1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* |
3 | * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions |
4 | * |
5 | * Copyright (C) 2015 Linaro Ltd. |
6 | * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org> |
7 | */ |
8 | |
9 | #include <linux/linkage.h> |
10 | #include <asm/assembler.h> |
11 | |
12 | .text |
13 | .arch armv8-a |
14 | .fpu crypto-neon-fp-armv8 |
15 | |
16 | k0 .req q7 |
17 | k1 .req q8 |
18 | rk .req r3 |
19 | |
20 | ta0 .req q9 |
21 | ta1 .req q10 |
22 | tb0 .req q10 |
23 | tb1 .req q9 |
24 | |
25 | dga .req q11 |
26 | dgb .req q12 |
27 | |
28 | dg0 .req q13 |
29 | dg1 .req q14 |
30 | dg2 .req q15 |
31 | |
32 | .macro add_only, ev, s0 |
33 | vmov dg2, dg0 |
34 | .ifnb \s0 |
35 | vld1.32 {k\ev}, [rk, :128]! |
36 | .endif |
37 | sha256h.32 dg0, dg1, tb\ev |
38 | sha256h2.32 dg1, dg2, tb\ev |
39 | .ifnb \s0 |
40 | vadd.u32 ta\ev, q\s0, k\ev |
41 | .endif |
42 | .endm |
43 | |
44 | .macro add_update, ev, s0, s1, s2, s3 |
45 | sha256su0.32 q\s0, q\s1 |
46 | add_only \ev, \s1 |
47 | sha256su1.32 q\s0, q\s2, q\s3 |
48 | .endm |
49 | |
50 | .align 6 |
51 | .Lsha256_rcon: |
52 | .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 |
53 | .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 |
54 | .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 |
55 | .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 |
56 | .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc |
57 | .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da |
58 | .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 |
59 | .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 |
60 | .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 |
61 | .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 |
62 | .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 |
63 | .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 |
64 | .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 |
65 | .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 |
66 | .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 |
67 | .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 |
68 | |
69 | /* |
70 | * void sha2_ce_transform(struct sha256_state *sst, u8 const *src, |
71 | int blocks); |
72 | */ |
73 | ENTRY(sha2_ce_transform) |
74 | /* load state */ |
75 | vld1.32 {dga-dgb}, [r0] |
76 | |
77 | /* load input */ |
78 | 0: vld1.32 {q0-q1}, [r1]! |
79 | vld1.32 {q2-q3}, [r1]! |
80 | subs r2, r2, #1 |
81 | |
82 | #ifndef CONFIG_CPU_BIG_ENDIAN |
83 | vrev32.8 q0, q0 |
84 | vrev32.8 q1, q1 |
85 | vrev32.8 q2, q2 |
86 | vrev32.8 q3, q3 |
87 | #endif |
88 | |
89 | /* load first round constant */ |
90 | adr rk, .Lsha256_rcon |
91 | vld1.32 {k0}, [rk, :128]! |
92 | |
93 | vadd.u32 ta0, q0, k0 |
94 | vmov dg0, dga |
95 | vmov dg1, dgb |
96 | |
97 | add_update 1, 0, 1, 2, 3 |
98 | add_update 0, 1, 2, 3, 0 |
99 | add_update 1, 2, 3, 0, 1 |
100 | add_update 0, 3, 0, 1, 2 |
101 | add_update 1, 0, 1, 2, 3 |
102 | add_update 0, 1, 2, 3, 0 |
103 | add_update 1, 2, 3, 0, 1 |
104 | add_update 0, 3, 0, 1, 2 |
105 | add_update 1, 0, 1, 2, 3 |
106 | add_update 0, 1, 2, 3, 0 |
107 | add_update 1, 2, 3, 0, 1 |
108 | add_update 0, 3, 0, 1, 2 |
109 | |
110 | add_only 1, 1 |
111 | add_only 0, 2 |
112 | add_only 1, 3 |
113 | add_only 0 |
114 | |
115 | /* update state */ |
116 | vadd.u32 dga, dga, dg0 |
117 | vadd.u32 dgb, dgb, dg1 |
118 | bne 0b |
119 | |
120 | /* store new state */ |
121 | vst1.32 {dga-dgb}, [r0] |
122 | bx lr |
123 | ENDPROC(sha2_ce_transform) |
124 | |