xref: /linux/arch/riscv/crypto/aes-macros.S (revision 6f7e6393d1ce636bb7ec77a7fe7b77458fddf701) 
1/* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
2//
3// This file is dual-licensed, meaning that you can use it under your
4// choice of either of the following two licenses:
5//
6// Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
7//
8// Licensed under the Apache License 2.0 (the "License"). You can obtain
9// a copy in the file LICENSE in the source distribution or at
10// https://www.openssl.org/source/license.html
11//
12// or
13//
14// Copyright (c) 2023, Christoph Müllner <christoph.muellner@vrull.eu>
15// Copyright (c) 2023, Phoebe Chen <phoebe.chen@sifive.com>
16// Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
17// Copyright 2024 Google LLC
18// All rights reserved.
19//
20// Redistribution and use in source and binary forms, with or without
21// modification, are permitted provided that the following conditions
22// are met:
23// 1. Redistributions of source code must retain the above copyright
24//    notice, this list of conditions and the following disclaimer.
25// 2. Redistributions in binary form must reproduce the above copyright
26//    notice, this list of conditions and the following disclaimer in the
27//    documentation and/or other materials provided with the distribution.
28//
29// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
30// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
31// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
32// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
33// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
34// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
35// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
36// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
37// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
38// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
39// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40
41// This file contains macros that are shared by the other aes-*.S files.  The
42// generated code of these macros depends on the following RISC-V extensions:
43// - RV64I
44// - RISC-V Vector ('V') with VLEN >= 128
45// - RISC-V Vector AES block cipher extension ('Zvkned')
46
47// Loads the AES round keys from \keyp into vector registers and jumps to code
48// specific to the length of the key.  Specifically:
49//   - If AES-128, loads round keys into v1-v11 and jumps to \label128.
50//   - If AES-192, loads round keys into v1-v13 and jumps to \label192.
51//   - If AES-256, loads round keys into v1-v15 and continues onwards.
52//
53// Also sets vl=4 and vtype=e32,m1,ta,ma.  Clobbers t0 and t1.
54.macro	aes_begin	keyp, label128, label192, key_len
55.ifb \key_len
56	lwu		t0, 480(\keyp)	// t0 = key length in bytes
57.endif
58	li		t1, 24		// t1 = key length for AES-192
59	vsetivli	zero, 4, e32, m1, ta, ma
60	vle32.v		v1, (\keyp)
61	addi		\keyp, \keyp, 16
62	vle32.v		v2, (\keyp)
63	addi		\keyp, \keyp, 16
64	vle32.v		v3, (\keyp)
65	addi		\keyp, \keyp, 16
66	vle32.v		v4, (\keyp)
67	addi		\keyp, \keyp, 16
68	vle32.v		v5, (\keyp)
69	addi		\keyp, \keyp, 16
70	vle32.v		v6, (\keyp)
71	addi		\keyp, \keyp, 16
72	vle32.v		v7, (\keyp)
73	addi		\keyp, \keyp, 16
74	vle32.v		v8, (\keyp)
75	addi		\keyp, \keyp, 16
76	vle32.v		v9, (\keyp)
77	addi		\keyp, \keyp, 16
78	vle32.v		v10, (\keyp)
79	addi		\keyp, \keyp, 16
80	vle32.v		v11, (\keyp)
81.ifb \key_len
82	blt		t0, t1, \label128	// If AES-128, goto label128.
83.else
84	blt		\key_len, t1, \label128	// If AES-128, goto label128.
85.endif
86	addi		\keyp, \keyp, 16
87	vle32.v		v12, (\keyp)
88	addi		\keyp, \keyp, 16
89	vle32.v		v13, (\keyp)
90.ifb \key_len
91	beq		t0, t1, \label192	// If AES-192, goto label192.
92.else
93	beq		\key_len, t1, \label192	// If AES-192, goto label192.
94.endif
95	// Else, it's AES-256.
96	addi		\keyp, \keyp, 16
97	vle32.v		v14, (\keyp)
98	addi		\keyp, \keyp, 16
99	vle32.v		v15, (\keyp)
100.endm
101
102// Encrypts \data using zvkned instructions, using the round keys loaded into
103// v1-v11 (for AES-128), v1-v13 (for AES-192), or v1-v15 (for AES-256).  \keylen
104// is the AES key length in bits.  vl and vtype must already be set
105// appropriately.  Note that if vl > 4, multiple blocks are encrypted.
106.macro	aes_encrypt	data, keylen
107	vaesz.vs	\data, v1
108	vaesem.vs	\data, v2
109	vaesem.vs	\data, v3
110	vaesem.vs	\data, v4
111	vaesem.vs	\data, v5
112	vaesem.vs	\data, v6
113	vaesem.vs	\data, v7
114	vaesem.vs	\data, v8
115	vaesem.vs	\data, v9
116	vaesem.vs	\data, v10
117.if \keylen == 128
118	vaesef.vs	\data, v11
119.elseif \keylen == 192
120	vaesem.vs	\data, v11
121	vaesem.vs	\data, v12
122	vaesef.vs	\data, v13
123.else
124	vaesem.vs	\data, v11
125	vaesem.vs	\data, v12
126	vaesem.vs	\data, v13
127	vaesem.vs	\data, v14
128	vaesef.vs	\data, v15
129.endif
130.endm
131
132// Same as aes_encrypt, but decrypts instead of encrypts.
133.macro	aes_decrypt	data, keylen
134.if \keylen == 128
135	vaesz.vs	\data, v11
136.elseif \keylen == 192
137	vaesz.vs	\data, v13
138	vaesdm.vs	\data, v12
139	vaesdm.vs	\data, v11
140.else
141	vaesz.vs	\data, v15
142	vaesdm.vs	\data, v14
143	vaesdm.vs	\data, v13
144	vaesdm.vs	\data, v12
145	vaesdm.vs	\data, v11
146.endif
147	vaesdm.vs	\data, v10
148	vaesdm.vs	\data, v9
149	vaesdm.vs	\data, v8
150	vaesdm.vs	\data, v7
151	vaesdm.vs	\data, v6
152	vaesdm.vs	\data, v5
153	vaesdm.vs	\data, v4
154	vaesdm.vs	\data, v3
155	vaesdm.vs	\data, v2
156	vaesdf.vs	\data, v1
157.endm
158
159// Expands to aes_encrypt or aes_decrypt according to \enc, which is 1 or 0.
160.macro	aes_crypt	data, enc, keylen
161.if \enc
162	aes_encrypt	\data, \keylen
163.else
164	aes_decrypt	\data, \keylen
165.endif
166.endm
167