• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
3 *
4 * Copyright (C) 2015 Linaro Ltd.
5 * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#include <linux/linkage.h>
13#include <asm/assembler.h>
14
15	.text
16	.fpu		crypto-neon-fp-armv8
17
18	k0		.req	q7
19	k1		.req	q8
20	rk		.req	r3
21
22	ta0		.req	q9
23	ta1		.req	q10
24	tb0		.req	q10
25	tb1		.req	q9
26
27	dga		.req	q11
28	dgb		.req	q12
29
30	dg0		.req	q13
31	dg1		.req	q14
32	dg2		.req	q15
33
34	.macro		add_only, ev, s0
35	vmov		dg2, dg0
36	.ifnb		\s0
37	vld1.32		{k\ev}, [rk, :128]!
38	.endif
39	sha256h.32	dg0, dg1, tb\ev
40	sha256h2.32	dg1, dg2, tb\ev
41	.ifnb		\s0
42	vadd.u32	ta\ev, q\s0, k\ev
43	.endif
44	.endm
45
46	.macro		add_update, ev, s0, s1, s2, s3
47	sha256su0.32	q\s0, q\s1
48	add_only	\ev, \s1
49	sha256su1.32	q\s0, q\s2, q\s3
50	.endm
51
52	.align		6
53.Lsha256_rcon:
54	.word		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
55	.word		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
56	.word		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
57	.word		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
58	.word		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
59	.word		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
60	.word		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
61	.word		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
62	.word		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
63	.word		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
64	.word		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
65	.word		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
66	.word		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
67	.word		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
68	.word		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
69	.word		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
70
71	/*
72	 * void sha2_ce_transform(int blocks, u8 const *src, u32 *state,
73	 *			  u8 *head);
74	 */
75ENTRY(sha2_ce_transform)
76	/* load state */
77	vld1.32		{dga-dgb}, [r2]
78
79	/* load partial input (if supplied) */
80	teq		r3, #0
81	beq		0f
82	vld1.32		{q0-q1}, [r3]!
83	vld1.32		{q2-q3}, [r3]
84	teq		r0, #0
85	b		1f
86
87	/* load input */
880:	vld1.32		{q0-q1}, [r1]!
89	vld1.32		{q2-q3}, [r1]!
90	subs		r0, r0, #1
91
921:
93#ifndef CONFIG_CPU_BIG_ENDIAN
94	vrev32.8	q0, q0
95	vrev32.8	q1, q1
96	vrev32.8	q2, q2
97	vrev32.8	q3, q3
98#endif
99
100	/* load first round constant */
101	adr		rk, .Lsha256_rcon
102	vld1.32		{k0}, [rk, :128]!
103
104	vadd.u32	ta0, q0, k0
105	vmov		dg0, dga
106	vmov		dg1, dgb
107
108	add_update	1, 0, 1, 2, 3
109	add_update	0, 1, 2, 3, 0
110	add_update	1, 2, 3, 0, 1
111	add_update	0, 3, 0, 1, 2
112	add_update	1, 0, 1, 2, 3
113	add_update	0, 1, 2, 3, 0
114	add_update	1, 2, 3, 0, 1
115	add_update	0, 3, 0, 1, 2
116	add_update	1, 0, 1, 2, 3
117	add_update	0, 1, 2, 3, 0
118	add_update	1, 2, 3, 0, 1
119	add_update	0, 3, 0, 1, 2
120
121	add_only	1, 1
122	add_only	0, 2
123	add_only	1, 3
124	add_only	0
125
126	/* update state */
127	vadd.u32	dga, dga, dg0
128	vadd.u32	dgb, dgb, dg1
129	bne		0b
130
131	/* store new state */
132	vst1.32		{dga-dgb}, [r2]
133	bx		lr
134ENDPROC(sha2_ce_transform)
135