📄 aes_x86_v2.asm
字号:
mov ebx,ebp
restore ebp,0
xor eax,[ebp]
xor ebx,[ebp+4]
%endmacro
section .text align=32
; AES Decryption Subroutine
do_name _aes_decrypt,12
sub esp,stk_spc
mov [esp+16],ebp
mov [esp+12],ebx
mov [esp+ 8],esi
mov [esp+ 4],edi
; input four columns and xor in first round key
mov esi,[esp+in_blk+stk_spc] ; input pointer
mov eax,[esi ]
mov ebx,[esi+ 4]
mov ecx,[esi+ 8]
mov edx,[esi+12]
lea esi,[esi+16]
mov ebp,[esp+ctx+stk_spc] ; key pointer
movzx edi,byte[ebp+4*KS_LENGTH]
%ifndef AES_REV_DKS ; if decryption key schedule is not reversed
lea ebp,[ebp+edi] ; we have to access it from the top down
%endif
xor eax,[ebp ] ; key schedule
xor ebx,[ebp+ 4]
xor ecx,[ebp+ 8]
xor edx,[ebp+12]
; determine the number of rounds
cmp edi,10*16
je .3
cmp edi,12*16
je .2
cmp edi,14*16
je .1
mov eax,-1
jmp .5
.1: dec_round
dec_round
.2: dec_round
dec_round
.3: dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_round
dec_last_round
; move final values to the output array.
mov ebp,[esp+out_blk+stk_spc]
mov [ebp],eax
mov [ebp+4],ebx
mov [ebp+8],esi
mov [ebp+12],edi
xor eax,eax
.5: mov ebp,[esp+16]
mov ebx,[esp+12]
mov esi,[esp+ 8]
mov edi,[esp+ 4]
add esp,stk_spc
do_exit 12
%endif
%macro inv_mix_col 0
movzx ebx,dl
movzx ebx,etab_b(ebx)
mov eax,dtab_0(ebx)
movzx ebx,dh
shr edx,16
movzx ebx,etab_b(ebx)
xor eax,dtab_1(ebx)
movzx ebx,dl
movzx ebx,etab_b(ebx)
xor eax,dtab_2(ebx)
movzx ebx,dh
movzx ebx,etab_b(ebx)
xor eax,dtab_3(ebx)
%endmacro
%ifdef DECRYPTION_KEY_SCHEDULE
%ifdef AES_128
%ifndef DECRYPTION_TABLE
%define DECRYPTION_TABLE
%endif
do_name _aes_decrypt_key128,8
push ebp
push ebx
push esi
push edi
mov eax,[esp+24] ; context
mov edx,[esp+20] ; key
push eax
push edx
do_call _aes_encrypt_key128,8 ; generate expanded encryption key
mov eax,10*16
mov esi,[esp+24] ; pointer to first round key
lea edi,[esi+eax] ; pointer to last round key
add esi,32
; the inverse mix column transformation
mov edx,[esi-16] ; needs to be applied to all round keys
inv_mix_col ; except first and last. Hence start by
mov [esi-16],eax ; transforming the four sub-keys in the
mov edx,[esi-12] ; second round key
inv_mix_col
mov [esi-12],eax ; transformations for subsequent rounds
mov edx,[esi-8] ; can then be made more efficient by
inv_mix_col ; noting that for three of the four sub-keys
mov [esi-8],eax ; in the encryption round key ek[r]:
mov edx,[esi-4] ;
inv_mix_col ; ek[r][n] = ek[r][n-1] ^ ek[r-1][n]
mov [esi-4],eax ;
; where n is 1..3. Hence the corresponding
.0: mov edx,[esi] ; subkeys in the decryption round key dk[r]
inv_mix_col ; also obey since inv_mix_col is linear in
mov [esi],eax ; GF(256):
xor eax,[esi-12] ;
mov [esi+4],eax ; dk[r][n] = dk[r][n-1] ^ dk[r-1][n]
xor eax,[esi-8] ;
mov [esi+8],eax ; So we only need one inverse mix column
xor eax,[esi-4] ; operation (n = 0) for each four word cycle
mov [esi+12],eax ; in the expanded key.
add esi,16
cmp edi,esi
jg .0
jmp dec_end
%endif
%ifdef AES_192
%ifndef DECRYPTION_TABLE
%define DECRYPTION_TABLE
%endif
do_name _aes_decrypt_key192,8
push ebp
push ebx
push esi
push edi
mov eax,[esp+24] ; context
mov edx,[esp+20] ; key
push eax
push edx
do_call _aes_encrypt_key192,8 ; generate expanded encryption key
mov eax,12*16
mov esi,[esp+24] ; first round key
lea edi,[esi+eax] ; last round key
add esi,48 ; the first 6 words are the key, of
; which the top 2 words are part of
mov edx,[esi-32] ; the second round key and hence
inv_mix_col ; need to be modified. After this we
mov [esi-32],eax ; need to do a further six values prior
mov edx,[esi-28] ; to using a more efficient technique
inv_mix_col ; based on:
mov [esi-28],eax ;
; dk[r][n] = dk[r][n-1] ^ dk[r-1][n]
mov edx,[esi-24] ;
inv_mix_col ; for n = 1 .. 5 where the key expansion
mov [esi-24],eax ; cycle is now 6 words long
mov edx,[esi-20]
inv_mix_col
mov [esi-20],eax
mov edx,[esi-16]
inv_mix_col
mov [esi-16],eax
mov edx,[esi-12]
inv_mix_col
mov [esi-12],eax
mov edx,[esi-8]
inv_mix_col
mov [esi-8],eax
mov edx,[esi-4]
inv_mix_col
mov [esi-4],eax
.0: mov edx,[esi] ; the expanded key is 13 * 4 = 44 32-bit words
inv_mix_col ; of which 11 * 4 = 44 have to be modified
mov [esi],eax ; using inv_mix_col. We have already done 8
xor eax,[esi-20] ; of these so 36 are left - hence we need
mov [esi+4],eax ; exactly 6 loops of six here
xor eax,[esi-16]
mov [esi+8],eax
xor eax,[esi-12]
mov [esi+12],eax
xor eax,[esi-8]
mov [esi+16],eax
xor eax,[esi-4]
mov [esi+20],eax
add esi,24
cmp edi,esi
jg .0
jmp dec_end
%endif
%ifdef AES_256
%ifndef DECRYPTION_TABLE
%define DECRYPTION_TABLE
%endif
do_name _aes_decrypt_key256,8
push ebp
push ebx
push esi
push edi
mov eax,[esp+24]
mov edx,[esp+20]
push eax
push edx
do_call _aes_encrypt_key256,8 ; generate expanded encryption key
mov eax,14*16
mov esi,[esp+24]
lea edi,[esi+eax]
add esi,64
mov edx,[esi-48] ; the primary key is 8 words, of which
inv_mix_col ; the top four require modification
mov [esi-48],eax
mov edx,[esi-44]
inv_mix_col
mov [esi-44],eax
mov edx,[esi-40]
inv_mix_col
mov [esi-40],eax
mov edx,[esi-36]
inv_mix_col
mov [esi-36],eax
mov edx,[esi-32] ; the encryption key expansion cycle is
inv_mix_col ; now eight words long so we need to
mov [esi-32],eax ; start by doing one complete block
mov edx,[esi-28]
inv_mix_col
mov [esi-28],eax
mov edx,[esi-24]
inv_mix_col
mov [esi-24],eax
mov edx,[esi-20]
inv_mix_col
mov [esi-20],eax
mov edx,[esi-16]
inv_mix_col
mov [esi-16],eax
mov edx,[esi-12]
inv_mix_col
mov [esi-12],eax
mov edx,[esi-8]
inv_mix_col
mov [esi-8],eax
mov edx,[esi-4]
inv_mix_col
mov [esi-4],eax
.0: mov edx,[esi] ; we can now speed up the remaining
inv_mix_col ; rounds by using the technique
mov [esi],eax ; outlined earlier. But note that
xor eax,[esi-28] ; there is one extra inverse mix
mov [esi+4],eax ; column operation as the 256 bit
xor eax,[esi-24] ; key has an extra non-linear step
mov [esi+8],eax ; for the midway element.
xor eax,[esi-20]
mov [esi+12],eax ; the expanded key is 15 * 4 = 60
mov edx,[esi+16] ; 32-bit words of which 52 need to
inv_mix_col ; be modified. We have already done
mov [esi+16],eax ; 12 so 40 are left - which means
xor eax,[esi-12] ; that we need exactly 5 loops of 8
mov [esi+20],eax
xor eax,[esi-8]
mov [esi+24],eax
xor eax,[esi-4]
mov [esi+28],eax
add esi,32
cmp edi,esi
jg .0
%endif
dec_end:
%ifdef AES_REV_DKS
mov esi,[esp+24] ; this reverses the order of the
.1: mov eax,[esi] ; round keys if required
mov ebx,[esi+4]
mov ebp,[edi]
mov edx,[edi+4]
mov [esi],ebp
mov [esi+4],edx
mov [edi],eax
mov [edi+4],ebx
mov eax,[esi+8]
mov ebx,[esi+12]
mov ebp,[edi+8]
mov edx,[edi+12]
mov [esi+8],ebp
mov [esi+12],edx
mov [edi+8],eax
mov [edi+12],ebx
add esi,16
sub edi,16
cmp edi,esi
jg .1
%endif
pop edi
pop esi
pop ebx
pop ebp
xor eax,eax
do_exit 8
%ifdef AES_VAR
do_name _aes_decrypt_key,12
mov ecx,[esp+4]
mov eax,[esp+8]
mov edx,[esp+12]
push edx
push ecx
cmp eax,16
je .1
cmp eax,128
je .1
cmp eax,24
je .2
cmp eax,192
je .2
cmp eax,32
je .3
cmp eax,256
je .3
mov eax,-1
add esp,8
do_exit 12
.1: do_call _aes_decrypt_key128,8
do_exit 12
.2: do_call _aes_decrypt_key192,8
do_exit 12
.3: do_call _aes_decrypt_key256,8
do_exit 12
%endif
%endif
%ifdef DECRYPTION_TABLE
; Inverse S-box data - 256 entries
section .data align=32
align 32
%define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x
dec_tab:
db v8(0x52),v8(0x09),v8(0x6a),v8(0xd5),v8(0x30),v8(0x36),v8(0xa5),v8(0x38)
db v8(0xbf),v8(0x40),v8(0xa3),v8(0x9e),v8(0x81),v8(0xf3),v8(0xd7),v8(0xfb)
db v8(0x7c),v8(0xe3),v8(0x39),v8(0x82),v8(0x9b),v8(0x2f),v8(0xff),v8(0x87)
db v8(0x34),v8(0x8e),v8(0x43),v8(0x44),v8(0xc4),v8(0xde),v8(0xe9),v8(0xcb)
db v8(0x54),v8(0x7b),v8(0x94),v8(0x32),v8(0xa6),v8(0xc2),v8(0x23),v8(0x3d)
db v8(0xee),v8(0x4c),v8(0x95),v8(0x0b),v8(0x42),v8(0xfa),v8(0xc3),v8(0x4e)
db v8(0x08),v8(0x2e),v8(0xa1),v8(0x66),v8(0x28),v8(0xd9),v8(0x24),v8(0xb2)
db v8(0x76),v8(0x5b),v8(0xa2),v8(0x49),v8(0x6d),v8(0x8b),v8(0xd1),v8(0x25)
db v8(0x72),v8(0xf8),v8(0xf6),v8(0x64),v8(0x86),v8(0x68),v8(0x98),v8(0x16)
db v8(0xd4),v8(0xa4),v8(0x5c),v8(0xcc),v8(0x5d),v8(0x65),v8(0xb6),v8(0x92)
db v8(0x6c),v8(0x70),v8(0x48),v8(0x50),v8(0xfd),v8(0xed),v8(0xb9),v8(0xda)
db v8(0x5e),v8(0x15),v8(0x46),v8(0x57),v8(0xa7),v8(0x8d),v8(0x9d),v8(0x84)
db v8(0x90),v8(0xd8),v8(0xab),v8(0x00),v8(0x8c),v8(0xbc),v8(0xd3),v8(0x0a)
db v8(0xf7),v8(0xe4),v8(0x58),v8(0x05),v8(0xb8),v8(0xb3),v8(0x45),v8(0x06)
db v8(0xd0),v8(0x2c),v8(0x1e),v8(0x8f),v8(0xca),v8(0x3f),v8(0x0f),v8(0x02)
db v8(0xc1),v8(0xaf),v8(0xbd),v8(0x03),v8(0x01),v8(0x13),v8(0x8a),v8(0x6b)
db v8(0x3a),v8(0x91),v8(0x11),v8(0x41),v8(0x4f),v8(0x67),v8(0xdc),v8(0xea)
db v8(0x97),v8(0xf2),v8(0xcf),v8(0xce),v8(0xf0),v8(0xb4),v8(0xe6),v8(0x73)
db v8(0x96),v8(0xac),v8(0x74),v8(0x22),v8(0xe7),v8(0xad),v8(0x35),v8(0x85)
db v8(0xe2),v8(0xf9),v8(0x37),v8(0xe8),v8(0x1c),v8(0x75),v8(0xdf),v8(0x6e)
db v8(0x47),v8(0xf1),v8(0x1a),v8(0x71),v8(0x1d),v8(0x29),v8(0xc5),v8(0x89)
db v8(0x6f),v8(0xb7),v8(0x62),v8(0x0e),v8(0xaa),v8(0x18),v8(0xbe),v8(0x1b)
db v8(0xfc),v8(0x56),v8(0x3e),v8(0x4b),v8(0xc6),v8(0xd2),v8(0x79),v8(0x20)
db v8(0x9a),v8(0xdb),v8(0xc0),v8(0xfe),v8(0x78),v8(0xcd),v8(0x5a),v8(0xf4)
db v8(0x1f),v8(0xdd),v8(0xa8),v8(0x33),v8(0x88),v8(0x07),v8(0xc7),v8(0x31)
db v8(0xb1),v8(0x12),v8(0x10),v8(0x59),v8(0x27),v8(0x80),v8(0xec),v8(0x5f)
db v8(0x60),v8(0x51),v8(0x7f),v8(0xa9),v8(0x19),v8(0xb5),v8(0x4a),v8(0x0d)
db v8(0x2d),v8(0xe5),v8(0x7a),v8(0x9f),v8(0x93),v8(0xc9),v8(0x9c),v8(0xef)
db v8(0xa0),v8(0xe0),v8(0x3b),v8(0x4d),v8(0xae),v8(0x2a),v8(0xf5),v8(0xb0)
db v8(0xc8),v8(0xeb),v8(0xbb),v8(0x3c),v8(0x83),v8(0x53),v8(0x99),v8(0x61)
db v8(0x17),v8(0x2b),v8(0x04),v8(0x7e),v8(0xba),v8(0x77),v8(0xd6),v8(0x26)
db v8(0xe1),v8(0x69),v8(0x14),v8(0x63),v8(0x55),v8(0x21),v8(0x0c),v8(0x7d)
%endif
end
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -