• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 *     http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16#include "hitls_build.h"
17#if defined(HITLS_CRYPTO_AES) && defined(HITLS_CRYPTO_ECB)
18
19#include "crypt_arm.h"
20#include "crypt_aes_macro_armv8.s"
21
22.file    "crypt_aes_ecb_armv8.S"
23.text
24.arch    armv8-a+crypto
25
26KEY     .req    x0
27IN      .req    x1
28OUT     .req    x2
29LEN     .req    x3
30
31KTMP    .req    x4
32LTMP    .req    x9
33
34ROUNDS  .req    w6
35
36BLK0    .req    v0
37BLK1    .req    v1
38BLK2    .req    v2
39BLK3    .req    v3
40BLK4    .req    v4
41BLK5    .req    v5
42BLK6    .req    v6
43BLK7    .req    v7
44
45RDK0    .req    v17
46RDK1    .req    v18
47
48/*
49 * Vn      -  V0 ~ V31
50 * 8bytes  -  Vn.8B  Vn.4H  Vn.2S  Vn.1D
51 * 16bytes -  Vn.16B Vn.8H  Vn.4S  Vn.2D
52 *
53 * In Return-oriented programming (ROP) and Jump-oriented programming (JOP), we explored features
54 * that Arm introduced to the Arm architecture to mitigate against JOP-style and ROP-style attacks.
55 * ...
56 * Whether the combined or NOP-compatible instructions are generated depends on the architecture
57 * version that the code is built for. When building for Armv8.3-A, or later, the compiler will use
58 * the combined operations. When building for Armv8.2-A, or earlier, it will use the NOP compatible
59 * instructions.
60 * (https://developer.arm.com/documentation/102433/0100/Applying-these-techniques-to-real-code?lang=en)
61 *
62 * The paciasp and autiasp instructions are used for function pointer authentication. The pointer
63 * authentication feature is added in armv8.3 and is supported only by AArch64.
64 * The addition of pointer authentication features is described in Section A2.6.1 of
65 * DDI0487H_a_a-profile_architecture_reference_manual.pdf.
66 */
67
68/**
69 * Function description: Sets the AES encryption assembly acceleration interface in ECB mode.
70 * int32_t CRYPT_AES_ECB_Encrypt(const CRYPT_AES_Key *ctx,
71 *                              const uint8_t *in,
72 *                              uint8_t *out,
73 *                              uint32_t len);
74 * Input register:
75 *        x0: Pointer to the input key structure.
76 *        x1: Points to the 128-bit input data.
77 *        x2: Points to the 128-bit output data.
78 *        x3: Indicates the length of a data block, that is, 16 bytes.
79 *  Change register: x4, x6, x9, v0-v7, v17, v18.
80 *  Output register: x0.
81 *  Function/Macro Call: AES_ENC_8_BLKS, AES_ENC_1_BLK, AES_ENC_2_BLKS, AES_ENC_4_BLKS,
82 *              AES_ENC_5_BLKS, AES_ENC_6_BLKS, AES_ENC_7_BLKS.
83 */
84.globl CRYPT_AES_ECB_Encrypt
85.type CRYPT_AES_ECB_Encrypt, %function
86CRYPT_AES_ECB_Encrypt:
87AARCH64_PACIASP
88    mov LTMP, LEN
89.Lecb_aesenc_start:
90    cmp LTMP, #64
91    b.ge .Lecb_enc_above_equal_4_blks
92    cmp LTMP, #32
93    b.ge .Lecb_enc_above_equal_2_blks
94    cmp LTMP, #0
95    b.eq .Lecb_aesenc_finish
96    b .Lecb_enc_proc_1_blk
97
98.Lecb_enc_above_equal_2_blks:
99    cmp LTMP, #48
100    b.lt .Lecb_enc_proc_2_blks
101    b .Lecb_enc_proc_3_blks
102
103.Lecb_enc_above_equal_4_blks:
104    cmp LTMP, #96
105    b.ge .Lecb_enc_above_equal_6_blks
106    cmp LTMP, #80
107    b.lt .Lecb_enc_proc_4_blks
108    b .Lecb_enc_proc_5_blks
109
110.Lecb_enc_above_equal_6_blks:
111    cmp LTMP, #112
112    b.lt .Lecb_enc_proc_6_blks
113    cmp LTMP, #128
114    b.lt .Lecb_enc_proc_7_blks
115
116.Lecb_enc_proc_8_blks:
117.Lecb_aesenc_8_blks_loop:
118    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
119    ld1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [IN], #64
120    mov KTMP, KEY
121    AES_ENC_8_BLKS KTMP BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b \
122                   BLK5.16b BLK6.16b BLK7.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
123    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
124    st1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [OUT], #64
125    sub LTMP, LTMP, #128
126    cmp LTMP, #128
127    b.lt .Lecb_aesenc_start
128    b .Lecb_aesenc_8_blks_loop
129
130.Lecb_enc_proc_1_blk:
131    ld1 {BLK0.16b}, [IN]
132    AES_ENC_1_BLK KEY BLK0.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
133    st1 {BLK0.16b}, [OUT]
134    b .Lecb_aesenc_finish
135
136.Lecb_enc_proc_2_blks:
137    ld1 {BLK0.16b, BLK1.16b}, [IN]
138    AES_ENC_2_BLKS KEY BLK0.16b BLK1.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
139    st1 {BLK0.16b, BLK1.16b}, [OUT]
140    b .Lecb_aesenc_finish
141
142.Lecb_enc_proc_3_blks:
143    ld1 {BLK0.16b, BLK1.16b, BLK2.16b}, [IN]
144    AES_ENC_3_BLKS KEY BLK0.16b BLK1.16b BLK2.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
145    st1 {BLK0.16b, BLK1.16b, BLK2.16b}, [OUT]
146    b .Lecb_aesenc_finish
147
148.Lecb_enc_proc_4_blks:
149    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN]
150    AES_ENC_4_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
151    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT]
152    b .Lecb_aesenc_finish
153
154.Lecb_enc_proc_5_blks:
155    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
156    ld1 {BLK4.16b}, [IN]
157    AES_ENC_5_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
158    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
159    st1 {BLK4.16b}, [OUT]
160    b .Lecb_aesenc_finish
161
162.Lecb_enc_proc_6_blks:
163    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
164    ld1 {BLK4.16b, BLK5.16b}, [IN]
165    AES_ENC_6_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b BLK5.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
166    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
167    st1 {BLK4.16b, BLK5.16b}, [OUT]
168    b .Lecb_aesenc_finish
169
170.Lecb_enc_proc_7_blks:
171    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
172    ld1 {BLK4.16b, BLK5.16b, BLK6.16b}, [IN]
173    AES_ENC_7_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b BLK5.16b BLK6.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
174    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
175    st1 {BLK4.16b, BLK5.16b, BLK6.16b}, [OUT]
176
177.Lecb_aesenc_finish:
178    mov x0, #0
179    eor RDK0.16b, RDK0.16b, RDK0.16b
180    eor RDK1.16b, RDK1.16b, RDK1.16b
181AARCH64_AUTIASP
182    ret
183.size CRYPT_AES_ECB_Encrypt, .-CRYPT_AES_ECB_Encrypt
184
185
186/**
187 * Function description: Sets the AES decryption and assembly acceleration API in ECB mode.
188 * int32_t CRYPT_AES_ECB_Decrypt(const CRYPT_AES_Key *ctx,
189 *                              const uint8_t *in,
190 *                              uint8_t *out,
191 *                              uint32_t len);
192 * Input register:
193 *        x0: Pointer to the input key structure.
194 *        x1: Points to the 128-bit input data.
195 *        x2: Points to the 128-bit output data.
196 *        x3: Indicates the length of a data block, that is, 16 bytes.
197 *  Change register: x4, x6, x9, v0-v7, v17, v18
198 *  Output register: x0
199 *  Function/Macro Call: AES_DEC_8_BLKS, AES_DEC_1_BLK, AES_DEC_2_BLKS, AES_DEC_4_BLKS,
200 *              AES_DEC_5_BLKS, AES_DEC_6_BLKS, AES_DEC_7_BLKS.
201 */
202.globl CRYPT_AES_ECB_Decrypt
203.type CRYPT_AES_ECB_Decrypt, %function
204CRYPT_AES_ECB_Decrypt:
205AARCH64_PACIASP
206    mov LTMP, LEN
207.Lecb_aesdec_start:
208    cmp LTMP, #64
209    b.ge .Lecb_dec_above_equal_4_blks
210    cmp LTMP, #32
211    b.ge .Lecb_dec_above_equal_2_blks
212    cmp LTMP, #0
213    b.eq .Lecb_aesdec_finish
214    b .Lecb_dec_proc_1_blk
215
216.Lecb_dec_above_equal_2_blks:
217    cmp LTMP, #48
218    b.lt .Lecb_dec_proc_2_blks
219    b .Lecb_dec_proc_3_blks
220
221.Lecb_dec_above_equal_4_blks:
222    cmp LTMP, #96
223    b.ge .Lecb_dec_above_equal_6_blks
224    cmp LTMP, #80
225    b.lt .Lecb_dec_proc_4_blks
226    b .Lecb_dec_proc_5_blks
227
228
229.Lecb_dec_above_equal_6_blks:
230    cmp LTMP, #112
231    b.lt .Lecb_dec_proc_6_blks
232    cmp LTMP, #128
233    b.lt .Lecb_dec_proc_7_blks
234
235.Lecb_dec_proc_8_blks:
236.Lecb_aesdec_8_blks_loop:
237    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
238    ld1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [IN], #64
239    mov KTMP, KEY
240    AES_DEC_8_BLKS KTMP BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b \
241                   BLK5.16b BLK6.16b BLK7.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
242    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
243    st1 {BLK4.16b, BLK5.16b, BLK6.16b, BLK7.16b}, [OUT], #64
244    sub LTMP, LTMP, #128
245    cmp LTMP, #128
246    b.lt .Lecb_aesdec_start
247    b .Lecb_aesdec_8_blks_loop
248
249.Lecb_dec_proc_1_blk:
250    ld1 {BLK0.16b}, [IN]
251    AES_DEC_1_BLK KEY BLK0.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
252    st1 {BLK0.16b}, [OUT]
253    b .Lecb_aesdec_finish
254
255.Lecb_dec_proc_2_blks:
256    ld1 {BLK0.16b, BLK1.16b}, [IN]
257    AES_DEC_2_BLKS KEY BLK0.16b BLK1.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
258    st1 {BLK0.16b, BLK1.16b}, [OUT]
259    b .Lecb_aesdec_finish
260
261.Lecb_dec_proc_3_blks:
262    ld1 {BLK0.16b, BLK1.16b, BLK2.16b}, [IN]
263    AES_DEC_3_BLKS KEY BLK0.16b BLK1.16b BLK2.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
264    st1 {BLK0.16b, BLK1.16b, BLK2.16b}, [OUT]
265    b .Lecb_aesdec_finish
266
267.Lecb_dec_proc_4_blks:
268    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN]
269    AES_DEC_4_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
270    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT]
271    b .Lecb_aesdec_finish
272
273.Lecb_dec_proc_5_blks:
274    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
275    ld1 {BLK4.16b}, [IN]
276    AES_DEC_5_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
277    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
278    st1 {BLK4.16b}, [OUT]
279    b .Lecb_aesdec_finish
280
281.Lecb_dec_proc_6_blks:
282    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
283    ld1 {BLK4.16b, BLK5.16b}, [IN]
284    AES_DEC_6_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b BLK5.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
285    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
286    st1 {BLK4.16b, BLK5.16b}, [OUT]
287    b .Lecb_aesdec_finish
288
289.Lecb_dec_proc_7_blks:
290    ld1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [IN], #64
291    ld1 {BLK4.16b, BLK5.16b, BLK6.16b}, [IN]
292    AES_DEC_7_BLKS KEY BLK0.16b BLK1.16b BLK2.16b BLK3.16b BLK4.16b BLK5.16b BLK6.16b RDK0.4s RDK1.4s RDK0.16b RDK1.16b ROUNDS
293    st1 {BLK0.16b, BLK1.16b, BLK2.16b, BLK3.16b}, [OUT], #64
294    st1 {BLK4.16b, BLK5.16b, BLK6.16b}, [OUT]
295
296.Lecb_aesdec_finish:
297    mov x0, #0
298    eor RDK0.16b, RDK0.16b, RDK0.16b
299    eor RDK1.16b, RDK1.16b, RDK1.16b
300AARCH64_AUTIASP
301    ret
302.size CRYPT_AES_ECB_Decrypt, .-CRYPT_AES_ECB_Decrypt
303
304#endif
305