/// The ARM crypto extension implements a little-endian version of AES
/// (though the manual doesn't actually spell this out and you have to
/// experiment), but Catacomb's internal interface presents as big-endian so
/// The ARM crypto extension implements a little-endian version of AES
/// (though the manual doesn't actually spell this out and you have to
/// experiment), but Catacomb's internal interface presents as big-endian so
// Useful constants.
.equ maxrounds, 16 // maximum number of rounds
.equ maxblksz, 32 // maximum block size, in bytes
// Useful constants.
.equ maxrounds, 16 // maximum number of rounds
.equ maxblksz, 32 // maximum block size, in bytes
// The initial round key material is taken directly from the input
// key, so copy it over. Unfortunately, the key material is not
// The initial round key material is taken directly from the input
// key, so copy it over. Unfortunately, the key material is not
mla r2, r1, r7, r1 // total key size in words
leaextq r5, rijndael_rcon // round constants
sub r8, r2, r3 // minus what we've copied already
mla r2, r1, r7, r1 // total key size in words
leaextq r5, rijndael_rcon // round constants
sub r8, r2, r3 // minus what we've copied already
add r8, r9, r8, lsl #2 // limit of the key buffer
mov r12, #0 // position in current cycle
add r8, r9, r8, lsl #2 // limit of the key buffer
mov r12, #0 // position in current cycle
// First word of the cycle. Byte substitution, rotation, and round
// constant.
1: ldrb r14, [r5], #1 // next round constant
// First word of the cycle. Byte substitution, rotation, and round
// constant.
1: ldrb r14, [r5], #1 // next round constant
// End-swap R2 words starting at R1. R1 is clobbered; R2 is not.
// It's OK to work in 16-byte chunks.
// End-swap R2 words starting at R1. R1 is clobbered; R2 is not.
// It's OK to work in 16-byte chunks.