Home Explore Help
Sign In
Rydia
/
linux-phytium
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
linux-phytium
/
arch
/
arm64
/
crypto
/
sha2-ce-core.S

sha2-ce-core.S 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. /*
    2. 

  2.  * sha2-ce-core.S - core SHA-224/SHA-256 transform using v8 Crypto Extensions
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  */
    10. 

  10. 

  11. #include <linux/linkage.h>
    12. 

  12. #include <asm/assembler.h>
    13. 

  13. 

  14. 	.text
    15. 

  15. 	.arch		armv8-a+crypto
    16. 

  16. 

  17. 	dga		.req	q20
    18. 

  18. 	dgav		.req	v20
    19. 

  19. 	dgb		.req	q21
    20. 

  20. 	dgbv		.req	v21
    21. 

  21. 

  22. 	t0		.req	v22
    23. 

  23. 	t1		.req	v23
    24. 

  24. 

  25. 	dg0q		.req	q24
    26. 

  26. 	dg0v		.req	v24
    27. 

  27. 	dg1q		.req	q25
    28. 

  28. 	dg1v		.req	v25
    29. 

  29. 	dg2q		.req	q26
    30. 

  30. 	dg2v		.req	v26
    31. 

  31. 

  32. 	.macro		add_only, ev, rc, s0
    33. 

  33. 	mov		dg2v.16b, dg0v.16b
    34. 

  34. 	.ifeq		\ev
    35. 

  35. 	add		t1.4s, v\s0\().4s, \rc\().4s
    36. 

  36. 	sha256h		dg0q, dg1q, t0.4s
    37. 

  37. 	sha256h2	dg1q, dg2q, t0.4s
    38. 

  38. 	.else
    39. 

  39. 	.ifnb		\s0
    40. 

  40. 	add		t0.4s, v\s0\().4s, \rc\().4s
    41. 

  41. 	.endif
    42. 

  42. 	sha256h		dg0q, dg1q, t1.4s
    43. 

  43. 	sha256h2	dg1q, dg2q, t1.4s
    44. 

  44. 	.endif
    45. 

  45. 	.endm
    46. 

  46. 

  47. 	.macro		add_update, ev, rc, s0, s1, s2, s3
    48. 

  48. 	sha256su0	v\s0\().4s, v\s1\().4s
    49. 

  49. 	add_only	\ev, \rc, \s1
    50. 

  50. 	sha256su1	v\s0\().4s, v\s2\().4s, v\s3\().4s
    51. 

  51. 	.endm
    52. 

  52. 

  53. 	/*
    54. 

  54. 	 * The SHA-256 round constants
    55. 

  55. 	 */
    56. 

  56. 	.section	".rodata", "a"
    57. 

  57. 	.align		4
    58. 

  58. .Lsha2_rcon:
    59. 

  59. 	.word		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
    60. 

  60. 	.word		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
    61. 

  61. 	.word		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
    62. 

  62. 	.word		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
    63. 

  63. 	.word		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
    64. 

  64. 	.word		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
    65. 

  65. 	.word		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
    66. 

  66. 	.word		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
    67. 

  67. 	.word		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
    68. 

  68. 	.word		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
    69. 

  69. 	.word		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
    70. 

  70. 	.word		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
    71. 

  71. 	.word		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
    72. 

  72. 	.word		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
    73. 

  73. 	.word		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
    74. 

  74. 	.word		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
    75. 

  75. 

  76. 	/*
    77. 

  77. 	 * void sha2_ce_transform(struct sha256_ce_state *sst, u8 const *src,
    78. 

  78. 	 *			  int blocks)
    79. 

  79. 	 */
    80. 

  80. 	.text
    81. 

  81. ENTRY(sha2_ce_transform)
    82. 

  82. 	frame_push	3
    83. 

  83. 

  84. 	mov		x19, x0
    85. 

  85. 	mov		x20, x1
    86. 

  86. 	mov		x21, x2
    87. 

  87. 

  88. 	/* load round constants */
    89. 

  89. 0:	adr_l		x8, .Lsha2_rcon
    90. 

  90. 	ld1		{ v0.4s- v3.4s}, [x8], #64
    91. 

  91. 	ld1		{ v4.4s- v7.4s}, [x8], #64
    92. 

  92. 	ld1		{ v8.4s-v11.4s}, [x8], #64
    93. 

  93. 	ld1		{v12.4s-v15.4s}, [x8]
    94. 

  94. 

  95. 	/* load state */
    96. 

  96. 	ld1		{dgav.4s, dgbv.4s}, [x19]
    97. 

  97. 

  98. 	/* load sha256_ce_state::finalize */
    99. 

  99. 	ldr_l		w4, sha256_ce_offsetof_finalize, x4
    100. 

  100. 	ldr		w4, [x19, x4]
    101. 

  101. 

  102. 	/* load input */
    103. 

  103. 1:	ld1		{v16.4s-v19.4s}, [x20], #64
    104. 

  104. 	sub		w21, w21, #1
    105. 

  105. 

  106. CPU_LE(	rev32		v16.16b, v16.16b	)
    107. 

  107. CPU_LE(	rev32		v17.16b, v17.16b	)
    108. 

  108. CPU_LE(	rev32		v18.16b, v18.16b	)
    109. 

  109. CPU_LE(	rev32		v19.16b, v19.16b	)
    110. 

  110. 

  111. 2:	add		t0.4s, v16.4s, v0.4s
    112. 

  112. 	mov		dg0v.16b, dgav.16b
    113. 

  113. 	mov		dg1v.16b, dgbv.16b
    114. 

  114. 

  115. 	add_update	0,  v1, 16, 17, 18, 19
    116. 

  116. 	add_update	1,  v2, 17, 18, 19, 16
    117. 

  117. 	add_update	0,  v3, 18, 19, 16, 17
    118. 

  118. 	add_update	1,  v4, 19, 16, 17, 18
    119. 

  119. 

  120. 	add_update	0,  v5, 16, 17, 18, 19
    121. 

  121. 	add_update	1,  v6, 17, 18, 19, 16
    122. 

  122. 	add_update	0,  v7, 18, 19, 16, 17
    123. 

  123. 	add_update	1,  v8, 19, 16, 17, 18
    124. 

  124. 

  125. 	add_update	0,  v9, 16, 17, 18, 19
    126. 

  126. 	add_update	1, v10, 17, 18, 19, 16
    127. 

  127. 	add_update	0, v11, 18, 19, 16, 17
    128. 

  128. 	add_update	1, v12, 19, 16, 17, 18
    129. 

  129. 

  130. 	add_only	0, v13, 17
    131. 

  131. 	add_only	1, v14, 18
    132. 

  132. 	add_only	0, v15, 19
    133. 

  133. 	add_only	1
    134. 

  134. 

  135. 	/* update state */
    136. 

  136. 	add		dgav.4s, dgav.4s, dg0v.4s
    137. 

  137. 	add		dgbv.4s, dgbv.4s, dg1v.4s
    138. 

  138. 

  139. 	/* handled all input blocks? */
    140. 

  140. 	cbz		w21, 3f
    141. 

  141. 

  142. 	if_will_cond_yield_neon
    143. 

  143. 	st1		{dgav.4s, dgbv.4s}, [x19]
    144. 

  144. 	do_cond_yield_neon
    145. 

  145. 	b		0b
    146. 

  146. 	endif_yield_neon
    147. 

  147. 

  148. 	b		1b
    149. 

  149. 

  150. 	/*
    151. 

  151. 	 * Final block: add padding and total bit count.
    152. 

  152. 	 * Skip if the input size was not a round multiple of the block size,
    153. 

  153. 	 * the padding is handled by the C code in that case.
    154. 

  154. 	 */
    155. 

  155. 3:	cbz		x4, 4f
    156. 

  156. 	ldr_l		w4, sha256_ce_offsetof_count, x4
    157. 

  157. 	ldr		x4, [x19, x4]
    158. 

  158. 	movi		v17.2d, #0
    159. 

  159. 	mov		x8, #0x80000000
    160. 

  160. 	movi		v18.2d, #0
    161. 

  161. 	ror		x7, x4, #29		// ror(lsl(x4, 3), 32)
    162. 

  162. 	fmov		d16, x8
    163. 

  163. 	mov		x4, #0
    164. 

  164. 	mov		v19.d[0], xzr
    165. 

  165. 	mov		v19.d[1], x7
    166. 

  166. 	b		2b
    167. 

  167. 

  168. 	/* store new state */
    169. 

  169. 4:	st1		{dgav.4s, dgbv.4s}, [x19]
    170. 

  170. 	frame_pop
    171. 

  171. 	ret
    172. 

  172. ENDPROC(sha2_ce_transform)
    173. 

  173.