| blob | 9e86d460b4092826eecc1bf748ac45b18fa83bdb |
1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3 * Cast6 Cipher 8-way parallel algorithm (AVX/x86_64)
4 *
5 * Copyright (C) 2012 Johannes Goetzfried
6 * <Johannes.Goetzfried@informatik.stud.uni-erlangen.de>
7 *
8 * Copyright © 2012-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi>
9 */
11 #include <linux/linkage.h>
12 #include <asm/frame.h>
13 #include "glue_helper-asm-avx.S"
15 .file "cast6-avx-x86_64-asm_64.S"
17 .extern cast_s1
18 .extern cast_s2
19 .extern cast_s3
20 .extern cast_s4
22 /* structure of crypto context */
23 #define km 0
24 #define kr (12*4*4)
26 /* s-boxes */
27 #define s1 cast_s1
28 #define s2 cast_s2
29 #define s3 cast_s3
30 #define s4 cast_s4
32 /**********************************************************************
33 8-way AVX cast6
34 **********************************************************************/
35 #define CTX %r15
37 #define RA1 %xmm0
38 #define RB1 %xmm1
39 #define RC1 %xmm2
40 #define RD1 %xmm3
42 #define RA2 %xmm4
43 #define RB2 %xmm5
44 #define RC2 %xmm6
45 #define RD2 %xmm7
47 #define RX %xmm8
49 #define RKM %xmm9
50 #define RKR %xmm10
51 #define RKRF %xmm11
52 #define RKRR %xmm12
53 #define R32 %xmm13
54 #define R1ST %xmm14
56 #define RTMP %xmm15
58 #define RID1 %rdi
59 #define RID1d %edi
60 #define RID2 %rsi
61 #define RID2d %esi
63 #define RGI1 %rdx
64 #define RGI1bl %dl
65 #define RGI1bh %dh
66 #define RGI2 %rcx
67 #define RGI2bl %cl
68 #define RGI2bh %ch
70 #define RGI3 %rax
71 #define RGI3bl %al
72 #define RGI3bh %ah
73 #define RGI4 %rbx
74 #define RGI4bl %bl
75 #define RGI4bh %bh
77 #define RFS1 %r8
78 #define RFS1d %r8d
79 #define RFS2 %r9
80 #define RFS2d %r9d
81 #define RFS3 %r10
82 #define RFS3d %r10d
85 #define lookup_32bit(src, dst, op1, op2, op3, interleave_op, il_reg) \
86 movzbl src ## bh, RID1d; \
87 leaq s1(%rip), RID2; \
88 movl (RID2,RID1,4), dst ## d; \
89 movzbl src ## bl, RID2d; \
90 leaq s2(%rip), RID1; \
91 op1 (RID1,RID2,4), dst ## d; \
92 shrq $16, src; \
93 movzbl src ## bh, RID1d; \
94 leaq s3(%rip), RID2; \
95 op2 (RID2,RID1,4), dst ## d; \
96 movzbl src ## bl, RID2d; \
97 interleave_op(il_reg); \
98 leaq s4(%rip), RID1; \
99 op3 (RID1,RID2,4), dst ## d;
101 #define dummy(d) /* do nothing */
103 #define shr_next(reg) \
104 shrq $16, reg;
106 #define F_head(a, x, gi1, gi2, op0) \
107 op0 a, RKM, x; \
108 vpslld RKRF, x, RTMP; \
109 vpsrld RKRR, x, x; \
110 vpor RTMP, x, x; \
111 \
112 vmovq x, gi1; \
113 vpextrq $1, x, gi2;
115 #define F_tail(a, x, gi1, gi2, op1, op2, op3) \
116 lookup_32bit(##gi1, RFS1, op1, op2, op3, shr_next, ##gi1); \
117 lookup_32bit(##gi2, RFS3, op1, op2, op3, shr_next, ##gi2); \
118 \
119 lookup_32bit(##gi1, RFS2, op1, op2, op3, dummy, none); \
120 shlq $32, RFS2; \
121 orq RFS1, RFS2; \
122 lookup_32bit(##gi2, RFS1, op1, op2, op3, dummy, none); \
123 shlq $32, RFS1; \
124 orq RFS1, RFS3; \
125 \
126 vmovq RFS2, x; \
127 vpinsrq $1, RFS3, x, x;
129 #define F_2(a1, b1, a2, b2, op0, op1, op2, op3) \
130 F_head(b1, RX, RGI1, RGI2, op0); \
131 F_head(b2, RX, RGI3, RGI4, op0); \
132 \
133 F_tail(b1, RX, RGI1, RGI2, op1, op2, op3); \
134 F_tail(b2, RTMP, RGI3, RGI4, op1, op2, op3); \
135 \
136 vpxor a1, RX, a1; \
137 vpxor a2, RTMP, a2;
139 #define F1_2(a1, b1, a2, b2) \
140 F_2(a1, b1, a2, b2, vpaddd, xorl, subl, addl)
141 #define F2_2(a1, b1, a2, b2) \
142 F_2(a1, b1, a2, b2, vpxor, subl, addl, xorl)
143 #define F3_2(a1, b1, a2, b2) \
144 F_2(a1, b1, a2, b2, vpsubd, addl, xorl, subl)
146 #define qop(in, out, f) \
147 F ## f ## _2(out ## 1, in ## 1, out ## 2, in ## 2);
149 #define get_round_keys(nn) \
150 vbroadcastss (km+(4*(nn)))(CTX), RKM; \
151 vpand R1ST, RKR, RKRF; \
152 vpsubq RKRF, R32, RKRR; \
153 vpsrldq $1, RKR, RKR;
155 #define Q(n) \
156 get_round_keys(4*n+0); \
157 qop(RD, RC, 1); \
158 \
159 get_round_keys(4*n+1); \
160 qop(RC, RB, 2); \
161 \
162 get_round_keys(4*n+2); \
163 qop(RB, RA, 3); \
164 \
165 get_round_keys(4*n+3); \
166 qop(RA, RD, 1);
168 #define QBAR(n) \
169 get_round_keys(4*n+3); \
170 qop(RA, RD, 1); \
171 \
172 get_round_keys(4*n+2); \
173 qop(RB, RA, 3); \
174 \
175 get_round_keys(4*n+1); \
176 qop(RC, RB, 2); \
177 \
178 get_round_keys(4*n+0); \
179 qop(RD, RC, 1);
181 #define shuffle(mask) \
182 vpshufb mask(%rip), RKR, RKR;
184 #define preload_rkr(n, do_mask, mask) \
185 vbroadcastss .L16_mask(%rip), RKR; \
186 /* add 16-bit rotation to key rotations (mod 32) */ \
187 vpxor (kr+n*16)(CTX), RKR, RKR; \
188 do_mask(mask);
190 #define transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \
191 vpunpckldq x1, x0, t0; \
192 vpunpckhdq x1, x0, t2; \
193 vpunpckldq x3, x2, t1; \
194 vpunpckhdq x3, x2, x3; \
195 \
196 vpunpcklqdq t1, t0, x0; \
197 vpunpckhqdq t1, t0, x1; \
198 vpunpcklqdq x3, t2, x2; \
199 vpunpckhqdq x3, t2, x3;
201 #define inpack_blocks(x0, x1, x2, x3, t0, t1, t2, rmask) \
202 vpshufb rmask, x0, x0; \
203 vpshufb rmask, x1, x1; \
204 vpshufb rmask, x2, x2; \
205 vpshufb rmask, x3, x3; \
206 \
207 transpose_4x4(x0, x1, x2, x3, t0, t1, t2)
209 #define outunpack_blocks(x0, x1, x2, x3, t0, t1, t2, rmask) \
210 transpose_4x4(x0, x1, x2, x3, t0, t1, t2) \
211 \
212 vpshufb rmask, x0, x0; \
213 vpshufb rmask, x1, x1; \
214 vpshufb rmask, x2, x2; \
215 vpshufb rmask, x3, x3;
217 .section .rodata.cst16, "aM", @progbits, 16
218 .align 16
219 .Lbswap_mask:
220 .byte 3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12
221 .Lbswap128_mask:
222 .byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
223 .Lrkr_enc_Q_Q_QBAR_QBAR:
224 .byte 0, 1, 2, 3, 4, 5, 6, 7, 11, 10, 9, 8, 15, 14, 13, 12
225 .Lrkr_enc_QBAR_QBAR_QBAR_QBAR:
226 .byte 3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12
227 .Lrkr_dec_Q_Q_Q_Q:
228 .byte 12, 13, 14, 15, 8, 9, 10, 11, 4, 5, 6, 7, 0, 1, 2, 3
229 .Lrkr_dec_Q_Q_QBAR_QBAR:
230 .byte 12, 13, 14, 15, 8, 9, 10, 11, 7, 6, 5, 4, 3, 2, 1, 0
231 .Lrkr_dec_QBAR_QBAR_QBAR_QBAR:
232 .byte 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0
234 .section .rodata.cst4.L16_mask, "aM", @progbits, 4
235 .align 4
236 .L16_mask:
237 .byte 16, 16, 16, 16
239 .section .rodata.cst4.L32_mask, "aM", @progbits, 4
240 .align 4
241 .L32_mask:
242 .byte 32, 0, 0, 0
244 .section .rodata.cst4.first_mask, "aM", @progbits, 4
245 .align 4
246 .Lfirst_mask:
247 .byte 0x1f, 0, 0, 0
249 .text
251 .align 8
252 SYM_FUNC_START_LOCAL(__cast6_enc_blk8)
253 /* input:
254 * %rdi: ctx
255 * RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2: blocks
256 * output:
257 * RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2: encrypted blocks
258 */
260 pushq %r15;
261 pushq %rbx;
263 movq %rdi, CTX;
265 vmovdqa .Lbswap_mask(%rip), RKM;
266 vmovd .Lfirst_mask(%rip), R1ST;
267 vmovd .L32_mask(%rip), R32;
269 inpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
270 inpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
272 preload_rkr(0, dummy, none);
273 Q(0);
274 Q(1);
275 Q(2);
276 Q(3);
277 preload_rkr(1, shuffle, .Lrkr_enc_Q_Q_QBAR_QBAR);
278 Q(4);
279 Q(5);
280 QBAR(6);
281 QBAR(7);
282 preload_rkr(2, shuffle, .Lrkr_enc_QBAR_QBAR_QBAR_QBAR);
283 QBAR(8);
284 QBAR(9);
285 QBAR(10);
286 QBAR(11);
288 popq %rbx;
289 popq %r15;
291 vmovdqa .Lbswap_mask(%rip), RKM;
293 outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
294 outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
296 RET;
297 SYM_FUNC_END(__cast6_enc_blk8)
299 .align 8
300 SYM_FUNC_START_LOCAL(__cast6_dec_blk8)
301 /* input:
302 * %rdi: ctx
303 * RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2: encrypted blocks
304 * output:
305 * RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2: decrypted blocks
306 */
308 pushq %r15;
309 pushq %rbx;
311 movq %rdi, CTX;
313 vmovdqa .Lbswap_mask(%rip), RKM;
314 vmovd .Lfirst_mask(%rip), R1ST;
315 vmovd .L32_mask(%rip), R32;
317 inpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
318 inpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
320 preload_rkr(2, shuffle, .Lrkr_dec_Q_Q_Q_Q);
321 Q(11);
322 Q(10);
323 Q(9);
324 Q(8);
325 preload_rkr(1, shuffle, .Lrkr_dec_Q_Q_QBAR_QBAR);
326 Q(7);
327 Q(6);
328 QBAR(5);
329 QBAR(4);
330 preload_rkr(0, shuffle, .Lrkr_dec_QBAR_QBAR_QBAR_QBAR);
331 QBAR(3);
332 QBAR(2);
333 QBAR(1);
334 QBAR(0);
336 popq %rbx;
337 popq %r15;
339 vmovdqa .Lbswap_mask(%rip), RKM;
340 outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
341 outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
343 RET;
344 SYM_FUNC_END(__cast6_dec_blk8)
346 SYM_FUNC_START(cast6_ecb_enc_8way)
347 /* input:
348 * %rdi: ctx
349 * %rsi: dst
350 * %rdx: src
351 */
352 FRAME_BEGIN
353 pushq %r15;
355 movq %rdi, CTX;
356 movq %rsi, %r11;
358 load_8way(%rdx, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
360 call __cast6_enc_blk8;
362 store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
364 popq %r15;
365 FRAME_END
366 RET;
367 SYM_FUNC_END(cast6_ecb_enc_8way)
369 SYM_FUNC_START(cast6_ecb_dec_8way)
370 /* input:
371 * %rdi: ctx
372 * %rsi: dst
373 * %rdx: src
374 */
375 FRAME_BEGIN
376 pushq %r15;
378 movq %rdi, CTX;
379 movq %rsi, %r11;
381 load_8way(%rdx, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
383 call __cast6_dec_blk8;
385 store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
387 popq %r15;
388 FRAME_END
389 RET;
390 SYM_FUNC_END(cast6_ecb_dec_8way)
392 SYM_FUNC_START(cast6_cbc_dec_8way)
393 /* input:
394 * %rdi: ctx
395 * %rsi: dst
396 * %rdx: src
397 */
398 FRAME_BEGIN
399 pushq %r12;
400 pushq %r15;
402 movq %rdi, CTX;
403 movq %rsi, %r11;
404 movq %rdx, %r12;
406 load_8way(%rdx, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
408 call __cast6_dec_blk8;
410 store_cbc_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
412 popq %r15;
413 popq %r12;
414 FRAME_END
415 RET;
416 SYM_FUNC_END(cast6_cbc_dec_8way)