xref: /linux/lib/crypto/arm64/sha3-ce-core.S (revision 5abe8d8efc022cc78b6273d01e4a453242b9f4d8) 
11e29a750SEric Biggers/* SPDX-License-Identifier: GPL-2.0 */
21e29a750SEric Biggers/*
3*95ce85deSEric Biggers * Core SHA-3 transform using v8.2 Crypto Extensions
41e29a750SEric Biggers *
51e29a750SEric Biggers * Copyright (C) 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
61e29a750SEric Biggers *
71e29a750SEric Biggers * This program is free software; you can redistribute it and/or modify
81e29a750SEric Biggers * it under the terms of the GNU General Public License version 2 as
91e29a750SEric Biggers * published by the Free Software Foundation.
101e29a750SEric Biggers */
111e29a750SEric Biggers
121e29a750SEric Biggers#include <linux/linkage.h>
131e29a750SEric Biggers#include <asm/assembler.h>
141e29a750SEric Biggers
151e29a750SEric Biggers	.irp	b,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
161e29a750SEric Biggers	.set	.Lv\b\().2d, \b
171e29a750SEric Biggers	.set	.Lv\b\().16b, \b
181e29a750SEric Biggers	.endr
191e29a750SEric Biggers
201e29a750SEric Biggers	/*
211e29a750SEric Biggers	 * ARMv8.2 Crypto Extensions instructions
221e29a750SEric Biggers	 */
231e29a750SEric Biggers	.macro	eor3, rd, rn, rm, ra
241e29a750SEric Biggers	.inst	0xce000000 | .L\rd | (.L\rn << 5) | (.L\ra << 10) | (.L\rm << 16)
251e29a750SEric Biggers	.endm
261e29a750SEric Biggers
271e29a750SEric Biggers	.macro	rax1, rd, rn, rm
281e29a750SEric Biggers	.inst	0xce608c00 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
291e29a750SEric Biggers	.endm
301e29a750SEric Biggers
311e29a750SEric Biggers	.macro	bcax, rd, rn, rm, ra
321e29a750SEric Biggers	.inst	0xce200000 | .L\rd | (.L\rn << 5) | (.L\ra << 10) | (.L\rm << 16)
331e29a750SEric Biggers	.endm
341e29a750SEric Biggers
351e29a750SEric Biggers	.macro	xar, rd, rn, rm, imm6
361e29a750SEric Biggers	.inst	0xce800000 | .L\rd | (.L\rn << 5) | ((\imm6) << 10) | (.L\rm << 16)
371e29a750SEric Biggers	.endm
381e29a750SEric Biggers
391e29a750SEric Biggers	/*
401e29a750SEric Biggers	 * size_t sha3_ce_transform(struct sha3_state *state, const u8 *data,
411e29a750SEric Biggers	 *			    size_t nblocks, size_t block_size)
421e29a750SEric Biggers	 *
431e29a750SEric Biggers	 * block_size is assumed to be one of 72 (SHA3-512), 104 (SHA3-384), 136
441e29a750SEric Biggers	 * (SHA3-256 and SHAKE256), 144 (SHA3-224), or 168 (SHAKE128).
451e29a750SEric Biggers	 */
461e29a750SEric Biggers	.text
471e29a750SEric BiggersSYM_FUNC_START(sha3_ce_transform)
481e29a750SEric Biggers	/* load state */
491e29a750SEric Biggers	add	x8, x0, #32
501e29a750SEric Biggers	ld1	{ v0.1d- v3.1d}, [x0]
511e29a750SEric Biggers	ld1	{ v4.1d- v7.1d}, [x8], #32
521e29a750SEric Biggers	ld1	{ v8.1d-v11.1d}, [x8], #32
531e29a750SEric Biggers	ld1	{v12.1d-v15.1d}, [x8], #32
541e29a750SEric Biggers	ld1	{v16.1d-v19.1d}, [x8], #32
551e29a750SEric Biggers	ld1	{v20.1d-v23.1d}, [x8], #32
561e29a750SEric Biggers	ld1	{v24.1d}, [x8]
571e29a750SEric Biggers
581e29a750SEric Biggers0:	sub	x2, x2, #1
591e29a750SEric Biggers	mov	w8, #24
601e29a750SEric Biggers	adr_l	x9, .Lsha3_rcon
611e29a750SEric Biggers
621e29a750SEric Biggers	/* load input */
631e29a750SEric Biggers	ld1	{v25.8b-v28.8b}, [x1], #32
641e29a750SEric Biggers	ld1	{v29.8b}, [x1], #8
651e29a750SEric Biggers	eor	v0.8b, v0.8b, v25.8b
661e29a750SEric Biggers	eor	v1.8b, v1.8b, v26.8b
671e29a750SEric Biggers	eor	v2.8b, v2.8b, v27.8b
681e29a750SEric Biggers	eor	v3.8b, v3.8b, v28.8b
691e29a750SEric Biggers	eor	v4.8b, v4.8b, v29.8b
701e29a750SEric Biggers
711e29a750SEric Biggers	ld1	{v25.8b-v28.8b}, [x1], #32
721e29a750SEric Biggers	eor	v5.8b, v5.8b, v25.8b
731e29a750SEric Biggers	eor	v6.8b, v6.8b, v26.8b
741e29a750SEric Biggers	eor	v7.8b, v7.8b, v27.8b
751e29a750SEric Biggers	eor	v8.8b, v8.8b, v28.8b
761e29a750SEric Biggers	cmp	x3, #72
771e29a750SEric Biggers	b.eq	3f	/* SHA3-512 (block_size=72)? */
781e29a750SEric Biggers
791e29a750SEric Biggers	ld1	{v25.8b-v28.8b}, [x1], #32
801e29a750SEric Biggers	eor	v9.8b, v9.8b, v25.8b
811e29a750SEric Biggers	eor	v10.8b, v10.8b, v26.8b
821e29a750SEric Biggers	eor	v11.8b, v11.8b, v27.8b
831e29a750SEric Biggers	eor	v12.8b, v12.8b, v28.8b
841e29a750SEric Biggers	cmp	x3, #104
851e29a750SEric Biggers	b.eq	3f	/* SHA3-384 (block_size=104)? */
861e29a750SEric Biggers
871e29a750SEric Biggers	ld1	{v25.8b-v28.8b}, [x1], #32
881e29a750SEric Biggers	eor	v13.8b, v13.8b, v25.8b
891e29a750SEric Biggers	eor	v14.8b, v14.8b, v26.8b
901e29a750SEric Biggers	eor	v15.8b, v15.8b, v27.8b
911e29a750SEric Biggers	eor	v16.8b, v16.8b, v28.8b
921e29a750SEric Biggers	cmp	x3, #144
931e29a750SEric Biggers	b.lt	3f	/* SHA3-256 or SHAKE256 (block_size=136)? */
941e29a750SEric Biggers	b.eq	2f	/* SHA3-224 (block_size=144)? */
951e29a750SEric Biggers
961e29a750SEric Biggers	/* SHAKE128 (block_size=168) */
971e29a750SEric Biggers	ld1	{v25.8b-v28.8b}, [x1], #32
981e29a750SEric Biggers	eor	v17.8b, v17.8b, v25.8b
991e29a750SEric Biggers	eor	v18.8b, v18.8b, v26.8b
1001e29a750SEric Biggers	eor	v19.8b, v19.8b, v27.8b
1011e29a750SEric Biggers	eor	v20.8b, v20.8b, v28.8b
1021e29a750SEric Biggers	b	3f
1031e29a750SEric Biggers2:
1041e29a750SEric Biggers	/* SHA3-224 (block_size=144) */
1051e29a750SEric Biggers	ld1	{v25.8b}, [x1], #8
1061e29a750SEric Biggers	eor	v17.8b, v17.8b, v25.8b
1071e29a750SEric Biggers
1081e29a750SEric Biggers3:	sub	w8, w8, #1
1091e29a750SEric Biggers
1101e29a750SEric Biggers	eor3	v29.16b,  v4.16b,  v9.16b, v14.16b
1111e29a750SEric Biggers	eor3	v26.16b,  v1.16b,  v6.16b, v11.16b
1121e29a750SEric Biggers	eor3	v28.16b,  v3.16b,  v8.16b, v13.16b
1131e29a750SEric Biggers	eor3	v25.16b,  v0.16b,  v5.16b, v10.16b
1141e29a750SEric Biggers	eor3	v27.16b,  v2.16b,  v7.16b, v12.16b
1151e29a750SEric Biggers	eor3	v29.16b, v29.16b, v19.16b, v24.16b
1161e29a750SEric Biggers	eor3	v26.16b, v26.16b, v16.16b, v21.16b
1171e29a750SEric Biggers	eor3	v28.16b, v28.16b, v18.16b, v23.16b
1181e29a750SEric Biggers	eor3	v25.16b, v25.16b, v15.16b, v20.16b
1191e29a750SEric Biggers	eor3	v27.16b, v27.16b, v17.16b, v22.16b
1201e29a750SEric Biggers
1211e29a750SEric Biggers	rax1	v30.2d, v29.2d, v26.2d	// bc[0]
1221e29a750SEric Biggers	rax1	v26.2d, v26.2d, v28.2d	// bc[2]
1231e29a750SEric Biggers	rax1	v28.2d, v28.2d, v25.2d	// bc[4]
1241e29a750SEric Biggers	rax1	v25.2d, v25.2d, v27.2d	// bc[1]
1251e29a750SEric Biggers	rax1	v27.2d, v27.2d, v29.2d	// bc[3]
1261e29a750SEric Biggers
1271e29a750SEric Biggers	eor	 v0.16b,  v0.16b, v30.16b
1281e29a750SEric Biggers	xar	 v29.2d,   v1.2d,  v25.2d, (64 - 1)
1291e29a750SEric Biggers	xar	  v1.2d,   v6.2d,  v25.2d, (64 - 44)
1301e29a750SEric Biggers	xar	  v6.2d,   v9.2d,  v28.2d, (64 - 20)
1311e29a750SEric Biggers	xar	  v9.2d,  v22.2d,  v26.2d, (64 - 61)
1321e29a750SEric Biggers	xar	 v22.2d,  v14.2d,  v28.2d, (64 - 39)
1331e29a750SEric Biggers	xar	 v14.2d,  v20.2d,  v30.2d, (64 - 18)
1341e29a750SEric Biggers	xar	 v31.2d,   v2.2d,  v26.2d, (64 - 62)
1351e29a750SEric Biggers	xar	  v2.2d,  v12.2d,  v26.2d, (64 - 43)
1361e29a750SEric Biggers	xar	 v12.2d,  v13.2d,  v27.2d, (64 - 25)
1371e29a750SEric Biggers	xar	 v13.2d,  v19.2d,  v28.2d, (64 - 8)
1381e29a750SEric Biggers	xar	 v19.2d,  v23.2d,  v27.2d, (64 - 56)
1391e29a750SEric Biggers	xar	 v23.2d,  v15.2d,  v30.2d, (64 - 41)
1401e29a750SEric Biggers	xar	 v15.2d,   v4.2d,  v28.2d, (64 - 27)
1411e29a750SEric Biggers	xar	 v28.2d,  v24.2d,  v28.2d, (64 - 14)
1421e29a750SEric Biggers	xar	 v24.2d,  v21.2d,  v25.2d, (64 - 2)
1431e29a750SEric Biggers	xar	  v8.2d,   v8.2d,  v27.2d, (64 - 55)
1441e29a750SEric Biggers	xar	  v4.2d,  v16.2d,  v25.2d, (64 - 45)
1451e29a750SEric Biggers	xar	 v16.2d,   v5.2d,  v30.2d, (64 - 36)
1461e29a750SEric Biggers	xar	  v5.2d,   v3.2d,  v27.2d, (64 - 28)
1471e29a750SEric Biggers	xar	 v27.2d,  v18.2d,  v27.2d, (64 - 21)
1481e29a750SEric Biggers	xar	  v3.2d,  v17.2d,  v26.2d, (64 - 15)
1491e29a750SEric Biggers	xar	 v25.2d,  v11.2d,  v25.2d, (64 - 10)
1501e29a750SEric Biggers	xar	 v26.2d,   v7.2d,  v26.2d, (64 - 6)
1511e29a750SEric Biggers	xar	 v30.2d,  v10.2d,  v30.2d, (64 - 3)
1521e29a750SEric Biggers
1531e29a750SEric Biggers	bcax	v20.16b, v31.16b, v22.16b,  v8.16b
1541e29a750SEric Biggers	bcax	v21.16b,  v8.16b, v23.16b, v22.16b
1551e29a750SEric Biggers	bcax	v22.16b, v22.16b, v24.16b, v23.16b
1561e29a750SEric Biggers	bcax	v23.16b, v23.16b, v31.16b, v24.16b
1571e29a750SEric Biggers	bcax	v24.16b, v24.16b,  v8.16b, v31.16b
1581e29a750SEric Biggers
1591e29a750SEric Biggers	ld1r	{v31.2d}, [x9], #8
1601e29a750SEric Biggers
1611e29a750SEric Biggers	bcax	v17.16b, v25.16b, v19.16b,  v3.16b
1621e29a750SEric Biggers	bcax	v18.16b,  v3.16b, v15.16b, v19.16b
1631e29a750SEric Biggers	bcax	v19.16b, v19.16b, v16.16b, v15.16b
1641e29a750SEric Biggers	bcax	v15.16b, v15.16b, v25.16b, v16.16b
1651e29a750SEric Biggers	bcax	v16.16b, v16.16b,  v3.16b, v25.16b
1661e29a750SEric Biggers
1671e29a750SEric Biggers	bcax	v10.16b, v29.16b, v12.16b, v26.16b
1681e29a750SEric Biggers	bcax	v11.16b, v26.16b, v13.16b, v12.16b
1691e29a750SEric Biggers	bcax	v12.16b, v12.16b, v14.16b, v13.16b
1701e29a750SEric Biggers	bcax	v13.16b, v13.16b, v29.16b, v14.16b
1711e29a750SEric Biggers	bcax	v14.16b, v14.16b, v26.16b, v29.16b
1721e29a750SEric Biggers
1731e29a750SEric Biggers	bcax	 v7.16b, v30.16b,  v9.16b,  v4.16b
1741e29a750SEric Biggers	bcax	 v8.16b,  v4.16b,  v5.16b,  v9.16b
1751e29a750SEric Biggers	bcax	 v9.16b,  v9.16b,  v6.16b,  v5.16b
1761e29a750SEric Biggers	bcax	 v5.16b,  v5.16b, v30.16b,  v6.16b
1771e29a750SEric Biggers	bcax	 v6.16b,  v6.16b,  v4.16b, v30.16b
1781e29a750SEric Biggers
1791e29a750SEric Biggers	bcax	 v3.16b, v27.16b,  v0.16b, v28.16b
1801e29a750SEric Biggers	bcax	 v4.16b, v28.16b,  v1.16b,  v0.16b
1811e29a750SEric Biggers	bcax	 v0.16b,  v0.16b,  v2.16b,  v1.16b
1821e29a750SEric Biggers	bcax	 v1.16b,  v1.16b, v27.16b,  v2.16b
1831e29a750SEric Biggers	bcax	 v2.16b,  v2.16b, v28.16b, v27.16b
1841e29a750SEric Biggers
1851e29a750SEric Biggers	eor	 v0.16b,  v0.16b, v31.16b
1861e29a750SEric Biggers
1871e29a750SEric Biggers	cbnz	w8, 3b
1881e29a750SEric Biggers	cond_yield 4f, x8, x9
1891e29a750SEric Biggers	cbnz	x2, 0b
1901e29a750SEric Biggers
1911e29a750SEric Biggers	/* save state */
1921e29a750SEric Biggers4:	st1	{ v0.1d- v3.1d}, [x0], #32
1931e29a750SEric Biggers	st1	{ v4.1d- v7.1d}, [x0], #32
1941e29a750SEric Biggers	st1	{ v8.1d-v11.1d}, [x0], #32
1951e29a750SEric Biggers	st1	{v12.1d-v15.1d}, [x0], #32
1961e29a750SEric Biggers	st1	{v16.1d-v19.1d}, [x0], #32
1971e29a750SEric Biggers	st1	{v20.1d-v23.1d}, [x0], #32
1981e29a750SEric Biggers	st1	{v24.1d}, [x0]
1991e29a750SEric Biggers	mov	x0, x2
2001e29a750SEric Biggers	ret
2011e29a750SEric BiggersSYM_FUNC_END(sha3_ce_transform)
2021e29a750SEric Biggers
2031e29a750SEric Biggers	.section	".rodata", "a"
2041e29a750SEric Biggers	.align		8
2051e29a750SEric Biggers.Lsha3_rcon:
2061e29a750SEric Biggers	.quad	0x0000000000000001, 0x0000000000008082, 0x800000000000808a
2071e29a750SEric Biggers	.quad	0x8000000080008000, 0x000000000000808b, 0x0000000080000001
2081e29a750SEric Biggers	.quad	0x8000000080008081, 0x8000000000008009, 0x000000000000008a
2091e29a750SEric Biggers	.quad	0x0000000000000088, 0x0000000080008009, 0x000000008000000a
2101e29a750SEric Biggers	.quad	0x000000008000808b, 0x800000000000008b, 0x8000000000008089
2111e29a750SEric Biggers	.quad	0x8000000000008003, 0x8000000000008002, 0x8000000000000080
2121e29a750SEric Biggers	.quad	0x000000000000800a, 0x800000008000000a, 0x8000000080008081
2131e29a750SEric Biggers	.quad	0x8000000000008080, 0x0000000080000001, 0x8000000080008008
214