Lines Matching +full:3 +full:- +full:d
2 * crypto_helper.c - emulate v8 Crypto Extensions instructions
4 * Copyright (C) 2013 - 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
15 #include "exec/helper-proto.h"
16 #include "tcg/tcg-gvec-desc.h"
17 #include "crypto/aes-round.h"
28 #define CR_ST_BYTE(state, i) ((state).bytes[(15 - (i)) ^ 8])
29 #define CR_ST_WORD(state, i) ((state).words[(3 - (i)) ^ 2])
61 * Our uint64_t are in the wrong order for big-endian. in HELPER()
66 t.d[0] = st->d[1] ^ rk->d[1]; in HELPER()
67 t.d[1] = st->d[0] ^ rk->d[0]; in HELPER()
69 ad->d[0] = t.d[1]; in HELPER()
70 ad->d[1] = t.d[0]; in HELPER()
72 t.v = st->v ^ rk->v; in HELPER()
89 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
91 t.d[0] = st->d[1] ^ rk->d[1]; in HELPER()
92 t.d[1] = st->d[0] ^ rk->d[0]; in HELPER()
94 ad->d[0] = t.d[1]; in HELPER()
95 ad->d[1] = t.d[0]; in HELPER()
97 t.v = st->v ^ rk->v; in HELPER()
113 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
115 t.d[0] = st->d[1]; in HELPER()
116 t.d[1] = st->d[0]; in HELPER()
118 ad->d[0] = t.d[1]; in HELPER()
119 ad->d[1] = t.d[0]; in HELPER()
136 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
138 t.d[0] = st->d[1]; in HELPER()
139 t.d[1] = st->d[0]; in HELPER()
141 ad->d[0] = t.d[1]; in HELPER()
142 ad->d[1] = t.d[0]; in HELPER()
151 * SHA-1 logical functions
171 uint64_t *d = vd, *n = vn, *m = vm; in HELPER() local
174 d0 = d[1] ^ d[0] ^ m[0]; in HELPER()
175 d1 = n[0] ^ d[1] ^ m[1]; in HELPER()
176 d[0] = d0; in HELPER()
177 d[1] = d1; in HELPER()
184 uint32_t (*fn)(union CRYPTO_STATE *d)) in crypto_sha1_3reg() argument
186 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in crypto_sha1_3reg() local
192 uint32_t t = fn(&d); in crypto_sha1_3reg()
194 t += rol32(CR_ST_WORD(d, 0), 5) + CR_ST_WORD(n, 0) in crypto_sha1_3reg()
197 CR_ST_WORD(n, 0) = CR_ST_WORD(d, 3); in crypto_sha1_3reg()
198 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in crypto_sha1_3reg()
199 CR_ST_WORD(d, 2) = ror32(CR_ST_WORD(d, 1), 2); in crypto_sha1_3reg()
200 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in crypto_sha1_3reg()
201 CR_ST_WORD(d, 0) = t; in crypto_sha1_3reg()
203 rd[0] = d.l[0]; in crypto_sha1_3reg()
204 rd[1] = d.l[1]; in crypto_sha1_3reg()
209 static uint32_t do_sha1c(union CRYPTO_STATE *d) in do_sha1c() argument
211 return cho(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1c()
219 static uint32_t do_sha1p(union CRYPTO_STATE *d) in do_sha1p() argument
221 return par(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1p()
229 static uint32_t do_sha1m(union CRYPTO_STATE *d) in do_sha1m() argument
231 return maj(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1m()
246 CR_ST_WORD(m, 1) = CR_ST_WORD(m, 2) = CR_ST_WORD(m, 3) = 0; in HELPER()
258 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
261 CR_ST_WORD(d, 0) = rol32(CR_ST_WORD(d, 0) ^ CR_ST_WORD(m, 1), 1); in HELPER()
262 CR_ST_WORD(d, 1) = rol32(CR_ST_WORD(d, 1) ^ CR_ST_WORD(m, 2), 1); in HELPER()
263 CR_ST_WORD(d, 2) = rol32(CR_ST_WORD(d, 2) ^ CR_ST_WORD(m, 3), 1); in HELPER()
264 CR_ST_WORD(d, 3) = rol32(CR_ST_WORD(d, 3) ^ CR_ST_WORD(d, 0), 1); in HELPER()
266 rd[0] = d.l[0]; in HELPER()
267 rd[1] = d.l[1]; in HELPER()
273 * The SHA-256 logical functions, according to
274 * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
289 return ror32(x, 7) ^ ror32(x, 18) ^ (x >> 3); in s0()
302 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
309 + CR_ST_WORD(n, 3) + S1(CR_ST_WORD(n, 0)) in HELPER()
312 CR_ST_WORD(n, 3) = CR_ST_WORD(n, 2); in HELPER()
315 CR_ST_WORD(n, 0) = CR_ST_WORD(d, 3) + t; in HELPER()
317 t += maj(CR_ST_WORD(d, 0), CR_ST_WORD(d, 1), CR_ST_WORD(d, 2)) in HELPER()
318 + S0(CR_ST_WORD(d, 0)); in HELPER()
320 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in HELPER()
321 CR_ST_WORD(d, 2) = CR_ST_WORD(d, 1); in HELPER()
322 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in HELPER()
323 CR_ST_WORD(d, 0) = t; in HELPER()
326 rd[0] = d.l[0]; in HELPER()
327 rd[1] = d.l[1]; in HELPER()
337 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
343 uint32_t t = cho(CR_ST_WORD(d, 0), CR_ST_WORD(d, 1), CR_ST_WORD(d, 2)) in HELPER()
344 + CR_ST_WORD(d, 3) + S1(CR_ST_WORD(d, 0)) in HELPER()
347 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in HELPER()
348 CR_ST_WORD(d, 2) = CR_ST_WORD(d, 1); in HELPER()
349 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in HELPER()
350 CR_ST_WORD(d, 0) = CR_ST_WORD(n, 3 - i) + t; in HELPER()
353 rd[0] = d.l[0]; in HELPER()
354 rd[1] = d.l[1]; in HELPER()
363 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
366 CR_ST_WORD(d, 0) += s0(CR_ST_WORD(d, 1)); in HELPER()
367 CR_ST_WORD(d, 1) += s0(CR_ST_WORD(d, 2)); in HELPER()
368 CR_ST_WORD(d, 2) += s0(CR_ST_WORD(d, 3)); in HELPER()
369 CR_ST_WORD(d, 3) += s0(CR_ST_WORD(m, 0)); in HELPER()
371 rd[0] = d.l[0]; in HELPER()
372 rd[1] = d.l[1]; in HELPER()
382 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
386 CR_ST_WORD(d, 0) += s1(CR_ST_WORD(m, 2)) + CR_ST_WORD(n, 1); in HELPER()
387 CR_ST_WORD(d, 1) += s1(CR_ST_WORD(m, 3)) + CR_ST_WORD(n, 2); in HELPER()
388 CR_ST_WORD(d, 2) += s1(CR_ST_WORD(d, 0)) + CR_ST_WORD(n, 3); in HELPER()
389 CR_ST_WORD(d, 3) += s1(CR_ST_WORD(d, 1)) + CR_ST_WORD(m, 0); in HELPER()
391 rd[0] = d.l[0]; in HELPER()
392 rd[1] = d.l[1]; in HELPER()
398 * The SHA-512 logical functions (same as above but using 64-bit operands)
498 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
503 t = CR_ST_WORD(d, 0) ^ CR_ST_WORD(n, 0) ^ ror32(CR_ST_WORD(m, 1), 17); in HELPER()
504 CR_ST_WORD(d, 0) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
506 t = CR_ST_WORD(d, 1) ^ CR_ST_WORD(n, 1) ^ ror32(CR_ST_WORD(m, 2), 17); in HELPER()
507 CR_ST_WORD(d, 1) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
509 t = CR_ST_WORD(d, 2) ^ CR_ST_WORD(n, 2) ^ ror32(CR_ST_WORD(m, 3), 17); in HELPER()
510 CR_ST_WORD(d, 2) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
512 t = CR_ST_WORD(d, 3) ^ CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 0), 17); in HELPER()
513 CR_ST_WORD(d, 3) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
515 rd[0] = d.l[0]; in HELPER()
516 rd[1] = d.l[1]; in HELPER()
526 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER() local
531 CR_ST_WORD(d, 0) ^= t; in HELPER()
532 CR_ST_WORD(d, 1) ^= CR_ST_WORD(n, 1) ^ ror32(CR_ST_WORD(m, 1), 25); in HELPER()
533 CR_ST_WORD(d, 2) ^= CR_ST_WORD(n, 2) ^ ror32(CR_ST_WORD(m, 2), 25); in HELPER()
534 CR_ST_WORD(d, 3) ^= CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(m, 3), 25) ^ in HELPER()
537 rd[0] = d.l[0]; in HELPER()
538 rd[1] = d.l[1]; in HELPER()
547 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in crypto_sm3tt() local
557 t = par(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
560 t = maj(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
561 } else if (opcode == 3) { in crypto_sm3tt()
563 t = cho(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
568 t += CR_ST_WORD(d, 0) + CR_ST_WORD(m, imm2); in crypto_sm3tt()
570 CR_ST_WORD(d, 0) = CR_ST_WORD(d, 1); in crypto_sm3tt()
574 t += CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 3), 20); in crypto_sm3tt()
576 CR_ST_WORD(d, 1) = ror32(CR_ST_WORD(d, 2), 23); in crypto_sm3tt()
579 t += CR_ST_WORD(n, 3); in crypto_sm3tt()
582 CR_ST_WORD(d, 1) = ror32(CR_ST_WORD(d, 2), 13); in crypto_sm3tt()
585 CR_ST_WORD(d, 2) = CR_ST_WORD(d, 3); in crypto_sm3tt()
586 CR_ST_WORD(d, 3) = t; in crypto_sm3tt()
588 rd[0] = d.l[0]; in crypto_sm3tt()
589 rd[1] = d.l[1]; in crypto_sm3tt()
601 DO_SM3TT(crypto_sm3tt2b, 3)
607 union CRYPTO_STATE d = { .l = { rn[0], rn[1] } }; in do_crypto_sm4e() local
612 t = CR_ST_WORD(d, (i + 1) % 4) ^ in do_crypto_sm4e()
613 CR_ST_WORD(d, (i + 2) % 4) ^ in do_crypto_sm4e()
614 CR_ST_WORD(d, (i + 3) % 4) ^ in do_crypto_sm4e()
619 CR_ST_WORD(d, i) ^= t ^ rol32(t, 2) ^ rol32(t, 10) ^ rol32(t, 18) ^ in do_crypto_sm4e()
623 rd[0] = d.l[0]; in do_crypto_sm4e()
624 rd[1] = d.l[1]; in do_crypto_sm4e()
639 union CRYPTO_STATE d; in do_crypto_sm4ekey() local
644 d = n; in do_crypto_sm4ekey()
646 t = CR_ST_WORD(d, (i + 1) % 4) ^ in do_crypto_sm4ekey()
647 CR_ST_WORD(d, (i + 2) % 4) ^ in do_crypto_sm4ekey()
648 CR_ST_WORD(d, (i + 3) % 4) ^ in do_crypto_sm4ekey()
653 CR_ST_WORD(d, i) ^= t ^ rol32(t, 13) ^ rol32(t, 23); in do_crypto_sm4ekey()
656 rd[0] = d.l[0]; in do_crypto_sm4ekey()
657 rd[1] = d.l[1]; in do_crypto_sm4ekey()
673 uint64_t *d = vd, *n = vn, *m = vm; in HELPER() local
676 d[i] = n[i] ^ rol64(m[i], 1); in HELPER()