| blob | 184d6c2d15d5e7b4a01803f6ba2b99ee7b8fbfc2 |
1 /*
2 * Scalar AES core transform
3 *
4 * Copyright (C) 2017 Linaro Ltd.
5 * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
12 #include <linux/linkage.h>
13 #include <asm/cache.h>
15 .text
16 .align 5
18 rk .req r0
19 rounds .req r1
20 in .req r2
21 out .req r3
22 ttab .req ip
24 t0 .req lr
25 t1 .req r2
26 t2 .req r3
28 .macro __select, out, in, idx
29 .if __LINUX_ARM_ARCH__ < 7
30 and \out, \in, #0xff << (8 * \idx)
31 .else
32 ubfx \out, \in, #(8 * \idx), #8
33 .endif
34 .endm
36 .macro __load, out, in, idx, sz, op
37 .if __LINUX_ARM_ARCH__ < 7 && \idx > 0
38 ldr\op \out, [ttab, \in, lsr #(8 * \idx) - \sz]
39 .else
40 ldr\op \out, [ttab, \in, lsl #\sz]
41 .endif
42 .endm
44 .macro __hround, out0, out1, in0, in1, in2, in3, t3, t4, enc, sz, op
45 __select \out0, \in0, 0
46 __select t0, \in1, 1
47 __load \out0, \out0, 0, \sz, \op
48 __load t0, t0, 1, \sz, \op
50 .if \enc
51 __select \out1, \in1, 0
52 __select t1, \in2, 1
53 .else
54 __select \out1, \in3, 0
55 __select t1, \in0, 1
56 .endif
57 __load \out1, \out1, 0, \sz, \op
58 __select t2, \in2, 2
59 __load t1, t1, 1, \sz, \op
60 __load t2, t2, 2, \sz, \op
62 eor \out0, \out0, t0, ror #24
64 __select t0, \in3, 3
65 .if \enc
66 __select \t3, \in3, 2
67 __select \t4, \in0, 3
68 .else
69 __select \t3, \in1, 2
70 __select \t4, \in2, 3
71 .endif
72 __load \t3, \t3, 2, \sz, \op
73 __load t0, t0, 3, \sz, \op
74 __load \t4, \t4, 3, \sz, \op
76 eor \out1, \out1, t1, ror #24
77 eor \out0, \out0, t2, ror #16
78 ldm rk!, {t1, t2}
79 eor \out1, \out1, \t3, ror #16
80 eor \out0, \out0, t0, ror #8
81 eor \out1, \out1, \t4, ror #8
82 eor \out0, \out0, t1
83 eor \out1, \out1, t2
84 .endm
86 .macro fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
87 __hround \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op
88 __hround \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op
89 .endm
91 .macro iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
92 __hround \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op
93 __hround \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op
94 .endm
96 .macro __rev, out, in
97 .if __LINUX_ARM_ARCH__ < 6
98 lsl t0, \in, #24
99 and t1, \in, #0xff00
100 and t2, \in, #0xff0000
101 orr \out, t0, \in, lsr #24
102 orr \out, \out, t1, lsl #8
103 orr \out, \out, t2, lsr #8
104 .else
105 rev \out, \in
106 .endif
107 .endm
109 .macro __adrl, out, sym, c
110 .if __LINUX_ARM_ARCH__ < 7
111 ldr\c \out, =\sym
112 .else
113 movw\c \out, #:lower16:\sym
114 movt\c \out, #:upper16:\sym
115 .endif
116 .endm
118 .macro do_crypt, round, ttab, ltab, bsz
119 push {r3-r11, lr}
121 ldr r4, [in]
122 ldr r5, [in, #4]
123 ldr r6, [in, #8]
124 ldr r7, [in, #12]
126 ldm rk!, {r8-r11}
128 #ifdef CONFIG_CPU_BIG_ENDIAN
129 __rev r4, r4
130 __rev r5, r5
131 __rev r6, r6
132 __rev r7, r7
133 #endif
135 eor r4, r4, r8
136 eor r5, r5, r9
137 eor r6, r6, r10
138 eor r7, r7, r11
140 __adrl ttab, \ttab
142 tst rounds, #2
143 bne 1f
145 0: \round r8, r9, r10, r11, r4, r5, r6, r7
146 \round r4, r5, r6, r7, r8, r9, r10, r11
148 1: subs rounds, rounds, #4
149 \round r8, r9, r10, r11, r4, r5, r6, r7
150 bls 2f
151 \round r4, r5, r6, r7, r8, r9, r10, r11
152 b 0b
154 2: __adrl ttab, \ltab
155 \round r4, r5, r6, r7, r8, r9, r10, r11, \bsz, b
157 #ifdef CONFIG_CPU_BIG_ENDIAN
158 __rev r4, r4
159 __rev r5, r5
160 __rev r6, r6
161 __rev r7, r7
162 #endif
164 ldr out, [sp]
166 str r4, [out]
167 str r5, [out, #4]
168 str r6, [out, #8]
169 str r7, [out, #12]
171 pop {r3-r11, pc}
173 .align 3
174 .ltorg
175 .endm
177 ENTRY(__aes_arm_encrypt)
178 do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2
179 ENDPROC(__aes_arm_encrypt)
181 .align 5
182 ENTRY(__aes_arm_decrypt)
183 do_crypt iround, crypto_it_tab, __aes_arm_inverse_sbox, 0
184 ENDPROC(__aes_arm_decrypt)
186 .section ".rodata", "a"
187 .align L1_CACHE_SHIFT
188 .type __aes_arm_inverse_sbox, %object
189 __aes_arm_inverse_sbox:
190 .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
191 .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
192 .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
193 .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
194 .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
195 .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
196 .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
197 .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
198 .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
199 .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
200 .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
201 .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
202 .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
203 .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
204 .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
205 .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
206 .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
207 .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
208 .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
209 .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
210 .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
211 .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
212 .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
213 .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
214 .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
215 .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
216 .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
217 .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
218 .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
219 .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
220 .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
221 .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
222 .size __aes_arm_inverse_sbox, . - __aes_arm_inverse_sbox