| blob | 1dc5bbbfeed238e91c949607f509a82da7ce77e5 |
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with
4 * Crypto Extensions
5 *
6 * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
7 */
9 #include <linux/linkage.h>
10 #include <asm/assembler.h>
12 #define AES_FUNC_START(func) SYM_FUNC_START(ce_ ## func)
13 #define AES_FUNC_END(func) SYM_FUNC_END(ce_ ## func)
15 .arch armv8-a+crypto
17 xtsmask .req v16
18 cbciv .req v16
19 vctr .req v16
21 .macro xts_reload_mask, tmp
22 .endm
24 .macro xts_cts_skip_tw, reg, lbl
25 .endm
27 /* preload all round keys */
28 .macro load_round_keys, rounds, rk
29 cmp \rounds, #12
30 blo 2222f /* 128 bits */
31 beq 1111f /* 192 bits */
32 ld1 {v17.4s-v18.4s}, [\rk], #32
33 1111: ld1 {v19.4s-v20.4s}, [\rk], #32
34 2222: ld1 {v21.4s-v24.4s}, [\rk], #64
35 ld1 {v25.4s-v28.4s}, [\rk], #64
36 ld1 {v29.4s-v31.4s}, [\rk]
37 .endm
39 /* prepare for encryption with key in rk[] */
40 .macro enc_prepare, rounds, rk, temp
41 mov \temp, \rk
42 load_round_keys \rounds, \temp
43 .endm
45 /* prepare for encryption (again) but with new key in rk[] */
46 .macro enc_switch_key, rounds, rk, temp
47 mov \temp, \rk
48 load_round_keys \rounds, \temp
49 .endm
51 /* prepare for decryption with key in rk[] */
52 .macro dec_prepare, rounds, rk, temp
53 mov \temp, \rk
54 load_round_keys \rounds, \temp
55 .endm
57 .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3, i4
58 aes\de \i0\().16b, \k\().16b
59 aes\mc \i0\().16b, \i0\().16b
60 .ifnb \i1
61 aes\de \i1\().16b, \k\().16b
62 aes\mc \i1\().16b, \i1\().16b
63 .ifnb \i3
64 aes\de \i2\().16b, \k\().16b
65 aes\mc \i2\().16b, \i2\().16b
66 aes\de \i3\().16b, \k\().16b
67 aes\mc \i3\().16b, \i3\().16b
68 .ifnb \i4
69 aes\de \i4\().16b, \k\().16b
70 aes\mc \i4\().16b, \i4\().16b
71 .endif
72 .endif
73 .endif
74 .endm
76 /* up to 5 interleaved encryption rounds with the same round key */
77 .macro round_Nx, enc, k, i0, i1, i2, i3, i4
78 .ifc \enc, e
79 do_enc_Nx e, mc, \k, \i0, \i1, \i2, \i3, \i4
80 .else
81 do_enc_Nx d, imc, \k, \i0, \i1, \i2, \i3, \i4
82 .endif
83 .endm
85 /* up to 5 interleaved final rounds */
86 .macro fin_round_Nx, de, k, k2, i0, i1, i2, i3, i4
87 aes\de \i0\().16b, \k\().16b
88 .ifnb \i1
89 aes\de \i1\().16b, \k\().16b
90 .ifnb \i3
91 aes\de \i2\().16b, \k\().16b
92 aes\de \i3\().16b, \k\().16b
93 .ifnb \i4
94 aes\de \i4\().16b, \k\().16b
95 .endif
96 .endif
97 .endif
98 eor \i0\().16b, \i0\().16b, \k2\().16b
99 .ifnb \i1
100 eor \i1\().16b, \i1\().16b, \k2\().16b
101 .ifnb \i3
102 eor \i2\().16b, \i2\().16b, \k2\().16b
103 eor \i3\().16b, \i3\().16b, \k2\().16b
104 .ifnb \i4
105 eor \i4\().16b, \i4\().16b, \k2\().16b
106 .endif
107 .endif
108 .endif
109 .endm
111 /* up to 5 interleaved blocks */
112 .macro do_block_Nx, enc, rounds, i0, i1, i2, i3, i4
113 cmp \rounds, #12
114 blo 2222f /* 128 bits */
115 beq 1111f /* 192 bits */
116 round_Nx \enc, v17, \i0, \i1, \i2, \i3, \i4
117 round_Nx \enc, v18, \i0, \i1, \i2, \i3, \i4
118 1111: round_Nx \enc, v19, \i0, \i1, \i2, \i3, \i4
119 round_Nx \enc, v20, \i0, \i1, \i2, \i3, \i4
120 2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29
121 round_Nx \enc, \key, \i0, \i1, \i2, \i3, \i4
122 .endr
123 fin_round_Nx \enc, v30, v31, \i0, \i1, \i2, \i3, \i4
124 .endm
126 .macro encrypt_block, in, rounds, t0, t1, t2
127 do_block_Nx e, \rounds, \in
128 .endm
130 .macro encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
131 do_block_Nx e, \rounds, \i0, \i1, \i2, \i3
132 .endm
134 .macro encrypt_block5x, i0, i1, i2, i3, i4, rounds, t0, t1, t2
135 do_block_Nx e, \rounds, \i0, \i1, \i2, \i3, \i4
136 .endm
138 .macro decrypt_block, in, rounds, t0, t1, t2
139 do_block_Nx d, \rounds, \in
140 .endm
142 .macro decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
143 do_block_Nx d, \rounds, \i0, \i1, \i2, \i3
144 .endm
146 .macro decrypt_block5x, i0, i1, i2, i3, i4, rounds, t0, t1, t2
147 do_block_Nx d, \rounds, \i0, \i1, \i2, \i3, \i4
148 .endm
150 #define MAX_STRIDE 5
152 #include "aes-modes.S"