xref: /linux/arch/x86/crypto/twofish-i586-asm_32.S (revision cbac924200b838cfb8d8b1415113d788089dc50b)
1/* SPDX-License-Identifier: GPL-2.0-or-later */
2/***************************************************************************
3*   Copyright (C) 2006 by Joachim Fritschi, <jfritschi@freenet.de>        *
4*                                                                         *
5***************************************************************************/
6
7.file "twofish-i586-asm.S"
8.text
9
10#include <linux/linkage.h>
11#include <asm/asm-offsets.h>
12
13/* return address at 0 */
14
15#define in_blk    12  /* input byte array address parameter*/
16#define out_blk   8  /* output byte array address parameter*/
17#define ctx       4  /* Twofish context structure */
18
19#define a_offset	0
20#define b_offset	4
21#define c_offset	8
22#define d_offset	12
23
24/* Structure of the crypto context struct*/
25
26#define s0	0	/* S0 Array 256 Words each */
27#define s1	1024	/* S1 Array */
28#define s2	2048	/* S2 Array */
29#define s3	3072	/* S3 Array */
30#define w	4096	/* 8 whitening keys (word) */
31#define k	4128	/* key 1-32 ( word ) */
32
33/* define a few register aliases to allow macro substitution */
34
35#define R0D    %eax
36#define R0B    %al
37#define R0H    %ah
38
39#define R1D    %ebx
40#define R1B    %bl
41#define R1H    %bh
42
43#define R2D    %ecx
44#define R2B    %cl
45#define R2H    %ch
46
47#define R3D    %edx
48#define R3B    %dl
49#define R3H    %dh
50
51
52/* performs input whitening */
53#define input_whitening(src,context,offset)\
54	xor	w+offset(context),	src;
55
56/* performs input whitening */
57#define output_whitening(src,context,offset)\
58	xor	w+16+offset(context),	src;
59
60/*
61 * a input register containing a (rotated 16)
62 * b input register containing b
63 * c input register containing c
64 * d input register containing d (already rol $1)
65 * operations on a and b are interleaved to increase performance
66 */
67#define encrypt_round(a,b,c,d,round)\
68	push	d ## D;\
69	movzx	b ## B,		%edi;\
70	mov	s1(%ebp,%edi,4),d ## D;\
71	movzx	a ## B,		%edi;\
72	mov	s2(%ebp,%edi,4),%esi;\
73	movzx	b ## H,		%edi;\
74	ror	$16,		b ## D;\
75	xor	s2(%ebp,%edi,4),d ## D;\
76	movzx	a ## H,		%edi;\
77	ror	$16,		a ## D;\
78	xor	s3(%ebp,%edi,4),%esi;\
79	movzx	b ## B,		%edi;\
80	xor	s3(%ebp,%edi,4),d ## D;\
81	movzx	a ## B,		%edi;\
82	xor	(%ebp,%edi,4),	%esi;\
83	movzx	b ## H,		%edi;\
84	ror	$15,		b ## D;\
85	xor	(%ebp,%edi,4),	d ## D;\
86	movzx	a ## H,		%edi;\
87	xor	s1(%ebp,%edi,4),%esi;\
88	pop	%edi;\
89	add	d ## D,		%esi;\
90	add	%esi,		d ## D;\
91	add	k+round(%ebp),	%esi;\
92	xor	%esi,		c ## D;\
93	rol	$15,		c ## D;\
94	add	k+4+round(%ebp),d ## D;\
95	xor	%edi,		d ## D;
96
97/*
98 * a input register containing a (rotated 16)
99 * b input register containing b
100 * c input register containing c
101 * d input register containing d (already rol $1)
102 * operations on a and b are interleaved to increase performance
103 * last round has different rotations for the output preparation
104 */
105#define encrypt_last_round(a,b,c,d,round)\
106	push	d ## D;\
107	movzx	b ## B,		%edi;\
108	mov	s1(%ebp,%edi,4),d ## D;\
109	movzx	a ## B,		%edi;\
110	mov	s2(%ebp,%edi,4),%esi;\
111	movzx	b ## H,		%edi;\
112	ror	$16,		b ## D;\
113	xor	s2(%ebp,%edi,4),d ## D;\
114	movzx	a ## H,		%edi;\
115	ror	$16,		a ## D;\
116	xor	s3(%ebp,%edi,4),%esi;\
117	movzx	b ## B,		%edi;\
118	xor	s3(%ebp,%edi,4),d ## D;\
119	movzx	a ## B,		%edi;\
120	xor	(%ebp,%edi,4),	%esi;\
121	movzx	b ## H,		%edi;\
122	ror	$16,		b ## D;\
123	xor	(%ebp,%edi,4),	d ## D;\
124	movzx	a ## H,		%edi;\
125	xor	s1(%ebp,%edi,4),%esi;\
126	pop	%edi;\
127	add	d ## D,		%esi;\
128	add	%esi,		d ## D;\
129	add	k+round(%ebp),	%esi;\
130	xor	%esi,		c ## D;\
131	ror	$1,		c ## D;\
132	add	k+4+round(%ebp),d ## D;\
133	xor	%edi,		d ## D;
134
135/*
136 * a input register containing a
137 * b input register containing b (rotated 16)
138 * c input register containing c
139 * d input register containing d (already rol $1)
140 * operations on a and b are interleaved to increase performance
141 */
142#define decrypt_round(a,b,c,d,round)\
143	push	c ## D;\
144	movzx	a ## B,		%edi;\
145	mov	(%ebp,%edi,4),	c ## D;\
146	movzx	b ## B,		%edi;\
147	mov	s3(%ebp,%edi,4),%esi;\
148	movzx	a ## H,		%edi;\
149	ror	$16,		a ## D;\
150	xor	s1(%ebp,%edi,4),c ## D;\
151	movzx	b ## H,		%edi;\
152	ror	$16,		b ## D;\
153	xor	(%ebp,%edi,4),	%esi;\
154	movzx	a ## B,		%edi;\
155	xor	s2(%ebp,%edi,4),c ## D;\
156	movzx	b ## B,		%edi;\
157	xor	s1(%ebp,%edi,4),%esi;\
158	movzx	a ## H,		%edi;\
159	ror	$15,		a ## D;\
160	xor	s3(%ebp,%edi,4),c ## D;\
161	movzx	b ## H,		%edi;\
162	xor	s2(%ebp,%edi,4),%esi;\
163	pop	%edi;\
164	add	%esi,		c ## D;\
165	add	c ## D,		%esi;\
166	add	k+round(%ebp),	c ## D;\
167	xor	%edi,		c ## D;\
168	add	k+4+round(%ebp),%esi;\
169	xor	%esi,		d ## D;\
170	rol	$15,		d ## D;
171
172/*
173 * a input register containing a
174 * b input register containing b (rotated 16)
175 * c input register containing c
176 * d input register containing d (already rol $1)
177 * operations on a and b are interleaved to increase performance
178 * last round has different rotations for the output preparation
179 */
180#define decrypt_last_round(a,b,c,d,round)\
181	push	c ## D;\
182	movzx	a ## B,		%edi;\
183	mov	(%ebp,%edi,4),	c ## D;\
184	movzx	b ## B,		%edi;\
185	mov	s3(%ebp,%edi,4),%esi;\
186	movzx	a ## H,		%edi;\
187	ror	$16,		a ## D;\
188	xor	s1(%ebp,%edi,4),c ## D;\
189	movzx	b ## H,		%edi;\
190	ror	$16,		b ## D;\
191	xor	(%ebp,%edi,4),	%esi;\
192	movzx	a ## B,		%edi;\
193	xor	s2(%ebp,%edi,4),c ## D;\
194	movzx	b ## B,		%edi;\
195	xor	s1(%ebp,%edi,4),%esi;\
196	movzx	a ## H,		%edi;\
197	ror	$16,		a ## D;\
198	xor	s3(%ebp,%edi,4),c ## D;\
199	movzx	b ## H,		%edi;\
200	xor	s2(%ebp,%edi,4),%esi;\
201	pop	%edi;\
202	add	%esi,		c ## D;\
203	add	c ## D,		%esi;\
204	add	k+round(%ebp),	c ## D;\
205	xor	%edi,		c ## D;\
206	add	k+4+round(%ebp),%esi;\
207	xor	%esi,		d ## D;\
208	ror	$1,		d ## D;
209
210SYM_FUNC_START(twofish_enc_blk)
211	push	%ebp			/* save registers according to calling convention*/
212	push    %ebx
213	push    %esi
214	push    %edi
215
216	mov	ctx + 16(%esp),	%ebp	/* abuse the base pointer: set new base
217					 * pointer to the ctx address */
218	mov     in_blk+16(%esp),%edi	/* input address in edi */
219
220	mov	(%edi),		%eax
221	mov	b_offset(%edi),	%ebx
222	mov	c_offset(%edi),	%ecx
223	mov	d_offset(%edi),	%edx
224	input_whitening(%eax,%ebp,a_offset)
225	ror	$16,	%eax
226	input_whitening(%ebx,%ebp,b_offset)
227	input_whitening(%ecx,%ebp,c_offset)
228	input_whitening(%edx,%ebp,d_offset)
229	rol	$1,	%edx
230
231	encrypt_round(R0,R1,R2,R3,0);
232	encrypt_round(R2,R3,R0,R1,8);
233	encrypt_round(R0,R1,R2,R3,2*8);
234	encrypt_round(R2,R3,R0,R1,3*8);
235	encrypt_round(R0,R1,R2,R3,4*8);
236	encrypt_round(R2,R3,R0,R1,5*8);
237	encrypt_round(R0,R1,R2,R3,6*8);
238	encrypt_round(R2,R3,R0,R1,7*8);
239	encrypt_round(R0,R1,R2,R3,8*8);
240	encrypt_round(R2,R3,R0,R1,9*8);
241	encrypt_round(R0,R1,R2,R3,10*8);
242	encrypt_round(R2,R3,R0,R1,11*8);
243	encrypt_round(R0,R1,R2,R3,12*8);
244	encrypt_round(R2,R3,R0,R1,13*8);
245	encrypt_round(R0,R1,R2,R3,14*8);
246	encrypt_last_round(R2,R3,R0,R1,15*8);
247
248	output_whitening(%eax,%ebp,c_offset)
249	output_whitening(%ebx,%ebp,d_offset)
250	output_whitening(%ecx,%ebp,a_offset)
251	output_whitening(%edx,%ebp,b_offset)
252	mov	out_blk+16(%esp),%edi;
253	mov	%eax,		c_offset(%edi)
254	mov	%ebx,		d_offset(%edi)
255	mov	%ecx,		(%edi)
256	mov	%edx,		b_offset(%edi)
257
258	pop	%edi
259	pop	%esi
260	pop	%ebx
261	pop	%ebp
262	mov	$1,	%eax
263	RET
264SYM_FUNC_END(twofish_enc_blk)
265
266SYM_FUNC_START(twofish_dec_blk)
267	push	%ebp			/* save registers according to calling convention*/
268	push    %ebx
269	push    %esi
270	push    %edi
271
272
273	mov	ctx + 16(%esp),	%ebp	/* abuse the base pointer: set new base
274					 * pointer to the ctx address */
275	mov     in_blk+16(%esp),%edi	/* input address in edi */
276
277	mov	(%edi),		%eax
278	mov	b_offset(%edi),	%ebx
279	mov	c_offset(%edi),	%ecx
280	mov	d_offset(%edi),	%edx
281	output_whitening(%eax,%ebp,a_offset)
282	output_whitening(%ebx,%ebp,b_offset)
283	ror	$16,	%ebx
284	output_whitening(%ecx,%ebp,c_offset)
285	output_whitening(%edx,%ebp,d_offset)
286	rol	$1,	%ecx
287
288	decrypt_round(R0,R1,R2,R3,15*8);
289	decrypt_round(R2,R3,R0,R1,14*8);
290	decrypt_round(R0,R1,R2,R3,13*8);
291	decrypt_round(R2,R3,R0,R1,12*8);
292	decrypt_round(R0,R1,R2,R3,11*8);
293	decrypt_round(R2,R3,R0,R1,10*8);
294	decrypt_round(R0,R1,R2,R3,9*8);
295	decrypt_round(R2,R3,R0,R1,8*8);
296	decrypt_round(R0,R1,R2,R3,7*8);
297	decrypt_round(R2,R3,R0,R1,6*8);
298	decrypt_round(R0,R1,R2,R3,5*8);
299	decrypt_round(R2,R3,R0,R1,4*8);
300	decrypt_round(R0,R1,R2,R3,3*8);
301	decrypt_round(R2,R3,R0,R1,2*8);
302	decrypt_round(R0,R1,R2,R3,1*8);
303	decrypt_last_round(R2,R3,R0,R1,0);
304
305	input_whitening(%eax,%ebp,c_offset)
306	input_whitening(%ebx,%ebp,d_offset)
307	input_whitening(%ecx,%ebp,a_offset)
308	input_whitening(%edx,%ebp,b_offset)
309	mov	out_blk+16(%esp),%edi;
310	mov	%eax,		c_offset(%edi)
311	mov	%ebx,		d_offset(%edi)
312	mov	%ecx,		(%edi)
313	mov	%edx,		b_offset(%edi)
314
315	pop	%edi
316	pop	%esi
317	pop	%ebx
318	pop	%ebp
319	mov	$1,	%eax
320	RET
321SYM_FUNC_END(twofish_dec_blk)
322