u8(0x04),u8(0xc7),u8(0x23),u8(0xc3),u8(0x18),u8(0x96),u8(0x05),u8(0x9a) ! 831: db u8(0x07),u8(0x12),u8(0x80),u8(0xe2),u8(0xeb),u8(0x27),u8(0xb2),u8(0x75) ! 832: db u8(0x09),u8(0x83),u8(0x2c),u8(0x1a),u8(0x1b),u8(0x6e),u8(0x5a),u8(0xa0) ! 833: db u8(0x52),u8(0x3b),u8(0xd6),u8(0xb3),u8(0x29),u8(0xe3),u8(0x2f),u8(0x84) ! 834: db u8(0x53),u8(0xd1),u8(0x00),u8(0xed),u8(0x20),u8(0xfc),u8(0xb1),u8(0x5b) ! 835: db u8(0x6a),u8(0xcb),u8(0xbe),u8(0x39),u8(0x4a),u8(0x4c),u8(0x58),u8(0xcf) ! 836: db u8(0xd0),u8(0xef),u8(0xaa),u8(0xfb),u8(0x43),u8(0x4d),u8(0x33),u8(0x85) ! 837: db u8(0x45),u8(0xf9),u8(0x02),u8(0x7f),u8(0x50),u8(0x3c),u8(0x9f),u8(0xa8) ! 838: db u8(0x51),u8(0xa3),u8(0x40),u8(0x8f),u8(0x92),u8(0x9d),u8(0x38),u8(0xf5) ! 839: db u8(0xbc),u8(0xb6),u8(0xda),u8(0x21),u8(0x10),u8(0xff),u8(0xf3),u8(0xd2) ! 840: db u8(0xcd),u8(0x0c),u8(0x13),u8(0xec),u8(0x5f),u8(0x97),u8(0x44),u8(0x17) ! 841: db u8(0xc4),u8(0xa7),u8(0x7e),u8(0x3d),u8(0x64),u8(0x5d),u8(0x19),u8(0x73) ! 842: db u8(0x60),u8(0x81),u8(0x4f),u8(0xdc),u8(0x22),u8(0x2a),u8(0x90),u8(0x88) ! 843: db u8(0x46),u8(0xee),u8(0xb8),u8(0x14),u8(0xde),u8(0x5e),u8(0x0b),u8(0xdb) ! 844: db u8(0xe0),u8(0x32),u8(0x3a),u8(0x0a),u8(0x49),u8(0x06),u8(0x24),u8(0x5c) ! 845: db u8(0xc2),u8(0xd3),u8(0xac),u8(0x62),u8(0x91),u8(0x95),u8(0xe4),u8(0x79) ! 846: db u8(0xe7),u8(0xc8),u8(0x37),u8(0x6d),u8(0x8d),u8(0xd5),u8(0x4e),u8(0xa9) ! 847: db u8(0x6c),u8(0x56),u8(0xf4),u8(0xea),u8(0x65),u8(0x7a),u8(0xae),u8(0x08) ! 848: db u8(0xba),u8(0x78),u8(0x25),u8(0x2e),u8(0x1c),u8(0xa6),u8(0xb4),u8(0xc6) ! 849: db u8(0xe8),u8(0xdd),u8(0x74),u8(0x1f),u8(0x4b),u8(0xbd),u8(0x8b),u8(0x8a) ! 850: db u8(0x70),u8(0x3e),u8(0xb5),u8(0x66),u8(0x48),u8(0x03),u8(0xf6),u8(0x0e) ! 851: db u8(0x61),u8(0x35),u8(0x57),u8(0xb9),u8(0x86),u8(0xc1),u8(0x1d),u8(0x9e) ! 852: db u8(0xe1),u8(0xf8),u8(0x98),u8(0x11),u8(0x69),u8(0xd9),u8(0x8e),u8(0x94) ! 853: db u8(0x9b),u8(0x1e),u8(0x87),u8(0xe9),u8(0xce),u8(0x55),u8(0x28),u8(0xdf) ! 854: db u8(0x8c),u8(0xa1),u8(0x89),u8(0x0d),u8(0xbf),u8(0xe6),u8(0x42),u8(0x68) ! 855: db u8(0x41),u8(0x99),u8(0x2d),u8(0x0f),u8(0xb0),u8(0x54),u8(0xbb),u8(0x16) ! 856: ! 857: %endif ! 858: ! 859: %ifdef DECRYPTION ! 860: ! 861: ; %define DECRYPTION_TABLE ! 862: ! 863: %define dtab_0(x) [_aes_dec_tab+ 8*x] ! 864: %define dtab_1(x) [_aes_dec_tab+3+8*x] ! 865: %define dtab_2(x) [_aes_dec_tab+2+8*x] ! 866: %define dtab_3(x) [_aes_dec_tab+1+8*x] ! 867: %define dtab_x(x) byte [_aes_dec_tab+7+8*x] ! 868: ! 869: %macro irn_fun 2 ! 870: ! 871: rol eax,16 ! 872: %1 esi, cl, 0, ebp ! 873: %1 esi, bh, 1, ebp ! 874: %1 esi, al, 2, ebp ! 875: %1 edi, dl, 0, ebp ! 876: %1 edi, ch, 1, ebp ! 877: %1 edi, ah, 3, ebp ! 878: %2 ebp, bl, 0, ebp ! 879: shr eax,16 ! 880: and ebx,0xffff0000 ! 881: or ebx,eax ! 882: shr ecx,16 ! 883: %1 ebp, bh, 1, eax ! 884: %1 ebp, ch, 3, eax ! 885: %2 eax, cl, 2, ecx ! 886: %1 eax, bl, 0, ecx ! 887: %1 eax, dh, 1, ecx ! 888: shr ebx,16 ! 889: shr edx,16 ! 890: %1 esi, dh, 3, ecx ! 891: %1 ebp, dl, 2, ecx ! 892: %1 eax, bh, 3, ecx ! 893: %1 edi, bl, 2, ecx ! 894: ! 895: %endmacro ! 896: ! 897: ; Basic MOV and XOR Operations for normal rounds ! 898: ! 899: %macro ni_xor 4 ! 900: movzx %4,%2 ! 901: xor %1,dtab_%3(%4) ! 902: %endmacro ! 903: ! 904: %macro ni_mov 4 ! 905: movzx %4,%2 ! 906: mov %1,dtab_%3(%4) ! 907: %endmacro ! 908: ! 909: ; Basic MOV and XOR Operations for last round ! 910: ! 911: %macro li_xor 4 ! 912: movzx %4,%2 ! 913: movzx %4,dtab_x(%4) ! 914: %if %3 != 0 ! 915: shl %4,8*%3 ! 916: %endif ! 917: xor %1,%4 ! 918: %endmacro ! 919: ! 920: %macro li_mov 4 ! 921: movzx %4,%2 ! 922: movzx %1,dtab_x(%4) ! 923: %if %3 != 0 ! 924: shl %1,8*%3 ! 925: %endif ! 926: %endmacro ! 927: ! 928: %ifdef REDUCE_CODE_SIZE ! 929: ! 930: dec_round: ! 931: sub sp, 2 ! 932: %ifdef AES_REV_DKS ! 933: add ebp,16 ! 934: %else ! 935: sub ebp,16 ! 936: %endif ! 937: save 1,ebp ! 938: mov esi,[ebp+8] ! 939: mov edi,[ebp+12] ! 940: ! 941: irn_fun ni_xor, ni_mov ! 942: ! 943: mov ebx,ebp ! 944: mov ecx,esi ! 945: mov edx,edi ! 946: restore ebp,1 ! 947: xor eax,[ebp] ! 948: xor ebx,[ebp+4] ! 949: add sp, 2 ! 950: ret ! 951: ! 952: %else ! 953: ! 954: %macro dec_round 0 ! 955: ! 956: %ifdef AES_REV_DKS ! 957: add ebp,16 ! 958: %else ! 959: sub ebp,16 ! 960: %endif ! 961: save 0,ebp ! 962: mov esi,[ebp+8] ! 963: mov edi,[ebp+12] ! 964: ! 965: irn_fun ni_xor, ni_mov ! 966: ! 967: mov ebx,ebp ! 968: mov ecx,esi ! 969: mov edx,edi ! 970: restore ebp,0 ! 971: xor eax,[ebp] ! 972: xor ebx,[ebp+4] ! 973: ! 974: %endmacro ! 975: ! 976: %endif ! 977: ! 978: %macro dec_last_round 0 ! 979: ! 980: %ifdef AES_REV_DKS ! 981: add ebp,16 ! 982: %else ! 983: sub ebp,16 ! 984: %endif ! 985: save 0,ebp ! 986: mov esi,[ebp+8] ! 987: mov edi,[ebp+12] ! 988: ! 989: irn_fun li_xor, li_mov ! 990: ! 991: mov ebx,ebp ! 992: restore ebp,0 ! 993: xor eax,[ebp] ! 994: xor ebx,[ebp+4] ! 995: ! 996: %endmacro ! 997: ! 998: section _TEXT ! 999: ! 1000: ; AES Decryption Subroutine ! 1001: ! 1002: do_name _aes_decrypt,12 ! 1003: ! 1004: mov ax, sp ! 1005: movzx esp, ax ! 1006: ! 1007: sub esp,stk_spc ! 1008: mov [esp+16],ebp ! 1009: mov [esp+12],ebx ! 1010: mov [esp+ 8],esi ! 1011: mov [esp+ 4],edi ! 1012: ! 1013: ; input four columns and xor in first round key ! 1014: ! 1015: movzx esi,word [esp+in_blk+stk_spc] ; input pointer ! 1016: mov eax,[esi ] ! 1017: mov ebx,[esi+ 4] ! 1018: mov ecx,[esi+ 8] ! 1019: mov edx,[esi+12] ! 1020: lea esi,[esi+16] ! 1021: ! 1022: movzx ebp, word [esp+ctx+stk_spc] ; key pointer ! 1023: movzx edi,byte[ebp+4*KS_LENGTH] ! 1024: %ifndef AES_REV_DKS ; if decryption key schedule is not reversed ! 1025: lea ebp,[ebp+edi] ; we have to access it from the top down ! 1026: %endif ! 1027: xor eax,[ebp ] ; key schedule ! 1028: xor ebx,[ebp+ 4] ! 1029: xor ecx,[ebp+ 8] ! 1030: xor edx,[ebp+12] ! 1031: ! 1032: ; determine the number of rounds ! 1033: ! 1034: %ifndef AES_256 ! 1035: cmp edi,10*16 ! 1036: je .3 ! 1037: cmp edi,12*16 ! 1038: je .2 ! 1039: cmp edi,14*16 ! 1040: je .1 ! 1041: mov eax,-1 ! 1042: jmp .5 ! 1043: %endif ! 1044: ! 1045: .1: mf_call dec_round ! 1046: mf_call dec_round ! 1047: .2: mf_call dec_round ! 1048: mf_call dec_round ! 1049: .3: mf_call dec_round ! 1050: mf_call dec_round ! 1051: mf_call dec_round ! 1052: mf_call dec_round ! 1053: mf_call dec_round ! 1054: mf_call dec_round ! 1055: mf_call dec_round ! 1056: mf_call dec_round ! 1057: mf_call dec_round ! 1058: dec_last_round ! 1059: ! 1060: ; move final values to the output array. ! 1061: ! 1062: movzx ebp,word [esp+out_blk+stk_spc] ! 1063: mov [ebp],eax ! 1064: mov [ebp+4],ebx ! 1065: mov [ebp+8],esi ! 1066: mov [ebp+12],edi ! 1067: xor eax,eax ! 1068: ! 1069: .5: mov ebp,[esp+16] ! 1070: mov ebx,[esp+12] ! 1071: mov esi,[esp+ 8] ! 1072: mov edi,[esp+ 4] ! 1073: add esp,stk_spc ! 1074: do_exit 12 ! 1075: ! 1076: %endif ! 1077: ! 1078: %ifdef REDUCE_CODE_SIZE ! 1079: ! 1080: inv_mix_col: ! 1081: movzx ecx,dl ; input eax, edx ! 1082: movzx ecx,etab_b(ecx) ; output eax ! 1083: mov eax,dtab_0(ecx) ; used ecx ! 1084: movzx ecx,dh ! 1085: shr edx,16 ! 1086: movzx ecx,etab_b(ecx) ! 1087: xor eax,dtab_1(ecx) ! 1088: movzx ecx,dl ! 1089: movzx ecx,etab_b(ecx) ! 1090: xor eax,dtab_2(ecx) ! 1091: movzx ecx,dh ! 1092: movzx ecx,etab_b(ecx) ! 1093: xor eax,dtab_3(ecx) ! 1094: ret ! 1095: ! 1096: %else ! 1097: ! 1098: %macro inv_mix_col 0 ! 1099: ! 1100: movzx ecx,dl ; input eax, edx ! 1101: movzx ecx,etab_b(ecx) ; output eax ! 1102: mov eax,dtab_0(ecx) ; used ecx ! 1103: movzx ecx,dh ! 1104: shr edx,16 ! 1105: movzx ecx,etab_b(ecx) ! 1106: xor eax,dtab_1(ecx) ! 1107: movzx ecx,dl ! 1108: movzx ecx,etab_b(ecx) ! 1109: xor eax,dtab_2(ecx) ! 1110: movzx ecx,dh ! 1111: movzx ecx,etab_b(ecx) ! 1112: xor eax,dtab_3(ecx) ! 1113: ! 1114: %endmacro ! 1115: ! 1116: %endif ! 1117: ! 1118: %ifdef DECRYPTION_KEY_SCHEDULE ! 1119: ! 1120: %ifdef AES_128 ! 1121: ! 1122: %ifndef DECRYPTION_TABLE ! 1123: ; %define DECRYPTION_TABLE ! 1124: %endif ! 1125: ! 1126: do_name _aes_decrypt_key128,8 ! 1127: ! 1128: push ebp ! 1129: push ebx ! 1130: push esi ! 1131: push edi ! 1132: mov eax,[esp+24] ; context ! 1133: mov edx,[esp+20] ; key ! 1134: push eax ! 1135: push edx ! 1136: do_call _aes_encrypt_key128,8 ; generate expanded encryption key ! 1137: mov eax,10*16 ! 1138: mov esi,[esp+24] ; pointer to first round key ! 1139: lea edi,[esi+eax] ; pointer to last round key ! 1140: add esi,32 ! 1141: ; the inverse mix column transformation ! 1142: mov edx,[esi-16] ; needs to be applied to all round keys ! 1143: mf_call inv_mix_col ; except first and last. Hence start by ! 1144: mov [esi-16],eax ; transforming the four sub-keys in the ! 1145: mov edx,[esi-12] ; second round key ! 1146: mf_call inv_mix_col ! 1147: mov [esi-12],eax ; transformations for subsequent rounds ! 1148: mov edx,[esi-8] ; can then be made more efficient by ! 1149: mf_call inv_mix_col ; noting that for three of the four sub-keys ! 1150: mov [esi-8],eax ; in the encryption round key ek[r]: ! 1151: mov edx,[esi-4] ; ! 1152: mf_call inv_mix_col ; ek[r][n] = ek[r][n-1] ^ ek[r-1][n] ! 1153: mov [esi-4],eax ; ! 1154: ; where n is 1..3. Hence the corresponding ! 1155: .0: mov edx,[esi] ; subkeys in the decryption round key dk[r] ! 1156: mf_call inv_mix_col ; also obey since inv_mix_col is linear in ! 1157: mov [esi],eax ; GF(256): ! 1158: xor eax,[esi-12] ; ! 1159: mov [esi+4],eax ; dk[r][n] = dk[r][n-1] ^ dk[r-1][n] ! 1160: xor eax,[esi-8] ; ! 1161: mov [esi+8],eax ; So we only need one inverse mix column ! 1162: xor eax,[esi-4] ; operation (n = 0) for each four word cycle ! 1163: mov [esi+12],eax ; in the expanded key. ! 1164: add esi,16 ! 1165: cmp edi,esi ! 1166: jg .0 ! 1167: jmp dec_end ! 1168: ! 1169: %endif ! 1170: ! 1171: %ifdef AES_192 ! 1172: ! 1173: %ifndef DECRYPTION_TABLE ! 1174: ; %define DECRYPTION_TABLE ! 1175: %endif ! 1176: ! 1177: do_name _aes_decrypt_key192,8 ! 1178: ! 1179: push ebp ! 1180: push ebx ! 1181: push esi ! 1182: push edi ! 1183: mov eax,[esp+24] ; context ! 1184: mov edx,[esp+20] ; key ! 1185: push eax ! 1186: push edx ! 1187: do_call _aes_encrypt_key192,8 ; generate expanded encryption key ! 1188: mov eax,12*16 ! 1189: mov esi,[esp+24] ; first round key ! 1190: lea edi,[esi+eax] ; last round key ! 1191: add esi,48 ; the first 6 words are the key, of ! 1192: ; which the top 2 words are part of ! 1193: mov edx,[esi-32] ; the second round key and hence ! 1194: mf_call inv_mix_col ; need to be modified. After this we ! 1195: mov [esi-32],eax ; need to do a further six values prior ! 1196: mov edx,[esi-28] ; to using a more efficient technique ! 1197: mf_call inv_mix_col ; based on: ! 1198: mov [esi-28],eax ; ! 1199: ; dk[r][n] = dk[r][n-1] ^ dk[r-1][n] ! 1200: mov edx,[esi-24] ; ! 1201: mf_call inv_mix_col ; for n = 1 .. 5 where the key expansion ! 1202: mov [esi-24],eax ; cycle is now 6 words long ! 1203: mov edx,[esi-20] ! 1204: mf_call inv_mix_col ! 1205: mov [esi-20],eax ! 1206: mov edx,[esi-16] ! 1207: mf_call inv_mix_col ! 1208: mov [esi-16],eax ! 1209: mov edx,[esi-12] ! 1210: mf_call inv_mix_col ! 1211: mov [esi-12],eax ! 1212: mov edx,[esi-8] ! 1213: mf_call inv_mix_col ! 1214: mov [esi-8],eax ! 1215: mov edx,[esi-4] ! 1216: mf_call inv_mix_col ! 1217: mov [esi-4],eax ! 1218: ! 1219: .0: mov edx,[esi] ; the expanded key is 13 * 4 = 44 32-bit words ! 1220: mf_call inv_mix_col ; of which 11 * 4 = 44 have to be modified ! 1221: mov [esi],eax ; using inv_mix_col. We have already done 8 ! 1222: xor eax,[esi-20] ; of these so 36 are left - hence we need ! 1223: mov [esi+4],eax ; exactly 6 loops of six here ! 1224: xor eax,[esi-16] ! 1225: mov [esi+8],eax ! 1226: xor eax,[esi-12] ! 1227: mov [esi+12],eax ! 1228: xor eax,[esi-8] ! 1229: mov [esi+16],eax ! 1230: xor eax,[esi-4] ! 1231: mov [esi+20],eax ! 1232: add esi,24 ! 1233: cmp edi,esi ! 1234: jg .0 ! 1235: jmp dec_end ! 1236: ! 1237: %endif ! 1238: ! 1239: %ifdef AES_256 ! 1240: ! 1241: %ifndef DECRYPTION_TABLE ! 1242: ; %define DECRYPTION_TABLE ! 1243: %endif ! 1244: ! 1245: do_name _aes_decrypt_key256,8 ! 1246: ! 1247: mov ax, sp ! 1248: movzx esp, ax ! 1249: push ebp ! 1250: push ebx ! 1251: push esi ! 1252: push edi ! 1253: ! 1254: movzx eax, word [esp+20] ; ks ! 1255: movzx edx, word [esp+18] ; key ! 1256: push ax ! 1257: push dx ! 1258: do_call _aes_encrypt_key256,4 ; generate expanded encryption key ! 1259: mov eax,14*16 ! 1260: movzx esi, word [esp+20] ; ks ! 1261: lea edi,[esi+eax] ! 1262: add esi,64 ! 1263: ! 1264: mov edx,[esi-48] ; the primary key is 8 words, of which ! 1265: mf_call inv_mix_col ; the top four require modification ! 1266: mov [esi-48],eax ! 1267: mov edx,[esi-44] ! 1268: mf_call inv_mix_col ! 1269: mov [esi-44],eax ! 1270: mov edx,[esi-40] ! 1271: mf_call inv_mix_col ! 1272: mov [esi-40],eax ! 1273: mov edx,[esi-36] ! 1274: mf_call inv_mix_col ! 1275: mov [esi-36],eax ! 1276: ! 1277: mov edx,[esi-32] ; the encryption key expansion cycle is ! 1278: mf_call inv_mix_col ; now eight words long so we need to ! 1279: mov [esi-32],eax ; start by doing one complete block ! 1280: mov edx,[esi-28] ! 1281: mf_call inv_mix_col ! 1282: mov [esi-28],eax ! 1283: mov edx,[esi-24] ! 1284: mf_call inv_mix_col ! 1285: mov [esi-24],eax ! 1286: mov edx,[esi-20] ! 1287: mf_call inv_mix_col ! 1288: mov [esi-20],eax ! 1289: mov edx,[esi-16] ! 1290: mf_call inv_mix_col ! 1291: mov [esi-16],eax ! 1292: mov edx,[esi-12] ! 1293: mf_call inv_mix_col ! 1294: mov [esi-12],eax ! 1295: mov edx,[esi-8] ! 1296: mf_call inv_mix_col ! 1297: mov [esi-8],eax ! 1298: mov edx,[esi-4] ! 1299: mf_call inv_mix_col ! 1300: mov [esi-4],eax ! 1301: ! 1302: .0: mov edx,[esi] ; we can now speed up the remaining ! 1303: mf_call inv_mix_col ; rounds by using the technique ! 1304: mov [esi],eax ; outlined earlier. But note that ! 1305: xor eax,[esi-28] ; there is one extra inverse mix ! 1306: mov [esi+4],eax ; column operation as the 256 bit ! 1307: xor eax,[esi-24] ; key has an extra non-linear step ! 1308: mov [esi+8],eax ; for the midway element. ! 1309: xor eax,[esi-20] ! 1310: mov [esi+12],eax ; the expanded key is 15 * 4 = 60 ! 1311: mov edx,[esi+16] ; 32-bit words of which 52 need to ! 1312: mf_call inv_mix_col ; be modified. We have already done ! 1313: mov [esi+16],eax ; 12 so 40 are left - which means ! 1314: xor eax,[esi-12] ; that we need exactly 5 loops of 8 ! 1315: mov [esi+20],eax ! 1316: xor eax,[esi-8] ! 1317: mov [esi+24],eax ! 1318: xor eax,[esi-4] ! 1319: mov [esi+28],eax ! 1320: add esi,32 ! 1321: cmp edi,esi ! 1322: jg .0 ! 1323: ! 1324: %endif ! 1325: ! 1326: dec_end: ! 1327: ! 1328: %ifdef AES_REV_DKS ! 1329: ! 1330: movzx esi,word [esp+20] ; this reverses the order of the ! 1331: .1: mov eax,[esi] ; round keys if required ! 1332: mov ebx,[esi+4] ! 1333: mov ebp,[edi] ! 1334: mov edx,[edi+4] ! 1335: mov [esi],ebp ! 1336: mov [esi+4],edx ! 1337: mov [edi],eax ! 1338: mov [edi+4],ebx ! 1339: ! 1340: mov eax,[esi+8] ! 1341: mov ebx,[esi+12] ! 1342: mov ebp,[edi+8] ! 1343: mov edx,[edi+12] ! 1344: mov [esi+8],ebp ! 1345: mov [esi+12],edx ! 1346: mov [edi+8],eax ! 1347: mov [edi+12],ebx ! 1348: ! 1349: add esi,16 ! 1350: sub edi,16 ! 1351: cmp edi,esi ! 1352: jg .1 ! 1353: ! 1354: %endif ! 1355: ! 1356: pop edi ! 1357: pop esi ! 1358: pop ebx ! 1359: pop ebp ! 1360: xor eax,eax ! 1361: do_exit 8 ! 1362: ! 1363: %ifdef AES_VAR ! 1364: ! 1365: do_name _aes_decrypt_key,12 ! 1366: ! 1367: mov ecx,[esp+4] ! 1368: mov eax,[esp+8] ! 1369: mov edx,[esp+12] ! 1370: push edx ! 1371: push ecx ! 1372: ! 1373: cmp eax,16 ! 1374: je .1 ! 1375: cmp eax,128 ! 1376: je .1 ! 1377: ! 1378: cmp eax,24 ! 1379: je .2 ! 1380: cmp eax,192 ! 1381: je .2 ! 1382: ! 1383: cmp eax,32 ! 1384: je .3 ! 1385: cmp eax,256 ! 1386: je .3 ! 1387: mov eax,-1 ! 1388: add esp,8 ! 1389: do_exit 12 ! 1390: ! 1391: .1: do_call _aes_decrypt_key128,8 ! 1392: do_exit 12 ! 1393: .2: do_call _aes_decrypt_key192,8 ! 1394: do_exit 12 ! 1395: .3: do_call _aes_decrypt_key256,8 ! 1396: do_exit 12 ! 1397: ! 1398: %endif ! 1399: ! 1400: %endif ! 1401: ! 1402: %ifdef DECRYPTION_TABLE ! 1403: ! 1404: ; Inverse S-box data - 256 entries ! 1405: ! 1406: section _DATA ! 1407: ! 1408: %define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x ! 1409: ! 1410: _aes_dec_tab: ! 1411: db v8(0x52),v8(0x09),v8(0x6a),v8(0xd5),v8(0x30),v8(0x36),v8(0xa5),v8(0x38) ! 1412: db v8(0xbf),v8(0x40),v8(0xa3),v8(0x9e),v8(0x81),v8(0xf3),v8(0xd7),v8(0xfb) ! 1413: db v8(0x7c),v8(0xe3),v8(0x39),v8(0x82),v8(0x9b),v8(0x2f),v8(0xff),v8(0x87) ! 1414: db v8(0x34),v8(0x8e),v8(0x43),v8(0x44),v8(0xc4),v8(0xde),v8(0xe9),v8(0xcb) ! 1415: db v8(0x54),v8(0x7b),v8(0x94),v8(0x32),v8(0xa6),v8(0xc2),v8(0x23),v8(0x3d) ! 1416: db v8(0xee),v8(0x4c),v8(0x95),v8(0x0b),v8(0x42),v8(0xfa),v8(0xc3),v8(0x4e) ! 1417: db v8(0x08),v8(0x2e),v8(0xa1),v8(0x66),v8(0x28),v8(0xd9),v8(0x24),v8(0xb2) ! 1418: db v8(0x76),v8(0x5b),v8(0xa2),v8(0x49),v8(0x6d),v8(0x8b),v8(0xd1),v8(0x25) ! 1419: db v8(0x72),v8(0xf8),v8(0xf6),v8(0x64),v8(0x86),v8(0x68),v8(0x98),v8(0x16) ! 1420: db v8(0xd4),v8(0xa4),v8(0x5c),v8(0xcc),v8(0x5d),v8(0x65),v8(0xb6),v8(0x92) ! 1421: db v8(0x6c),v8(0x70),v8(0x48),v8(0x50),v8(0xfd),v8(0xed),v8(0xb9),v8(0xda) ! 1422: db v8(0x5e),v8(0x15),v8(0x46),v8(0x57),v8(0xa7),v8(0x8d),v8(0x9d),v8(0x84) ! 1423: db v8(0x90),v8(0xd8),v8(0xab),v8(0x00),v8(0x8c),v8(0xbc),v8(0xd3),v8(0x0a) ! 1424: db v8(0xf7),v8(0xe4),v8(0x58),v8(0x05),v8(0xb8),v8(0xb3),v8(0x45),v8(0x06) ! 1425: db v8(0xd0),v8(0x2c),v8(0x1e),v8(0x8f),v8(0xca),v8(0x3f),v8(0x0f),v8(0x02) ! 1426: db v8(0xc1),v8(0xaf),v8(0xbd),v8(0x03),v8(0x01),v8(0x13),v8(0x8a),v8(0x6b) ! 1427: db v8(0x3a),v8(0x91),v8(0x11),v8(0x41),v8(0x4f),v8(0x67),v8(0xdc),v8(0xea) ! 1428: db v8(0x97),v8(0xf2),v8(0xcf),v8(0xce),v8(0xf0),v8(0xb4),v8(0xe6),v8(0x73) ! 1429: db v8(0x96),v8(0xac),v8(0x74),v8(0x22),v8(0xe7),v8(0xad),v8(0x35),v8(0x85) ! 1430: db v8(0xe2),v8(0xf9),v8(0x37),v8(0xe8),v8(0x1c),v8(0x75),v8(0xdf),v8(0x6e) ! 1431: db v8(0x47),v8(0xf1),v8(0x1a),v8(0x71),v8(0x1d),v8(0x29),v8(0xc5),v8(0x89) ! 1432: db v8(0x6f),v8(0xb7),v8(0x62),v8(0x0e),v8(0xaa),v8(0x18),v8(0xbe),v8(0x1b) ! 1433: db v8(0xfc),v8(0x56),v8(0x3e),v8(0x4b),v8(0xc6),v8(0xd2),v8(0x79),v8(0x20) ! 1434: db v8(0x9a),v8(0xdb),v8(0xc0),v8(0xfe),v8(0x78),v8(0xcd),v8(0x5a),v8(0xf4) ! 1435: db v8(0x1f),v8(0xdd),v8(0xa8),v8(0x33),v8(0x88),v8(0x07),v8(0xc7),v8(0x31) ! 1436: db v8(0xb1),v8(0x12),v8(0x10),v8(0x59),v8(0x27),v8(0x80),v8(0xec),v8(0x5f) ! 1437: db v8(0x60),v8(0x51),v8(0x7f),v8(0xa9),v8(0x19),v8(0xb5),v8(0x4a),v8(0x0d) ! 1438: db v8(0x2d),v8(0xe5),v8(0x7a),v8(0x9f),v8(0x93),v8(0xc9),v8(0x9c),v8(0xef) ! 1439: db v8(0xa0),v8(0xe0),v8(0x3b),v8(0x4d),v8(0xae),v8(0x2a),v8(0xf5),v8(0xb0) ! 1440: db v8(0xc8),v8(0xeb),v8(0xbb),v8(0x3c),v8(0x83),v8(0x53),v8(0x99),v8(0x61) ! 1441: db v8(0x17),v8(0x2b),v8(0x04),v8(0x7e),v8(0xba),v8(0x77),v8(0xd6),v8(0x26) ! 1442: db v8(0xe1),v8(0x69),v8(0x14),v8(0x63),v8(0x55),v8(0x21),v8(0x0c),v8(0x7d) ! 1443: ! 1444: %endif
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.