xref: /openbmc/linux/arch/arm64/crypto/aes-ce.S (revision 4f727ecefefbd180de10e25b3e74c03dce3f1e75)
1/*
2 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with
3 *                                    Crypto Extensions
4 *
5 * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/linkage.h>
13#include <asm/assembler.h>
14
15#define AES_ENTRY(func)		ENTRY(ce_ ## func)
16#define AES_ENDPROC(func)	ENDPROC(ce_ ## func)
17
18	.arch		armv8-a+crypto
19
20	xtsmask		.req	v16
21
22	.macro		xts_reload_mask, tmp
23	.endm
24
25	/* preload all round keys */
26	.macro		load_round_keys, rounds, rk
27	cmp		\rounds, #12
28	blo		2222f		/* 128 bits */
29	beq		1111f		/* 192 bits */
30	ld1		{v17.4s-v18.4s}, [\rk], #32
311111:	ld1		{v19.4s-v20.4s}, [\rk], #32
322222:	ld1		{v21.4s-v24.4s}, [\rk], #64
33	ld1		{v25.4s-v28.4s}, [\rk], #64
34	ld1		{v29.4s-v31.4s}, [\rk]
35	.endm
36
37	/* prepare for encryption with key in rk[] */
38	.macro		enc_prepare, rounds, rk, temp
39	mov		\temp, \rk
40	load_round_keys	\rounds, \temp
41	.endm
42
43	/* prepare for encryption (again) but with new key in rk[] */
44	.macro		enc_switch_key, rounds, rk, temp
45	mov		\temp, \rk
46	load_round_keys	\rounds, \temp
47	.endm
48
49	/* prepare for decryption with key in rk[] */
50	.macro		dec_prepare, rounds, rk, temp
51	mov		\temp, \rk
52	load_round_keys	\rounds, \temp
53	.endm
54
55	.macro		do_enc_Nx, de, mc, k, i0, i1, i2, i3
56	aes\de		\i0\().16b, \k\().16b
57	aes\mc		\i0\().16b, \i0\().16b
58	.ifnb		\i1
59	aes\de		\i1\().16b, \k\().16b
60	aes\mc		\i1\().16b, \i1\().16b
61	.ifnb		\i3
62	aes\de		\i2\().16b, \k\().16b
63	aes\mc		\i2\().16b, \i2\().16b
64	aes\de		\i3\().16b, \k\().16b
65	aes\mc		\i3\().16b, \i3\().16b
66	.endif
67	.endif
68	.endm
69
70	/* up to 4 interleaved encryption rounds with the same round key */
71	.macro		round_Nx, enc, k, i0, i1, i2, i3
72	.ifc		\enc, e
73	do_enc_Nx	e, mc, \k, \i0, \i1, \i2, \i3
74	.else
75	do_enc_Nx	d, imc, \k, \i0, \i1, \i2, \i3
76	.endif
77	.endm
78
79	/* up to 4 interleaved final rounds */
80	.macro		fin_round_Nx, de, k, k2, i0, i1, i2, i3
81	aes\de		\i0\().16b, \k\().16b
82	.ifnb		\i1
83	aes\de		\i1\().16b, \k\().16b
84	.ifnb		\i3
85	aes\de		\i2\().16b, \k\().16b
86	aes\de		\i3\().16b, \k\().16b
87	.endif
88	.endif
89	eor		\i0\().16b, \i0\().16b, \k2\().16b
90	.ifnb		\i1
91	eor		\i1\().16b, \i1\().16b, \k2\().16b
92	.ifnb		\i3
93	eor		\i2\().16b, \i2\().16b, \k2\().16b
94	eor		\i3\().16b, \i3\().16b, \k2\().16b
95	.endif
96	.endif
97	.endm
98
99	/* up to 4 interleaved blocks */
100	.macro		do_block_Nx, enc, rounds, i0, i1, i2, i3
101	cmp		\rounds, #12
102	blo		2222f		/* 128 bits */
103	beq		1111f		/* 192 bits */
104	round_Nx	\enc, v17, \i0, \i1, \i2, \i3
105	round_Nx	\enc, v18, \i0, \i1, \i2, \i3
1061111:	round_Nx	\enc, v19, \i0, \i1, \i2, \i3
107	round_Nx	\enc, v20, \i0, \i1, \i2, \i3
1082222:	.irp		key, v21, v22, v23, v24, v25, v26, v27, v28, v29
109	round_Nx	\enc, \key, \i0, \i1, \i2, \i3
110	.endr
111	fin_round_Nx	\enc, v30, v31, \i0, \i1, \i2, \i3
112	.endm
113
114	.macro		encrypt_block, in, rounds, t0, t1, t2
115	do_block_Nx	e, \rounds, \in
116	.endm
117
118	.macro		encrypt_block2x, i0, i1, rounds, t0, t1, t2
119	do_block_Nx	e, \rounds, \i0, \i1
120	.endm
121
122	.macro		encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
123	do_block_Nx	e, \rounds, \i0, \i1, \i2, \i3
124	.endm
125
126	.macro		decrypt_block, in, rounds, t0, t1, t2
127	do_block_Nx	d, \rounds, \in
128	.endm
129
130	.macro		decrypt_block2x, i0, i1, rounds, t0, t1, t2
131	do_block_Nx	d, \rounds, \i0, \i1
132	.endm
133
134	.macro		decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
135	do_block_Nx	d, \rounds, \i0, \i1, \i2, \i3
136	.endm
137
138#include "aes-modes.S"
139