xref: /linux/arch/arm/crypto/sha2-ce-core.S (revision 2169e6daa1ffa6e9869fcc56ff7df23c9287f1ec)
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
4 *
5 * Copyright (C) 2015 Linaro Ltd.
6 * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
7 */
8
9#include <linux/linkage.h>
10#include <asm/assembler.h>
11
12	.text
13	.fpu		crypto-neon-fp-armv8
14
15	k0		.req	q7
16	k1		.req	q8
17	rk		.req	r3
18
19	ta0		.req	q9
20	ta1		.req	q10
21	tb0		.req	q10
22	tb1		.req	q9
23
24	dga		.req	q11
25	dgb		.req	q12
26
27	dg0		.req	q13
28	dg1		.req	q14
29	dg2		.req	q15
30
31	.macro		add_only, ev, s0
32	vmov		dg2, dg0
33	.ifnb		\s0
34	vld1.32		{k\ev}, [rk, :128]!
35	.endif
36	sha256h.32	dg0, dg1, tb\ev
37	sha256h2.32	dg1, dg2, tb\ev
38	.ifnb		\s0
39	vadd.u32	ta\ev, q\s0, k\ev
40	.endif
41	.endm
42
43	.macro		add_update, ev, s0, s1, s2, s3
44	sha256su0.32	q\s0, q\s1
45	add_only	\ev, \s1
46	sha256su1.32	q\s0, q\s2, q\s3
47	.endm
48
49	.align		6
50.Lsha256_rcon:
51	.word		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
52	.word		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
53	.word		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
54	.word		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
55	.word		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
56	.word		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
57	.word		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
58	.word		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
59	.word		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
60	.word		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
61	.word		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
62	.word		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
63	.word		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
64	.word		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
65	.word		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
66	.word		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
67
68	/*
69	 * void sha2_ce_transform(struct sha256_state *sst, u8 const *src,
70				  int blocks);
71	 */
72ENTRY(sha2_ce_transform)
73	/* load state */
74	vld1.32		{dga-dgb}, [r0]
75
76	/* load input */
770:	vld1.32		{q0-q1}, [r1]!
78	vld1.32		{q2-q3}, [r1]!
79	subs		r2, r2, #1
80
81#ifndef CONFIG_CPU_BIG_ENDIAN
82	vrev32.8	q0, q0
83	vrev32.8	q1, q1
84	vrev32.8	q2, q2
85	vrev32.8	q3, q3
86#endif
87
88	/* load first round constant */
89	adr		rk, .Lsha256_rcon
90	vld1.32		{k0}, [rk, :128]!
91
92	vadd.u32	ta0, q0, k0
93	vmov		dg0, dga
94	vmov		dg1, dgb
95
96	add_update	1, 0, 1, 2, 3
97	add_update	0, 1, 2, 3, 0
98	add_update	1, 2, 3, 0, 1
99	add_update	0, 3, 0, 1, 2
100	add_update	1, 0, 1, 2, 3
101	add_update	0, 1, 2, 3, 0
102	add_update	1, 2, 3, 0, 1
103	add_update	0, 3, 0, 1, 2
104	add_update	1, 0, 1, 2, 3
105	add_update	0, 1, 2, 3, 0
106	add_update	1, 2, 3, 0, 1
107	add_update	0, 3, 0, 1, 2
108
109	add_only	1, 1
110	add_only	0, 2
111	add_only	1, 3
112	add_only	0
113
114	/* update state */
115	vadd.u32	dga, dga, dg0
116	vadd.u32	dgb, dgb, dg1
117	bne		0b
118
119	/* store new state */
120	vst1.32		{dga-dgb}, [r0]
121	bx		lr
122ENDPROC(sha2_ce_transform)
123