xref: /linux/arch/arm64/crypto/sm3-ce-core.S (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1/* SPDX-License-Identifier: GPL-2.0-only */
2/*
3 * sm3-ce-core.S - SM3 secure hash using ARMv8.2 Crypto Extensions
4 *
5 * Copyright (C) 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
6 */
7
8#include <linux/linkage.h>
9#include <linux/cfi_types.h>
10#include <asm/assembler.h>
11
12	.irp		b, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
13	.set		.Lv\b\().4s, \b
14	.endr
15
16	.macro		sm3partw1, rd, rn, rm
17	.inst		0xce60c000 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
18	.endm
19
20	.macro		sm3partw2, rd, rn, rm
21	.inst		0xce60c400 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
22	.endm
23
24	.macro		sm3ss1, rd, rn, rm, ra
25	.inst		0xce400000 | .L\rd | (.L\rn << 5) | (.L\ra << 10) | (.L\rm << 16)
26	.endm
27
28	.macro		sm3tt1a, rd, rn, rm, imm2
29	.inst		0xce408000 | .L\rd | (.L\rn << 5) | ((\imm2) << 12) | (.L\rm << 16)
30	.endm
31
32	.macro		sm3tt1b, rd, rn, rm, imm2
33	.inst		0xce408400 | .L\rd | (.L\rn << 5) | ((\imm2) << 12) | (.L\rm << 16)
34	.endm
35
36	.macro		sm3tt2a, rd, rn, rm, imm2
37	.inst		0xce408800 | .L\rd | (.L\rn << 5) | ((\imm2) << 12) | (.L\rm << 16)
38	.endm
39
40	.macro		sm3tt2b, rd, rn, rm, imm2
41	.inst		0xce408c00 | .L\rd | (.L\rn << 5) | ((\imm2) << 12) | (.L\rm << 16)
42	.endm
43
44	.macro		round, ab, s0, t0, t1, i
45	sm3ss1		v5.4s, v8.4s, \t0\().4s, v9.4s
46	shl		\t1\().4s, \t0\().4s, #1
47	sri		\t1\().4s, \t0\().4s, #31
48	sm3tt1\ab	v8.4s, v5.4s, v10.4s, \i
49	sm3tt2\ab	v9.4s, v5.4s, \s0\().4s, \i
50	.endm
51
52	.macro		qround, ab, s0, s1, s2, s3, s4
53	.ifnb		\s4
54	ext		\s4\().16b, \s1\().16b, \s2\().16b, #12
55	ext		v6.16b, \s0\().16b, \s1\().16b, #12
56	ext		v7.16b, \s2\().16b, \s3\().16b, #8
57	sm3partw1	\s4\().4s, \s0\().4s, \s3\().4s
58	.endif
59
60	eor		v10.16b, \s0\().16b, \s1\().16b
61
62	round		\ab, \s0, v11, v12, 0
63	round		\ab, \s0, v12, v11, 1
64	round		\ab, \s0, v11, v12, 2
65	round		\ab, \s0, v12, v11, 3
66
67	.ifnb		\s4
68	sm3partw2	\s4\().4s, v7.4s, v6.4s
69	.endif
70	.endm
71
72	/*
73	 * void sm3_ce_transform(struct sm3_state *sst, u8 const *src,
74	 *                       int blocks)
75	 */
76	.text
77SYM_TYPED_FUNC_START(sm3_ce_transform)
78	/* load state */
79	ld1		{v8.4s-v9.4s}, [x0]
80	rev64		v8.4s, v8.4s
81	rev64		v9.4s, v9.4s
82	ext		v8.16b, v8.16b, v8.16b, #8
83	ext		v9.16b, v9.16b, v9.16b, #8
84
85	adr_l		x8, .Lt
86	ldp		s13, s14, [x8]
87
88	/* load input */
890:	ld1		{v0.16b-v3.16b}, [x1], #64
90	sub		w2, w2, #1
91
92	mov		v15.16b, v8.16b
93	mov		v16.16b, v9.16b
94
95CPU_LE(	rev32		v0.16b, v0.16b		)
96CPU_LE(	rev32		v1.16b, v1.16b		)
97CPU_LE(	rev32		v2.16b, v2.16b		)
98CPU_LE(	rev32		v3.16b, v3.16b		)
99
100	ext		v11.16b, v13.16b, v13.16b, #4
101
102	qround		a, v0, v1, v2, v3, v4
103	qround		a, v1, v2, v3, v4, v0
104	qround		a, v2, v3, v4, v0, v1
105	qround		a, v3, v4, v0, v1, v2
106
107	ext		v11.16b, v14.16b, v14.16b, #4
108
109	qround		b, v4, v0, v1, v2, v3
110	qround		b, v0, v1, v2, v3, v4
111	qround		b, v1, v2, v3, v4, v0
112	qround		b, v2, v3, v4, v0, v1
113	qround		b, v3, v4, v0, v1, v2
114	qround		b, v4, v0, v1, v2, v3
115	qround		b, v0, v1, v2, v3, v4
116	qround		b, v1, v2, v3, v4, v0
117	qround		b, v2, v3, v4, v0, v1
118	qround		b, v3, v4
119	qround		b, v4, v0
120	qround		b, v0, v1
121
122	eor		v8.16b, v8.16b, v15.16b
123	eor		v9.16b, v9.16b, v16.16b
124
125	/* handled all input blocks? */
126	cbnz		w2, 0b
127
128	/* save state */
129	rev64		v8.4s, v8.4s
130	rev64		v9.4s, v9.4s
131	ext		v8.16b, v8.16b, v8.16b, #8
132	ext		v9.16b, v9.16b, v9.16b, #8
133	st1		{v8.4s-v9.4s}, [x0]
134	ret
135SYM_FUNC_END(sm3_ce_transform)
136
137	.section	".rodata", "a"
138	.align		3
139.Lt:	.word		0x79cc4519, 0x9d8a7a87
140