Головна сторінка Огляд Довідка
Реєстрація Увійти
RD_Software
/
ark1668ed-bsp
2
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 4605e12628
Гілки Теги
ark1668ed-bsp
/
linux
/
arch
/
riscv
/
crypto
/
aes-riscv64-zvkned-zvkb.S

aes-riscv64-zvkned-zvkb.S 4.7 KB
Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146 
  1. /* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
    2. 

  2. //
    3. 

  3. // This file is dual-licensed, meaning that you can use it under your
    4. 

  4. // choice of either of the following two licenses:
    5. 

  5. //
    6. 

  6. // Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
    7. 

  7. //
    8. 

  8. // Licensed under the Apache License 2.0 (the "License"). You can obtain
    9. 

  9. // a copy in the file LICENSE in the source distribution or at
    10. 

  10. // https://www.openssl.org/source/license.html
    11. 

  11. //
    12. 

  12. // or
    13. 

  13. //
    14. 

  14. // Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
    15. 

  15. // Copyright 2024 Google LLC
    16. 

  16. // All rights reserved.
    17. 

  17. //
    18. 

  18. // Redistribution and use in source and binary forms, with or without
    19. 

  19. // modification, are permitted provided that the following conditions
    20. 

  20. // are met:
    21. 

  21. // 1. Redistributions of source code must retain the above copyright
    22. 

  22. //    notice, this list of conditions and the following disclaimer.
    23. 

  23. // 2. Redistributions in binary form must reproduce the above copyright
    24. 

  24. //    notice, this list of conditions and the following disclaimer in the
    25. 

  25. //    documentation and/or other materials provided with the distribution.
    26. 

  26. //
    27. 

  27. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    28. 

  28. // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    29. 

  29. // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    30. 

  30. // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    31. 

  31. // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    32. 

  32. // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    33. 

  33. // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    34. 

  34. // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    35. 

  35. // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    36. 

  36. // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    37. 

  37. // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    38. 

  38. 

  39. // The generated code of this file depends on the following RISC-V extensions:
    40. 

  40. // - RV64I
    41. 

  41. // - RISC-V Vector ('V') with VLEN >= 128
    42. 

  42. // - RISC-V Vector AES block cipher extension ('Zvkned')
    43. 

  43. // - RISC-V Vector Cryptography Bit-manipulation extension ('Zvkb')
    44. 

  44. 

  45. #include <linux/linkage.h>
    46. 

  46. 

  47. .text
    48. 

  48. .option arch, +zvkned, +zvkb
    49. 

  49. 

  50. #include "aes-macros.S"
    51. 

  51. 

  52. #define KEYP		a0
    53. 

  53. #define INP		a1
    54. 

  54. #define OUTP		a2
    55. 

  55. #define LEN		a3
    56. 

  56. #define IVP		a4
    57. 

  57. 

  58. #define LEN32		a5
    59. 

  59. #define VL_E32		a6
    60. 

  60. #define VL_BLOCKS	a7
    61. 

  61. 

  62. .macro	aes_ctr32_crypt	keylen
    63. 

  63. 	// LEN32 = number of blocks, rounded up, in 32-bit words.
    64. 

  64. 	addi		t0, LEN, 15
    65. 

  65. 	srli		t0, t0, 4
    66. 

  66. 	slli		LEN32, t0, 2
    67. 

  67. 

  68. 	// Create a mask that selects the last 32-bit word of each 128-bit
    69. 

  69. 	// block.  This is the word that contains the (big-endian) counter.
    70. 

  70. 	li		t0, 0x88
    71. 

  71. 	vsetvli		t1, zero, e8, m1, ta, ma
    72. 

  72. 	vmv.v.x		v0, t0
    73. 

  73. 

  74. 	// Load the IV into v31.  The last 32-bit word contains the counter.
    75. 

  75. 	vsetivli	zero, 4, e32, m1, ta, ma
    76. 

  76. 	vle32.v		v31, (IVP)
    77. 

  77. 

  78. 	// Convert the big-endian counter into little-endian.
    79. 

  79. 	vsetivli	zero, 4, e32, m1, ta, mu
    80. 

  80. 	vrev8.v		v31, v31, v0.t
    81. 

  81. 

  82. 	// Splat the IV to v16 (with LMUL=4).  The number of copies is the
    83. 

  83. 	// maximum number of blocks that will be processed per iteration.
    84. 

  84. 	vsetvli		zero, LEN32, e32, m4, ta, ma
    85. 

  85. 	vmv.v.i		v16, 0
    86. 

  86. 	vaesz.vs	v16, v31
    87. 

  87. 

  88. 	// v20 = [x, x, x, 0, x, x, x, 1, ...]
    89. 

  89. 	viota.m		v20, v0, v0.t
    90. 

  90. 	// v16 = [IV0, IV1, IV2, counter+0, IV0, IV1, IV2, counter+1, ...]
    91. 

  91. 	vsetvli		VL_E32, LEN32, e32, m4, ta, mu
    92. 

  92. 	vadd.vv		v16, v16, v20, v0.t
    93. 

  93. 

  94. 	j 2f
    95. 

  95. 1:
    96. 

  96. 	// Set the number of blocks to process in this iteration.  vl=VL_E32 is
    97. 

  97. 	// the length in 32-bit words, i.e. 4 times the number of blocks.
    98. 

  98. 	vsetvli		VL_E32, LEN32, e32, m4, ta, mu
    99. 

  99. 

  100. 	// Increment the counters by the number of blocks processed in the
    101. 

  101. 	// previous iteration.
    102. 

  102. 	vadd.vx		v16, v16, VL_BLOCKS, v0.t
    103. 

  103. 2:
    104. 

  104. 	// Prepare the AES inputs into v24.
    105. 

  105. 	vmv.v.v		v24, v16
    106. 

  106. 	vrev8.v		v24, v24, v0.t	// Convert counters back to big-endian.
    107. 

  107. 

  108. 	// Encrypt the AES inputs to create the next portion of the keystream.
    109. 

  109. 	aes_encrypt	v24, \keylen
    110. 

  110. 

  111. 	// XOR the data with the keystream.
    112. 

  112. 	vsetvli		t0, LEN, e8, m4, ta, ma
    113. 

  113. 	vle8.v		v20, (INP)
    114. 

  114. 	vxor.vv		v20, v20, v24
    115. 

  115. 	vse8.v		v20, (OUTP)
    116. 

  116. 

  117. 	// Advance the pointers and update the remaining length.
    118. 

  118. 	add		INP, INP, t0
    119. 

  119. 	add		OUTP, OUTP, t0
    120. 

  120. 	sub		LEN, LEN, t0
    121. 

  121. 	sub		LEN32, LEN32, VL_E32
    122. 

  122. 	srli		VL_BLOCKS, VL_E32, 2
    123. 

  123. 

  124. 	// Repeat if more data remains.
    125. 

  125. 	bnez		LEN, 1b
    126. 

  126. 

  127. 	// Update *IVP to contain the next counter.
    128. 

  128. 	vsetivli	zero, 4, e32, m1, ta, mu
    129. 

  129. 	vadd.vx		v16, v16, VL_BLOCKS, v0.t
    130. 

  130. 	vrev8.v		v16, v16, v0.t	// Convert counters back to big-endian.
    131. 

  131. 	vse32.v		v16, (IVP)
    132. 

  132. 

  133. 	ret
    134. 

  134. .endm
    135. 

  135. 

  136. // void aes_ctr32_crypt_zvkned_zvkb(const struct crypto_aes_ctx *key,
    137. 

  137. //				    const u8 *in, u8 *out, size_t len,
    138. 

  138. //				    u8 iv[16]);
    139. 

  139. SYM_FUNC_START(aes_ctr32_crypt_zvkned_zvkb)
    140. 

  140. 	aes_begin	KEYP, 128f, 192f
    141. 

  141. 	aes_ctr32_crypt	256
    142. 

  142. 128:
    143. 

  143. 	aes_ctr32_crypt	128
    144. 

  144. 192:
    145. 

  145. 	aes_ctr32_crypt	192
    146. 

  146. SYM_FUNC_END(aes_ctr32_crypt_zvkned_zvkb)
    147.