mirror of
https://github.com/sheumann/65816-crypto.git
synced 2024-11-24 19:31:17 +00:00
441 lines
13 KiB
NASM
441 lines
13 KiB
NASM
* Copyright (c) 2017 Stephen Heumann
|
|
*
|
|
* Permission to use, copy, modify, and distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
|
|
* AES encryption and decryption functions for the 65816
|
|
*
|
|
* The general approach is largely based on the public domain
|
|
* 'aestable.c' implementation by Karl Malbrain, available at:
|
|
* https://code.google.com/archive/p/byte-oriented-aes/downloads
|
|
* Portions are also based on the public domain 'rijndael-alg-fst.c'
|
|
* reference implementation by Vincent Rijmen, Antoon Bosselaers,
|
|
* and Paulo Barreto.
|
|
|
|
|
|
case on
|
|
mcopy aes.macros
|
|
|
|
* Data tables used for AES encryption and decryption.
|
|
* For best performance, these should be page-aligned.
|
|
align 256
|
|
tables privdata
|
|
Sbox anop ; forward s-box
|
|
dc h'63 7c 77 7b f2 6b 6f c5 30 01 67 2b fe d7 ab 76'
|
|
dc h'ca 82 c9 7d fa 59 47 f0 ad d4 a2 af 9c a4 72 c0'
|
|
dc h'b7 fd 93 26 36 3f f7 cc 34 a5 e5 f1 71 d8 31 15'
|
|
dc h'04 c7 23 c3 18 96 05 9a 07 12 80 e2 eb 27 b2 75'
|
|
dc h'09 83 2c 1a 1b 6e 5a a0 52 3b d6 b3 29 e3 2f 84'
|
|
dc h'53 d1 00 ed 20 fc b1 5b 6a cb be 39 4a 4c 58 cf'
|
|
dc h'd0 ef aa fb 43 4d 33 85 45 f9 02 7f 50 3c 9f a8'
|
|
dc h'51 a3 40 8f 92 9d 38 f5 bc b6 da 21 10 ff f3 d2'
|
|
dc h'cd 0c 13 ec 5f 97 44 17 c4 a7 7e 3d 64 5d 19 73'
|
|
dc h'60 81 4f dc 22 2a 90 88 46 ee b8 14 de 5e 0b db'
|
|
dc h'e0 32 3a 0a 49 06 24 5c c2 d3 ac 62 91 95 e4 79'
|
|
dc h'e7 c8 37 6d 8d d5 4e a9 6c 56 f4 ea 65 7a ae 08'
|
|
dc h'ba 78 25 2e 1c a6 b4 c6 e8 dd 74 1f 4b bd 8b 8a'
|
|
dc h'70 3e b5 66 48 03 f6 0e 61 35 57 b9 86 c1 1d 9e'
|
|
dc h'e1 f8 98 11 69 d9 8e 94 9b 1e 87 e9 ce 55 28 df'
|
|
dc h'8c a1 89 0d bf e6 42 68 41 99 2d 0f b0 54 bb 16'
|
|
|
|
InvSbox anop ; inverse s-box
|
|
dc h'52 09 6a d5 30 36 a5 38 bf 40 a3 9e 81 f3 d7 fb'
|
|
dc h'7c e3 39 82 9b 2f ff 87 34 8e 43 44 c4 de e9 cb'
|
|
dc h'54 7b 94 32 a6 c2 23 3d ee 4c 95 0b 42 fa c3 4e'
|
|
dc h'08 2e a1 66 28 d9 24 b2 76 5b a2 49 6d 8b d1 25'
|
|
dc h'72 f8 f6 64 86 68 98 16 d4 a4 5c cc 5d 65 b6 92'
|
|
dc h'6c 70 48 50 fd ed b9 da 5e 15 46 57 a7 8d 9d 84'
|
|
dc h'90 d8 ab 00 8c bc d3 0a f7 e4 58 05 b8 b3 45 06'
|
|
dc h'd0 2c 1e 8f ca 3f 0f 02 c1 af bd 03 01 13 8a 6b'
|
|
dc h'3a 91 11 41 4f 67 dc ea 97 f2 cf ce f0 b4 e6 73'
|
|
dc h'96 ac 74 22 e7 ad 35 85 e2 f9 37 e8 1c 75 df 6e'
|
|
dc h'47 f1 1a 71 1d 29 c5 89 6f b7 62 0e aa 18 be 1b'
|
|
dc h'fc 56 3e 4b c6 d2 79 20 9a db c0 fe 78 cd 5a f4'
|
|
dc h'1f dd a8 33 88 07 c7 31 b1 12 10 59 27 80 ec 5f'
|
|
dc h'60 51 7f a9 19 b5 4a 0d 2d e5 7a 9f 93 c9 9c ef'
|
|
dc h'a0 e0 3b 4d ae 2a f5 b0 c8 eb bb 3c 83 53 99 61'
|
|
dc h'17 2b 04 7e ba 77 d6 26 e1 69 14 63 55 21 0c 7d'
|
|
|
|
Xtime2Sbox anop ; combined Xtimes2[Sbox[]]
|
|
dc h'c6 f8 ee f6 ff d6 de 91 60 02 ce 56 e7 b5 4d ec'
|
|
dc h'8f 1f 89 fa ef b2 8e fb 41 b3 5f 45 23 53 e4 9b'
|
|
dc h'75 e1 3d 4c 6c 7e f5 83 68 51 d1 f9 e2 ab 62 2a'
|
|
dc h'08 95 46 9d 30 37 0a 2f 0e 24 1b df cd 4e 7f ea'
|
|
dc h'12 1d 58 34 36 dc b4 5b a4 76 b7 7d 52 dd 5e 13'
|
|
dc h'a6 b9 00 c1 40 e3 79 b6 d4 8d 67 72 94 98 b0 85'
|
|
dc h'bb c5 4f ed 86 9a 66 11 8a e9 04 fe a0 78 25 4b'
|
|
dc h'a2 5d 80 05 3f 21 70 f1 63 77 af 42 20 e5 fd bf'
|
|
dc h'81 18 26 c3 be 35 88 2e 93 55 fc 7a c8 ba 32 e6'
|
|
dc h'c0 19 9e a3 44 54 3b 0b 8c c7 6b 28 a7 bc 16 ad'
|
|
dc h'db 64 74 14 92 0c 48 b8 9f bd 43 c4 39 31 d3 f2'
|
|
dc h'd5 8b 6e da 01 b1 9c 49 d8 ac f3 cf ca f4 47 10'
|
|
dc h'6f f0 4a 5c 38 57 73 97 cb a1 e8 3e 96 61 0d 0f'
|
|
dc h'e0 7c 71 cc 90 06 f7 1c c2 6a ae 69 17 99 3a 27'
|
|
dc h'd9 eb 2b 22 d2 a9 07 33 2d 3c 15 c9 87 aa 50 a5'
|
|
dc h'03 59 09 1a 65 d7 84 d0 82 29 5a 1e 7b a8 6d 2c'
|
|
|
|
Xtime3Sbox anop ; combined Xtimes3[Sbox[]]
|
|
dc h'a5 84 99 8d 0d bd b1 54 50 03 a9 7d 19 62 e6 9a'
|
|
dc h'45 9d 40 87 15 eb c9 0b ec 67 fd ea bf f7 96 5b'
|
|
dc h'c2 1c ae 6a 5a 41 02 4f 5c f4 34 08 93 73 53 3f'
|
|
dc h'0c 52 65 5e 28 a1 0f b5 09 36 9b 3d 26 69 cd 9f'
|
|
dc h'1b 9e 74 2e 2d b2 ee fb f6 4d 61 ce 7b 3e 71 97'
|
|
dc h'f5 68 00 2c 60 1f c8 ed be 46 d9 4b de d4 e8 4a'
|
|
dc h'6b 2a e5 16 c5 d7 55 94 cf 10 06 81 f0 44 ba e3'
|
|
dc h'f3 fe c0 8a ad bc 48 04 df c1 75 63 30 1a 0e 6d'
|
|
dc h'4c 14 35 2f e1 a2 cc 39 57 f2 82 47 ac e7 2b 95'
|
|
dc h'a0 98 d1 7f 66 7e ab 83 ca 29 d3 3c 79 e2 1d 76'
|
|
dc h'3b 56 4e 1e db 0a 6c e4 5d 6e ef a6 a8 a4 37 8b'
|
|
dc h'32 43 59 b7 8c 64 d2 e0 b4 fa 07 25 af 8e e9 18'
|
|
dc h'd5 88 6f 72 24 f1 c7 51 23 7c 9c 21 dd dc 86 85'
|
|
dc h'90 42 c4 aa d8 05 01 12 a3 5f f9 d0 91 58 27 b9'
|
|
dc h'38 13 b3 33 bb 70 89 a7 b6 22 92 20 49 ff 78 7a'
|
|
dc h'8f f8 80 17 da 31 c6 b8 c3 b0 77 11 cb fc d6 3a'
|
|
|
|
;Xtime2 anop
|
|
; dc h'00 02 04 06 08 0a 0c 0e 10 12 14 16 18 1a 1c 1e'
|
|
; dc h'20 22 24 26 28 2a 2c 2e 30 32 34 36 38 3a 3c 3e'
|
|
; dc h'40 42 44 46 48 4a 4c 4e 50 52 54 56 58 5a 5c 5e'
|
|
; dc h'60 62 64 66 68 6a 6c 6e 70 72 74 76 78 7a 7c 7e'
|
|
; dc h'80 82 84 86 88 8a 8c 8e 90 92 94 96 98 9a 9c 9e'
|
|
; dc h'a0 a2 a4 a6 a8 aa ac ae b0 b2 b4 b6 b8 ba bc be'
|
|
; dc h'c0 c2 c4 c6 c8 ca cc ce d0 d2 d4 d6 d8 da dc de'
|
|
; dc h'e0 e2 e4 e6 e8 ea ec ee f0 f2 f4 f6 f8 fa fc fe'
|
|
; dc h'1b 19 1f 1d 13 11 17 15 0b 09 0f 0d 03 01 07 05'
|
|
; dc h'3b 39 3f 3d 33 31 37 35 2b 29 2f 2d 23 21 27 25'
|
|
; dc h'5b 59 5f 5d 53 51 57 55 4b 49 4f 4d 43 41 47 45'
|
|
; dc h'7b 79 7f 7d 73 71 77 75 6b 69 6f 6d 63 61 67 65'
|
|
; dc h'9b 99 9f 9d 93 91 97 95 8b 89 8f 8d 83 81 87 85'
|
|
; dc h'bb b9 bf bd b3 b1 b7 b5 ab a9 af ad a3 a1 a7 a5'
|
|
; dc h'db d9 df dd d3 d1 d7 d5 cb c9 cf cd c3 c1 c7 c5'
|
|
; dc h'fb f9 ff fd f3 f1 f7 f5 eb e9 ef ed e3 e1 e7 e5'
|
|
|
|
Xtime9 anop
|
|
dc h'00 09 12 1b 24 2d 36 3f 48 41 5a 53 6c 65 7e 77'
|
|
dc h'90 99 82 8b b4 bd a6 af d8 d1 ca c3 fc f5 ee e7'
|
|
dc h'3b 32 29 20 1f 16 0d 04 73 7a 61 68 57 5e 45 4c'
|
|
dc h'ab a2 b9 b0 8f 86 9d 94 e3 ea f1 f8 c7 ce d5 dc'
|
|
dc h'76 7f 64 6d 52 5b 40 49 3e 37 2c 25 1a 13 08 01'
|
|
dc h'e6 ef f4 fd c2 cb d0 d9 ae a7 bc b5 8a 83 98 91'
|
|
dc h'4d 44 5f 56 69 60 7b 72 05 0c 17 1e 21 28 33 3a'
|
|
dc h'dd d4 cf c6 f9 f0 eb e2 95 9c 87 8e b1 b8 a3 aa'
|
|
dc h'ec e5 fe f7 c8 c1 da d3 a4 ad b6 bf 80 89 92 9b'
|
|
dc h'7c 75 6e 67 58 51 4a 43 34 3d 26 2f 10 19 02 0b'
|
|
dc h'd7 de c5 cc f3 fa e1 e8 9f 96 8d 84 bb b2 a9 a0'
|
|
dc h'47 4e 55 5c 63 6a 71 78 0f 06 1d 14 2b 22 39 30'
|
|
dc h'9a 93 88 81 be b7 ac a5 d2 db c0 c9 f6 ff e4 ed'
|
|
dc h'0a 03 18 11 2e 27 3c 35 42 4b 50 59 66 6f 74 7d'
|
|
dc h'a1 a8 b3 ba 85 8c 97 9e e9 e0 fb f2 cd c4 df d6'
|
|
dc h'31 38 23 2a 15 1c 07 0e 79 70 6b 62 5d 54 4f 46'
|
|
|
|
XtimeB anop
|
|
dc h'00 0b 16 1d 2c 27 3a 31 58 53 4e 45 74 7f 62 69'
|
|
dc h'b0 bb a6 ad 9c 97 8a 81 e8 e3 fe f5 c4 cf d2 d9'
|
|
dc h'7b 70 6d 66 57 5c 41 4a 23 28 35 3e 0f 04 19 12'
|
|
dc h'cb c0 dd d6 e7 ec f1 fa 93 98 85 8e bf b4 a9 a2'
|
|
dc h'f6 fd e0 eb da d1 cc c7 ae a5 b8 b3 82 89 94 9f'
|
|
dc h'46 4d 50 5b 6a 61 7c 77 1e 15 08 03 32 39 24 2f'
|
|
dc h'8d 86 9b 90 a1 aa b7 bc d5 de c3 c8 f9 f2 ef e4'
|
|
dc h'3d 36 2b 20 11 1a 07 0c 65 6e 73 78 49 42 5f 54'
|
|
dc h'f7 fc e1 ea db d0 cd c6 af a4 b9 b2 83 88 95 9e'
|
|
dc h'47 4c 51 5a 6b 60 7d 76 1f 14 09 02 33 38 25 2e'
|
|
dc h'8c 87 9a 91 a0 ab b6 bd d4 df c2 c9 f8 f3 ee e5'
|
|
dc h'3c 37 2a 21 10 1b 06 0d 64 6f 72 79 48 43 5e 55'
|
|
dc h'01 0a 17 1c 2d 26 3b 30 59 52 4f 44 75 7e 63 68'
|
|
dc h'b1 ba a7 ac 9d 96 8b 80 e9 e2 ff f4 c5 ce d3 d8'
|
|
dc h'7a 71 6c 67 56 5d 40 4b 22 29 34 3f 0e 05 18 13'
|
|
dc h'ca c1 dc d7 e6 ed f0 fb 92 99 84 8f be b5 a8 a3'
|
|
|
|
XtimeD anop
|
|
dc h'00 0d 1a 17 34 39 2e 23 68 65 72 7f 5c 51 46 4b'
|
|
dc h'd0 dd ca c7 e4 e9 fe f3 b8 b5 a2 af 8c 81 96 9b'
|
|
dc h'bb b6 a1 ac 8f 82 95 98 d3 de c9 c4 e7 ea fd f0'
|
|
dc h'6b 66 71 7c 5f 52 45 48 03 0e 19 14 37 3a 2d 20'
|
|
dc h'6d 60 77 7a 59 54 43 4e 05 08 1f 12 31 3c 2b 26'
|
|
dc h'bd b0 a7 aa 89 84 93 9e d5 d8 cf c2 e1 ec fb f6'
|
|
dc h'd6 db cc c1 e2 ef f8 f5 be b3 a4 a9 8a 87 90 9d'
|
|
dc h'06 0b 1c 11 32 3f 28 25 6e 63 74 79 5a 57 40 4d'
|
|
dc h'da d7 c0 cd ee e3 f4 f9 b2 bf a8 a5 86 8b 9c 91'
|
|
dc h'0a 07 10 1d 3e 33 24 29 62 6f 78 75 56 5b 4c 41'
|
|
dc h'61 6c 7b 76 55 58 4f 42 09 04 13 1e 3d 30 27 2a'
|
|
dc h'b1 bc ab a6 85 88 9f 92 d9 d4 c3 ce ed e0 f7 fa'
|
|
dc h'b7 ba ad a0 83 8e 99 94 df d2 c5 c8 eb e6 f1 fc'
|
|
dc h'67 6a 7d 70 53 5e 49 44 0f 02 15 18 3b 36 21 2c'
|
|
dc h'0c 01 16 1b 38 35 22 2f 64 69 7e 73 50 5d 4a 47'
|
|
dc h'dc d1 c6 cb e8 e5 f2 ff b4 b9 ae a3 80 8d 9a 97'
|
|
|
|
XtimeE anop
|
|
dc h'00 0e 1c 12 38 36 24 2a 70 7e 6c 62 48 46 54 5a'
|
|
dc h'e0 ee fc f2 d8 d6 c4 ca 90 9e 8c 82 a8 a6 b4 ba'
|
|
dc h'db d5 c7 c9 e3 ed ff f1 ab a5 b7 b9 93 9d 8f 81'
|
|
dc h'3b 35 27 29 03 0d 1f 11 4b 45 57 59 73 7d 6f 61'
|
|
dc h'ad a3 b1 bf 95 9b 89 87 dd d3 c1 cf e5 eb f9 f7'
|
|
dc h'4d 43 51 5f 75 7b 69 67 3d 33 21 2f 05 0b 19 17'
|
|
dc h'76 78 6a 64 4e 40 52 5c 06 08 1a 14 3e 30 22 2c'
|
|
dc h'96 98 8a 84 ae a0 b2 bc e6 e8 fa f4 de d0 c2 cc'
|
|
dc h'41 4f 5d 53 79 77 65 6b 31 3f 2d 23 09 07 15 1b'
|
|
dc h'a1 af bd b3 99 97 85 8b d1 df cd c3 e9 e7 f5 fb'
|
|
dc h'9a 94 86 88 a2 ac be b0 ea e4 f6 f8 d2 dc ce c0'
|
|
dc h'7a 74 66 68 42 4c 5e 50 0a 04 16 18 32 3c 2e 20'
|
|
dc h'ec e2 f0 fe d4 da c8 c6 9c 92 80 8e a4 aa b8 b6'
|
|
dc h'0c 02 10 1e 34 3a 28 26 7c 72 60 6e 44 4a 58 56'
|
|
dc h'37 39 2b 25 0f 01 13 1d 47 49 5b 55 7f 71 63 6d'
|
|
dc h'd7 d9 cb c5 ef e1 f3 fd a7 a9 bb b5 9f 91 83 8d'
|
|
|
|
Rcon anop
|
|
dc h'01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'02 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00'
|
|
dc h'04 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'08 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'10 00 04 00 00 00 00 00 00 08 00 00 00 00 00 00'
|
|
dc h'20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'40 10 08 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'80 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00'
|
|
dc h'1b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'36 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'6c 00 20 00 00 00 00 00 00 80 00 00 00 00 00 00'
|
|
dc h'd8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00'
|
|
dc h'ab 1b 40'
|
|
end
|
|
|
|
* Direct page locations
|
|
state1 gequ 0
|
|
state2 gequ 16
|
|
keysize gequ 32
|
|
rk gequ 33
|
|
|
|
* Constants used for keysize
|
|
keysize_128 gequ 0
|
|
keysize_192 gequ 64
|
|
keysize_256 gequ 128
|
|
|
|
|
|
* AES key expansion functions
|
|
* The appropriate one of these must be called before encrypting or decrypting.
|
|
* The key should be in the first 16/24/32 bytes of rk before calling this.
|
|
|
|
* Callable from C, with context structure pointer on stack.
|
|
aes128_expandkey start
|
|
CFunction AES128_EXPANDKEY
|
|
end
|
|
|
|
aes192_expandkey start
|
|
CFunction AES192_EXPANDKEY
|
|
end
|
|
|
|
aes256_expandkey start
|
|
CFunction AES256_EXPANDKEY
|
|
end
|
|
|
|
* Call with DP = AES context structure (with key present but not expanded),
|
|
* DB = bank containing AES tables.
|
|
AES128_EXPANDKEY start
|
|
using tables
|
|
|
|
stz keysize-1 ;keysize_128
|
|
|
|
ldx #16
|
|
clc
|
|
|
|
top anop
|
|
ExpandKeyCore 16,0
|
|
ExpandKeyIter 16,3
|
|
|
|
txa
|
|
adc #16
|
|
tax
|
|
cmp #16*11
|
|
blt top
|
|
rtl
|
|
end
|
|
|
|
|
|
AES192_EXPANDKEY start
|
|
using tables
|
|
|
|
lda #keysize_192|8
|
|
sta keysize-1
|
|
|
|
ldx #24
|
|
clc
|
|
|
|
top anop
|
|
ExpandKeyCore 24,1
|
|
ExpandKeyIter 24,5
|
|
|
|
txa
|
|
adc #24
|
|
tax
|
|
cmp #16*13
|
|
blt top
|
|
rtl
|
|
end
|
|
|
|
|
|
AES256_EXPANDKEY start
|
|
using tables
|
|
|
|
lda #keysize_256|8
|
|
sta keysize-1
|
|
|
|
ldx #32
|
|
clc
|
|
|
|
top anop
|
|
ExpandKeyCore 32,2
|
|
ExpandKeyIter 32,3
|
|
|
|
txa
|
|
adc #16
|
|
tax
|
|
cmp #16*15
|
|
bge done
|
|
|
|
ExpandKeySubst 32,2
|
|
ExpandKeyIter 32,3
|
|
|
|
txa
|
|
adc #16
|
|
tax
|
|
brl top
|
|
|
|
done rtl
|
|
end
|
|
|
|
|
|
* AES encryption function
|
|
* This performs AES-128, AES-192, or AES-256 encryption, depending on the key.
|
|
* The unencrypted input and encrypted output are in state1.
|
|
|
|
* Callable from C, with context structure pointer on stack.
|
|
aes_encrypt start
|
|
CFunction AES_ENCRYPT
|
|
end
|
|
|
|
|
|
* Call with DP = AES context structure (with key expanded),
|
|
* DP = bank containing AES tables.
|
|
AES_ENCRYPT start
|
|
using tables
|
|
|
|
AddInitialRoundKey
|
|
|
|
ShortRegs
|
|
|
|
NormalRound 1
|
|
NormalRound 2
|
|
NormalRound 3
|
|
NormalRound 4
|
|
NormalRound 5
|
|
NormalRound 6
|
|
NormalRound 7
|
|
NormalRound 8
|
|
NormalRound 9
|
|
|
|
lda keysize
|
|
bne cont1
|
|
jmp finish_aes128
|
|
|
|
cont1 NormalRound 10
|
|
NormalRound 11
|
|
|
|
lda keysize
|
|
bmi cont2
|
|
jmp finish_aes192
|
|
|
|
cont2 NormalRound 12
|
|
NormalRound 13
|
|
|
|
finish_aes256 anop
|
|
FinalRound 14
|
|
LongRegs
|
|
rtl
|
|
|
|
finish_aes192 anop
|
|
FinalRound 12
|
|
LongRegs
|
|
rtl
|
|
|
|
finish_aes128 anop
|
|
FinalRound 10
|
|
LongRegs
|
|
rtl
|
|
end
|
|
|
|
|
|
* AES decryption functions
|
|
* The encrypted input and unencrypted output are in state1.
|
|
|
|
* Callable from C, with context structure pointer on stack.
|
|
aes_decrypt start
|
|
CFunction AES_DECRYPT
|
|
end
|
|
|
|
aes128_decrypt start
|
|
CFunction AES128_DECRYPT
|
|
end
|
|
|
|
aes192_decrypt start
|
|
CFunction AES192_DECRYPT
|
|
end
|
|
|
|
aes256_decrypt start
|
|
CFunction AES256_DECRYPT
|
|
end
|
|
|
|
* Call with DP = AES context structure (with key expanded),
|
|
* DP = bank containing AES tables.
|
|
AES_DECRYPT start
|
|
using tables
|
|
ShortRegs
|
|
lda keysize
|
|
bne not128
|
|
jmp aes128_decrypt_internal
|
|
not128 bmi aes256_decrypt_internal
|
|
jmp aes192_decrypt_internal
|
|
|
|
AES256_DECRYPT entry
|
|
ShortRegs
|
|
aes256_decrypt_internal anop
|
|
InvFinalRound 14
|
|
InvNormalRound 13
|
|
InvNormalRound 12
|
|
jmp cont1
|
|
|
|
AES192_DECRYPT entry
|
|
ShortRegs
|
|
aes192_decrypt_internal anop
|
|
InvFinalRound 12
|
|
cont1 anop
|
|
InvNormalRound 11
|
|
InvNormalRound 10
|
|
jmp cont2
|
|
|
|
AES128_DECRYPT entry
|
|
ShortRegs
|
|
aes128_decrypt_internal anop
|
|
InvFinalRound 10
|
|
cont2 anop
|
|
InvNormalRound 9
|
|
InvNormalRound 8
|
|
InvNormalRound 7
|
|
InvNormalRound 6
|
|
InvNormalRound 5
|
|
InvNormalRound 4
|
|
InvNormalRound 3
|
|
InvNormalRound 2
|
|
InvNormalRound 1
|
|
LongRegs
|
|
rtl
|
|
end
|