Home Explore Help
Sign In
Rydia
/
linux-phytium
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
linux-phytium
/
arch
/
arm64
/
crypto
/
sha3-ce-core.S

sha3-ce-core.S 6.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. /* SPDX-License-Identifier: GPL-2.0 */
    2. 

  2. /*
    3. 

  3.  * sha3-ce-core.S - core SHA-3 transform using v8.2 Crypto Extensions
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License version 2 as
    9. 

  9.  * published by the Free Software Foundation.
    10. 

  10.  */
    11. 

  11. 

  12. #include <linux/linkage.h>
    13. 

  13. #include <asm/assembler.h>
    14. 

  14. 

  15. 	.irp	b,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
    16. 

  16. 	.set	.Lv\b\().2d, \b
    17. 

  17. 	.set	.Lv\b\().16b, \b
    18. 

  18. 	.endr
    19. 

  19. 

  20. 	/*
    21. 

  21. 	 * ARMv8.2 Crypto Extensions instructions
    22. 

  22. 	 */
    23. 

  23. 	.macro	eor3, rd, rn, rm, ra
    24. 

  24. 	.inst	0xce000000 | .L\rd | (.L\rn << 5) | (.L\ra << 10) | (.L\rm << 16)
    25. 

  25. 	.endm
    26. 

  26. 

  27. 	.macro	rax1, rd, rn, rm
    28. 

  28. 	.inst	0xce608c00 | .L\rd | (.L\rn << 5) | (.L\rm << 16)
    29. 

  29. 	.endm
    30. 

  30. 

  31. 	.macro	bcax, rd, rn, rm, ra
    32. 

  32. 	.inst	0xce200000 | .L\rd | (.L\rn << 5) | (.L\ra << 10) | (.L\rm << 16)
    33. 

  33. 	.endm
    34. 

  34. 

  35. 	.macro	xar, rd, rn, rm, imm6
    36. 

  36. 	.inst	0xce800000 | .L\rd | (.L\rn << 5) | ((\imm6) << 10) | (.L\rm << 16)
    37. 

  37. 	.endm
    38. 

  38. 

  39. 	/*
    40. 

  40. 	 * sha3_ce_transform(u64 *st, const u8 *data, int blocks, int dg_size)
    41. 

  41. 	 */
    42. 

  42. 	.text
    43. 

  43. ENTRY(sha3_ce_transform)
    44. 

  44. 	frame_push	4
    45. 

  45. 

  46. 	mov	x19, x0
    47. 

  47. 	mov	x20, x1
    48. 

  48. 	mov	x21, x2
    49. 

  49. 	mov	x22, x3
    50. 

  50. 

  51. 0:	/* load state */
    52. 

  52. 	add	x8, x19, #32
    53. 

  53. 	ld1	{ v0.1d- v3.1d}, [x19]
    54. 

  54. 	ld1	{ v4.1d- v7.1d}, [x8], #32
    55. 

  55. 	ld1	{ v8.1d-v11.1d}, [x8], #32
    56. 

  56. 	ld1	{v12.1d-v15.1d}, [x8], #32
    57. 

  57. 	ld1	{v16.1d-v19.1d}, [x8], #32
    58. 

  58. 	ld1	{v20.1d-v23.1d}, [x8], #32
    59. 

  59. 	ld1	{v24.1d}, [x8]
    60. 

  60. 

  61. 1:	sub	w21, w21, #1
    62. 

  62. 	mov	w8, #24
    63. 

  63. 	adr_l	x9, .Lsha3_rcon
    64. 

  64. 

  65. 	/* load input */
    66. 

  66. 	ld1	{v25.8b-v28.8b}, [x20], #32
    67. 

  67. 	ld1	{v29.8b-v31.8b}, [x20], #24
    68. 

  68. 	eor	v0.8b, v0.8b, v25.8b
    69. 

  69. 	eor	v1.8b, v1.8b, v26.8b
    70. 

  70. 	eor	v2.8b, v2.8b, v27.8b
    71. 

  71. 	eor	v3.8b, v3.8b, v28.8b
    72. 

  72. 	eor	v4.8b, v4.8b, v29.8b
    73. 

  73. 	eor	v5.8b, v5.8b, v30.8b
    74. 

  74. 	eor	v6.8b, v6.8b, v31.8b
    75. 

  75. 

  76. 	tbnz	x22, #6, 3f		// SHA3-512
    77. 

  77. 

  78. 	ld1	{v25.8b-v28.8b}, [x20], #32
    79. 

  79. 	ld1	{v29.8b-v30.8b}, [x20], #16
    80. 

  80. 	eor	 v7.8b,  v7.8b, v25.8b
    81. 

  81. 	eor	 v8.8b,  v8.8b, v26.8b
    82. 

  82. 	eor	 v9.8b,  v9.8b, v27.8b
    83. 

  83. 	eor	v10.8b, v10.8b, v28.8b
    84. 

  84. 	eor	v11.8b, v11.8b, v29.8b
    85. 

  85. 	eor	v12.8b, v12.8b, v30.8b
    86. 

  86. 

  87. 	tbnz	x22, #4, 2f		// SHA3-384 or SHA3-224
    88. 

  88. 

  89. 	// SHA3-256
    90. 

  90. 	ld1	{v25.8b-v28.8b}, [x20], #32
    91. 

  91. 	eor	v13.8b, v13.8b, v25.8b
    92. 

  92. 	eor	v14.8b, v14.8b, v26.8b
    93. 

  93. 	eor	v15.8b, v15.8b, v27.8b
    94. 

  94. 	eor	v16.8b, v16.8b, v28.8b
    95. 

  95. 	b	4f
    96. 

  96. 

  97. 2:	tbz	x22, #2, 4f		// bit 2 cleared? SHA-384
    98. 

  98. 

  99. 	// SHA3-224
    100. 

  100. 	ld1	{v25.8b-v28.8b}, [x20], #32
    101. 

  101. 	ld1	{v29.8b}, [x20], #8
    102. 

  102. 	eor	v13.8b, v13.8b, v25.8b
    103. 

  103. 	eor	v14.8b, v14.8b, v26.8b
    104. 

  104. 	eor	v15.8b, v15.8b, v27.8b
    105. 

  105. 	eor	v16.8b, v16.8b, v28.8b
    106. 

  106. 	eor	v17.8b, v17.8b, v29.8b
    107. 

  107. 	b	4f
    108. 

  108. 

  109. 	// SHA3-512
    110. 

  110. 3:	ld1	{v25.8b-v26.8b}, [x20], #16
    111. 

  111. 	eor	 v7.8b,  v7.8b, v25.8b
    112. 

  112. 	eor	 v8.8b,  v8.8b, v26.8b
    113. 

  113. 

  114. 4:	sub	w8, w8, #1
    115. 

  115. 

  116. 	eor3	v29.16b,  v4.16b,  v9.16b, v14.16b
    117. 

  117. 	eor3	v26.16b,  v1.16b,  v6.16b, v11.16b
    118. 

  118. 	eor3	v28.16b,  v3.16b,  v8.16b, v13.16b
    119. 

  119. 	eor3	v25.16b,  v0.16b,  v5.16b, v10.16b
    120. 

  120. 	eor3	v27.16b,  v2.16b,  v7.16b, v12.16b
    121. 

  121. 	eor3	v29.16b, v29.16b, v19.16b, v24.16b
    122. 

  122. 	eor3	v26.16b, v26.16b, v16.16b, v21.16b
    123. 

  123. 	eor3	v28.16b, v28.16b, v18.16b, v23.16b
    124. 

  124. 	eor3	v25.16b, v25.16b, v15.16b, v20.16b
    125. 

  125. 	eor3	v27.16b, v27.16b, v17.16b, v22.16b
    126. 

  126. 

  127. 	rax1	v30.2d, v29.2d, v26.2d	// bc[0]
    128. 

  128. 	rax1	v26.2d, v26.2d, v28.2d	// bc[2]
    129. 

  129. 	rax1	v28.2d, v28.2d, v25.2d	// bc[4]
    130. 

  130. 	rax1	v25.2d, v25.2d, v27.2d	// bc[1]
    131. 

  131. 	rax1	v27.2d, v27.2d, v29.2d	// bc[3]
    132. 

  132. 

  133. 	eor	 v0.16b,  v0.16b, v30.16b
    134. 

  134. 	xar	 v29.2d,   v1.2d,  v25.2d, (64 - 1)
    135. 

  135. 	xar	  v1.2d,   v6.2d,  v25.2d, (64 - 44)
    136. 

  136. 	xar	  v6.2d,   v9.2d,  v28.2d, (64 - 20)
    137. 

  137. 	xar	  v9.2d,  v22.2d,  v26.2d, (64 - 61)
    138. 

  138. 	xar	 v22.2d,  v14.2d,  v28.2d, (64 - 39)
    139. 

  139. 	xar	 v14.2d,  v20.2d,  v30.2d, (64 - 18)
    140. 

  140. 	xar	 v31.2d,   v2.2d,  v26.2d, (64 - 62)
    141. 

  141. 	xar	  v2.2d,  v12.2d,  v26.2d, (64 - 43)
    142. 

  142. 	xar	 v12.2d,  v13.2d,  v27.2d, (64 - 25)
    143. 

  143. 	xar	 v13.2d,  v19.2d,  v28.2d, (64 - 8)
    144. 

  144. 	xar	 v19.2d,  v23.2d,  v27.2d, (64 - 56)
    145. 

  145. 	xar	 v23.2d,  v15.2d,  v30.2d, (64 - 41)
    146. 

  146. 	xar	 v15.2d,   v4.2d,  v28.2d, (64 - 27)
    147. 

  147. 	xar	 v28.2d,  v24.2d,  v28.2d, (64 - 14)
    148. 

  148. 	xar	 v24.2d,  v21.2d,  v25.2d, (64 - 2)
    149. 

  149. 	xar	  v8.2d,   v8.2d,  v27.2d, (64 - 55)
    150. 

  150. 	xar	  v4.2d,  v16.2d,  v25.2d, (64 - 45)
    151. 

  151. 	xar	 v16.2d,   v5.2d,  v30.2d, (64 - 36)
    152. 

  152. 	xar	  v5.2d,   v3.2d,  v27.2d, (64 - 28)
    153. 

  153. 	xar	 v27.2d,  v18.2d,  v27.2d, (64 - 21)
    154. 

  154. 	xar	  v3.2d,  v17.2d,  v26.2d, (64 - 15)
    155. 

  155. 	xar	 v25.2d,  v11.2d,  v25.2d, (64 - 10)
    156. 

  156. 	xar	 v26.2d,   v7.2d,  v26.2d, (64 - 6)
    157. 

  157. 	xar	 v30.2d,  v10.2d,  v30.2d, (64 - 3)
    158. 

  158. 

  159. 	bcax	v20.16b, v31.16b, v22.16b,  v8.16b
    160. 

  160. 	bcax	v21.16b,  v8.16b, v23.16b, v22.16b
    161. 

  161. 	bcax	v22.16b, v22.16b, v24.16b, v23.16b
    162. 

  162. 	bcax	v23.16b, v23.16b, v31.16b, v24.16b
    163. 

  163. 	bcax	v24.16b, v24.16b,  v8.16b, v31.16b
    164. 

  164. 

  165. 	ld1r	{v31.2d}, [x9], #8
    166. 

  166. 

  167. 	bcax	v17.16b, v25.16b, v19.16b,  v3.16b
    168. 

  168. 	bcax	v18.16b,  v3.16b, v15.16b, v19.16b
    169. 

  169. 	bcax	v19.16b, v19.16b, v16.16b, v15.16b
    170. 

  170. 	bcax	v15.16b, v15.16b, v25.16b, v16.16b
    171. 

  171. 	bcax	v16.16b, v16.16b,  v3.16b, v25.16b
    172. 

  172. 

  173. 	bcax	v10.16b, v29.16b, v12.16b, v26.16b
    174. 

  174. 	bcax	v11.16b, v26.16b, v13.16b, v12.16b
    175. 

  175. 	bcax	v12.16b, v12.16b, v14.16b, v13.16b
    176. 

  176. 	bcax	v13.16b, v13.16b, v29.16b, v14.16b
    177. 

  177. 	bcax	v14.16b, v14.16b, v26.16b, v29.16b
    178. 

  178. 

  179. 	bcax	 v7.16b, v30.16b,  v9.16b,  v4.16b
    180. 

  180. 	bcax	 v8.16b,  v4.16b,  v5.16b,  v9.16b
    181. 

  181. 	bcax	 v9.16b,  v9.16b,  v6.16b,  v5.16b
    182. 

  182. 	bcax	 v5.16b,  v5.16b, v30.16b,  v6.16b
    183. 

  183. 	bcax	 v6.16b,  v6.16b,  v4.16b, v30.16b
    184. 

  184. 

  185. 	bcax	 v3.16b, v27.16b,  v0.16b, v28.16b
    186. 

  186. 	bcax	 v4.16b, v28.16b,  v1.16b,  v0.16b
    187. 

  187. 	bcax	 v0.16b,  v0.16b,  v2.16b,  v1.16b
    188. 

  188. 	bcax	 v1.16b,  v1.16b, v27.16b,  v2.16b
    189. 

  189. 	bcax	 v2.16b,  v2.16b, v28.16b, v27.16b
    190. 

  190. 

  191. 	eor	 v0.16b,  v0.16b, v31.16b
    192. 

  192. 

  193. 	cbnz	w8, 4b
    194. 

  194. 	cbz	w21, 5f
    195. 

  195. 

  196. 	if_will_cond_yield_neon
    197. 

  197. 	add	x8, x19, #32
    198. 

  198. 	st1	{ v0.1d- v3.1d}, [x19]
    199. 

  199. 	st1	{ v4.1d- v7.1d}, [x8], #32
    200. 

  200. 	st1	{ v8.1d-v11.1d}, [x8], #32
    201. 

  201. 	st1	{v12.1d-v15.1d}, [x8], #32
    202. 

  202. 	st1	{v16.1d-v19.1d}, [x8], #32
    203. 

  203. 	st1	{v20.1d-v23.1d}, [x8], #32
    204. 

  204. 	st1	{v24.1d}, [x8]
    205. 

  205. 	do_cond_yield_neon
    206. 

  206. 	b		0b
    207. 

  207. 	endif_yield_neon
    208. 

  208. 

  209. 	b	1b
    210. 

  210. 

  211. 	/* save state */
    212. 

  212. 5:	st1	{ v0.1d- v3.1d}, [x19], #32
    213. 

  213. 	st1	{ v4.1d- v7.1d}, [x19], #32
    214. 

  214. 	st1	{ v8.1d-v11.1d}, [x19], #32
    215. 

  215. 	st1	{v12.1d-v15.1d}, [x19], #32
    216. 

  216. 	st1	{v16.1d-v19.1d}, [x19], #32
    217. 

  217. 	st1	{v20.1d-v23.1d}, [x19], #32
    218. 

  218. 	st1	{v24.1d}, [x19]
    219. 

  219. 	frame_pop
    220. 

  220. 	ret
    221. 

  221. ENDPROC(sha3_ce_transform)
    222. 

  222. 

  223. 	.section	".rodata", "a"
    224. 

  224. 	.align		8
    225. 

  225. .Lsha3_rcon:
    226. 

  226. 	.quad	0x0000000000000001, 0x0000000000008082, 0x800000000000808a
    227. 

  227. 	.quad	0x8000000080008000, 0x000000000000808b, 0x0000000080000001
    228. 

  228. 	.quad	0x8000000080008081, 0x8000000000008009, 0x000000000000008a
    229. 

  229. 	.quad	0x0000000000000088, 0x0000000080008009, 0x000000008000000a
    230. 

  230. 	.quad	0x000000008000808b, 0x800000000000008b, 0x8000000000008089
    231. 

  231. 	.quad	0x8000000000008003, 0x8000000000008002, 0x8000000000000080
    232. 

  232. 	.quad	0x000000000000800a, 0x800000008000000a, 0x8000000080008081
    233. 

  233. 	.quad	0x8000000000008080, 0x0000000080000001, 0x8000000080008008
    234. 

  234.