1/* 2 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with 3 * Crypto Extensions 4 * 5 * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 12#include <linux/linkage.h> 13#include <asm/assembler.h> 14 15#define AES_ENTRY(func) ENTRY(ce_ ## func) 16#define AES_ENDPROC(func) ENDPROC(ce_ ## func) 17 18 .arch armv8-a+crypto 19 20 /* preload all round keys */ 21 .macro load_round_keys, rounds, rk 22 cmp \rounds, #12 23 blo 2222f /* 128 bits */ 24 beq 1111f /* 192 bits */ 25 ld1 {v17.16b-v18.16b}, [\rk], #32 261111: ld1 {v19.16b-v20.16b}, [\rk], #32 272222: ld1 {v21.16b-v24.16b}, [\rk], #64 28 ld1 {v25.16b-v28.16b}, [\rk], #64 29 ld1 {v29.16b-v31.16b}, [\rk] 30 .endm 31 32 /* prepare for encryption with key in rk[] */ 33 .macro enc_prepare, rounds, rk, ignore 34 load_round_keys \rounds, \rk 35 .endm 36 37 /* prepare for encryption (again) but with new key in rk[] */ 38 .macro enc_switch_key, rounds, rk, ignore 39 load_round_keys \rounds, \rk 40 .endm 41 42 /* prepare for decryption with key in rk[] */ 43 .macro dec_prepare, rounds, rk, ignore 44 load_round_keys \rounds, \rk 45 .endm 46 47 .macro do_enc_Nx, de, mc, k, i0, i1, i2, i3 48 aes\de \i0\().16b, \k\().16b 49 aes\mc \i0\().16b, \i0\().16b 50 .ifnb \i1 51 aes\de \i1\().16b, \k\().16b 52 aes\mc \i1\().16b, \i1\().16b 53 .ifnb \i3 54 aes\de \i2\().16b, \k\().16b 55 aes\mc \i2\().16b, \i2\().16b 56 aes\de \i3\().16b, \k\().16b 57 aes\mc \i3\().16b, \i3\().16b 58 .endif 59 .endif 60 .endm 61 62 /* up to 4 interleaved encryption rounds with the same round key */ 63 .macro round_Nx, enc, k, i0, i1, i2, i3 64 .ifc \enc, e 65 do_enc_Nx e, mc, \k, \i0, \i1, \i2, \i3 66 .else 67 do_enc_Nx d, imc, \k, \i0, \i1, \i2, \i3 68 .endif 69 .endm 70 71 /* up to 4 interleaved final rounds */ 72 .macro fin_round_Nx, de, k, k2, i0, i1, i2, i3 73 aes\de \i0\().16b, \k\().16b 74 .ifnb \i1 75 aes\de \i1\().16b, \k\().16b 76 .ifnb \i3 77 aes\de \i2\().16b, \k\().16b 78 aes\de \i3\().16b, \k\().16b 79 .endif 80 .endif 81 eor \i0\().16b, \i0\().16b, \k2\().16b 82 .ifnb \i1 83 eor \i1\().16b, \i1\().16b, \k2\().16b 84 .ifnb \i3 85 eor \i2\().16b, \i2\().16b, \k2\().16b 86 eor \i3\().16b, \i3\().16b, \k2\().16b 87 .endif 88 .endif 89 .endm 90 91 /* up to 4 interleaved blocks */ 92 .macro do_block_Nx, enc, rounds, i0, i1, i2, i3 93 cmp \rounds, #12 94 blo 2222f /* 128 bits */ 95 beq 1111f /* 192 bits */ 96 round_Nx \enc, v17, \i0, \i1, \i2, \i3 97 round_Nx \enc, v18, \i0, \i1, \i2, \i3 981111: round_Nx \enc, v19, \i0, \i1, \i2, \i3 99 round_Nx \enc, v20, \i0, \i1, \i2, \i3 1002222: .irp key, v21, v22, v23, v24, v25, v26, v27, v28, v29 101 round_Nx \enc, \key, \i0, \i1, \i2, \i3 102 .endr 103 fin_round_Nx \enc, v30, v31, \i0, \i1, \i2, \i3 104 .endm 105 106 .macro encrypt_block, in, rounds, t0, t1, t2 107 do_block_Nx e, \rounds, \in 108 .endm 109 110 .macro encrypt_block2x, i0, i1, rounds, t0, t1, t2 111 do_block_Nx e, \rounds, \i0, \i1 112 .endm 113 114 .macro encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2 115 do_block_Nx e, \rounds, \i0, \i1, \i2, \i3 116 .endm 117 118 .macro decrypt_block, in, rounds, t0, t1, t2 119 do_block_Nx d, \rounds, \in 120 .endm 121 122 .macro decrypt_block2x, i0, i1, rounds, t0, t1, t2 123 do_block_Nx d, \rounds, \i0, \i1 124 .endm 125 126 .macro decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2 127 do_block_Nx d, \rounds, \i0, \i1, \i2, \i3 128 .endm 129 130#include "aes-modes.S" 131