1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
| /*
| * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with
| * Crypto Extensions
| *
| * Copyright (C) 2013 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
| *
| * This program is free software; you can redistribute it and/or modify
| * it under the terms of the GNU General Public License version 2 as
| * published by the Free Software Foundation.
| */
|
| #include <linux/linkage.h>
| #include <asm/assembler.h>
|
| #define AES_ENTRY(func) ENTRY(ce_ ## func)
| #define AES_ENDPROC(func) ENDPROC(ce_ ## func)
|
| .arch armv8-a+crypto
|
| /* preload all round keys */
| .macro load_round_keys, rounds, rk
| cmp \rounds, #12
| blo 2222f /* 128 bits */
| beq 1111f /* 192 bits */
| ld1 {v17.4s-v18.4s}, [\rk], #32
| 1111: ld1 {v19.4s-v20.4s}, [\rk], #32
| 2222: ld1 {v21.4s-v24.4s}, [\rk], #64
| ld1 {v25.4s-v28.4s}, [\rk], #64
| ld1 {v29.4s-v31.4s}, [\rk]
| .endm
|
| /* prepare for encryption with key in rk[] */
| .macro enc_prepare, rounds, rk, temp
| mov \temp, \rk
| load_round_keys \rounds, \temp
| .endm
|
| /* prepare for encryption (again) but with new key in rk[] */
| .macro enc_switch_key, rounds, rk, temp
| mov \temp, \rk
| load_round_keys \rounds, \temp
| .endm
|
| /* prepare for decryption with key in rk[] */
| .macro dec_prepare, rounds, rk, temp
| mov \temp, \rk
| load_round_keys \rounds, \temp
| .endm
|
| .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3
| aes\de \i0\().16b, \k\().16b
| aes\mc \i0\().16b, \i0\().16b
| .ifnb \i1
| aes\de \i1\().16b, \k\().16b
| aes\mc \i1\().16b, \i1\().16b
| .ifnb \i3
| aes\de \i2\().16b, \k\().16b
| aes\mc \i2\().16b, \i2\().16b
| aes\de \i3\().16b, \k\().16b
| aes\mc \i3\().16b, \i3\().16b
| .endif
| .endif
| .endm
|
| /* up to 4 interleaved encryption rounds with the same round key */
| .macro round_Nx, enc, k, i0, i1, i2, i3
| .ifc \enc, e
| do_enc_Nx e, mc, \k, \i0, \i1, \i2, \i3
| .else
| do_enc_Nx d, imc, \k, \i0, \i1, \i2, \i3
| .endif
| .endm
|
| /* up to 4 interleaved final rounds */
| .macro fin_round_Nx, de, k, k2, i0, i1, i2, i3
| aes\de \i0\().16b, \k\().16b
| .ifnb \i1
| aes\de \i1\().16b, \k\().16b
| .ifnb \i3
| aes\de \i2\().16b, \k\().16b
| aes\de \i3\().16b, \k\().16b
| .endif
| .endif
| eor \i0\().16b, \i0\().16b, \k2\().16b
| .ifnb \i1
| eor \i1\().16b, \i1\().16b, \k2\().16b
| .ifnb \i3
| eor \i2\().16b, \i2\().16b, \k2\().16b
| eor \i3\().16b, \i3\().16b, \k2\().16b
| .endif
| .endif
| .endm
|
| /* up to 4 interleaved blocks */
| .macro do_block_Nx, enc, rounds, i0, i1, i2, i3
| cmp \rounds, #12
| blo 2222f /* 128 bits */
| beq 1111f /* 192 bits */
| round_Nx \enc, v17, \i0, \i1, \i2, \i3
| round_Nx \enc, v18, \i0, \i1, \i2, \i3
| 1111: round_Nx \enc, v19, \i0, \i1, \i2, \i3
| round_Nx \enc, v20, \i0, \i1, \i2, \i3
| 2222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29
| round_Nx \enc, \key, \i0, \i1, \i2, \i3
| .endr
| fin_round_Nx \enc, v30, v31, \i0, \i1, \i2, \i3
| .endm
|
| .macro encrypt_block, in, rounds, t0, t1, t2
| do_block_Nx e, \rounds, \in
| .endm
|
| .macro encrypt_block2x, i0, i1, rounds, t0, t1, t2
| do_block_Nx e, \rounds, \i0, \i1
| .endm
|
| .macro encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
| do_block_Nx e, \rounds, \i0, \i1, \i2, \i3
| .endm
|
| .macro decrypt_block, in, rounds, t0, t1, t2
| do_block_Nx d, \rounds, \in
| .endm
|
| .macro decrypt_block2x, i0, i1, rounds, t0, t1, t2
| do_block_Nx d, \rounds, \i0, \i1
| .endm
|
| .macro decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2
| do_block_Nx d, \rounds, \i0, \i1, \i2, \i3
| .endm
|
| #include "aes-modes.S"
|
|
