1/* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16#include "hitls_build.h" 17#if defined(HITLS_CRYPTO_AES) && defined(HITLS_CRYPTO_CFB) 18 19#include "crypt_arm.h" 20#include "crypt_aes_macro_armv8.s" 21 22.file "crypt_aes_cfb_armv8.S" 23.text 24.arch armv8-a+crypto 25 26.align 5 27 28KEY .req x0 29IN .req x1 30OUT .req x2 31LEN .req x3 32IV .req x4 33 34LTMP .req x12 35 36IVC .req v19 37CT1 .req v20 38CT2 .req v21 39CT3 .req v22 40CT4 .req v23 41CT5 .req v24 42CT6 .req v25 43CT7 .req v26 44CT8 .req v27 45 46BLK0 .req v0 47BLK1 .req v1 48BLK2 .req v2 49BLK3 .req v3 50BLK4 .req v4 51BLK5 .req v5 52BLK6 .req v6 53BLK7 .req v7 54 55RDK0 .req v17 56RDK1 .req v18 57ROUNDS .req w6 58 59/* 60 * int32_t CRYPT_AES_CFB_Decrypt(const CRYPT_AES_Key *ctx, 61 * const uint8_t *in, 62 * uint8_t *out, 63 * uint32_t len, 64 * uint8_t *iv); 65 */ 66 67.globl CRYPT_AES_CFB_Decrypt 68.type CRYPT_AES_CFB_Decrypt, %function 69CRYPT_AES_CFB_Decrypt: 70AARCH64_PACIASP 71 ld1 {IVC.16b}, [IV] // Load the IV 72 mov LTMP, LEN 73 74.Lcfb_aesdec_start: 75 cmp LTMP, #64 76 b.ge .Lcfb_dec_above_equal_4_blks 77 cmp LTMP, #32 78 b.ge .Lcfb_dec_above_equal_2_blks 79 cmp LTMP, #0 80 b.eq .Lcfb_len_zero 81 b .Lcfb_dec_proc_1_blk 82 83.Lcfb_dec_above_equal_2_blks: 84 cmp LTMP, #48 85 b.lt .Lcfb_dec_proc_2_blks 86 b .Lcfb_dec_proc_3_blks 87 88.Lcfb_dec_above_equal_4_blks: 89 cmp LTMP, #96 90 b.ge .Lcfb_dec_above_equal_6_blks 91 cmp LTMP, #80 92 b.lt .Lcfb_dec_proc_4_blks 93 b .Lcfb_dec_proc_5_blks 94 95.Lcfb_dec_above_equal_6_blks: 96 cmp LTMP, #112 97 b.lt .Lcfb_dec_proc_6_blks 98 cmp LTMP, #128 99 b.lt .Lcfb_dec_proc_7_blks 100 101.Lcfb_dec_proc_8_blks: 102 103/* When the length is greater than or equal to 128, eight blocks loop is used */ 104.Lcfb_aesdec_8_blks_loop: 105 106 /* Compute 8 CBF Decryption */ 107 ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64 108 ld1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [IN], #64 109 110 mov CT1.16b, IVC.16b // Prevent the IV or BLK from being changed 111 mov CT2.16b, BLK0.16b 112 mov CT3.16b, BLK1.16b 113 mov CT4.16b, BLK2.16b 114 mov CT5.16b, BLK3.16b 115 mov CT6.16b, BLK4.16b 116 mov CT7.16b, BLK5.16b 117 mov CT8.16b, BLK6.16b 118 119 mov x14, KEY // Prevent the key from being changed 120 AES_ENC_8_BLKS x14 CT1.16b CT2.16b CT3.16b CT4.16b CT5.16b \ 121 CT6.16b CT7.16b CT8.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 122 123 124 mov IVC.16b, BLK7.16b // Prepares for the next loop or update 125 126 eor BLK0.16b, BLK0.16b, CT1.16b 127 eor BLK1.16b, BLK1.16b, CT2.16b 128 eor BLK2.16b, BLK2.16b, CT3.16b 129 eor BLK3.16b, BLK3.16b, CT4.16b 130 eor BLK4.16b, BLK4.16b, CT5.16b 131 eor BLK5.16b, BLK5.16b, CT6.16b 132 eor BLK6.16b, BLK6.16b, CT7.16b 133 eor BLK7.16b, BLK7.16b, CT8.16b 134 135 st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64 136 st1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [OUT], #64 137 138 sub LTMP, LTMP, #128 139 cmp LTMP, #0 140 b.eq .Lcfb_aesdec_finish 141 142 cmp LTMP, #128 143 b.lt .Lcfb_aesdec_start 144 b .Lcfb_aesdec_8_blks_loop 145 146.Lcfb_dec_proc_1_blk: 147 ld1 {BLK0.16b}, [IN] 148 mov CT1.16b, IVC.16b 149 150 AES_ENC_1_BLK KEY CT1.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 151 152 mov IVC.16b, BLK0.16b 153 eor BLK0.16b, CT1.16b, BLK0.16b 154 st1 {BLK0.16b}, [OUT] 155 b .Lcfb_aesdec_finish 156 157.Lcfb_dec_proc_2_blks: 158 ld1 {BLK0.16b, BLK1.16b}, [IN] 159 mov CT1.16b, IVC.16b 160 mov CT2.16b, BLK0.16b 161 162 AES_ENC_2_BLKS KEY CT1.16b CT2.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 163 164 mov IVC.16b, BLK1.16b 165 eor BLK0.16b, CT1.16b, BLK0.16b 166 eor BLK1.16b, CT2.16b, BLK1.16b 167 168 st1 {BLK0.16b, BLK1.16b}, [OUT] 169 b .Lcfb_aesdec_finish 170 171.Lcfb_dec_proc_3_blks: 172 ld1 {BLK0.16b, BLK1.16b, BLK2.16b}, [IN] 173 mov CT1.16b, IVC.16b 174 mov CT2.16b, BLK0.16b 175 mov CT3.16b, BLK1.16b 176 AES_ENC_3_BLKS KEY CT1.16b CT2.16b CT3.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 177 178 mov IVC.16b, BLK2.16b 179 eor BLK0.16b, BLK0.16b, CT1.16b 180 eor BLK1.16b, BLK1.16b, CT2.16b 181 eor BLK2.16b, BLK2.16b, CT3.16b 182 183 st1 {BLK0.16b, BLK1.16b, BLK2.16b}, [OUT] 184 b .Lcfb_aesdec_finish 185 186.Lcfb_dec_proc_4_blks: 187 188 ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN] 189 mov CT1.16b, IVC.16b 190 mov CT2.16b, BLK0.16b 191 mov CT3.16b, BLK1.16b 192 mov CT4.16b, BLK2.16b 193 AES_ENC_4_BLKS KEY CT1.16b CT2.16b CT3.16b CT4.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 194 195 mov IVC.16b, BLK3.16b 196 197 eor BLK0.16b, BLK0.16b, CT1.16b 198 eor BLK1.16b, BLK1.16b, CT2.16b 199 eor BLK2.16b, BLK2.16b, CT3.16b 200 eor BLK3.16b, BLK3.16b, CT4.16b 201 202 st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT] 203 b .Lcfb_aesdec_finish 204 205.Lcfb_dec_proc_5_blks: 206 207 ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64 208 ld1 {BLK4.16b}, [IN] 209 mov CT1.16b, IVC.16b 210 mov CT2.16b, BLK0.16b 211 mov CT3.16b, BLK1.16b 212 mov CT4.16b, BLK2.16b 213 mov CT5.16b, BLK3.16b 214 215 AES_ENC_5_BLKS KEY CT1.16b CT2.16b CT3.16b CT4.16b CT5.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 216 217 mov IVC.16b, BLK4.16b 218 219 eor BLK0.16b, BLK0.16b, CT1.16b 220 eor BLK1.16b, BLK1.16b, CT2.16b 221 eor BLK2.16b, BLK2.16b, CT3.16b 222 eor BLK3.16b, BLK3.16b, CT4.16b 223 eor BLK4.16b, BLK4.16b, CT5.16b 224 225 st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64 226 st1 {BLK4.16b}, [OUT] 227 b .Lcfb_aesdec_finish 228.Lcfb_dec_proc_6_blks: 229 230 ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64 231 ld1 {BLK4.16b, BLK5.16b}, [IN] 232 mov CT1.16b, IVC.16b 233 mov CT2.16b, BLK0.16b 234 mov CT3.16b, BLK1.16b 235 mov CT4.16b, BLK2.16b 236 mov CT5.16b, BLK3.16b 237 mov CT6.16b, BLK4.16b 238 239 AES_ENC_6_BLKS KEY CT1.16b CT2.16b CT3.16b CT4.16b CT5.16b CT6.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 240 241 mov IVC.16b, BLK5.16b 242 243 eor BLK0.16b, BLK0.16b, CT1.16b 244 eor BLK1.16b, BLK1.16b, CT2.16b 245 eor BLK2.16b, BLK2.16b, CT3.16b 246 eor BLK3.16b, BLK3.16b, CT4.16b 247 eor BLK4.16b, BLK4.16b, CT5.16b 248 eor BLK5.16b, BLK5.16b, CT6.16b 249 250 st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64 251 st1 {BLK4.16b, BLK5.16b}, [OUT] 252 b .Lcfb_aesdec_finish 253 254.Lcfb_dec_proc_7_blks: 255 ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64 256 ld1 {BLK4.16b, BLK5.16b, BLK6.16b}, [IN] 257 mov CT1.16b, IVC.16b 258 mov CT2.16b, BLK0.16b 259 mov CT3.16b, BLK1.16b 260 mov CT4.16b, BLK2.16b 261 mov CT5.16b, BLK3.16b 262 mov CT6.16b, BLK4.16b 263 mov CT7.16b, BLK5.16b 264 265 AES_ENC_7_BLKS KEY CT1.16b CT2.16b CT3.16b CT4.16b CT5.16b CT6.16b CT7.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS 266 267 mov IVC.16b, BLK6.16b 268 269 eor BLK0.16b, BLK0.16b, CT1.16b 270 eor BLK1.16b, BLK1.16b, CT2.16b 271 eor BLK2.16b, BLK2.16b, CT3.16b 272 eor BLK3.16b, BLK3.16b, CT4.16b 273 eor BLK4.16b, BLK4.16b, CT5.16b 274 eor BLK5.16b, BLK5.16b, CT6.16b 275 eor BLK6.16b, BLK6.16b, CT7.16b 276 277 st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64 278 st1 {BLK4.16b, BLK5.16b, BLK6.16b}, [OUT] 279 280.Lcfb_aesdec_finish: 281 st1 {IVC.16b}, [IV] 282 283.Lcfb_len_zero: 284 mov x0, #0 285 eor CT1.16b, CT1.16b, CT1.16b 286 eor CT2.16b, CT2.16b, CT2.16b 287 eor CT3.16b, CT3.16b, CT3.16b 288 eor CT4.16b, CT4.16b, CT4.16b 289 eor CT5.16b, CT5.16b, CT5.16b 290 eor CT6.16b, CT6.16b, CT6.16b 291 eor RDK0.16b, RDK0.16b, RDK0.16b 292 eor RDK1.16b, RDK1.16b, RDK1.16b 293 294AARCH64_AUTIASP 295 ret 296.size CRYPT_AES_CFB_Decrypt, .-CRYPT_AES_CFB_Decrypt 297 298#endif 299