[avr-crypto-lib.git] / aes_enc-asm.S

/* aes_enc-asm.S */
/*
    This file is part of the Crypto-avr-lib/microcrypt-lib.
    Copyright (C) 2008, 2009  Daniel Otte (daniel.otte@rub.de)

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
/**
 * \file     aes_enc-asm.S
 * \email    daniel.otte@rub.de
 * \author   Daniel Otte 
 * \date     2009-01-10
 * \license  GPLv3 or later
 * 
 */

#include "avr-asm-macros.S"


/*
 * param a: r24
 * param b: r22
 * param reducer: r0
 */
A = 28
B = 29
P = 0
xREDUCER = 25

gf256mul:
        clr P
1:      
        lsr A
        breq 4f
        brcc 2f
        eor P, B
2:
        lsl B
        brcc 3f
        eor B, xREDUCER 
3:
        rjmp 1b
4:
        brcc 5f
        eor P, B
5:
        ret

.global aes256_enc
aes256_enc:
        ldi r20, 14
        rjmp aes_encrypt_core

.global aes192_enc
aes192_enc:
        ldi r20, 12
        rjmp aes_encrypt_core

.global aes128_enc
aes128_enc:
        ldi r20, 10


/*
  void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds)
*/
T0= 2
T1= 3
T2= 4
T3= 5
SBOX_SAVE0 = 6
SBOX_SAVE1 = 7
ST00 =  8
ST01 =  9
ST02 = 10
ST03 = 11
ST10 = 12
ST11 = 13
ST12 = 14
ST13 = 15
ST20 = 16
ST21 = 17
ST22 = 18
ST23 = 19
ST30 = 20
ST31 = 21
ST32 = 22
ST33 = 23
CTR = 24
/*
 * param state:  r24:r25
 * param ks:     r22:r23
 * param rounds: r20   
 */
.global aes_encrypt_core
aes_encrypt_core:
        push_range 2, 17
        push r28
        push r29
        push r24
        push r25
        movw r26, r22
        movw r30, r24
        mov  CTR, r20
        clt
        
        .irp param,ST00, ST01, ST02, ST03, ST10, ST11, ST12, ST13, ST20, ST21, ST22, ST23, ST30, ST31, ST32, ST33
                ld \param, Z+
        .endr
        
        ldi xREDUCER, 0x1b /* load reducer */
        ldi r31, hi8(aes_sbox)
        
        /* key whitening */
1:
        .irp param,ST00, ST01, ST02, ST03, ST10, ST11, ST12, ST13, ST20, ST21, ST22, ST23, ST30, ST31, ST32, ST33
                ld r0, X+
                eor \param, r0
        .endr
        
        brtc 2f
        rjmp exit
2:      dec CTR
        brne 3f
        set
3:

        /* encryption loop */ 

        /* SBOX substitution and shifting */
        mov r30, ST00
        lpm ST00, Z
        mov r30, ST10
        lpm ST10, Z
        mov r30, ST20
        lpm ST20, Z
        mov r30, ST30
        lpm ST30, Z

        mov r30, ST01
        lpm T0, Z
        mov r30, ST11
        lpm ST01, Z
        mov r30, ST21
        lpm ST11, Z
        mov r30, ST31
        lpm ST21, Z
        mov ST31, T0

        mov r30, ST02
        lpm T0, Z
        mov r30, ST12
        lpm T1, Z
        mov r30, ST22
        lpm ST02, Z
        mov r30, ST32
        lpm ST12, Z
        mov ST22, T0
        mov ST32, T1

        mov r30, ST03
        lpm T0, Z
        mov r30, ST13
        lpm T1, Z
        mov r30, ST23
        lpm T2, Z
        mov r30, ST33
        lpm ST03, Z
        mov ST13, T0
        mov ST23, T1
        mov ST33, T2
        
        /* mixcols (or rows in our case) */
        brtc 2f
        rjmp 1b
2:      
 /* mixrow 1*/
        mov r1, ST02
        eor r1, ST03
                
        mov T0, ST00
        eor ST00, ST01
        eor r1, ST00
        lsl ST00
        brcc 3f
        eor ST00, xREDUCER
3:      eor ST00, r1
        eor ST00, T0
        
        mov T1, ST01
        eor T1, ST02
        lsl T1
        brcc 3f
        eor T1, xREDUCER
3:      eor T1, r1
        eor ST01, T1
        
        mov T2, ST02
        eor T2, ST03
        lsl T2
        brcc 3f
        eor T2, xREDUCER
3:  eor T2, r1
        eor ST02, T2
        
        mov T3, ST03
        eor T3, T0
        lsl T3
        brcc 3f
        eor T3, xREDUCER
3:      eor T3, r1
        eor ST03, T3
                
 /* mixrow 2 */
        mov r1, ST12
        eor r1, ST13
                
        mov T0, ST10
        eor ST10, ST11
        eor r1, ST10
        lsl ST10
        brcc 3f
        eor ST10, xREDUCER
3:      eor ST10, r1
        eor ST10, T0
        
        mov T1, ST11
        eor T1, ST12
        lsl T1
        brcc 3f
        eor T1, xREDUCER
3:      eor T1, r1
        eor ST11, T1
        
        mov T2, ST12
        eor T2, ST13
        lsl T2
        brcc 3f
        eor T2, xREDUCER
3:  eor T2, r1
        eor ST12, T2
        
        mov T3, ST13
        eor T3, T0
        lsl T3
        brcc 3f
        eor T3, xREDUCER
3:      eor T3, r1
        eor ST13, T3
                
 /* mixrow 3*/
        mov r1, ST22
        eor r1, ST23
                
        mov T0, ST20
        eor ST20, ST21
        eor r1, ST20
        lsl ST20
        brcc 3f
        eor ST20, xREDUCER
3:      eor ST20, r1
        eor ST20, T0
        
        mov T1, ST21
        eor T1, ST22
        lsl T1
        brcc 3f
        eor T1, xREDUCER
3:      eor T1, r1
        eor ST21, T1
        
        mov T2, ST22
        eor T2, ST23
        lsl T2
        brcc 3f
        eor T2, xREDUCER
3:  eor T2, r1
        eor ST22, T2
        
        mov T3, ST23
        eor T3, T0
        lsl T3
        brcc 3f
        eor T3, xREDUCER
3:      eor T3, r1
        eor ST23, T3
                
 /* mixrow 4 */
        mov r1, ST32
        eor r1, ST33
                
        mov T0, ST30
        eor ST30, ST31
        eor r1, ST30
        lsl ST30
        brcc 3f
        eor ST30, xREDUCER
3:      eor ST30, r1
        eor ST30, T0
        
        mov T1, ST31
        eor T1, ST32
        lsl T1
        brcc 3f
        eor T1, xREDUCER
3:      eor T1, r1
        eor ST31, T1
        
        mov T2, ST32
        eor T2, ST33
        lsl T2
        brcc 3f
        eor T2, xREDUCER
3:  eor T2, r1
        eor ST32, T2
        
        mov T3, ST33
        eor T3, T0
        lsl T3
        brcc 3f
        eor T3, xREDUCER
3:      eor T3, r1
        eor ST33, T3
                

        /* mix colums (rows) done */

        /* add key*/
        rjmp 1b
        
exit:   
        pop r31
        pop r30
        st Z+, ST00
        st Z+, ST01
        st Z+, ST02
        st Z+, ST03
        st Z+, ST10
        st Z+, ST11
        st Z+, ST12
        st Z+, ST13
        st Z+, ST20
        st Z+, ST21
        st Z+, ST22
        st Z+, ST23
        st Z+, ST30
        st Z+, ST31
        st Z+, ST32
        st Z+, ST33
        clr r1
        pop r29
        pop r28
        pop_range 2, 17
        ret