Back to home page

OSCL-LXR
 
 

     

0001 /* SPDX-License-Identifier: GPL-2.0-or-later */
0002 /*
0003  * AES modes (ECB/CBC/CTR/XTS) for PPC AES implementation
0004  *
0005  * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
0006  */
0007 
0008 #include <asm/ppc_asm.h>
0009 #include "aes-spe-regs.h"
0010 
0011 #ifdef __BIG_ENDIAN__           /* Macros for big endian builds */
0012 
0013 #define LOAD_DATA(reg, off) \
0014     lwz     reg,off(rSP);   /* load with offset     */
0015 #define SAVE_DATA(reg, off) \
0016     stw     reg,off(rDP);   /* save with offset     */
0017 #define NEXT_BLOCK \
0018     addi        rSP,rSP,16; /* increment pointers per bloc  */ \
0019     addi        rDP,rDP,16;
0020 #define LOAD_IV(reg, off) \
0021     lwz     reg,off(rIP);   /* IV loading with offset   */
0022 #define SAVE_IV(reg, off) \
0023     stw     reg,off(rIP);   /* IV saving with offset    */
0024 #define START_IV            /* nothing to reset     */
0025 #define CBC_DEC 16          /* CBC decrement per block  */
0026 #define CTR_DEC 1           /* CTR decrement one byte   */
0027 
0028 #else                   /* Macros for little endian */
0029 
0030 #define LOAD_DATA(reg, off) \
0031     lwbrx       reg,0,rSP;  /* load reversed        */ \
0032     addi        rSP,rSP,4;  /* and increment pointer    */
0033 #define SAVE_DATA(reg, off) \
0034     stwbrx      reg,0,rDP;  /* save reversed        */ \
0035     addi        rDP,rDP,4;  /* and increment pointer    */
0036 #define NEXT_BLOCK          /* nothing todo         */
0037 #define LOAD_IV(reg, off) \
0038     lwbrx       reg,0,rIP;  /* load reversed        */ \
0039     addi        rIP,rIP,4;  /* and increment pointer    */
0040 #define SAVE_IV(reg, off) \
0041     stwbrx      reg,0,rIP;  /* load reversed        */ \
0042     addi        rIP,rIP,4;  /* and increment pointer    */
0043 #define START_IV \
0044     subi        rIP,rIP,16; /* must reset pointer       */
0045 #define CBC_DEC 32          /* 2 blocks because of incs */
0046 #define CTR_DEC 17          /* 1 block because of incs  */
0047 
0048 #endif
0049 
0050 #define SAVE_0_REGS
0051 #define LOAD_0_REGS
0052 
0053 #define SAVE_4_REGS \
0054     stw     rI0,96(r1); /* save 32 bit registers    */ \
0055     stw     rI1,100(r1);                       \
0056     stw     rI2,104(r1);                       \
0057     stw     rI3,108(r1);
0058 
0059 #define LOAD_4_REGS \
0060     lwz     rI0,96(r1); /* restore 32 bit registers */ \
0061     lwz     rI1,100(r1);                       \
0062     lwz     rI2,104(r1);                       \
0063     lwz     rI3,108(r1);
0064 
0065 #define SAVE_8_REGS \
0066     SAVE_4_REGS                            \
0067     stw     rG0,112(r1);    /* save 32 bit registers    */ \
0068     stw     rG1,116(r1);                       \
0069     stw     rG2,120(r1);                       \
0070     stw     rG3,124(r1);
0071 
0072 #define LOAD_8_REGS \
0073     LOAD_4_REGS                            \
0074     lwz     rG0,112(r1);    /* restore 32 bit registers */ \
0075     lwz     rG1,116(r1);                       \
0076     lwz     rG2,120(r1);                       \
0077     lwz     rG3,124(r1);
0078 
0079 #define INITIALIZE_CRYPT(tab,nr32bitregs) \
0080     mflr        r0;                        \
0081     stwu        r1,-160(r1);    /* create stack frame       */ \
0082     lis     rT0,tab@h;  /* en-/decryption table pointer */ \
0083     stw     r0,8(r1);   /* save link register       */ \
0084     ori     rT0,rT0,tab@l;                     \
0085     evstdw      r14,16(r1);                    \
0086     mr      rKS,rKP;                       \
0087     evstdw      r15,24(r1); /* We must save non volatile    */ \
0088     evstdw      r16,32(r1); /* registers. Take the chance   */ \
0089     evstdw      r17,40(r1); /* and save the SPE part too    */ \
0090     evstdw      r18,48(r1);                    \
0091     evstdw      r19,56(r1);                    \
0092     evstdw      r20,64(r1);                    \
0093     evstdw      r21,72(r1);                    \
0094     evstdw      r22,80(r1);                    \
0095     evstdw      r23,88(r1);                    \
0096     SAVE_##nr32bitregs##_REGS
0097 
0098 #define FINALIZE_CRYPT(nr32bitregs) \
0099     lwz     r0,8(r1);                      \
0100     evldw       r14,16(r1); /* restore SPE registers    */ \
0101     evldw       r15,24(r1);                    \
0102     evldw       r16,32(r1);                    \
0103     evldw       r17,40(r1);                    \
0104     evldw       r18,48(r1);                    \
0105     evldw       r19,56(r1);                    \
0106     evldw       r20,64(r1);                    \
0107     evldw       r21,72(r1);                    \
0108     evldw       r22,80(r1);                    \
0109     evldw       r23,88(r1);                    \
0110     LOAD_##nr32bitregs##_REGS                      \
0111     mtlr        r0;     /* restore link register    */ \
0112     xor     r0,r0,r0;                      \
0113     stw     r0,16(r1);  /* delete sensitive data    */ \
0114     stw     r0,24(r1);  /* that we might have pushed    */ \
0115     stw     r0,32(r1);  /* from other context that runs */ \
0116     stw     r0,40(r1);  /* the same code        */ \
0117     stw     r0,48(r1);                     \
0118     stw     r0,56(r1);                     \
0119     stw     r0,64(r1);                     \
0120     stw     r0,72(r1);                     \
0121     stw     r0,80(r1);                     \
0122     stw     r0,88(r1);                     \
0123     addi        r1,r1,160;  /* cleanup stack frame      */
0124 
0125 #define ENDIAN_SWAP(t0, t1, s0, s1) \
0126     rotrwi      t0,s0,8;    /* swap endianness for 2 GPRs   */ \
0127     rotrwi      t1,s1,8;                       \
0128     rlwimi      t0,s0,8,8,15;                      \
0129     rlwimi      t1,s1,8,8,15;                      \
0130     rlwimi      t0,s0,8,24,31;                     \
0131     rlwimi      t1,s1,8,24,31;
0132 
0133 #define GF128_MUL(d0, d1, d2, d3, t0) \
0134     li      t0,0x87;    /* multiplication in GF128  */ \
0135     cmpwi       d3,-1;                         \
0136     iselgt      t0,0,t0;                       \
0137     rlwimi      d3,d2,0,0,0;    /* propagate "carry" bits   */ \
0138     rotlwi      d3,d3,1;                       \
0139     rlwimi      d2,d1,0,0,0;                       \
0140     rotlwi      d2,d2,1;                       \
0141     rlwimi      d1,d0,0,0,0;                       \
0142     slwi        d0,d0,1;    /* shift left 128 bit       */ \
0143     rotlwi      d1,d1,1;                       \
0144     xor     d0,d0,t0;
0145 
0146 #define START_KEY(d0, d1, d2, d3) \
0147     lwz     rW0,0(rKP);                    \
0148     mtctr       rRR;                           \
0149     lwz     rW1,4(rKP);                    \
0150     lwz     rW2,8(rKP);                    \
0151     lwz     rW3,12(rKP);                       \
0152     xor     rD0,d0,rW0;                    \
0153     xor     rD1,d1,rW1;                    \
0154     xor     rD2,d2,rW2;                    \
0155     xor     rD3,d3,rW3;
0156 
0157 /*
0158  * ppc_encrypt_aes(u8 *out, const u8 *in, u32 *key_enc,
0159  *         u32 rounds)
0160  *
0161  * called from glue layer to encrypt a single 16 byte block
0162  * round values are AES128 = 4, AES192 = 5, AES256 = 6
0163  *
0164  */
0165 _GLOBAL(ppc_encrypt_aes)
0166     INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 0)
0167     LOAD_DATA(rD0, 0)
0168     LOAD_DATA(rD1, 4)
0169     LOAD_DATA(rD2, 8)
0170     LOAD_DATA(rD3, 12)
0171     START_KEY(rD0, rD1, rD2, rD3)
0172     bl      ppc_encrypt_block
0173     xor     rD0,rD0,rW0
0174     SAVE_DATA(rD0, 0)
0175     xor     rD1,rD1,rW1
0176     SAVE_DATA(rD1, 4)
0177     xor     rD2,rD2,rW2
0178     SAVE_DATA(rD2, 8)
0179     xor     rD3,rD3,rW3
0180     SAVE_DATA(rD3, 12)
0181     FINALIZE_CRYPT(0)
0182     blr
0183 
0184 /*
0185  * ppc_decrypt_aes(u8 *out, const u8 *in, u32 *key_dec,
0186  *         u32 rounds)
0187  *
0188  * called from glue layer to decrypt a single 16 byte block
0189  * round values are AES128 = 4, AES192 = 5, AES256 = 6
0190  *
0191  */
0192 _GLOBAL(ppc_decrypt_aes)
0193     INITIALIZE_CRYPT(PPC_AES_4K_DECTAB,0)
0194     LOAD_DATA(rD0, 0)
0195     addi        rT1,rT0,4096
0196     LOAD_DATA(rD1, 4)
0197     LOAD_DATA(rD2, 8)
0198     LOAD_DATA(rD3, 12)
0199     START_KEY(rD0, rD1, rD2, rD3)
0200     bl      ppc_decrypt_block
0201     xor     rD0,rD0,rW0
0202     SAVE_DATA(rD0, 0)
0203     xor     rD1,rD1,rW1
0204     SAVE_DATA(rD1, 4)
0205     xor     rD2,rD2,rW2
0206     SAVE_DATA(rD2, 8)
0207     xor     rD3,rD3,rW3
0208     SAVE_DATA(rD3, 12)
0209     FINALIZE_CRYPT(0)
0210     blr
0211 
0212 /*
0213  * ppc_encrypt_ecb(u8 *out, const u8 *in, u32 *key_enc,
0214  *         u32 rounds, u32 bytes);
0215  *
0216  * called from glue layer to encrypt multiple blocks via ECB
0217  * Bytes must be larger or equal 16 and only whole blocks are
0218  * processed. round values are AES128 = 4, AES192 = 5 and
0219  * AES256 = 6
0220  *
0221  */
0222 _GLOBAL(ppc_encrypt_ecb)
0223     INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 0)
0224 ppc_encrypt_ecb_loop:
0225     LOAD_DATA(rD0, 0)
0226     mr      rKP,rKS
0227     LOAD_DATA(rD1, 4)
0228     subi        rLN,rLN,16
0229     LOAD_DATA(rD2, 8)
0230     cmpwi       rLN,15
0231     LOAD_DATA(rD3, 12)
0232     START_KEY(rD0, rD1, rD2, rD3)
0233     bl      ppc_encrypt_block
0234     xor     rD0,rD0,rW0
0235     SAVE_DATA(rD0, 0)
0236     xor     rD1,rD1,rW1
0237     SAVE_DATA(rD1, 4)
0238     xor     rD2,rD2,rW2
0239     SAVE_DATA(rD2, 8)
0240     xor     rD3,rD3,rW3
0241     SAVE_DATA(rD3, 12)
0242     NEXT_BLOCK
0243     bt      gt,ppc_encrypt_ecb_loop
0244     FINALIZE_CRYPT(0)
0245     blr
0246 
0247 /*
0248  * ppc_decrypt_ecb(u8 *out, const u8 *in, u32 *key_dec,
0249  *         u32 rounds, u32 bytes);
0250  *
0251  * called from glue layer to decrypt multiple blocks via ECB
0252  * Bytes must be larger or equal 16 and only whole blocks are
0253  * processed. round values are AES128 = 4, AES192 = 5 and
0254  * AES256 = 6
0255  *
0256  */
0257 _GLOBAL(ppc_decrypt_ecb)
0258     INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 0)
0259     addi        rT1,rT0,4096
0260 ppc_decrypt_ecb_loop:
0261     LOAD_DATA(rD0, 0)
0262     mr      rKP,rKS
0263     LOAD_DATA(rD1, 4)
0264     subi        rLN,rLN,16
0265     LOAD_DATA(rD2, 8)
0266     cmpwi       rLN,15
0267     LOAD_DATA(rD3, 12)
0268     START_KEY(rD0, rD1, rD2, rD3)
0269     bl      ppc_decrypt_block
0270     xor     rD0,rD0,rW0
0271     SAVE_DATA(rD0, 0)
0272     xor     rD1,rD1,rW1
0273     SAVE_DATA(rD1, 4)
0274     xor     rD2,rD2,rW2
0275     SAVE_DATA(rD2, 8)
0276     xor     rD3,rD3,rW3
0277     SAVE_DATA(rD3, 12)
0278     NEXT_BLOCK
0279     bt      gt,ppc_decrypt_ecb_loop
0280     FINALIZE_CRYPT(0)
0281     blr
0282 
0283 /*
0284  * ppc_encrypt_cbc(u8 *out, const u8 *in, u32 *key_enc,
0285  *         32 rounds, u32 bytes, u8 *iv);
0286  *
0287  * called from glue layer to encrypt multiple blocks via CBC
0288  * Bytes must be larger or equal 16 and only whole blocks are
0289  * processed. round values are AES128 = 4, AES192 = 5 and
0290  * AES256 = 6
0291  *
0292  */
0293 _GLOBAL(ppc_encrypt_cbc)
0294     INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 4)
0295     LOAD_IV(rI0, 0)
0296     LOAD_IV(rI1, 4)
0297     LOAD_IV(rI2, 8)
0298     LOAD_IV(rI3, 12)
0299 ppc_encrypt_cbc_loop:
0300     LOAD_DATA(rD0, 0)
0301     mr      rKP,rKS
0302     LOAD_DATA(rD1, 4)
0303     subi        rLN,rLN,16
0304     LOAD_DATA(rD2, 8)
0305     cmpwi       rLN,15
0306     LOAD_DATA(rD3, 12)
0307     xor     rD0,rD0,rI0
0308     xor     rD1,rD1,rI1
0309     xor     rD2,rD2,rI2
0310     xor     rD3,rD3,rI3
0311     START_KEY(rD0, rD1, rD2, rD3)
0312     bl      ppc_encrypt_block
0313     xor     rI0,rD0,rW0
0314     SAVE_DATA(rI0, 0)
0315     xor     rI1,rD1,rW1
0316     SAVE_DATA(rI1, 4)
0317     xor     rI2,rD2,rW2
0318     SAVE_DATA(rI2, 8)
0319     xor     rI3,rD3,rW3
0320     SAVE_DATA(rI3, 12)
0321     NEXT_BLOCK
0322     bt      gt,ppc_encrypt_cbc_loop
0323     START_IV
0324     SAVE_IV(rI0, 0)
0325     SAVE_IV(rI1, 4)
0326     SAVE_IV(rI2, 8)
0327     SAVE_IV(rI3, 12)
0328     FINALIZE_CRYPT(4)
0329     blr
0330 
0331 /*
0332  * ppc_decrypt_cbc(u8 *out, const u8 *in, u32 *key_dec,
0333  *         u32 rounds, u32 bytes, u8 *iv);
0334  *
0335  * called from glue layer to decrypt multiple blocks via CBC
0336  * round values are AES128 = 4, AES192 = 5, AES256 = 6
0337  *
0338  */
0339 _GLOBAL(ppc_decrypt_cbc)
0340     INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 4)
0341     li      rT1,15
0342     LOAD_IV(rI0, 0)
0343     andc        rLN,rLN,rT1
0344     LOAD_IV(rI1, 4)
0345     subi        rLN,rLN,16
0346     LOAD_IV(rI2, 8)
0347     add     rSP,rSP,rLN /* reverse processing       */
0348     LOAD_IV(rI3, 12)
0349     add     rDP,rDP,rLN
0350     LOAD_DATA(rD0, 0)
0351     addi        rT1,rT0,4096
0352     LOAD_DATA(rD1, 4)
0353     LOAD_DATA(rD2, 8)
0354     LOAD_DATA(rD3, 12)
0355     START_IV
0356     SAVE_IV(rD0, 0)
0357     SAVE_IV(rD1, 4)
0358     SAVE_IV(rD2, 8)
0359     cmpwi       rLN,16
0360     SAVE_IV(rD3, 12)
0361     bt      lt,ppc_decrypt_cbc_end
0362 ppc_decrypt_cbc_loop:
0363     mr      rKP,rKS
0364     START_KEY(rD0, rD1, rD2, rD3)
0365     bl      ppc_decrypt_block
0366     subi        rLN,rLN,16
0367     subi        rSP,rSP,CBC_DEC
0368     xor     rW0,rD0,rW0
0369     LOAD_DATA(rD0, 0)
0370     xor     rW1,rD1,rW1
0371     LOAD_DATA(rD1, 4)
0372     xor     rW2,rD2,rW2
0373     LOAD_DATA(rD2, 8)
0374     xor     rW3,rD3,rW3
0375     LOAD_DATA(rD3, 12)
0376     xor     rW0,rW0,rD0
0377     SAVE_DATA(rW0, 0)
0378     xor     rW1,rW1,rD1
0379     SAVE_DATA(rW1, 4)
0380     xor     rW2,rW2,rD2
0381     SAVE_DATA(rW2, 8)
0382     xor     rW3,rW3,rD3
0383     SAVE_DATA(rW3, 12)
0384     cmpwi       rLN,15
0385     subi        rDP,rDP,CBC_DEC
0386     bt      gt,ppc_decrypt_cbc_loop
0387 ppc_decrypt_cbc_end:
0388     mr      rKP,rKS
0389     START_KEY(rD0, rD1, rD2, rD3)
0390     bl      ppc_decrypt_block
0391     xor     rW0,rW0,rD0
0392     xor     rW1,rW1,rD1
0393     xor     rW2,rW2,rD2
0394     xor     rW3,rW3,rD3
0395     xor     rW0,rW0,rI0 /* decrypt with initial IV  */
0396     SAVE_DATA(rW0, 0)
0397     xor     rW1,rW1,rI1
0398     SAVE_DATA(rW1, 4)
0399     xor     rW2,rW2,rI2
0400     SAVE_DATA(rW2, 8)
0401     xor     rW3,rW3,rI3
0402     SAVE_DATA(rW3, 12)
0403     FINALIZE_CRYPT(4)
0404     blr
0405 
0406 /*
0407  * ppc_crypt_ctr(u8 *out, const u8 *in, u32 *key_enc,
0408  *       u32 rounds, u32 bytes, u8 *iv);
0409  *
0410  * called from glue layer to encrypt/decrypt multiple blocks
0411  * via CTR. Number of bytes does not need to be a multiple of
0412  * 16. Round values are AES128 = 4, AES192 = 5, AES256 = 6
0413  *
0414  */
0415 _GLOBAL(ppc_crypt_ctr)
0416     INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 4)
0417     LOAD_IV(rI0, 0)
0418     LOAD_IV(rI1, 4)
0419     LOAD_IV(rI2, 8)
0420     cmpwi       rLN,16
0421     LOAD_IV(rI3, 12)
0422     START_IV
0423     bt      lt,ppc_crypt_ctr_partial
0424 ppc_crypt_ctr_loop:
0425     mr      rKP,rKS
0426     START_KEY(rI0, rI1, rI2, rI3)
0427     bl      ppc_encrypt_block
0428     xor     rW0,rD0,rW0
0429     xor     rW1,rD1,rW1
0430     xor     rW2,rD2,rW2
0431     xor     rW3,rD3,rW3
0432     LOAD_DATA(rD0, 0)
0433     subi        rLN,rLN,16
0434     LOAD_DATA(rD1, 4)
0435     LOAD_DATA(rD2, 8)
0436     LOAD_DATA(rD3, 12)
0437     xor     rD0,rD0,rW0
0438     SAVE_DATA(rD0, 0)
0439     xor     rD1,rD1,rW1
0440     SAVE_DATA(rD1, 4)
0441     xor     rD2,rD2,rW2
0442     SAVE_DATA(rD2, 8)
0443     xor     rD3,rD3,rW3
0444     SAVE_DATA(rD3, 12)
0445     addic       rI3,rI3,1   /* increase counter         */
0446     addze       rI2,rI2
0447     addze       rI1,rI1
0448     addze       rI0,rI0
0449     NEXT_BLOCK
0450     cmpwi       rLN,15
0451     bt      gt,ppc_crypt_ctr_loop
0452 ppc_crypt_ctr_partial:
0453     cmpwi       rLN,0
0454     bt      eq,ppc_crypt_ctr_end
0455     mr      rKP,rKS
0456     START_KEY(rI0, rI1, rI2, rI3)
0457     bl      ppc_encrypt_block
0458     xor     rW0,rD0,rW0
0459     SAVE_IV(rW0, 0)
0460     xor     rW1,rD1,rW1
0461     SAVE_IV(rW1, 4)
0462     xor     rW2,rD2,rW2
0463     SAVE_IV(rW2, 8)
0464     xor     rW3,rD3,rW3
0465     SAVE_IV(rW3, 12)
0466     mtctr       rLN
0467     subi        rIP,rIP,CTR_DEC
0468     subi        rSP,rSP,1
0469     subi        rDP,rDP,1
0470 ppc_crypt_ctr_xorbyte:
0471     lbzu        rW4,1(rIP)  /* bytewise xor for partial block   */
0472     lbzu        rW5,1(rSP)
0473     xor     rW4,rW4,rW5
0474     stbu        rW4,1(rDP)
0475     bdnz        ppc_crypt_ctr_xorbyte
0476     subf        rIP,rLN,rIP
0477     addi        rIP,rIP,1
0478     addic       rI3,rI3,1
0479     addze       rI2,rI2
0480     addze       rI1,rI1
0481     addze       rI0,rI0
0482 ppc_crypt_ctr_end:
0483     SAVE_IV(rI0, 0)
0484     SAVE_IV(rI1, 4)
0485     SAVE_IV(rI2, 8)
0486     SAVE_IV(rI3, 12)
0487     FINALIZE_CRYPT(4)
0488     blr
0489 
0490 /*
0491  * ppc_encrypt_xts(u8 *out, const u8 *in, u32 *key_enc,
0492  *         u32 rounds, u32 bytes, u8 *iv, u32 *key_twk);
0493  *
0494  * called from glue layer to encrypt multiple blocks via XTS
0495  * If key_twk is given, the initial IV encryption will be
0496  * processed too. Round values are AES128 = 4, AES192 = 5,
0497  * AES256 = 6
0498  *
0499  */
0500 _GLOBAL(ppc_encrypt_xts)
0501     INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 8)
0502     LOAD_IV(rI0, 0)
0503     LOAD_IV(rI1, 4)
0504     LOAD_IV(rI2, 8)
0505     cmpwi       rKT,0
0506     LOAD_IV(rI3, 12)
0507     bt      eq,ppc_encrypt_xts_notweak
0508     mr      rKP,rKT
0509     START_KEY(rI0, rI1, rI2, rI3)
0510     bl      ppc_encrypt_block
0511     xor     rI0,rD0,rW0
0512     xor     rI1,rD1,rW1
0513     xor     rI2,rD2,rW2
0514     xor     rI3,rD3,rW3
0515 ppc_encrypt_xts_notweak:
0516     ENDIAN_SWAP(rG0, rG1, rI0, rI1)
0517     ENDIAN_SWAP(rG2, rG3, rI2, rI3)
0518 ppc_encrypt_xts_loop:
0519     LOAD_DATA(rD0, 0)
0520     mr      rKP,rKS
0521     LOAD_DATA(rD1, 4)
0522     subi        rLN,rLN,16
0523     LOAD_DATA(rD2, 8)
0524     LOAD_DATA(rD3, 12)
0525     xor     rD0,rD0,rI0
0526     xor     rD1,rD1,rI1
0527     xor     rD2,rD2,rI2
0528     xor     rD3,rD3,rI3
0529     START_KEY(rD0, rD1, rD2, rD3)
0530     bl      ppc_encrypt_block
0531     xor     rD0,rD0,rW0
0532     xor     rD1,rD1,rW1
0533     xor     rD2,rD2,rW2
0534     xor     rD3,rD3,rW3
0535     xor     rD0,rD0,rI0
0536     SAVE_DATA(rD0, 0)
0537     xor     rD1,rD1,rI1
0538     SAVE_DATA(rD1, 4)
0539     xor     rD2,rD2,rI2
0540     SAVE_DATA(rD2, 8)
0541     xor     rD3,rD3,rI3
0542     SAVE_DATA(rD3, 12)
0543     GF128_MUL(rG0, rG1, rG2, rG3, rW0)
0544     ENDIAN_SWAP(rI0, rI1, rG0, rG1)
0545     ENDIAN_SWAP(rI2, rI3, rG2, rG3)
0546     cmpwi       rLN,0
0547     NEXT_BLOCK
0548     bt      gt,ppc_encrypt_xts_loop
0549     START_IV
0550     SAVE_IV(rI0, 0)
0551     SAVE_IV(rI1, 4)
0552     SAVE_IV(rI2, 8)
0553     SAVE_IV(rI3, 12)
0554     FINALIZE_CRYPT(8)
0555     blr
0556 
0557 /*
0558  * ppc_decrypt_xts(u8 *out, const u8 *in, u32 *key_dec,
0559  *         u32 rounds, u32 blocks, u8 *iv, u32 *key_twk);
0560  *
0561  * called from glue layer to decrypt multiple blocks via XTS
0562  * If key_twk is given, the initial IV encryption will be
0563  * processed too. Round values are AES128 = 4, AES192 = 5,
0564  * AES256 = 6
0565  *
0566  */
0567 _GLOBAL(ppc_decrypt_xts)
0568     INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 8)
0569     LOAD_IV(rI0, 0)
0570     addi        rT1,rT0,4096
0571     LOAD_IV(rI1, 4)
0572     LOAD_IV(rI2, 8)
0573     cmpwi       rKT,0
0574     LOAD_IV(rI3, 12)
0575     bt      eq,ppc_decrypt_xts_notweak
0576     subi        rT0,rT0,4096
0577     mr      rKP,rKT
0578     START_KEY(rI0, rI1, rI2, rI3)
0579     bl      ppc_encrypt_block
0580     xor     rI0,rD0,rW0
0581     xor     rI1,rD1,rW1
0582     xor     rI2,rD2,rW2
0583     xor     rI3,rD3,rW3
0584     addi        rT0,rT0,4096
0585 ppc_decrypt_xts_notweak:
0586     ENDIAN_SWAP(rG0, rG1, rI0, rI1)
0587     ENDIAN_SWAP(rG2, rG3, rI2, rI3)
0588 ppc_decrypt_xts_loop:
0589     LOAD_DATA(rD0, 0)
0590     mr      rKP,rKS
0591     LOAD_DATA(rD1, 4)
0592     subi        rLN,rLN,16
0593     LOAD_DATA(rD2, 8)
0594     LOAD_DATA(rD3, 12)
0595     xor     rD0,rD0,rI0
0596     xor     rD1,rD1,rI1
0597     xor     rD2,rD2,rI2
0598     xor     rD3,rD3,rI3
0599     START_KEY(rD0, rD1, rD2, rD3)
0600     bl      ppc_decrypt_block
0601     xor     rD0,rD0,rW0
0602     xor     rD1,rD1,rW1
0603     xor     rD2,rD2,rW2
0604     xor     rD3,rD3,rW3
0605     xor     rD0,rD0,rI0
0606     SAVE_DATA(rD0, 0)
0607     xor     rD1,rD1,rI1
0608     SAVE_DATA(rD1, 4)
0609     xor     rD2,rD2,rI2
0610     SAVE_DATA(rD2, 8)
0611     xor     rD3,rD3,rI3
0612     SAVE_DATA(rD3, 12)
0613     GF128_MUL(rG0, rG1, rG2, rG3, rW0)
0614     ENDIAN_SWAP(rI0, rI1, rG0, rG1)
0615     ENDIAN_SWAP(rI2, rI3, rG2, rG3)
0616     cmpwi       rLN,0
0617     NEXT_BLOCK
0618     bt      gt,ppc_decrypt_xts_loop
0619     START_IV
0620     SAVE_IV(rI0, 0)
0621     SAVE_IV(rI1, 4)
0622     SAVE_IV(rI2, 8)
0623     SAVE_IV(rI3, 12)
0624     FINALIZE_CRYPT(8)
0625     blr
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!