xref: /linux/arch/riscv/crypto/sm3-riscv64-zvksh-zvkb.S (revision 173b0b5b0e865348684c02bd9cb1d22b5d46e458)
1/* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
2//
3// This file is dual-licensed, meaning that you can use it under your
4// choice of either of the following two licenses:
5//
6// Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
7//
8// Licensed under the Apache License 2.0 (the "License"). You can obtain
9// a copy in the file LICENSE in the source distribution or at
10// https://www.openssl.org/source/license.html
11//
12// or
13//
14// Copyright (c) 2023, Christoph Müllner <christoph.muellner@vrull.eu>
15// Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
16// Copyright 2024 Google LLC
17// All rights reserved.
18//
19// Redistribution and use in source and binary forms, with or without
20// modification, are permitted provided that the following conditions
21// are met:
22// 1. Redistributions of source code must retain the above copyright
23//    notice, this list of conditions and the following disclaimer.
24// 2. Redistributions in binary form must reproduce the above copyright
25//    notice, this list of conditions and the following disclaimer in the
26//    documentation and/or other materials provided with the distribution.
27//
28// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39
40// The generated code of this file depends on the following RISC-V extensions:
41// - RV64I
42// - RISC-V Vector ('V') with VLEN >= 128
43// - RISC-V Vector SM3 Secure Hash extension ('Zvksh')
44// - RISC-V Vector Cryptography Bit-manipulation extension ('Zvkb')
45
46#include <linux/cfi_types.h>
47
48.text
49.option arch, +zvksh, +zvkb
50
51#define STATEP		a0
52#define DATA		a1
53#define NUM_BLOCKS	a2
54
55#define STATE		v0	// LMUL=2
56#define PREV_STATE	v2	// LMUL=2
57#define W0		v4	// LMUL=2
58#define W1		v6	// LMUL=2
59#define VTMP		v8	// LMUL=2
60
61.macro	sm3_8rounds	i, w0, w1
62	// Do 4 rounds using W_{0+i}..W_{7+i}.
63	vsm3c.vi	STATE, \w0, \i + 0
64	vslidedown.vi	VTMP, \w0, 2
65	vsm3c.vi	STATE, VTMP, \i + 1
66
67	// Compute W_{4+i}..W_{11+i}.
68	vslidedown.vi	VTMP, \w0, 4
69	vslideup.vi	VTMP, \w1, 4
70
71	// Do 4 rounds using W_{4+i}..W_{11+i}.
72	vsm3c.vi	STATE, VTMP, \i + 2
73	vslidedown.vi	VTMP, VTMP, 2
74	vsm3c.vi	STATE, VTMP, \i + 3
75
76.if \i < 28
77	// Compute W_{16+i}..W_{23+i}.
78	vsm3me.vv	\w0, \w1, \w0
79.endif
80	// For the next 8 rounds, w0 and w1 are swapped.
81.endm
82
83// void sm3_transform_zvksh_zvkb(u32 state[8], const u8 *data, int num_blocks);
84SYM_TYPED_FUNC_START(sm3_transform_zvksh_zvkb)
85
86	// Load the state and endian-swap each 32-bit word.
87	vsetivli	zero, 8, e32, m2, ta, ma
88	vle32.v		STATE, (STATEP)
89	vrev8.v		STATE, STATE
90
91.Lnext_block:
92	addi		NUM_BLOCKS, NUM_BLOCKS, -1
93
94	// Save the previous state, as it's needed later.
95	vmv.v.v		PREV_STATE, STATE
96
97	// Load the next 512-bit message block into W0-W1.
98	vle32.v		W0, (DATA)
99	addi		DATA, DATA, 32
100	vle32.v		W1, (DATA)
101	addi		DATA, DATA, 32
102
103	// Do the 64 rounds of SM3.
104	sm3_8rounds	0, W0, W1
105	sm3_8rounds	4, W1, W0
106	sm3_8rounds	8, W0, W1
107	sm3_8rounds	12, W1, W0
108	sm3_8rounds	16, W0, W1
109	sm3_8rounds	20, W1, W0
110	sm3_8rounds	24, W0, W1
111	sm3_8rounds	28, W1, W0
112
113	// XOR in the previous state.
114	vxor.vv		STATE, STATE, PREV_STATE
115
116	// Repeat if more blocks remain.
117	bnez		NUM_BLOCKS, .Lnext_block
118
119	// Store the new state and return.
120	vrev8.v		STATE, STATE
121	vse32.v		STATE, (STATEP)
122	ret
123SYM_FUNC_END(sm3_transform_zvksh_zvkb)
124