Sākums Izpētīt Palīdzība
Pierakstīties
phcoder
/
grub-savannah-mirror
spogulis no https://git.savannah.gnu.org/git/grub.git
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Atzars: master
Atzari Tagi
grub-savanna...
/
grub-core
/
lib
/
libgcrypt
/
cipher
/
sm4-aarch64.S

sm4-aarch64.S 19 KB
Patstāvīgā saite Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645 
  1. /* sm4-aarch64.S  -  ARMv8/AArch64 accelerated SM4 cipher
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2022 Alibaba Group.
    4. 

  4.  * Copyright (C) 2022 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
    5. 

  5.  *
    6. 

  6.  * This file is part of Libgcrypt.
    7. 

  7.  *
    8. 

  8.  * Libgcrypt is free software; you can redistribute it and/or modify
    9. 

  9.  * it under the terms of the GNU Lesser General Public License as
    10. 

  10.  * published by the Free Software Foundation; either version 2.1 of
    11. 

  11.  * the License, or (at your option) any later version.
    12. 

  12.  *
    13. 

  13.  * Libgcrypt is distributed in the hope that it will be useful,
    14. 

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16. 

  16.  * GNU Lesser General Public License for more details.
    17. 

  17.  *
    18. 

  18.  * You should have received a copy of the GNU Lesser General Public
    19. 

  19.  * License along with this program; if not, see <http://www.gnu.org/licenses/>.
    20. 

  20.  */
    21. 

  21. 

  22. #include "asm-common-aarch64.h"
    23. 

  23. 

  24. #if defined(__AARCH64EL__) && \
    25. 

  25.     defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \
    26. 

  26.     defined(HAVE_GCC_INLINE_ASM_AARCH64_NEON) && \
    27. 

  27.     defined(USE_SM4)
    28. 

  28. 

  29. .cpu generic+simd
    30. 

  30. 

  31. /* Constants */
    32. 

  32. 

  33. SECTION_RODATA
    34. 

  34. .align 4
    35. 

  35. ELF(.type _gcry_sm4_aarch64_consts,@object)
    36. 

  36. _gcry_sm4_aarch64_consts:
    37. 

  37. .Lsm4_sbox:
    38. 

  38.   .byte 0xd6, 0x90, 0xe9, 0xfe, 0xcc, 0xe1, 0x3d, 0xb7
    39. 

  39.   .byte 0x16, 0xb6, 0x14, 0xc2, 0x28, 0xfb, 0x2c, 0x05
    40. 

  40.   .byte 0x2b, 0x67, 0x9a, 0x76, 0x2a, 0xbe, 0x04, 0xc3
    41. 

  41.   .byte 0xaa, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99
    42. 

  42.   .byte 0x9c, 0x42, 0x50, 0xf4, 0x91, 0xef, 0x98, 0x7a
    43. 

  43.   .byte 0x33, 0x54, 0x0b, 0x43, 0xed, 0xcf, 0xac, 0x62
    44. 

  44.   .byte 0xe4, 0xb3, 0x1c, 0xa9, 0xc9, 0x08, 0xe8, 0x95
    45. 

  45.   .byte 0x80, 0xdf, 0x94, 0xfa, 0x75, 0x8f, 0x3f, 0xa6
    46. 

  46.   .byte 0x47, 0x07, 0xa7, 0xfc, 0xf3, 0x73, 0x17, 0xba
    47. 

  47.   .byte 0x83, 0x59, 0x3c, 0x19, 0xe6, 0x85, 0x4f, 0xa8
    48. 

  48.   .byte 0x68, 0x6b, 0x81, 0xb2, 0x71, 0x64, 0xda, 0x8b
    49. 

  49.   .byte 0xf8, 0xeb, 0x0f, 0x4b, 0x70, 0x56, 0x9d, 0x35
    50. 

  50.   .byte 0x1e, 0x24, 0x0e, 0x5e, 0x63, 0x58, 0xd1, 0xa2
    51. 

  51.   .byte 0x25, 0x22, 0x7c, 0x3b, 0x01, 0x21, 0x78, 0x87
    52. 

  52.   .byte 0xd4, 0x00, 0x46, 0x57, 0x9f, 0xd3, 0x27, 0x52
    53. 

  53.   .byte 0x4c, 0x36, 0x02, 0xe7, 0xa0, 0xc4, 0xc8, 0x9e
    54. 

  54.   .byte 0xea, 0xbf, 0x8a, 0xd2, 0x40, 0xc7, 0x38, 0xb5
    55. 

  55.   .byte 0xa3, 0xf7, 0xf2, 0xce, 0xf9, 0x61, 0x15, 0xa1
    56. 

  56.   .byte 0xe0, 0xae, 0x5d, 0xa4, 0x9b, 0x34, 0x1a, 0x55
    57. 

  57.   .byte 0xad, 0x93, 0x32, 0x30, 0xf5, 0x8c, 0xb1, 0xe3
    58. 

  58.   .byte 0x1d, 0xf6, 0xe2, 0x2e, 0x82, 0x66, 0xca, 0x60
    59. 

  59.   .byte 0xc0, 0x29, 0x23, 0xab, 0x0d, 0x53, 0x4e, 0x6f
    60. 

  60.   .byte 0xd5, 0xdb, 0x37, 0x45, 0xde, 0xfd, 0x8e, 0x2f
    61. 

  61.   .byte 0x03, 0xff, 0x6a, 0x72, 0x6d, 0x6c, 0x5b, 0x51
    62. 

  62.   .byte 0x8d, 0x1b, 0xaf, 0x92, 0xbb, 0xdd, 0xbc, 0x7f
    63. 

  63.   .byte 0x11, 0xd9, 0x5c, 0x41, 0x1f, 0x10, 0x5a, 0xd8
    64. 

  64.   .byte 0x0a, 0xc1, 0x31, 0x88, 0xa5, 0xcd, 0x7b, 0xbd
    65. 

  65.   .byte 0x2d, 0x74, 0xd0, 0x12, 0xb8, 0xe5, 0xb4, 0xb0
    66. 

  66.   .byte 0x89, 0x69, 0x97, 0x4a, 0x0c, 0x96, 0x77, 0x7e
    67. 

  67.   .byte 0x65, 0xb9, 0xf1, 0x09, 0xc5, 0x6e, 0xc6, 0x84
    68. 

  68.   .byte 0x18, 0xf0, 0x7d, 0xec, 0x3a, 0xdc, 0x4d, 0x20
    69. 

  69.   .byte 0x79, 0xee, 0x5f, 0x3e, 0xd7, 0xcb, 0x39, 0x48
    70. 

  70. ELF(.size _gcry_sm4_aarch64_consts,.-_gcry_sm4_aarch64_consts)
    71. 

  71. 

  72. /* Register macros */
    73. 

  73. 

  74. #define RTMP0   v8
    75. 

  75. #define RTMP1   v9
    76. 

  76. #define RTMP2   v10
    77. 

  77. #define RTMP3   v11
    78. 

  78. 

  79. #define RX0     v12
    80. 

  80. #define RX1     v13
    81. 

  81. #define RKEY    v14
    82. 

  82. #define RIV     v15
    83. 

  83. 

  84. /* Helper macros. */
    85. 

  85. 

  86. #define preload_sbox(ptr)                   \
    87. 

  87.         GET_DATA_POINTER(ptr, .Lsm4_sbox);  \
    88. 

  88.         ld1 {v16.16b-v19.16b}, [ptr], #64;  \
    89. 

  89.         ld1 {v20.16b-v23.16b}, [ptr], #64;  \
    90. 

  90.         ld1 {v24.16b-v27.16b}, [ptr], #64;  \
    91. 

  91.         ld1 {v28.16b-v31.16b}, [ptr];
    92. 

  92. 

  93. #define transpose_4x4(s0, s1, s2, s3)       \
    94. 

  94.         zip1 RTMP0.4s, s0.4s, s1.4s;        \
    95. 

  95.         zip1 RTMP1.4s, s2.4s, s3.4s;        \
    96. 

  96.         zip2 RTMP2.4s, s0.4s, s1.4s;        \
    97. 

  97.         zip2 RTMP3.4s, s2.4s, s3.4s;        \
    98. 

  98.         zip1 s0.2d, RTMP0.2d, RTMP1.2d;     \
    99. 

  99.         zip2 s1.2d, RTMP0.2d, RTMP1.2d;     \
    100. 

  100.         zip1 s2.2d, RTMP2.2d, RTMP3.2d;     \
    101. 

  101.         zip2 s3.2d, RTMP2.2d, RTMP3.2d;
    102. 

  102. 

  103. #define rotate_clockwise_90(s0, s1, s2, s3) \
    104. 

  104.         zip1 RTMP0.4s, s1.4s, s0.4s;        \
    105. 

  105.         zip2 RTMP1.4s, s1.4s, s0.4s;        \
    106. 

  106.         zip1 RTMP2.4s, s3.4s, s2.4s;        \
    107. 

  107.         zip2 RTMP3.4s, s3.4s, s2.4s;        \
    108. 

  108.         zip1 s0.2d, RTMP2.2d, RTMP0.2d;     \
    109. 

  109.         zip2 s1.2d, RTMP2.2d, RTMP0.2d;     \
    110. 

  110.         zip1 s2.2d, RTMP3.2d, RTMP1.2d;     \
    111. 

  111.         zip2 s3.2d, RTMP3.2d, RTMP1.2d;
    112. 

  112. 

  113. 

  114. .text
    115. 

  115. 

  116. .align 4
    117. 

  117. ELF(.type sm4_aarch64_crypt_blk1_4,%function;)
    118. 

  118. sm4_aarch64_crypt_blk1_4:
    119. 

  119.     /* input:
    120. 

  120.      *   x0: round key array, CTX
    121. 

  121.      *   x1: dst
    122. 

  122.      *   x2: src
    123. 

  123.      *   x3: num blocks (1..4)
    124. 

  124.      */
    125. 

  125.     CFI_STARTPROC();
    126. 

  126.     VPUSH_ABI;
    127. 

  127. 

  128.     preload_sbox(x5);
    129. 

  129. 

  130.     ld1 {v0.16b}, [x2], #16;
    131. 

  131.     mov v1.16b, v0.16b;
    132. 

  132.     mov v2.16b, v0.16b;
    133. 

  133.     mov v3.16b, v0.16b;
    134. 

  134.     cmp x3, #2;
    135. 

  135.     blt .Lblk4_load_input_done;
    136. 

  136.     ld1 {v1.16b}, [x2], #16;
    137. 

  137.     beq .Lblk4_load_input_done;
    138. 

  138.     ld1 {v2.16b}, [x2], #16;
    139. 

  139.     cmp x3, #3;
    140. 

  140.     beq .Lblk4_load_input_done;
    141. 

  141.     ld1 {v3.16b}, [x2];
    142. 

  142. 

  143. .Lblk4_load_input_done:
    144. 

  144. 

  145.     rev32 v0.16b, v0.16b;
    146. 

  146.     rev32 v1.16b, v1.16b;
    147. 

  147.     rev32 v2.16b, v2.16b;
    148. 

  148.     rev32 v3.16b, v3.16b;
    149. 

  149. 

  150.     transpose_4x4(v0, v1, v2, v3);
    151. 

  151. 

  152. #define ROUND(round, s0, s1, s2, s3)                     \
    153. 

  153.         dup RX0.4s, RKEY.s[round];                       \
    154. 

  154.         /* rk ^ s1 ^ s2 ^ s3 */                          \
    155. 

  155.         eor RTMP1.16b, s2.16b, s3.16b;                   \
    156. 

  156.         eor RX0.16b, RX0.16b, s1.16b;                    \
    157. 

  157.         eor RX0.16b, RX0.16b, RTMP1.16b;                 \
    158. 

  158.                                                          \
    159. 

  159.         /* sbox, non-linear part */                      \
    160. 

  160.         movi RTMP3.16b, #64;    /* sizeof(sbox) / 4 */   \
    161. 

  161.         tbl RTMP0.16b, {v16.16b-v19.16b}, RX0.16b;       \
    162. 

  162.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    163. 

  163.         tbx RTMP0.16b, {v20.16b-v23.16b}, RX0.16b;       \
    164. 

  164.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    165. 

  165.         tbx RTMP0.16b, {v24.16b-v27.16b}, RX0.16b;       \
    166. 

  166.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    167. 

  167.         tbx RTMP0.16b, {v28.16b-v31.16b}, RX0.16b;       \
    168. 

  168.                                                          \
    169. 

  169.         /* linear part */                                \
    170. 

  170.         shl RTMP1.4s, RTMP0.4s, #8;                      \
    171. 

  171.         shl RTMP2.4s, RTMP0.4s, #16;                     \
    172. 

  172.         shl RTMP3.4s, RTMP0.4s, #24;                     \
    173. 

  173.         sri RTMP1.4s, RTMP0.4s, #(32-8);                 \
    174. 

  174.         sri RTMP2.4s, RTMP0.4s, #(32-16);                \
    175. 

  175.         sri RTMP3.4s, RTMP0.4s, #(32-24);                \
    176. 

  176.         /* RTMP1 = x ^ rol32(x, 8) ^ rol32(x, 16) */     \
    177. 

  177.         eor RTMP1.16b, RTMP1.16b, RTMP0.16b;             \
    178. 

  178.         eor RTMP1.16b, RTMP1.16b, RTMP2.16b;             \
    179. 

  179.         /* RTMP3 = x ^ rol32(x, 24) ^ rol32(RTMP1, 2) */ \
    180. 

  180.         eor RTMP3.16b, RTMP3.16b, RTMP0.16b;             \
    181. 

  181.         shl RTMP2.4s, RTMP1.4s, 2;                       \
    182. 

  182.         sri RTMP2.4s, RTMP1.4s, #(32-2);                 \
    183. 

  183.         eor RTMP3.16b, RTMP3.16b, RTMP2.16b;             \
    184. 

  184.         /* s0 ^= RTMP3 */                                \
    185. 

  185.         eor s0.16b, s0.16b, RTMP3.16b;
    186. 

  186. 

  187.     mov x6, 8;
    188. 

  188. .Lroundloop4:
    189. 

  189.     ld1 {RKEY.4s}, [x0], #16;
    190. 

  190.     subs x6, x6, #1;
    191. 

  191. 

  192.     ROUND(0, v0, v1, v2, v3);
    193. 

  193.     ROUND(1, v1, v2, v3, v0);
    194. 

  194.     ROUND(2, v2, v3, v0, v1);
    195. 

  195.     ROUND(3, v3, v0, v1, v2);
    196. 

  196. 

  197.     bne .Lroundloop4;
    198. 

  198. 

  199. #undef ROUND
    200. 

  200. 

  201.     rotate_clockwise_90(v0, v1, v2, v3);
    202. 

  202.     rev32 v0.16b, v0.16b;
    203. 

  203.     rev32 v1.16b, v1.16b;
    204. 

  204.     rev32 v2.16b, v2.16b;
    205. 

  205.     rev32 v3.16b, v3.16b;
    206. 

  206. 

  207.     st1 {v0.16b}, [x1], #16;
    208. 

  208.     cmp x3, #2;
    209. 

  209.     blt .Lblk4_store_output_done;
    210. 

  210.     st1 {v1.16b}, [x1], #16;
    211. 

  211.     beq .Lblk4_store_output_done;
    212. 

  212.     st1 {v2.16b}, [x1], #16;
    213. 

  213.     cmp x3, #3;
    214. 

  214.     beq .Lblk4_store_output_done;
    215. 

  215.     st1 {v3.16b}, [x1];
    216. 

  216. 

  217. .Lblk4_store_output_done:
    218. 

  218.     VPOP_ABI;
    219. 

  219.     ret_spec_stop;
    220. 

  220.     CFI_ENDPROC();
    221. 

  221. ELF(.size sm4_aarch64_crypt_blk1_4,.-sm4_aarch64_crypt_blk1_4;)
    222. 

  222. 

  223. .align 4
    224. 

  224. ELF(.type __sm4_crypt_blk8,%function;)
    225. 

  225. __sm4_crypt_blk8:
    226. 

  226.     /* input:
    227. 

  227.      *   x0: round key array, CTX
    228. 

  228.      *   v16-v31: fill with sbox
    229. 

  229.      *   v0, v1, v2, v3, v4, v5, v6, v7: eight parallel plaintext blocks
    230. 

  230.      * output:
    231. 

  231.      *   v0, v1, v2, v3, v4, v5, v6, v7: eight parallel ciphertext blocks
    232. 

  232.      */
    233. 

  233.     CFI_STARTPROC();
    234. 

  234. 

  235.     rev32 v0.16b, v0.16b;
    236. 

  236.     rev32 v1.16b, v1.16b;
    237. 

  237.     rev32 v2.16b, v2.16b;
    238. 

  238.     rev32 v3.16b, v3.16b;
    239. 

  239.     rev32 v4.16b, v4.16b;
    240. 

  240.     rev32 v5.16b, v5.16b;
    241. 

  241.     rev32 v6.16b, v6.16b;
    242. 

  242.     rev32 v7.16b, v7.16b;
    243. 

  243. 

  244.     transpose_4x4(v0, v1, v2, v3);
    245. 

  245.     transpose_4x4(v4, v5, v6, v7);
    246. 

  246. 

  247. #define ROUND(round, s0, s1, s2, s3, t0, t1, t2, t3)     \
    248. 

  248.         /* rk ^ s1 ^ s2 ^ s3 */                          \
    249. 

  249.         dup RX0.4s, RKEY.s[round];                       \
    250. 

  250.         eor RTMP0.16b, s2.16b, s3.16b;                   \
    251. 

  251.         mov RX1.16b, RX0.16b;                            \
    252. 

  252.         eor RTMP1.16b, t2.16b, t3.16b;                   \
    253. 

  253.         eor RX0.16b, RX0.16b, s1.16b;                    \
    254. 

  254.         eor RX1.16b, RX1.16b, t1.16b;                    \
    255. 

  255.         eor RX0.16b, RX0.16b, RTMP0.16b;                 \
    256. 

  256.         eor RX1.16b, RX1.16b, RTMP1.16b;                 \
    257. 

  257.                                                          \
    258. 

  258.         /* sbox, non-linear part */                      \
    259. 

  259.         movi RTMP3.16b, #64;    /* sizeof(sbox) / 4 */   \
    260. 

  260.         tbl RTMP0.16b, {v16.16b-v19.16b}, RX0.16b;       \
    261. 

  261.         tbl RTMP1.16b, {v16.16b-v19.16b}, RX1.16b;       \
    262. 

  262.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    263. 

  263.         sub RX1.16b, RX1.16b, RTMP3.16b;                 \
    264. 

  264.         tbx RTMP0.16b, {v20.16b-v23.16b}, RX0.16b;       \
    265. 

  265.         tbx RTMP1.16b, {v20.16b-v23.16b}, RX1.16b;       \
    266. 

  266.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    267. 

  267.         sub RX1.16b, RX1.16b, RTMP3.16b;                 \
    268. 

  268.         tbx RTMP0.16b, {v24.16b-v27.16b}, RX0.16b;       \
    269. 

  269.         tbx RTMP1.16b, {v24.16b-v27.16b}, RX1.16b;       \
    270. 

  270.         sub RX0.16b, RX0.16b, RTMP3.16b;                 \
    271. 

  271.         sub RX1.16b, RX1.16b, RTMP3.16b;                 \
    272. 

  272.         tbx RTMP0.16b, {v28.16b-v31.16b}, RX0.16b;       \
    273. 

  273.         tbx RTMP1.16b, {v28.16b-v31.16b}, RX1.16b;       \
    274. 

  274.                                                          \
    275. 

  275.         /* linear part */                                \
    276. 

  276.         shl RX0.4s, RTMP0.4s, #8;                        \
    277. 

  277.         shl RX1.4s, RTMP1.4s, #8;                        \
    278. 

  278.         shl RTMP2.4s, RTMP0.4s, #16;                     \
    279. 

  279.         shl RTMP3.4s, RTMP1.4s, #16;                     \
    280. 

  280.         sri RX0.4s, RTMP0.4s, #(32 - 8);                 \
    281. 

  281.         sri RX1.4s, RTMP1.4s, #(32 - 8);                 \
    282. 

  282.         sri RTMP2.4s, RTMP0.4s, #(32 - 16);              \
    283. 

  283.         sri RTMP3.4s, RTMP1.4s, #(32 - 16);              \
    284. 

  284.         /* RX = x ^ rol32(x, 8) ^ rol32(x, 16) */        \
    285. 

  285.         eor RX0.16b, RX0.16b, RTMP0.16b;                 \
    286. 

  286.         eor RX1.16b, RX1.16b, RTMP1.16b;                 \
    287. 

  287.         eor RX0.16b, RX0.16b, RTMP2.16b;                 \
    288. 

  288.         eor RX1.16b, RX1.16b, RTMP3.16b;                 \
    289. 

  289.         /* RTMP0/1 ^= x ^ rol32(x, 24) ^ rol32(RX, 2) */ \
    290. 

  290.         shl RTMP2.4s, RTMP0.4s, #24;                     \
    291. 

  291.         shl RTMP3.4s, RTMP1.4s, #24;                     \
    292. 

  292.         sri RTMP2.4s, RTMP0.4s, #(32 - 24);              \
    293. 

  293.         sri RTMP3.4s, RTMP1.4s, #(32 - 24);              \
    294. 

  294.         eor RTMP0.16b, RTMP0.16b, RTMP2.16b;             \
    295. 

  295.         eor RTMP1.16b, RTMP1.16b, RTMP3.16b;             \
    296. 

  296.         shl RTMP2.4s, RX0.4s, #2;                        \
    297. 

  297.         shl RTMP3.4s, RX1.4s, #2;                        \
    298. 

  298.         sri RTMP2.4s, RX0.4s, #(32 - 2);                 \
    299. 

  299.         sri RTMP3.4s, RX1.4s, #(32 - 2);                 \
    300. 

  300.         eor RTMP0.16b, RTMP0.16b, RTMP2.16b;             \
    301. 

  301.         eor RTMP1.16b, RTMP1.16b, RTMP3.16b;             \
    302. 

  302.         /* s0/t0 ^= RTMP0/1 */                           \
    303. 

  303.         eor s0.16b, s0.16b, RTMP0.16b;                   \
    304. 

  304.         eor t0.16b, t0.16b, RTMP1.16b;
    305. 

  305. 

  306.     mov x6, 8;
    307. 

  307. .Lroundloop8:
    308. 

  308.     ld1 {RKEY.4s}, [x0], #16;
    309. 

  309.     subs x6, x6, #1;
    310. 

  310. 

  311.     ROUND(0, v0, v1, v2, v3, v4, v5, v6, v7);
    312. 

  312.     ROUND(1, v1, v2, v3, v0, v5, v6, v7, v4);
    313. 

  313.     ROUND(2, v2, v3, v0, v1, v6, v7, v4, v5);
    314. 

  314.     ROUND(3, v3, v0, v1, v2, v7, v4, v5, v6);
    315. 

  315. 

  316.     bne .Lroundloop8;
    317. 

  317. 

  318. #undef ROUND
    319. 

  319. 

  320.     rotate_clockwise_90(v0, v1, v2, v3);
    321. 

  321.     rotate_clockwise_90(v4, v5, v6, v7);
    322. 

  322.     rev32 v0.16b, v0.16b;
    323. 

  323.     rev32 v1.16b, v1.16b;
    324. 

  324.     rev32 v2.16b, v2.16b;
    325. 

  325.     rev32 v3.16b, v3.16b;
    326. 

  326.     rev32 v4.16b, v4.16b;
    327. 

  327.     rev32 v5.16b, v5.16b;
    328. 

  328.     rev32 v6.16b, v6.16b;
    329. 

  329.     rev32 v7.16b, v7.16b;
    330. 

  330. 

  331.     sub x0, x0, #128;       /* repoint to rkey */
    332. 

  332.     ret;
    333. 

  333.     CFI_ENDPROC();
    334. 

  334. ELF(.size __sm4_crypt_blk8,.-__sm4_crypt_blk8;)
    335. 

  335. 

  336. .align 4
    337. 

  337. .global _gcry_sm4_aarch64_crypt_blk1_8
    338. 

  338. ELF(.type _gcry_sm4_aarch64_crypt_blk1_8,%function;)
    339. 

  339. _gcry_sm4_aarch64_crypt_blk1_8:
    340. 

  340.     /* input:
    341. 

  341.      *   x0: round key array, CTX
    342. 

  342.      *   x1: dst
    343. 

  343.      *   x2: src
    344. 

  344.      *   x3: num blocks (1..8)
    345. 

  345.      */
    346. 

  346.     CFI_STARTPROC();
    347. 

  347. 

  348.     cmp x3, #5;
    349. 

  349.     blt sm4_aarch64_crypt_blk1_4;
    350. 

  350. 

  351.     stp x29, x30, [sp, #-16]!;
    352. 

  352.     CFI_ADJUST_CFA_OFFSET(16);
    353. 

  353.     CFI_REG_ON_STACK(29, 0);
    354. 

  354.     CFI_REG_ON_STACK(30, 8);
    355. 

  355.     VPUSH_ABI;
    356. 

  356. 

  357.     preload_sbox(x5);
    358. 

  358. 

  359.     ld1 {v0.16b-v3.16b}, [x2], #64;
    360. 

  360.     ld1 {v4.16b}, [x2], #16;
    361. 

  361.     mov v5.16b, v4.16b;
    362. 

  362.     mov v6.16b, v4.16b;
    363. 

  363.     mov v7.16b, v4.16b;
    364. 

  364.     beq .Lblk8_load_input_done;
    365. 

  365.     ld1 {v5.16b}, [x2], #16;
    366. 

  366.     cmp x3, #7;
    367. 

  367.     blt .Lblk8_load_input_done;
    368. 

  368.     ld1 {v6.16b}, [x2], #16;
    369. 

  369.     beq .Lblk8_load_input_done;
    370. 

  370.     ld1 {v7.16b}, [x2];
    371. 

  371. 

  372. .Lblk8_load_input_done:
    373. 

  373.     bl __sm4_crypt_blk8;
    374. 

  374. 

  375.     cmp x3, #6;
    376. 

  376.     st1 {v0.16b-v3.16b}, [x1], #64;
    377. 

  377.     st1 {v4.16b}, [x1], #16;
    378. 

  378.     blt .Lblk8_store_output_done;
    379. 

  379.     st1 {v5.16b}, [x1], #16;
    380. 

  380.     beq .Lblk8_store_output_done;
    381. 

  381.     st1 {v6.16b}, [x1], #16;
    382. 

  382.     cmp x3, #7;
    383. 

  383.     beq .Lblk8_store_output_done;
    384. 

  384.     st1 {v7.16b}, [x1];
    385. 

  385. 

  386. .Lblk8_store_output_done:
    387. 

  387.     VPOP_ABI;
    388. 

  388.     ldp x29, x30, [sp], #16;
    389. 

  389.     CFI_ADJUST_CFA_OFFSET(-16);
    390. 

  390.     CFI_RESTORE(x29);
    391. 

  391.     CFI_RESTORE(x30);
    392. 

  392.     ret_spec_stop;
    393. 

  393.     CFI_ENDPROC();
    394. 

  394. ELF(.size _gcry_sm4_aarch64_crypt_blk1_8,.-_gcry_sm4_aarch64_crypt_blk1_8;)
    395. 

  395. 

  396. 

  397. .align 4
    398. 

  398. .global _gcry_sm4_aarch64_crypt
    399. 

  399. ELF(.type _gcry_sm4_aarch64_crypt,%function;)
    400. 

  400. _gcry_sm4_aarch64_crypt:
    401. 

  401.     /* input:
    402. 

  402.      *   x0: round key array, CTX
    403. 

  403.      *   x1: dst
    404. 

  404.      *   x2: src
    405. 

  405.      *   x3: nblocks (multiples of 8)
    406. 

  406.      */
    407. 

  407.     CFI_STARTPROC();
    408. 

  408. 

  409.     stp x29, x30, [sp, #-16]!;
    410. 

  410.     CFI_ADJUST_CFA_OFFSET(16);
    411. 

  411.     CFI_REG_ON_STACK(29, 0);
    412. 

  412.     CFI_REG_ON_STACK(30, 8);
    413. 

  413.     VPUSH_ABI;
    414. 

  414. 

  415.     preload_sbox(x5);
    416. 

  416. 

  417. .Lcrypt_loop_blk:
    418. 

  418.     subs x3, x3, #8;
    419. 

  419.     bmi .Lcrypt_end;
    420. 

  420. 

  421.     ld1 {v0.16b-v3.16b}, [x2], #64;
    422. 

  422.     ld1 {v4.16b-v7.16b}, [x2], #64;
    423. 

  423.     bl __sm4_crypt_blk8;
    424. 

  424.     st1 {v0.16b-v3.16b}, [x1], #64;
    425. 

  425.     st1 {v4.16b-v7.16b}, [x1], #64;
    426. 

  426.     b .Lcrypt_loop_blk;
    427. 

  427. 

  428. .Lcrypt_end:
    429. 

  429.     VPOP_ABI;
    430. 

  430.     ldp x29, x30, [sp], #16;
    431. 

  431.     CFI_ADJUST_CFA_OFFSET(-16);
    432. 

  432.     CFI_RESTORE(x29);
    433. 

  433.     CFI_RESTORE(x30);
    434. 

  434.     ret_spec_stop;
    435. 

  435.     CFI_ENDPROC();
    436. 

  436. ELF(.size _gcry_sm4_aarch64_crypt,.-_gcry_sm4_aarch64_crypt;)
    437. 

  437. 

  438. 

  439. .align 4
    440. 

  440. .global _gcry_sm4_aarch64_cbc_dec
    441. 

  441. ELF(.type _gcry_sm4_aarch64_cbc_dec,%function;)
    442. 

  442. _gcry_sm4_aarch64_cbc_dec:
    443. 

  443.     /* input:
    444. 

  444.      *   x0: round key array, CTX
    445. 

  445.      *   x1: dst
    446. 

  446.      *   x2: src
    447. 

  447.      *   x3: iv (big endian, 128 bit)
    448. 

  448.      *   x4: nblocks (multiples of 8)
    449. 

  449.      */
    450. 

  450.     CFI_STARTPROC();
    451. 

  451. 

  452.     stp x29, x30, [sp, #-16]!;
    453. 

  453.     CFI_ADJUST_CFA_OFFSET(16);
    454. 

  454.     CFI_REG_ON_STACK(29, 0);
    455. 

  455.     CFI_REG_ON_STACK(30, 8);
    456. 

  456.     VPUSH_ABI;
    457. 

  457. 

  458.     preload_sbox(x5);
    459. 

  459.     ld1 {RIV.16b}, [x3];
    460. 

  460. 

  461. .Lcbc_loop_blk:
    462. 

  462.     subs x4, x4, #8;
    463. 

  463.     bmi .Lcbc_end;
    464. 

  464. 

  465.     ld1 {v0.16b-v3.16b}, [x2], #64;
    466. 

  466.     ld1 {v4.16b-v7.16b}, [x2];
    467. 

  467. 

  468.     bl __sm4_crypt_blk8;
    469. 

  469. 

  470.     sub x2, x2, #64;
    471. 

  471.     eor v0.16b, v0.16b, RIV.16b;
    472. 

  472.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    473. 

  473.     eor v1.16b, v1.16b, RTMP0.16b;
    474. 

  474.     eor v2.16b, v2.16b, RTMP1.16b;
    475. 

  475.     eor v3.16b, v3.16b, RTMP2.16b;
    476. 

  476.     st1 {v0.16b-v3.16b}, [x1], #64;
    477. 

  477. 

  478.     eor v4.16b, v4.16b, RTMP3.16b;
    479. 

  479.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    480. 

  480.     eor v5.16b, v5.16b, RTMP0.16b;
    481. 

  481.     eor v6.16b, v6.16b, RTMP1.16b;
    482. 

  482.     eor v7.16b, v7.16b, RTMP2.16b;
    483. 

  483. 

  484.     mov RIV.16b, RTMP3.16b;
    485. 

  485.     st1 {v4.16b-v7.16b}, [x1], #64;
    486. 

  486. 

  487.     b .Lcbc_loop_blk;
    488. 

  488. 

  489. .Lcbc_end:
    490. 

  490.     /* store new IV */
    491. 

  491.     st1 {RIV.16b}, [x3];
    492. 

  492. 

  493.     VPOP_ABI;
    494. 

  494.     ldp x29, x30, [sp], #16;
    495. 

  495.     CFI_ADJUST_CFA_OFFSET(-16);
    496. 

  496.     CFI_RESTORE(x29);
    497. 

  497.     CFI_RESTORE(x30);
    498. 

  498.     ret_spec_stop;
    499. 

  499.     CFI_ENDPROC();
    500. 

  500. ELF(.size _gcry_sm4_aarch64_cbc_dec,.-_gcry_sm4_aarch64_cbc_dec;)
    501. 

  501. 

  502. .align 4
    503. 

  503. .global _gcry_sm4_aarch64_cfb_dec
    504. 

  504. ELF(.type _gcry_sm4_aarch64_cfb_dec,%function;)
    505. 

  505. _gcry_sm4_aarch64_cfb_dec:
    506. 

  506.     /* input:
    507. 

  507.      *   x0: round key array, CTX
    508. 

  508.      *   x1: dst
    509. 

  509.      *   x2: src
    510. 

  510.      *   x3: iv (big endian, 128 bit)
    511. 

  511.      *   x4: nblocks (multiples of 8)
    512. 

  512.      */
    513. 

  513.     CFI_STARTPROC();
    514. 

  514. 

  515.     stp x29, x30, [sp, #-16]!;
    516. 

  516.     CFI_ADJUST_CFA_OFFSET(16);
    517. 

  517.     CFI_REG_ON_STACK(29, 0);
    518. 

  518.     CFI_REG_ON_STACK(30, 8);
    519. 

  519.     VPUSH_ABI;
    520. 

  520. 

  521.     preload_sbox(x5);
    522. 

  522.     ld1 {v0.16b}, [x3];
    523. 

  523. 

  524. .Lcfb_loop_blk:
    525. 

  525.     subs x4, x4, #8;
    526. 

  526.     bmi .Lcfb_end;
    527. 

  527. 

  528.     ld1 {v1.16b, v2.16b, v3.16b}, [x2], #48;
    529. 

  529.     ld1 {v4.16b-v7.16b}, [x2];
    530. 

  530. 

  531.     bl __sm4_crypt_blk8;
    532. 

  532. 

  533.     sub x2, x2, #48;
    534. 

  534.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    535. 

  535.     eor v0.16b, v0.16b, RTMP0.16b;
    536. 

  536.     eor v1.16b, v1.16b, RTMP1.16b;
    537. 

  537.     eor v2.16b, v2.16b, RTMP2.16b;
    538. 

  538.     eor v3.16b, v3.16b, RTMP3.16b;
    539. 

  539.     st1 {v0.16b-v3.16b}, [x1], #64;
    540. 

  540. 

  541.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    542. 

  542.     eor v4.16b, v4.16b, RTMP0.16b;
    543. 

  543.     eor v5.16b, v5.16b, RTMP1.16b;
    544. 

  544.     eor v6.16b, v6.16b, RTMP2.16b;
    545. 

  545.     eor v7.16b, v7.16b, RTMP3.16b;
    546. 

  546.     st1 {v4.16b-v7.16b}, [x1], #64;
    547. 

  547. 

  548.     mov v0.16b, RTMP3.16b;
    549. 

  549. 

  550.     b .Lcfb_loop_blk;
    551. 

  551. 

  552. .Lcfb_end:
    553. 

  553.     /* store new IV */
    554. 

  554.     st1 {v0.16b}, [x3];
    555. 

  555. 

  556.     VPOP_ABI;
    557. 

  557.     ldp x29, x30, [sp], #16;
    558. 

  558.     CFI_ADJUST_CFA_OFFSET(-16);
    559. 

  559.     CFI_RESTORE(x29);
    560. 

  560.     CFI_RESTORE(x30);
    561. 

  561.     ret_spec_stop;
    562. 

  562.     CFI_ENDPROC();
    563. 

  563. ELF(.size _gcry_sm4_aarch64_cfb_dec,.-_gcry_sm4_aarch64_cfb_dec;)
    564. 

  564. 

  565. .align 4
    566. 

  566. .global _gcry_sm4_aarch64_ctr_enc
    567. 

  567. ELF(.type _gcry_sm4_aarch64_ctr_enc,%function;)
    568. 

  568. _gcry_sm4_aarch64_ctr_enc:
    569. 

  569.     /* input:
    570. 

  570.      *   x0: round key array, CTX
    571. 

  571.      *   x1: dst
    572. 

  572.      *   x2: src
    573. 

  573.      *   x3: ctr (big endian, 128 bit)
    574. 

  574.      *   x4: nblocks (multiples of 8)
    575. 

  575.      */
    576. 

  576.     CFI_STARTPROC();
    577. 

  577. 

  578.     stp x29, x30, [sp, #-16]!;
    579. 

  579.     CFI_ADJUST_CFA_OFFSET(16);
    580. 

  580.     CFI_REG_ON_STACK(29, 0);
    581. 

  581.     CFI_REG_ON_STACK(30, 8);
    582. 

  582.     VPUSH_ABI;
    583. 

  583. 

  584.     preload_sbox(x5);
    585. 

  585. 

  586.     ldp x7, x8, [x3];
    587. 

  587.     rev x7, x7;
    588. 

  588.     rev x8, x8;
    589. 

  589. 

  590. .Lctr_loop_blk:
    591. 

  591.     subs x4, x4, #8;
    592. 

  592.     bmi .Lctr_end;
    593. 

  593. 

  594. #define inc_le128(vctr)       \
    595. 

  595.     mov vctr.d[1], x8;        \
    596. 

  596.     mov vctr.d[0], x7;        \
    597. 

  597.     adds x8, x8, #1;          \
    598. 

  598.     adc x7, x7, xzr;          \
    599. 

  599.     rev64 vctr.16b, vctr.16b;
    600. 

  600. 

  601.     /* construct CTRs */
    602. 

  602.     inc_le128(v0);      /* +0 */
    603. 

  603.     inc_le128(v1);      /* +1 */
    604. 

  604.     inc_le128(v2);      /* +2 */
    605. 

  605.     inc_le128(v3);      /* +3 */
    606. 

  606.     inc_le128(v4);      /* +4 */
    607. 

  607.     inc_le128(v5);      /* +5 */
    608. 

  608.     inc_le128(v6);      /* +6 */
    609. 

  609.     inc_le128(v7);      /* +7 */
    610. 

  610. 

  611.     bl __sm4_crypt_blk8;
    612. 

  612. 

  613.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    614. 

  614.     eor v0.16b, v0.16b, RTMP0.16b;
    615. 

  615.     eor v1.16b, v1.16b, RTMP1.16b;
    616. 

  616.     eor v2.16b, v2.16b, RTMP2.16b;
    617. 

  617.     eor v3.16b, v3.16b, RTMP3.16b;
    618. 

  618.     st1 {v0.16b-v3.16b}, [x1], #64;
    619. 

  619. 

  620.     ld1 {RTMP0.16b-RTMP3.16b}, [x2], #64;
    621. 

  621.     eor v4.16b, v4.16b, RTMP0.16b;
    622. 

  622.     eor v5.16b, v5.16b, RTMP1.16b;
    623. 

  623.     eor v6.16b, v6.16b, RTMP2.16b;
    624. 

  624.     eor v7.16b, v7.16b, RTMP3.16b;
    625. 

  625.     st1 {v4.16b-v7.16b}, [x1], #64;
    626. 

  626. 

  627.     b .Lctr_loop_blk;
    628. 

  628. 

  629. .Lctr_end:
    630. 

  630.     /* store new CTR */
    631. 

  631.     rev x7, x7;
    632. 

  632.     rev x8, x8;
    633. 

  633.     stp x7, x8, [x3];
    634. 

  634. 

  635.     VPOP_ABI;
    636. 

  636.     ldp x29, x30, [sp], #16;
    637. 

  637.     CFI_ADJUST_CFA_OFFSET(-16);
    638. 

  638.     CFI_RESTORE(x29);
    639. 

  639.     CFI_RESTORE(x30);
    640. 

  640.     ret_spec_stop;
    641. 

  641.     CFI_ENDPROC();
    642. 

  642. ELF(.size _gcry_sm4_aarch64_ctr_enc,.-_gcry_sm4_aarch64_ctr_enc;)
    643. 

  643. 

  644. #endif
    645. 

  645.