xref: /linux/arch/arm64/crypto/aes-ce.S (revision 5c35a02c545a7bbe77f3a1ae337d9e29beed079b) 
1/*
2 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with
3 *                                    Crypto Extensions
4 *
5 * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/linkage.h>
13#include <asm/assembler.h>
14
15#define AES_ENTRY(func)		ENTRY(ce_ ## func)
16#define AES_ENDPROC(func)	ENDPROC(ce_ ## func)
17
18	.arch		armv8-a+crypto
19
20	/* preload all round keys */
21	.macro		load_round_keys, rounds, rk
22	cmp		\rounds, #12
23	blo		2222f		/* 128 bits */
24	beq		1111f		/* 192 bits */
25	ld1		{v17.4s-v18.4s}, [\rk], #32
261111:	ld1		{v19.4s-v20.4s}, [\rk], #32
272222:	ld1		{v21.4s-v24.4s}, [\rk], #64
28	ld1		{v25.4s-v28.4s}, [\rk], #64
29	ld1		{v29.4s-v31.4s}, [\rk]
30	.endm
31
32	/* prepare for encryption with key in rk[] */
33	.macro		enc_prepare, rounds, rk, temp
34	mov		\temp, \rk
35	load_round_keys	\rounds, \temp
36	.endm
37
38	/* prepare for encryption (again) but with new key in rk[] */
39	.macro		enc_switch_key, rounds, rk, temp
40	mov		\temp, \rk
41	load_round_keys	\rounds, \temp
42	.endm
43
44	/* prepare for decryption with key in rk[] */
45	.macro		dec_prepare, rounds, rk, temp
46	mov		\temp, \rk
47	load_round_keys	\rounds, \temp
48	.endm
49
50	.macro		do_enc_Nx, de, mc, k, i0, i1, i2, i3
51	aes\de		\i0\().16b, \k\().16b
52	aes\mc		\i0\().16b, \i0\().16b
53	.ifnb		\i1
54	aes\de		\i1\().16b, \k\().16b
55	aes\mc		\i1\().16b, \i1\().16b
56	.ifnb		\i3
57	aes\de		\i2\().16b, \k\().16b
58	aes\mc		\i2\().16b, \i2\().16b
59	aes\de		\i3\().16b, \k\().16b
60	aes\mc		\i3\().16b, \i3\().16b
61	.endif
62	.endif
63	.endm
64
65	/* up to 4 interleaved encryption rounds with the same round key */
66	.macro		round_Nx, enc, k, i0, i1, i2, i3
67	.ifc		\enc, e
68	do_enc_Nx	e, mc, \k, \i0, \i1, \i2, \i3
69	.else
70	do_enc_Nx	d, imc, \k, \i0, \i1, \i2, \i3
71	.endif
72	.endm
73
74	/* up to 4 interleaved final rounds */
75	.macro		fin_round_Nx, de, k, k2, i0, i1, i2, i3
76	aes\de		\i0\().16b, \k\().16b
77	.ifnb		\i1
78	aes\de		\i1\().16b, \k\().16b
79	.ifnb		\i3
80	aes\de		\i2\().16b, \k\().16b
81	aes\de		\i3\().16b, \k\().16b
82	.endif
83	.endif
84	eor		\i0\().16b, \i0\().16b, \k2\().16b
85	.ifnb		\i1
86	eor		\i1\().16b, \i1\().16b, \k2\().16b
87	.ifnb		\i3
88	eor		\i2\().16b, \i2\().16b, \k2\().16b
89	eor		\i3\().16b, \i3\().16b, \k2\().16b
90	.endif
91	.endif
92	.endm
93
94	/* up to 4 interleaved blocks */
95	.macro		do_block_Nx, enc, rounds, i0, i1, i2, i3
96	cmp		\rounds, #12
97	blo		2222f		/* 128 bits */
98	beq		1111f		/* 192 bits */
99	round_Nx	\enc, v17, \i0, \i1, \i2, \i3
100	round_Nx	\enc, v18, \i0, \i1, \i2, \i3
1011111:	round_Nx	\enc, v19, \i0, \i1, \i2, \i3
102	round_Nx	\enc, v20, \i0, \i1, \i2, \i3
1032222:	.irp		key, v21, v22, v23, v24, v25, v26, v27, v28, v29
104	round_Nx	\enc, \key, \i0, \i1, \i2, \i3
105	.endr
106	fin_round_Nx	\enc, v30, v31, \i0, \i1, \i2, \i3
107	.endm
108
109	.macro		encrypt_block, in, rounds, t0, t1, t2
110	do_block_Nx	e, \rounds, \in
111	.endm
112
113	.macro		encrypt_block2x, i0, i1, rounds, t0, t1, t2
114	do_block_Nx	e, \rounds, \i0, \i1
115	.endm
116
117	.macro		encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
118	do_block_Nx	e, \rounds, \i0, \i1, \i2, \i3
119	.endm
120
121	.macro		decrypt_block, in, rounds, t0, t1, t2
122	do_block_Nx	d, \rounds, \in
123	.endm
124
125	.macro		decrypt_block2x, i0, i1, rounds, t0, t1, t2
126	do_block_Nx	d, \rounds, \i0, \i1
127	.endm
128
129	.macro		decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
130	do_block_Nx	d, \rounds, \i0, \i1, \i2, \i3
131	.endm
132
133#include "aes-modes.S"
134