Commit | Line | Data |
---|---|---|
49788fe2 AB |
1 | /* |
2 | * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with | |
3 | * Crypto Extensions | |
4 | * | |
5 | * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org> | |
6 | * | |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License version 2 as | |
9 | * published by the Free Software Foundation. | |
10 | */ | |
11 | ||
12 | #include <linux/linkage.h> | |
13 | ||
14 | #define AES_ENTRY(func) ENTRY(ce_ ## func) | |
15 | #define AES_ENDPROC(func) ENDPROC(ce_ ## func) | |
16 | ||
17 | .arch armv8-a+crypto | |
18 | ||
19 | /* preload all round keys */ | |
20 | .macro load_round_keys, rounds, rk | |
21 | cmp \rounds, #12 | |
22 | blo 2222f /* 128 bits */ | |
23 | beq 1111f /* 192 bits */ | |
24 | ld1 {v17.16b-v18.16b}, [\rk], #32 | |
25 | 1111: ld1 {v19.16b-v20.16b}, [\rk], #32 | |
26 | 2222: ld1 {v21.16b-v24.16b}, [\rk], #64 | |
27 | ld1 {v25.16b-v28.16b}, [\rk], #64 | |
28 | ld1 {v29.16b-v31.16b}, [\rk] | |
29 | .endm | |
30 | ||
31 | /* prepare for encryption with key in rk[] */ | |
32 | .macro enc_prepare, rounds, rk, ignore | |
33 | load_round_keys \rounds, \rk | |
34 | .endm | |
35 | ||
36 | /* prepare for encryption (again) but with new key in rk[] */ | |
37 | .macro enc_switch_key, rounds, rk, ignore | |
38 | load_round_keys \rounds, \rk | |
39 | .endm | |
40 | ||
41 | /* prepare for decryption with key in rk[] */ | |
42 | .macro dec_prepare, rounds, rk, ignore | |
43 | load_round_keys \rounds, \rk | |
44 | .endm | |
45 | ||
46 | .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3 | |
47 | aes\de \i0\().16b, \k\().16b | |
49788fe2 AB |
48 | aes\mc \i0\().16b, \i0\().16b |
49 | .ifnb \i1 | |
4a97abd4 | 50 | aes\de \i1\().16b, \k\().16b |
49788fe2 AB |
51 | aes\mc \i1\().16b, \i1\().16b |
52 | .ifnb \i3 | |
4a97abd4 | 53 | aes\de \i2\().16b, \k\().16b |
49788fe2 | 54 | aes\mc \i2\().16b, \i2\().16b |
4a97abd4 | 55 | aes\de \i3\().16b, \k\().16b |
49788fe2 AB |
56 | aes\mc \i3\().16b, \i3\().16b |
57 | .endif | |
58 | .endif | |
59 | .endm | |
60 | ||
61 | /* up to 4 interleaved encryption rounds with the same round key */ | |
62 | .macro round_Nx, enc, k, i0, i1, i2, i3 | |
63 | .ifc \enc, e | |
64 | do_enc_Nx e, mc, \k, \i0, \i1, \i2, \i3 | |
65 | .else | |
66 | do_enc_Nx d, imc, \k, \i0, \i1, \i2, \i3 | |
67 | .endif | |
68 | .endm | |
69 | ||
70 | /* up to 4 interleaved final rounds */ | |
71 | .macro fin_round_Nx, de, k, k2, i0, i1, i2, i3 | |
72 | aes\de \i0\().16b, \k\().16b | |
73 | .ifnb \i1 | |
74 | aes\de \i1\().16b, \k\().16b | |
75 | .ifnb \i3 | |
76 | aes\de \i2\().16b, \k\().16b | |
77 | aes\de \i3\().16b, \k\().16b | |
78 | .endif | |
79 | .endif | |
80 | eor \i0\().16b, \i0\().16b, \k2\().16b | |
81 | .ifnb \i1 | |
82 | eor \i1\().16b, \i1\().16b, \k2\().16b | |
83 | .ifnb \i3 | |
84 | eor \i2\().16b, \i2\().16b, \k2\().16b | |
85 | eor \i3\().16b, \i3\().16b, \k2\().16b | |
86 | .endif | |
87 | .endif | |
88 | .endm | |
89 | ||
90 | /* up to 4 interleaved blocks */ | |
91 | .macro do_block_Nx, enc, rounds, i0, i1, i2, i3 | |
92 | cmp \rounds, #12 | |
93 | blo 2222f /* 128 bits */ | |
94 | beq 1111f /* 192 bits */ | |
95 | round_Nx \enc, v17, \i0, \i1, \i2, \i3 | |
96 | round_Nx \enc, v18, \i0, \i1, \i2, \i3 | |
97 | 1111: round_Nx \enc, v19, \i0, \i1, \i2, \i3 | |
98 | round_Nx \enc, v20, \i0, \i1, \i2, \i3 | |
99 | 2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 | |
100 | round_Nx \enc, \key, \i0, \i1, \i2, \i3 | |
101 | .endr | |
102 | fin_round_Nx \enc, v30, v31, \i0, \i1, \i2, \i3 | |
103 | .endm | |
104 | ||
105 | .macro encrypt_block, in, rounds, t0, t1, t2 | |
106 | do_block_Nx e, \rounds, \in | |
107 | .endm | |
108 | ||
109 | .macro encrypt_block2x, i0, i1, rounds, t0, t1, t2 | |
110 | do_block_Nx e, \rounds, \i0, \i1 | |
111 | .endm | |
112 | ||
113 | .macro encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2 | |
114 | do_block_Nx e, \rounds, \i0, \i1, \i2, \i3 | |
115 | .endm | |
116 | ||
117 | .macro decrypt_block, in, rounds, t0, t1, t2 | |
118 | do_block_Nx d, \rounds, \in | |
119 | .endm | |
120 | ||
121 | .macro decrypt_block2x, i0, i1, rounds, t0, t1, t2 | |
122 | do_block_Nx d, \rounds, \i0, \i1 | |
123 | .endm | |
124 | ||
125 | .macro decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2 | |
126 | do_block_Nx d, \rounds, \i0, \i1, \i2, \i3 | |
127 | .endm | |
128 | ||
129 | #include "aes-modes.S" |