📄 phelix86.asm
字号:
_stack_offs = -_Phelix_LocalSize ;stack frame not built yet
lea Z4,callerParms
sub esp,_Phelix_LocalSize
_stack_offs = 0
call InitNonce
_ASM_Assert <UNROLL_CNT ge ZERO_INIT_CNT>
mov exitTab[4*(ZERO_INIT_CNT-1)],offset _ret_SetupNonceDone
jmp EncryptBlk_0
_ret_SetupNonceDone:
if UNROLL_CNT gt ZERO_INIT_CNT ;do we need to clear out the return point?
error <Replicate code here from _ret_InitZeroDone>
endif
mov t0,ctxt_Ptr ;save our context
;
mov t1,MAGIC_AAD_XOR
xor Z1,t1
mov [t0 ].pCtxt.aadXor,t1
;
mov [t0+4*0].pCtxt._Z_,Z0
mov [t0+4*1].pCtxt._Z_,Z1
mov [t0+4*2].pCtxt._Z_,Z2
mov [t0+4*3].pCtxt._Z_,Z3
mov [t0+4*4].pCtxt._Z_,Z4
irp _nn_,<0,1,2,3>
mov Z0,X_i_1[8*_nn_ ]
mov Z1,X_i_1[8*_nn_+4]
mov Z2,oldZ [4*_nn_]
mov [t0+8*_nn_ ].pCtxt.X_1,Z0
mov [t0+8*_nn_+4].pCtxt.X_1,Z1
mov [t0+4*_nn_ ].pCtxt.old_Z,Z2
endm
;
xor t1,t1
mov [t0 ].pCtxt.msgLen,t1
mov [t0 ].pCtxt.aadLen,t1
mov [t0+4].pCtxt.aadLen,t1
mov t1,_i_
mov [t0 ].pCtxt.blkNum,t1
;
add esp,_Phelix_LocalSize
popad
ret
;
;----------------------------------------------------------------
; "Incremental" function: EncryptBytes/DecryptBytes
;----------------------------------------------------------------
; use same locals stack as EncryptPacket
;
_pOfs_ = _cpOfs_
;
irp _pp,<ctxt_Ptr,src_Ptr,dst_Ptr,bCnt>
_newParm _pp
endm
C_global PhelixEncryptBytes,ECRYPT_AE_encrypt_bytes
pushad
lea t0,Encrypt_jmpTab
PhelixBytes:
_stack_offs = -_Phelix_LocalSize ;stack frame not built yet
lea Z4,callerParms
sub esp,_Phelix_LocalSize
_stack_offs = 0
;
mov jmpTabPtr,t0
; copy context to local on stack
mov t0,ctxt_Ptr_Z4
_push Z4
lea esi,[t0].pCtxt.X_0
lea edi,X_i_0
mov ecx,8+8+4 ;X_0, X_1, and oldZ
cld
rep movsd ;copy the context
xor eax,eax
mov ecx,UNROLL_CNT ;zero out exitTab
rep stosd
_pop Z4
lea t0,_ret_PhelixBytes
mov retAddr_Z4,t0 ;set up return address
mov t0,src_Ptr_Z4 ;copy srcPtr and dstPtr
mov srcPtr,t0
mov t0,dst_Ptr_Z4
mov dstPtr,t0
mov t0,ctxt_Ptr_Z4
mov t1,[t0].pCtxt.blkNum;convert blkNum from pCtxt to locals
and t1,NOT (UNROLL_CNT-1)
mov _i_,t1
mov t1,[t0].pCtxt.blkNum
shl t1,2 ;convert blkNum to a word count
mov loopByteCnt,t1 ;and save it as the "phase"
irp _zn_,<0,1,2,3,4> ;load the Z values
mov Z&_zn_,[t0+4*_zn_].pCtxt._Z_
endm
xor Z1,[t0].pCtxt.aadXor
mov [t0].pCtxt.aadXor,0
_push Z4
lea Z4,callerParms
mov t0,src_Ptr_Z4
mov srcPtr,t0
mov t0,bCnt_Z4
mov t1,dst_Ptr_Z4
jmp processUserData
_pop Z4
_ret_PhelixBytes:
; copy modified value back to context
mov t0,ctxt_Ptr
irp _zn_,<0,1,2,3,4> ;store the Z values
mov [t0+4*_zn_].pCtxt._Z_,Z&_zn_
endm
mov t1,msgLen0 ;update pCtxt.blkNum
mov Z4,t1
add t1,3
shr t1,2
add [t0].pCtxt.blkNum,t1
add [t0].pCtxt.msgLen,Z4 ;track low 2 bits of msgLen
lea edi,[t0].pCtxt.old_Z
lea esi,oldZ
mov ecx,4 ;copy back the updated oldZ values
rep movsd
add esp,_Phelix_LocalSize
popad
ret
;
; handle decryption here
C_global PhelixDecryptBytes,ECRYPT_AE_decrypt_bytes
pushad
lea t0,Decrypt_jmpTab
jmp PhelixBytes
;
;----------------------------------------------------------------
; "Incremental" function: Finalize (MAC)
;----------------------------------------------------------------
; use same locals stack as EncryptPacket
;
_pOfs_ = _cpOfs_
;
irp _pp,<ctxt_Ptr,mac_Ptr>
_newParm _pp
endm
;
C_global PhelixFinalize,ECRYPT_AE_finalize
pushad
_stack_offs = -_Phelix_LocalSize ;stack frame not built yet
lea Z4,callerParms
sub esp,_Phelix_LocalSize
_stack_offs = 0
lea t0,Encrypt_jmpTab
mov jmpTabPtr,t0
; copy context to local on stack
mov t0,ctxt_Ptr_Z4
_push Z4
lea esi,[t0].pCtxt.X_0
lea edi,X_i_0
mov ecx,8+8+4 ;X_0, X_1, and oldZ
cld
rep movsd ;copy the context
xor eax,eax
mov ecx,UNROLL_CNT ;zero out exitTab
rep stosd
_pop Z4
mov t0,ctxt_Ptr_Z4
mov t1,[t0].pCtxt.blkNum;convert blkNum from pCtxt to locals
and t1,NOT (UNROLL_CNT-1)
mov _i_,t1
mov Z0,[t0].pCtxt.msgLen
sub Z0,4
neg Z0
and Z0,3 ;track the low 2 bits of msgLen
mov t1,[t0].pCtxt.blkNum
shl t1,2 ;convert blkNum to a word count
sub t1,Z0
mov loopByteCnt,t1 ;and save it as the "phase"
irp _zn_,<0,1,2,3,4> ;load the Z values
mov Z&_zn_,[t0+4*_zn_].pCtxt._Z_
endm
xor Z1,[t0 ].pCtxt.aadXor
xor Z4,[t0 ].pCtxt.aadLen
xor Z2,[t0+4].pCtxt.aadLen
mov t0,mac_Ptr
jmp processMAC
;
;----------------------------------------------------------------
; "Incremental" function: ProcessAAD
;----------------------------------------------------------------
_Phelix_LocalSize = 0
_newLocal 1,aad_I
_newLocal 1,aad_bb
_newLocal 1,aad_tmp
;
_cpOfs_ = 4+8*4+_Phelix_LocalSize ;caller parms offset from esp
_pOfs_ = _cpOfs_
;
irp _pp,<ctxt_Ptr,aad_Ptr,aad_Len>
_newParm _pp
endm
;
C_global PhelixProcessAAD,ECRYPT_AE_authenticate_bytes
pushad
sub esp,_Phelix_LocalSize
_stack_offs = 0
mov t0,ctxt_Ptr ;point to context
mov t1,aad_Len
add [t0 ].pCtxt.aadLen,t1
adc [t0+4 ].pCtxt.aadLen,0
mov t1,[t0].pCtxt.blkNum
mov aad_I,t1
irp _zn_,<0,1,2,3,4> ;load the Z values
mov Z&_zn_,[t0+4*_zn_].pCtxt._Z_
endm
sub aad_Len,4 ;are we done yet?
_rept ae,far
aad_Again:mov t1,aad_I
and t1,7
mov t0,ctxt_Ptr
_o_ <add Z0,Z3>,<rol Z3,ROT_3b>,<mov t0,[t0+4*t1].pCtxt.X_0>
_o_ <add Z1,Z4>,<rol Z4,ROT_4b>,<mov aad_bb,t1>
_o_ <xor Z2,Z0>,<rol Z0,ROT_0a>,<mov t1,aad_Ptr>
_o_ <xor Z3,Z1>,<rol Z1,ROT_1a>,<add t0,Z3>
_o_ <add Z4,Z2>,<rol Z2,ROT_2a>
_o_ <xor Z0,t0>,<rol Z3,ROT_3a>,<mov t0,[t1]> ;t0 = AAD plaintext
_o_ <xor Z1,Z4>,<rol Z4,ROT_4a>,<add t1,4>
_o_ <add Z2,Z0>,<rol Z0,ROT_0b>,<mov aad_Ptr,t1>
_o_ <add Z3,Z1>,<rol Z1,ROT_1b>,<xor t0,Z3>
_o_ <xor Z4,Z2>,<rol Z2,ROT_2b>,<mov t1,aad_bb>
_o_ <add Z0,t0>,<rol Z3,ROT_3b>,<mov t0,ctxt_Ptr>
_o_ <add Z1,Z4>,<rol Z4,ROT_4b>,<mov t0,[t0+4*t1].pCtxt.X_1>
_o_ <xor Z2,Z0>,<rol Z0,ROT_0a>
_o_ <xor Z3,Z1>,<rol Z1,ROT_1a>,<add t0,aad_I>
_o_ <add Z4,Z2>,<rol Z2,ROT_2a>,<add t0,Z3>
_o_ <xor Z0,t0>,<rol Z3,ROT_3a>,<mov t0,ctxt_Ptr>
_o_ <xor Z1,Z4>,<rol Z4,ROT_4a>,<and t1,3>
_o_ <add Z2,Z0>,<rol Z0,ROT_0b>,<inc aad_I>
_o_ <add Z3,Z1>,<rol Z1,ROT_1b>
_o_ <xor Z4,Z2>,<rol Z2,ROT_2b>,<mov [t0+4*t1].pCtxt.old_Z,oldZreg>
sub aad_Len,4 ;are we done yet?
_until b
; note t0 == ctxt_Ptr here
mov t1,aad_Len ;at this point, -4 <= aad_Len < 0
and t1,3 ;any odd bytes left?
_if z ;if not, we're done
mov t1,aad_I ;copy back the updated blkNum
mov [t0].pCtxt.blkNum,t1
irp _zn_,<0,1,2,3,4> ;save the Z values
mov [t0+4*_zn_].pCtxt._Z_,Z&_zn_
endm
; clean up the stack and return
add esp,_Phelix_LocalSize
popad
ret
_endif
; here to handle odd AAD bytes
mov t0,aad_Ptr ;get the final partial word
mov t0,[t0]
and t0,MASK_TAB[4*t1] ;mask off unused bits
lea t1,aad_tmp
mov aad_Ptr,t1 ;point aad_Ptr to aad_Tmp
mov [t1],t0 ;store zero-padded word there
xor t0,t0 ;fix up the count to not come here again
mov aad_Len,t0
jmp aad_Again
;
;----------------------------------------------------------------
; "Incremental" function: SetupKey
;----------------------------------------------------------------
;
_Phelix_LocalSize = 0
_newLocal 1,sk_Z4
_newLocal 1,sk_Cnt
;
_cpOfs_ = 4+8*4+_Phelix_LocalSize ;caller parms offset from esp
_pOfs_ = _cpOfs_
;
irp _pp,<ctxt_Ptr,key_Ptr,key_Size,iv_Size,mac_Size>
_newParm _pp
endm
;
C_global PhelixSetupKey,ECRYPT_AE_keysetup
pushad
sub esp,_Phelix_LocalSize
_stack_offs = 0
; assert(PHELIX_NONCE_SIZE==ivSize);/* Phelix only supports "full" nonces */
; assert( 0 == (keySize%8)); /* Phelix only supports byte-sized keys */
; assert(256 >= keySize); /* Phelix only supports keys <= 256 bits*/
mov t0,ctxt_Ptr ;point to the context to be built
mov Z0,key_Size ;copy keySize
mov [t0].pCtxt.keySize,Z0
mov Z1,mac_Size ;and macSize
mov [t0].pCtxt.macSize,Z1
and Z1,127 ;and compute X1_Bump
shl Z1,8
shr Z0,1 ;Z0 = keySize/2 (in bits)
add Z1,Z0
mov [t0].pCtxt.X_1_Bump,Z1 ;then store it
shr Z0,2 ;Z0 = keySize/8 (# bytes of key)
; now copy in the key bits
mov t1,key_Ptr
xor Z1,Z1 ;Z1 = counter
_rept
cmp Z1,Z0 ;is this full word part of the key?
_brk ae ;if not, go handle partial word (if any)
mov Z2,[t1+Z1] ;else get next full word of key
mov [t0+Z1].pCtxt.X_0,Z2 ;and copy it to context
add Z1,4 ;bump counter
_endr ;go back for more
test Z0,3 ;if any partial words, handle that here
_if nz
mov Z4,Z0
and Z4,3 ;Z4 = (keySize/8) mod 4
mov Z2,MASK_TAB[4*Z4] ;mask off "unused" bits
and [t0+Z1-4].pCtxt.X_0,Z2
_endif
xor Z2,Z2 ;zero out the rest of the context key
_rept
cmp Z1,8*4 ;are we done yet?
_brk ae
mov [t0+Z1].pCtxt.X_0,Z2 ;zero context key
add Z1,4
_endr
; now run the Feistel network for initial key mixing
add Z0,64
mov sk_Z4,Z0 ;precompute L(U)+64 "constant" for mixing
mov sk_Cnt,128 ;use this as a counter
_rept
mov t1,sk_Cnt
and t1,16 ;isolate one bit
mov Z0,[t0+t1 ].pCtxt.X_0
mov Z1,[t0+t1+ 4].pCtxt.X_0
mov Z2,[t0+t1+ 8].pCtxt.X_0
mov Z3,[t0+t1+12].pCtxt.X_0
mov Z4,sk_Z4
rept 2
_o_ <add Z0,Z3>,<rol Z3,ROT_3b>
_o_ <add Z1,Z4>,<rol Z4,ROT_4b>
_o_ <xor Z2,Z0>,<rol Z0,ROT_0a>
_o_ <xor Z3,Z1>,<rol Z1,ROT_1a>
_o_ <add Z4,Z2>,<rol Z2,ROT_2a>
_o_ <xor Z0,Z3>,<rol Z3,ROT_3a>
_o_ <xor Z1,Z4>,<rol Z4,ROT_4a>
_o_ <add Z2,Z0>,<rol Z0,ROT_0b>
_o_ <add Z3,Z1>,<rol Z1,ROT_1b>
_o_ <xor Z4,Z2>,<rol Z2,ROT_2b>
endm
xor t1,16 ;go to other half
xor [t0+t1 ].pCtxt.X_0,Z0 ;perform the Feistel xor
xor [t0+t1+ 4].pCtxt.X_0,Z1
xor [t0+t1+ 8].pCtxt.X_0,Z2
xor [t0+t1+12].pCtxt.X_0,Z3
sub sk_Cnt,16
_until be
;
add esp,_Phelix_LocalSize
popad
ret
;
;----------------------------------------------------------------
;
C_global PhelixIncremental_CodeSize
mov eax,($-offset _PhelixCodeStart_)
ret
;
endif ; _INCREMENTAL_API
;
;----------------------------------------------------------------
; use this NOP routine to calibrate/check our timing tests
;----------------------------------------------------------------
;
C_global PhelixNop
pushad
popad
ret
;
;----------------------------------------------------------------
; size statistics at compile time
;----------------------------------------------------------------
;
C_global PhelixProcessPacket_CodeSize,ECRYPT_AE_process_packet_CodeSize
mov eax,(offset _PhelixCodeEnd_-_PhelixCodeStart_)
ret
irp _cSize_,<%($-_PhelixCodeStart_)>
irp _lSize_,<%_maxPhelixStack_>
irp _uu_,<%UNROLL_CNT>
%out +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
%out Phelix ASM: Total code = _cSize_ bytes. Locals = _lSize_ bytes on stack. UNROLL_CNT = _uu_
%out +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
endm
endm
endm
end
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -