arm/crypto/sha2-ce-core.S

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
0004  *
0005  * Copyright (C) 2015 Linaro Ltd.
0006  * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
0007  */
0008
0009 #include <linux/linkage.h>
0010 #include <asm/assembler.h>
0011
0012     .text
0013     .arch       armv8-a
0014     .fpu        crypto-neon-fp-armv8
0015
0016     k0      .req    q7
0017     k1      .req    q8
0018     rk      .req    r3
0019
0020     ta0     .req    q9
0021     ta1     .req    q10
0022     tb0     .req    q10
0023     tb1     .req    q9
0024
0025     dga     .req    q11
0026     dgb     .req    q12
0027
0028     dg0     .req    q13
0029     dg1     .req    q14
0030     dg2     .req    q15
0031
0032     .macro      add_only, ev, s0
0033     vmov        dg2, dg0
0034     .ifnb       \s0
0035     vld1.32     {k\ev}, [rk, :128]!
0036     .endif
0037     sha256h.32  dg0, dg1, tb\ev
0038     sha256h2.32 dg1, dg2, tb\ev
0039     .ifnb       \s0
0040     vadd.u32    ta\ev, q\s0, k\ev
0041     .endif
0042     .endm
0043
0044     .macro      add_update, ev, s0, s1, s2, s3
0045     sha256su0.32    q\s0, q\s1
0046     add_only    \ev, \s1
0047     sha256su1.32    q\s0, q\s2, q\s3
0048     .endm
0049
0050     .align      6
0051 .Lsha256_rcon:
0052     .word       0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
0053     .word       0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
0054     .word       0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
0055     .word       0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
0056     .word       0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
0057     .word       0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
0058     .word       0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
0059     .word       0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
0060     .word       0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
0061     .word       0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
0062     .word       0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
0063     .word       0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
0064     .word       0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
0065     .word       0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
0066     .word       0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
0067     .word       0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
0068
0069     /*
0070      * void sha2_ce_transform(struct sha256_state *sst, u8 const *src,
0071                   int blocks);
0072      */
0073 ENTRY(sha2_ce_transform)
0074     /* load state */
0075     vld1.32     {dga-dgb}, [r0]
0076
0077     /* load input */
0078 0:  vld1.32     {q0-q1}, [r1]!
0079     vld1.32     {q2-q3}, [r1]!
0080     subs        r2, r2, #1
0081
0082 #ifndef CONFIG_CPU_BIG_ENDIAN
0083     vrev32.8    q0, q0
0084     vrev32.8    q1, q1
0085     vrev32.8    q2, q2
0086     vrev32.8    q3, q3
0087 #endif
0088
0089     /* load first round constant */
0090     adr     rk, .Lsha256_rcon
0091     vld1.32     {k0}, [rk, :128]!
0092
0093     vadd.u32    ta0, q0, k0
0094     vmov        dg0, dga
0095     vmov        dg1, dgb
0096
0097     add_update  1, 0, 1, 2, 3
0098     add_update  0, 1, 2, 3, 0
0099     add_update  1, 2, 3, 0, 1
0100     add_update  0, 3, 0, 1, 2
0101     add_update  1, 0, 1, 2, 3
0102     add_update  0, 1, 2, 3, 0
0103     add_update  1, 2, 3, 0, 1
0104     add_update  0, 3, 0, 1, 2
0105     add_update  1, 0, 1, 2, 3
0106     add_update  0, 1, 2, 3, 0
0107     add_update  1, 2, 3, 0, 1
0108     add_update  0, 3, 0, 1, 2
0109
0110     add_only    1, 1
0111     add_only    0, 2
0112     add_only    1, 3
0113     add_only    0
0114
0115     /* update state */
0116     vadd.u32    dga, dga, dg0
0117     vadd.u32    dgb, dgb, dg1
0118     bne     0b
0119
0120     /* store new state */
0121     vst1.32     {dga-dgb}, [r0]
0122     bx      lr
0123 ENDPROC(sha2_ce_transform)