| blob | fae62179a4a3d05eabd1dfc60efa2c559bf5838b |
1 /* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
2 //
3 // This file is dual-licensed, meaning that you can use it under your
4 // choice of either of the following two licenses:
5 //
6 // Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
7 //
8 // Licensed under the Apache License 2.0 (the "License"). You can obtain
9 // a copy in the file LICENSE in the source distribution or at
10 // https://www.openssl.org/source/license.html
11 //
12 // or
13 //
14 // Copyright (c) 2023, Christoph Müllner <christoph.muellner@vrull.eu>
15 // Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
16 // Copyright 2024 Google LLC
17 // All rights reserved.
18 //
19 // Redistribution and use in source and binary forms, with or without
20 // modification, are permitted provided that the following conditions
21 // are met:
22 // 1. Redistributions of source code must retain the above copyright
23 // notice, this list of conditions and the following disclaimer.
24 // 2. Redistributions in binary form must reproduce the above copyright
25 // notice, this list of conditions and the following disclaimer in the
26 // documentation and/or other materials provided with the distribution.
27 //
28 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 // The generated code of this file depends on the following RISC-V extensions:
41 // - RV64I
42 // - RISC-V Vector ('V') with VLEN >= 128
43 // - RISC-V Vector SM4 Block Cipher extension ('Zvksed')
44 // - RISC-V Vector Cryptography Bit-manipulation extension ('Zvkb')
46 #include <linux/linkage.h>
48 .text
49 .option arch, +zvksed, +zvkb
51 // void sm4_expandkey_zksed_zvkb(const u8 user_key[16], u32 rkey_enc[32],
52 // u32 rkey_dec[32]);
53 SYM_FUNC_START(sm4_expandkey_zvksed_zvkb)
54 vsetivli zero, 4, e32, m1, ta, ma
56 // Load the user key.
57 vle32.v v1, (a0)
58 vrev8.v v1, v1
60 // XOR the user key with the family key.
61 la t0, FAMILY_KEY
62 vle32.v v2, (t0)
63 vxor.vv v1, v1, v2
65 // Compute the round keys. Store them in forwards order in rkey_enc
66 // and in reverse order in rkey_dec.
67 addi a2, a2, 31*4
68 li t0, -4
69 .set i, 0
70 .rept 8
71 vsm4k.vi v1, v1, i
72 vse32.v v1, (a1) // Store to rkey_enc.
73 vsse32.v v1, (a2), t0 // Store to rkey_dec.
74 .if i < 7
75 addi a1, a1, 16
76 addi a2, a2, -16
77 .endif
78 .set i, i + 1
79 .endr
81 ret
82 SYM_FUNC_END(sm4_expandkey_zvksed_zvkb)
84 // void sm4_crypt_zvksed_zvkb(const u32 rkey[32], const u8 in[16], u8 out[16]);
85 SYM_FUNC_START(sm4_crypt_zvksed_zvkb)
86 vsetivli zero, 4, e32, m1, ta, ma
88 // Load the input data.
89 vle32.v v1, (a1)
90 vrev8.v v1, v1
92 // Do the 32 rounds of SM4, 4 at a time.
93 .set i, 0
94 .rept 8
95 vle32.v v2, (a0)
96 vsm4r.vs v1, v2
97 .if i < 7
98 addi a0, a0, 16
99 .endif
100 .set i, i + 1
101 .endr
103 // Store the output data (in reverse element order).
104 vrev8.v v1, v1
105 li t0, -4
106 addi a2, a2, 12
107 vsse32.v v1, (a2), t0
109 ret
110 SYM_FUNC_END(sm4_crypt_zvksed_zvkb)
112 .section ".rodata"
113 .p2align 2
114 .type FAMILY_KEY, @object
115 FAMILY_KEY:
116 .word 0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC
117 .size FAMILY_KEY, . - FAMILY_KEY