1/* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16#include "hitls_build.h" 17#if defined(HITLS_CRYPTO_AES) && defined(HITLS_CRYPTO_GCM) 18 19#include "crypt_arm.h" 20#include "aes_gcm_common_aarch64.S" 21 22.text 23.arch armv8-a+crypto 24 25.globl AES_GCM_Encrypt16BlockAsm 26.type AES_GCM_Encrypt16BlockAsm,%function 27.align 4 28AES_GCM_Encrypt16BlockAsm: 29AARCH64_PACIASP 30 IN_STP // register Protection 31 ldr ROUNDS, [KEY00, #240] // load number of rounds 32 add HTABLE, IVEC0, #16 // obtains the start address of the ghash table 33 lsr COUNT, INLEN, #4 // length divided by 16 34 LOAD_GHASH_TABLE // load the ghash table 35 cmp ROUNDS, #10 // number of comparison rounds 10 36 LOAD_KEY // load AES KEY 37 b.eq .LEnc16_128_process // go to the AES128 part 38 cmp ROUNDS, #12 // number of comparison rounds 12 39 ld1 {KEY10.4s, KEY11.4s}, [KEY00], #32 40 b.eq .LEnc16_192_process // go to the AES192 part 41 ld1 {KEY12.4s, KEY13.4s}, [KEY00], #32 42 b .LEnc16_256_process // go to the AES256 part 43 44.LEnc16_128_process: 45 BEFORE16_ROUND // data preprocessing 46.LEnc16_128_loop: 47 FIRST16_ROUND // data preprocessing 48 ldp x6, x7, [INPUT], #16 // load INPUT 0 49#ifdef HITLS_BIG_ENDIAN 50 REV_2S x6, x7 51#endif 52 aese CTR0.16b, KEY9.16b 53 subs COUNT, COUNT, #1 // COUNT-- 54 ENC16_BLOCK // processes 16-byte data 55 b.le .LEnc16_end 56 b .LEnc16_128_loop 57 58.LEnc16_192_process: 59 BEFORE16_ROUND 60.LEnc16_192_loop: 61 FIRST16_ROUND 62 ldp x6, x7, [INPUT], #16 // load INPUT 0 63#ifdef HITLS_BIG_ENDIAN 64 REV_2S x6, x7 65#endif 66 ROUND CTR0.16b, KEY9.16b 67 ROUND CTR0.16b, KEY10.16b 68 aese CTR0.16b, KEY11.16b 69 subs COUNT, COUNT, #1 // COUNT-- 70 ENC16_BLOCK 71 b.le .LEnc16_end 72 b .LEnc16_192_loop 73 74.LEnc16_256_process: 75 BEFORE16_ROUND 76.LEnc16_256_loop: 77 FIRST16_ROUND 78 ldp x6, x7, [INPUT], #16 // load INPUT 0 79#ifdef HITLS_BIG_ENDIAN 80 REV_2S x6, x7 81#endif 82 ROUND CTR0.16b, KEY9.16b 83 ROUND CTR0.16b, KEY10.16b 84 ROUND CTR0.16b, KEY11.16b 85 ROUND CTR0.16b, KEY12.16b 86 aese CTR0.16b, KEY13.16b 87 subs COUNT, COUNT, #1 // COUNT-- 88 ENC16_BLOCK 89 b.le .LEnc16_end 90 b .LEnc16_256_loop 91.LEnc16_end: 92 ext HASH0.16b, HASH0.16b, HASH0.16b, #8 93 add x6, IVEC0, #16 94 rev64 HASH0.16b, HASH0.16b 95 st1 {CTR1.16b }, [IVEC0] // out counter 96 st1 {HASH0.16b }, [x6] // out hash 97 OUT_STP // restore protection register 98.LEnc_ret: 99 mov w0, #0x0 100AARCH64_AUTIASP 101 ret 102.size AES_GCM_Encrypt16BlockAsm,.-AES_GCM_Encrypt16BlockAsm 103 104.globl AES_GCM_Decrypt16BlockAsm 105.type AES_GCM_Decrypt16BlockAsm,%function 106.align 4 107AES_GCM_Decrypt16BlockAsm: 108AARCH64_PACIASP 109 IN_STP // stp 110 ldr ROUNDS, [KEY00, #240] // pull rounds 111 mov IVEC0, x0 // ctr0 112 add HTABLE, IVEC0, #16 // htable 113 lsr COUNT, INLEN, #4 // 2*2 2*2 = 16 114 LOAD_GHASH_TABLE 115 cmp ROUNDS, #10 116 LOAD_KEY 117 b.eq .LDec16_128_process 118 cmp ROUNDS, #12 119 ld1 {KEY10.4s, KEY11.4s}, [KEY00], #32 120 b.eq .LDec16_192_process 121 ld1 {KEY12.4s, KEY13.4s}, [KEY00], #32 122 b .LDec16_256_process 123 124.LDec16_128_process: 125 BEFORE16_ROUND 126#ifdef HITLS_BIG_ENDIAN 127 REV_2S KEND0, KEND1 128#endif 129 130.LDec16_128_loop: 131 FIRST16_ROUND 132 aese CTR0.16b, KEY9.16b 133 DEC16_BLOCK 134 b.le .LDec16_end 135 b .LDec16_128_loop 136 137.LDec16_192_process: 138 BEFORE16_ROUND 139#ifdef HITLS_BIG_ENDIAN 140 REV_2S KEND0, KEND1 141#endif 142 143.LDec16_192_loop: 144 FIRST16_ROUND 145 ROUND CTR0.16b, KEY9.16b 146 ROUND CTR0.16b, KEY10.16b 147 aese CTR0.16b, KEY11.16b 148 DEC16_BLOCK 149 b.le .LDec16_end 150 b .LDec16_192_loop 151 152.LDec16_256_process: 153 BEFORE16_ROUND 154#ifdef HITLS_BIG_ENDIAN 155 REV_2S KEND0, KEND1 156#endif 157 158.LDec16_256_loop: 159 FIRST16_ROUND 160 ROUND CTR0.16b, KEY9.16b 161 ROUND CTR0.16b, KEY10.16b 162 ROUND CTR0.16b, KEY11.16b 163 ROUND CTR0.16b, KEY12.16b 164 aese CTR0.16b, KEY13.16b 165 DEC16_BLOCK 166 b.le .LDec16_end 167 b .LDec16_256_loop 168.LDec16_end: 169 ext HASH0.16b, HASH0.16b, HASH0.16b, #8 170 add x6, IVEC0, #16 171 rev64 HASH0.16b, HASH0.16b 172 st1 {CTR1.16b }, [IVEC0] // out counter 173 st1 {HASH0.16b }, [x6] // out hash 174 OUT_STP 175.LDec_ret: 176 mov w0, #0x0 177AARCH64_AUTIASP 178 ret 179.size AES_GCM_Decrypt16BlockAsm,.-AES_GCM_Decrypt16BlockAsm 180#endif