sha2-ce-core.S source code [linux/arch/arm/crypto/sha2-ce-core.S]

1	/ SPDX-License-Identifier: GPL-2.0-only /
2	/*
3	* sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
4	*
5	* Copyright (C) 2015 Linaro Ltd.
6	* Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
7	*/
8
9	#include <linux/linkage.h>
10	#include <asm/assembler.h>
11
12	.text
13	.arch armv8-a
14	.fpu crypto-neon-fp-armv8
15
16	k0 .req q7
17	k1 .req q8
18	rk .req r3
19
20	ta0 .req q9
21	ta1 .req q10
22	tb0 .req q10
23	tb1 .req q9
24
25	dga .req q11
26	dgb .req q12
27
28	dg0 .req q13
29	dg1 .req q14
30	dg2 .req q15
31
32	.macro add_only, ev, s0
33	vmov dg2, dg0
34	.ifnb \s0
35	vld1`.32` {k\ev}, [rk, :`128`]!
36	.endif
37	sha256h`.32` dg0, dg1, tb\ev
38	sha256h2`.32` dg1, dg2, tb\ev
39	.ifnb \s0
40	vadd.u32 ta\ev, q\s0, k\ev
41	.endif
42	.endm
43
44	.macro add_update, ev, s0, s1, s2, s3
45	sha256su0`.32` q\s0, q\s1
46	add_only \ev, \s1
47	sha256su1`.32` q\s0, q\s2, q\s3
48	.endm
49
50	.align `6`
51	.Lsha256_rcon:
52	.word `0x428a2f98`, `0x71374491`, `0xb5c0fbcf`, `0xe9b5dba5`
53	.word `0x3956c25b`, `0x59f111f1`, `0x923f82a4`, `0xab1c5ed5`
54	.word `0xd807aa98`, `0x12835b01`, `0x243185be`, `0x550c7dc3`
55	.word `0x72be5d74`, `0x80deb1fe`, `0x9bdc06a7`, `0xc19bf174`
56	.word `0xe49b69c1`, `0xefbe4786`, `0x0fc19dc6`, `0x240ca1cc`
57	.word `0x2de92c6f`, `0x4a7484aa`, `0x5cb0a9dc`, `0x76f988da`
58	.word `0x983e5152`, `0xa831c66d`, `0xb00327c8`, `0xbf597fc7`
59	.word `0xc6e00bf3`, `0xd5a79147`, `0x06ca6351`, `0x14292967`
60	.word `0x27b70a85`, `0x2e1b2138`, `0x4d2c6dfc`, `0x53380d13`
61	.word `0x650a7354`, `0x766a0abb`, `0x81c2c92e`, `0x92722c85`
62	.word `0xa2bfe8a1`, `0xa81a664b`, `0xc24b8b70`, `0xc76c51a3`
63	.word `0xd192e819`, `0xd6990624`, `0xf40e3585`, `0x106aa070`
64	.word `0x19a4c116`, `0x1e376c08`, `0x2748774c`, `0x34b0bcb5`
65	.word `0x391c0cb3`, `0x4ed8aa4a`, `0x5b9cca4f`, `0x682e6ff3`
66	.word `0x748f82ee`, `0x78a5636f`, `0x84c87814`, `0x8cc70208`
67	.word `0x90befffa`, `0xa4506ceb`, `0xbef9a3f7`, `0xc67178f2`
68
69	/*
70	* void sha2_ce_transform(struct sha256_state sst, u8 const src,
71	int blocks);
72	*/
73	ENTRY(sha2_ce_transform)
74	/ load state /
75	vld1`.32` {dga-dgb}, [r0]
76
77	/ load input /
78	`0`: vld1`.32` {q0-q1}, [r1]!
79	vld1`.32` {q2-q3}, [r1]!
80	subs r2, r2, #`1`
81
82	#ifndef CONFIG_CPU_BIG_ENDIAN
83	vrev32`.8` q0, q0
84	vrev32`.8` q1, q1
85	vrev32`.8` q2, q2
86	vrev32`.8` q3, q3
87	#endif
88
89	/ load first round constant /
90	adr rk, .Lsha256_rcon
91	vld1`.32` {k0}, [rk, :`128`]!
92
93	vadd.u32 ta0, q0, k0
94	vmov dg0, dga
95	vmov dg1, dgb
96
97	add_update `1`, `0`, `1`, `2`, `3`
98	add_update `0`, `1`, `2`, `3`, `0`
99	add_update `1`, `2`, `3`, `0`, `1`
100	add_update `0`, `3`, `0`, `1`, `2`
101	add_update `1`, `0`, `1`, `2`, `3`
102	add_update `0`, `1`, `2`, `3`, `0`
103	add_update `1`, `2`, `3`, `0`, `1`
104	add_update `0`, `3`, `0`, `1`, `2`
105	add_update `1`, `0`, `1`, `2`, `3`
106	add_update `0`, `1`, `2`, `3`, `0`
107	add_update `1`, `2`, `3`, `0`, `1`
108	add_update `0`, `3`, `0`, `1`, `2`
109
110	add_only `1`, `1`
111	add_only `0`, `2`
112	add_only `1`, `3`
113	add_only `0`
114
115	/ update state /
116	vadd.u32 dga, dga, dg0
117	vadd.u32 dgb, dgb, dg1
118	bne `0b`
119
120	/ store new state /
121	vst1`.32` {dga-dgb}, [r0]
122	bx lr
123	ENDPROC(sha2_ce_transform)
124

source code of linux/arch/arm/crypto/sha2-ce-core.S