Home Esplora Aiuto
Registrati Accedi
RD_Software
/
ark1668ed-bsp
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): fc47107f95
Rami (Branch) Tag
ark1668ed-bsp
/
linux
/
arch
/
arm64
/
crypto
/
sm4-neon-core.S

sm4-neon-core.S 17 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566 
  1. /* SPDX-License-Identifier: GPL-2.0-or-later */
    2. 

  2. /*
    3. 

  3.  * SM4 Cipher Algorithm for ARMv8 NEON
    4. 

  4.  * as specified in
    5. 

  5.  * https://tools.ietf.org/id/draft-ribose-cfrg-sm4-10.html
    6. 

  6.  *
    7. 

  7.  * Copyright (C) 2022, Alibaba Group.
    8. 

  8.  * Copyright (C) 2022 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
    9. 

  9.  */
    10. 

  10. 

  11. #include <linux/linkage.h>
    12. 

  12. #include <asm/assembler.h>
    13. 

  13. 

  14. /* Register macros */
    15. 

  15. 

  16. #define RTMP0	v8
    17. 

  17. #define RTMP1	v9
    18. 

  18. #define RTMP2	v10
    19. 

  19. #define RTMP3	v11
    20. 

  20. 

  21. #define RTMP4	v12
    22. 

  22. #define RTMP5	v13
    23. 

  23. #define RTMP6	v14
    24. 

  24. #define RTMP7	v15
    25. 

  25. 

  26. #define RX0	v12
    27. 

  27. #define RX1	v13
    28. 

  28. #define RKEY	v14
    29. 

  29. #define RIV	v15
    30. 

  30. 

  31. /* Helper macros. */
    32. 

  32. 

  33. #define SM4_PREPARE()                                           \
    34. 

  34. 	adr_l		x5, crypto_sm4_sbox;                    \
    35. 

  35. 	ld1		{v16.16b-v19.16b}, [x5], #64;           \
    36. 

  36. 	ld1		{v20.16b-v23.16b}, [x5], #64;           \
    37. 

  37. 	ld1		{v24.16b-v27.16b}, [x5], #64;           \
    38. 

  38. 	ld1		{v28.16b-v31.16b}, [x5];
    39. 

  39. 

  40. #define transpose_4x4(s0, s1, s2, s3)                           \
    41. 

  41. 	zip1		RTMP0.4s, s0.4s, s1.4s;                 \
    42. 

  42. 	zip1		RTMP1.4s, s2.4s, s3.4s;                 \
    43. 

  43. 	zip2		RTMP2.4s, s0.4s, s1.4s;                 \
    44. 

  44. 	zip2		RTMP3.4s, s2.4s, s3.4s;                 \
    45. 

  45. 	zip1		s0.2d, RTMP0.2d, RTMP1.2d;              \
    46. 

  46. 	zip2		s1.2d, RTMP0.2d, RTMP1.2d;              \
    47. 

  47. 	zip1		s2.2d, RTMP2.2d, RTMP3.2d;              \
    48. 

  48. 	zip2		s3.2d, RTMP2.2d, RTMP3.2d;
    49. 

  49. 

  50. #define transpose_4x4_2x(s0, s1, s2, s3, s4, s5, s6, s7)        \
    51. 

  51. 	zip1		RTMP0.4s, s0.4s, s1.4s;                 \
    52. 

  52. 	zip1		RTMP1.4s, s2.4s, s3.4s;                 \
    53. 

  53. 	zip2		RTMP2.4s, s0.4s, s1.4s;                 \
    54. 

  54. 	zip2		RTMP3.4s, s2.4s, s3.4s;                 \
    55. 

  55. 	zip1		RTMP4.4s, s4.4s, s5.4s;                 \
    56. 

  56. 	zip1		RTMP5.4s, s6.4s, s7.4s;                 \
    57. 

  57. 	zip2		RTMP6.4s, s4.4s, s5.4s;                 \
    58. 

  58. 	zip2		RTMP7.4s, s6.4s, s7.4s;                 \
    59. 

  59. 	zip1		s0.2d, RTMP0.2d, RTMP1.2d;              \
    60. 

  60. 	zip2		s1.2d, RTMP0.2d, RTMP1.2d;              \
    61. 

  61. 	zip1		s2.2d, RTMP2.2d, RTMP3.2d;              \
    62. 

  62. 	zip2		s3.2d, RTMP2.2d, RTMP3.2d;              \
    63. 

  63. 	zip1		s4.2d, RTMP4.2d, RTMP5.2d;              \
    64. 

  64. 	zip2		s5.2d, RTMP4.2d, RTMP5.2d;              \
    65. 

  65. 	zip1		s6.2d, RTMP6.2d, RTMP7.2d;              \
    66. 

  66. 	zip2		s7.2d, RTMP6.2d, RTMP7.2d;
    67. 

  67. 

  68. #define rotate_clockwise_4x4(s0, s1, s2, s3)                    \
    69. 

  69. 	zip1		RTMP0.4s, s1.4s, s0.4s;                 \
    70. 

  70. 	zip2		RTMP1.4s, s1.4s, s0.4s;                 \
    71. 

  71. 	zip1		RTMP2.4s, s3.4s, s2.4s;                 \
    72. 

  72. 	zip2		RTMP3.4s, s3.4s, s2.4s;                 \
    73. 

  73. 	zip1		s0.2d, RTMP2.2d, RTMP0.2d;              \
    74. 

  74. 	zip2		s1.2d, RTMP2.2d, RTMP0.2d;              \
    75. 

  75. 	zip1		s2.2d, RTMP3.2d, RTMP1.2d;              \
    76. 

  76. 	zip2		s3.2d, RTMP3.2d, RTMP1.2d;
    77. 

  77. 

  78. #define rotate_clockwise_4x4_2x(s0, s1, s2, s3, s4, s5, s6, s7) \
    79. 

  79. 	zip1		RTMP0.4s, s1.4s, s0.4s;                 \
    80. 

  80. 	zip1		RTMP2.4s, s3.4s, s2.4s;                 \
    81. 

  81. 	zip2		RTMP1.4s, s1.4s, s0.4s;                 \
    82. 

  82. 	zip2		RTMP3.4s, s3.4s, s2.4s;                 \
    83. 

  83. 	zip1		RTMP4.4s, s5.4s, s4.4s;                 \
    84. 

  84. 	zip1		RTMP6.4s, s7.4s, s6.4s;                 \
    85. 

  85. 	zip2		RTMP5.4s, s5.4s, s4.4s;                 \
    86. 

  86. 	zip2		RTMP7.4s, s7.4s, s6.4s;                 \
    87. 

  87. 	zip1		s0.2d, RTMP2.2d, RTMP0.2d;              \
    88. 

  88. 	zip2		s1.2d, RTMP2.2d, RTMP0.2d;              \
    89. 

  89. 	zip1		s2.2d, RTMP3.2d, RTMP1.2d;              \
    90. 

  90. 	zip2		s3.2d, RTMP3.2d, RTMP1.2d;              \
    91. 

  91. 	zip1		s4.2d, RTMP6.2d, RTMP4.2d;              \
    92. 

  92. 	zip2		s5.2d, RTMP6.2d, RTMP4.2d;              \
    93. 

  93. 	zip1		s6.2d, RTMP7.2d, RTMP5.2d;              \
    94. 

  94. 	zip2		s7.2d, RTMP7.2d, RTMP5.2d;
    95. 

  95. 

  96. #define ROUND4(round, s0, s1, s2, s3)                           \
    97. 

  97. 	dup		RX0.4s, RKEY.s[round];                  \
    98. 

  98. 	/* rk ^ s1 ^ s2 ^ s3 */                                 \
    99. 

  99. 	eor		RTMP1.16b, s2.16b, s3.16b;              \
    100. 

  100. 	eor		RX0.16b, RX0.16b, s1.16b;               \
    101. 

  101. 	eor		RX0.16b, RX0.16b, RTMP1.16b;            \
    102. 

  102.                                                                 \
    103. 

  103. 	/* sbox, non-linear part */                             \
    104. 

  104. 	movi		RTMP3.16b, #64;  /* sizeof(sbox) / 4 */ \
    105. 

  105. 	tbl		RTMP0.16b, {v16.16b-v19.16b}, RX0.16b;  \
    106. 

  106. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    107. 

  107. 	tbx		RTMP0.16b, {v20.16b-v23.16b}, RX0.16b;  \
    108. 

  108. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    109. 

  109. 	tbx		RTMP0.16b, {v24.16b-v27.16b}, RX0.16b;  \
    110. 

  110. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    111. 

  111. 	tbx		RTMP0.16b, {v28.16b-v31.16b}, RX0.16b;  \
    112. 

  112.                                                                 \
    113. 

  113. 	/* linear part */                                       \
    114. 

  114. 	shl		RTMP1.4s, RTMP0.4s, #8;                 \
    115. 

  115. 	shl		RTMP2.4s, RTMP0.4s, #16;                \
    116. 

  116. 	shl		RTMP3.4s, RTMP0.4s, #24;                \
    117. 

  117. 	sri		RTMP1.4s, RTMP0.4s, #(32-8);            \
    118. 

  118. 	sri		RTMP2.4s, RTMP0.4s, #(32-16);           \
    119. 

  119. 	sri		RTMP3.4s, RTMP0.4s, #(32-24);           \
    120. 

  120. 	/* RTMP1 = x ^ rol32(x, 8) ^ rol32(x, 16) */            \
    121. 

  121. 	eor		RTMP1.16b, RTMP1.16b, RTMP0.16b;        \
    122. 

  122. 	eor		RTMP1.16b, RTMP1.16b, RTMP2.16b;        \
    123. 

  123. 	/* RTMP3 = x ^ rol32(x, 24) ^ rol32(RTMP1, 2) */        \
    124. 

  124. 	eor		RTMP3.16b, RTMP3.16b, RTMP0.16b;        \
    125. 

  125. 	shl		RTMP2.4s, RTMP1.4s, 2;                  \
    126. 

  126. 	sri		RTMP2.4s, RTMP1.4s, #(32-2);            \
    127. 

  127. 	eor		RTMP3.16b, RTMP3.16b, RTMP2.16b;        \
    128. 

  128. 	/* s0 ^= RTMP3 */                                       \
    129. 

  129. 	eor		s0.16b, s0.16b, RTMP3.16b;
    130. 

  130. 

  131. #define SM4_CRYPT_BLK4_BE(b0, b1, b2, b3)                       \
    132. 

  132. 	mov		x6, 8;                                  \
    133. 

  133. 4:                                                              \
    134. 

  134. 	ld1		{RKEY.4s}, [x0], #16;                   \
    135. 

  135. 	subs		x6, x6, #1;                             \
    136. 

  136.                                                                 \
    137. 

  137. 	ROUND4(0, b0, b1, b2, b3);                              \
    138. 

  138. 	ROUND4(1, b1, b2, b3, b0);                              \
    139. 

  139. 	ROUND4(2, b2, b3, b0, b1);                              \
    140. 

  140. 	ROUND4(3, b3, b0, b1, b2);                              \
    141. 

  141.                                                                 \
    142. 

  142. 	bne		4b;                                     \
    143. 

  143.                                                                 \
    144. 

  144. 	rev32		b0.16b, b0.16b;                         \
    145. 

  145. 	rev32		b1.16b, b1.16b;                         \
    146. 

  146. 	rev32		b2.16b, b2.16b;                         \
    147. 

  147. 	rev32		b3.16b, b3.16b;                         \
    148. 

  148.                                                                 \
    149. 

  149. 	rotate_clockwise_4x4(b0, b1, b2, b3);                   \
    150. 

  150.                                                                 \
    151. 

  151. 	/* repoint to rkey */                                   \
    152. 

  152. 	sub		x0, x0, #128;
    153. 

  153. 

  154. #define SM4_CRYPT_BLK4(b0, b1, b2, b3)                          \
    155. 

  155. 	rev32		b0.16b, b0.16b;                         \
    156. 

  156. 	rev32		b1.16b, b1.16b;                         \
    157. 

  157. 	rev32		b2.16b, b2.16b;                         \
    158. 

  158. 	rev32		b3.16b, b3.16b;                         \
    159. 

  159. 	SM4_CRYPT_BLK4_BE(b0, b1, b2, b3);
    160. 

  160. 

  161. #define ROUND8(round, s0, s1, s2, s3, t0, t1, t2, t3)           \
    162. 

  162. 	/* rk ^ s1 ^ s2 ^ s3 */                                 \
    163. 

  163. 	dup		RX0.4s, RKEY.s[round];                  \
    164. 

  164. 	eor		RTMP0.16b, s2.16b, s3.16b;              \
    165. 

  165. 	mov		RX1.16b, RX0.16b;                       \
    166. 

  166. 	eor		RTMP1.16b, t2.16b, t3.16b;              \
    167. 

  167. 	eor		RX0.16b, RX0.16b, s1.16b;               \
    168. 

  168. 	eor		RX1.16b, RX1.16b, t1.16b;               \
    169. 

  169. 	eor		RX0.16b, RX0.16b, RTMP0.16b;            \
    170. 

  170. 	eor		RX1.16b, RX1.16b, RTMP1.16b;            \
    171. 

  171.                                                                 \
    172. 

  172. 	/* sbox, non-linear part */                             \
    173. 

  173. 	movi		RTMP3.16b, #64;  /* sizeof(sbox) / 4 */ \
    174. 

  174. 	tbl		RTMP0.16b, {v16.16b-v19.16b}, RX0.16b;  \
    175. 

  175. 	tbl		RTMP1.16b, {v16.16b-v19.16b}, RX1.16b;  \
    176. 

  176. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    177. 

  177. 	sub		RX1.16b, RX1.16b, RTMP3.16b;            \
    178. 

  178. 	tbx		RTMP0.16b, {v20.16b-v23.16b}, RX0.16b;  \
    179. 

  179. 	tbx		RTMP1.16b, {v20.16b-v23.16b}, RX1.16b;  \
    180. 

  180. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    181. 

  181. 	sub		RX1.16b, RX1.16b, RTMP3.16b;            \
    182. 

  182. 	tbx		RTMP0.16b, {v24.16b-v27.16b}, RX0.16b;  \
    183. 

  183. 	tbx		RTMP1.16b, {v24.16b-v27.16b}, RX1.16b;  \
    184. 

  184. 	sub		RX0.16b, RX0.16b, RTMP3.16b;            \
    185. 

  185. 	sub		RX1.16b, RX1.16b, RTMP3.16b;            \
    186. 

  186. 	tbx		RTMP0.16b, {v28.16b-v31.16b}, RX0.16b;  \
    187. 

  187. 	tbx		RTMP1.16b, {v28.16b-v31.16b}, RX1.16b;  \
    188. 

  188.                                                                 \
    189. 

  189. 	/* linear part */                                       \
    190. 

  190. 	shl		RX0.4s, RTMP0.4s, #8;                   \
    191. 

  191. 	shl		RX1.4s, RTMP1.4s, #8;                   \
    192. 

  192. 	shl		RTMP2.4s, RTMP0.4s, #16;                \
    193. 

  193. 	shl		RTMP3.4s, RTMP1.4s, #16;                \
    194. 

  194. 	sri		RX0.4s, RTMP0.4s, #(32 - 8);            \
    195. 

  195. 	sri		RX1.4s, RTMP1.4s, #(32 - 8);            \
    196. 

  196. 	sri		RTMP2.4s, RTMP0.4s, #(32 - 16);         \
    197. 

  197. 	sri		RTMP3.4s, RTMP1.4s, #(32 - 16);         \
    198. 

  198. 	/* RX = x ^ rol32(x, 8) ^ rol32(x, 16) */               \
    199. 

  199. 	eor		RX0.16b, RX0.16b, RTMP0.16b;            \
    200. 

  200. 	eor		RX1.16b, RX1.16b, RTMP1.16b;            \
    201. 

  201. 	eor		RX0.16b, RX0.16b, RTMP2.16b;            \
    202. 

  202. 	eor		RX1.16b, RX1.16b, RTMP3.16b;            \
    203. 

  203. 	/* RTMP0/1 ^= x ^ rol32(x, 24) ^ rol32(RX, 2) */        \
    204. 

  204. 	shl		RTMP2.4s, RTMP0.4s, #24;                \
    205. 

  205. 	shl		RTMP3.4s, RTMP1.4s, #24;                \
    206. 

  206. 	sri		RTMP2.4s, RTMP0.4s, #(32 - 24);         \
    207. 

  207. 	sri		RTMP3.4s, RTMP1.4s, #(32 - 24);         \
    208. 

  208. 	eor		RTMP0.16b, RTMP0.16b, RTMP2.16b;        \
    209. 

  209. 	eor		RTMP1.16b, RTMP1.16b, RTMP3.16b;        \
    210. 

  210. 	shl		RTMP2.4s, RX0.4s, #2;                   \
    211. 

  211. 	shl		RTMP3.4s, RX1.4s, #2;                   \
    212. 

  212. 	sri		RTMP2.4s, RX0.4s, #(32 - 2);            \
    213. 

  213. 	sri		RTMP3.4s, RX1.4s, #(32 - 2);            \
    214. 

  214. 	eor		RTMP0.16b, RTMP0.16b, RTMP2.16b;        \
    215. 

  215. 	eor		RTMP1.16b, RTMP1.16b, RTMP3.16b;        \
    216. 

  216. 	/* s0/t0 ^= RTMP0/1 */                                  \
    217. 

  217. 	eor		s0.16b, s0.16b, RTMP0.16b;              \
    218. 

  218. 	eor		t0.16b, t0.16b, RTMP1.16b;
    219. 

  219. 

  220. #define SM4_CRYPT_BLK8_norotate(b0, b1, b2, b3, b4, b5, b6, b7) \
    221. 

  221. 	rev32		b0.16b, b0.16b;                         \
    222. 

  222. 	rev32		b1.16b, b1.16b;                         \
    223. 

  223. 	rev32		b2.16b, b2.16b;                         \
    224. 

  224. 	rev32		b3.16b, b3.16b;                         \
    225. 

  225. 	rev32		b4.16b, b4.16b;                         \
    226. 

  226. 	rev32		b5.16b, b5.16b;                         \
    227. 

  227. 	rev32		b6.16b, b6.16b;                         \
    228. 

  228. 	rev32		b7.16b, b7.16b;                         \
    229. 

  229.                                                                 \
    230. 

  230. 	mov		x6, 8;                                  \
    231. 

  231. 8:                                                              \
    232. 

  232. 	ld1		{RKEY.4s}, [x0], #16;                   \
    233. 

  233. 	subs		x6, x6, #1;                             \
    234. 

  234.                                                                 \
    235. 

  235. 	ROUND8(0, b0, b1, b2, b3, b4, b5, b6, b7);              \
    236. 

  236. 	ROUND8(1, b1, b2, b3, b0, b5, b6, b7, b4);              \
    237. 

  237. 	ROUND8(2, b2, b3, b0, b1, b6, b7, b4, b5);              \
    238. 

  238. 	ROUND8(3, b3, b0, b1, b2, b7, b4, b5, b6);              \
    239. 

  239.                                                                 \
    240. 

  240. 	bne		8b;                                     \
    241. 

  241.                                                                 \
    242. 

  242. 	rev32		b0.16b, b0.16b;                         \
    243. 

  243. 	rev32		b1.16b, b1.16b;                         \
    244. 

  244. 	rev32		b2.16b, b2.16b;                         \
    245. 

  245. 	rev32		b3.16b, b3.16b;                         \
    246. 

  246. 	rev32		b4.16b, b4.16b;                         \
    247. 

  247. 	rev32		b5.16b, b5.16b;                         \
    248. 

  248. 	rev32		b6.16b, b6.16b;                         \
    249. 

  249. 	rev32		b7.16b, b7.16b;                         \
    250. 

  250.                                                                 \
    251. 

  251. 	/* repoint to rkey */                                   \
    252. 

  252. 	sub		x0, x0, #128;
    253. 

  253. 

  254. #define SM4_CRYPT_BLK8(b0, b1, b2, b3, b4, b5, b6, b7)			\
    255. 

  255. 	SM4_CRYPT_BLK8_norotate(b0, b1, b2, b3, b4, b5, b6, b7);	\
    256. 

  256. 	rotate_clockwise_4x4_2x(b0, b1, b2, b3, b4, b5, b6, b7);	\
    257. 

  257. 

  258. 

  259. .align 3
    260. 

  260. SYM_FUNC_START(sm4_neon_crypt)
    261. 

  261. 	/* input:
    262. 

  262. 	 *   x0: round key array, CTX
    263. 

  263. 	 *   x1: dst
    264. 

  264. 	 *   x2: src
    265. 

  265. 	 *   w3: nblocks
    266. 

  266. 	 */
    267. 

  267. 	SM4_PREPARE()
    268. 

  268. 

  269. .Lcrypt_loop_8x:
    270. 

  270. 	sub		w3, w3, #8
    271. 

  271. 	tbnz		w3, #31, .Lcrypt_4x
    272. 

  272. 

  273. 	ld4		{v0.4s-v3.4s}, [x2], #64
    274. 

  274. 	ld4		{v4.4s-v7.4s}, [x2], #64
    275. 

  275. 

  276. 	SM4_CRYPT_BLK8(v0, v1, v2, v3, v4, v5, v6, v7)
    277. 

  277. 

  278. 	st1		{v0.16b-v3.16b}, [x1], #64
    279. 

  279. 	st1		{v4.16b-v7.16b}, [x1], #64
    280. 

  280. 

  281. 	cbz		w3, .Lcrypt_end
    282. 

  282. 	b		.Lcrypt_loop_8x
    283. 

  283. 

  284. .Lcrypt_4x:
    285. 

  285. 	add		w3, w3, #8
    286. 

  286. 	cmp		w3, #4
    287. 

  287. 	blt		.Lcrypt_tail
    288. 

  288. 

  289. 	sub		w3, w3, #4
    290. 

  290. 

  291. 	ld4		{v0.4s-v3.4s}, [x2], #64
    292. 

  292. 

  293. 	SM4_CRYPT_BLK4(v0, v1, v2, v3)
    294. 

  294. 

  295. 	st1		{v0.16b-v3.16b}, [x1], #64
    296. 

  296. 

  297. 	cbz		w3, .Lcrypt_end
    298. 

  298. 

  299. .Lcrypt_tail:
    300. 

  300. 	cmp		w3, #2
    301. 

  301. 	ld1		{v0.16b}, [x2], #16
    302. 

  302. 	blt		.Lcrypt_tail_load_done
    303. 

  303. 	ld1		{v1.16b}, [x2], #16
    304. 

  304. 	beq		.Lcrypt_tail_load_done
    305. 

  305. 	ld1		{v2.16b}, [x2], #16
    306. 

  306. 

  307. .Lcrypt_tail_load_done:
    308. 

  308. 	transpose_4x4(v0, v1, v2, v3)
    309. 

  309. 

  310. 	SM4_CRYPT_BLK4(v0, v1, v2, v3)
    311. 

  311. 

  312. 	cmp		w3, #2
    313. 

  313. 	st1		{v0.16b}, [x1], #16
    314. 

  314. 	blt		.Lcrypt_end
    315. 

  315. 	st1		{v1.16b}, [x1], #16
    316. 

  316. 	beq		.Lcrypt_end
    317. 

  317. 	st1		{v2.16b}, [x1], #16
    318. 

  318. 

  319. .Lcrypt_end:
    320. 

  320. 	ret
    321. 

  321. SYM_FUNC_END(sm4_neon_crypt)
    322. 

  322. 

  323. .align 3
    324. 

  324. SYM_FUNC_START(sm4_neon_cbc_dec)
    325. 

  325. 	/* input:
    326. 

  326. 	 *   x0: round key array, CTX
    327. 

  327. 	 *   x1: dst
    328. 

  328. 	 *   x2: src
    329. 

  329. 	 *   x3: iv (big endian, 128 bit)
    330. 

  330. 	 *   w4: nblocks
    331. 

  331. 	 */
    332. 

  332. 	SM4_PREPARE()
    333. 

  333. 

  334. 	ld1		{RIV.16b}, [x3]
    335. 

  335. 

  336. .Lcbc_dec_loop_8x:
    337. 

  337. 	sub		w4, w4, #8
    338. 

  338. 	tbnz		w4, #31, .Lcbc_dec_4x
    339. 

  339. 

  340. 	ld4		{v0.4s-v3.4s}, [x2], #64
    341. 

  341. 	ld4		{v4.4s-v7.4s}, [x2]
    342. 

  342. 

  343. 	SM4_CRYPT_BLK8_norotate(v0, v1, v2, v3, v4, v5, v6, v7)
    344. 

  344. 

  345. 	/* Avoid overwriting the RIV register */
    346. 

  346. 	rotate_clockwise_4x4(v0, v1, v2, v3)
    347. 

  347. 	rotate_clockwise_4x4(v4, v5, v6, v7)
    348. 

  348. 

  349. 	sub		x2, x2, #64
    350. 

  350. 

  351. 	eor		v0.16b, v0.16b, RIV.16b
    352. 

  352. 

  353. 	ld1		{RTMP0.16b-RTMP3.16b}, [x2], #64
    354. 

  354. 	ld1		{RTMP4.16b-RTMP7.16b}, [x2], #64
    355. 

  355. 

  356. 	eor		v1.16b, v1.16b, RTMP0.16b
    357. 

  357. 	eor		v2.16b, v2.16b, RTMP1.16b
    358. 

  358. 	eor		v3.16b, v3.16b, RTMP2.16b
    359. 

  359. 	eor		v4.16b, v4.16b, RTMP3.16b
    360. 

  360. 	eor		v5.16b, v5.16b, RTMP4.16b
    361. 

  361. 	eor		v6.16b, v6.16b, RTMP5.16b
    362. 

  362. 	eor		v7.16b, v7.16b, RTMP6.16b
    363. 

  363. 

  364. 	mov		RIV.16b, RTMP7.16b
    365. 

  365. 

  366. 	st1		{v0.16b-v3.16b}, [x1], #64
    367. 

  367. 	st1		{v4.16b-v7.16b}, [x1], #64
    368. 

  368. 

  369. 	cbz		w4, .Lcbc_dec_end
    370. 

  370. 	b		.Lcbc_dec_loop_8x
    371. 

  371. 

  372. .Lcbc_dec_4x:
    373. 

  373. 	add		w4, w4, #8
    374. 

  374. 	cmp		w4, #4
    375. 

  375. 	blt		.Lcbc_dec_tail
    376. 

  376. 

  377. 	sub		w4, w4, #4
    378. 

  378. 

  379. 	ld1		{v0.16b-v3.16b}, [x2], #64
    380. 

  380. 

  381. 	rev32		v4.16b, v0.16b
    382. 

  382. 	rev32		v5.16b, v1.16b
    383. 

  383. 	rev32		v6.16b, v2.16b
    384. 

  384. 	rev32		v7.16b, v3.16b
    385. 

  385. 

  386. 	transpose_4x4(v4, v5, v6, v7)
    387. 

  387. 

  388. 	SM4_CRYPT_BLK4_BE(v4, v5, v6, v7)
    389. 

  389. 

  390. 	eor		v4.16b, v4.16b, RIV.16b
    391. 

  391. 	eor		v5.16b, v5.16b, v0.16b
    392. 

  392. 	eor		v6.16b, v6.16b, v1.16b
    393. 

  393. 	eor		v7.16b, v7.16b, v2.16b
    394. 

  394. 

  395. 	mov		RIV.16b, v3.16b
    396. 

  396. 

  397. 	st1		{v4.16b-v7.16b}, [x1], #64
    398. 

  398. 

  399. 	cbz		w4, .Lcbc_dec_end
    400. 

  400. 

  401. .Lcbc_dec_tail:
    402. 

  402. 	cmp		w4, #2
    403. 

  403. 	ld1		{v0.16b}, [x2], #16
    404. 

  404. 	blt		.Lcbc_dec_tail_load_done
    405. 

  405. 	ld1		{v1.16b}, [x2], #16
    406. 

  406. 	beq		.Lcbc_dec_tail_load_done
    407. 

  407. 	ld1		{v2.16b}, [x2], #16
    408. 

  408. 

  409. .Lcbc_dec_tail_load_done:
    410. 

  410. 	rev32		v4.16b, v0.16b
    411. 

  411. 	rev32		v5.16b, v1.16b
    412. 

  412. 	rev32		v6.16b, v2.16b
    413. 

  413. 

  414. 	transpose_4x4(v4, v5, v6, v7)
    415. 

  415. 

  416. 	SM4_CRYPT_BLK4_BE(v4, v5, v6, v7)
    417. 

  417. 

  418. 	cmp		w4, #2
    419. 

  419. 	eor		v4.16b, v4.16b, RIV.16b
    420. 

  420. 	mov		RIV.16b, v0.16b
    421. 

  421. 	st1		{v4.16b}, [x1], #16
    422. 

  422. 	blt		.Lcbc_dec_end
    423. 

  423. 

  424. 	eor		v5.16b, v5.16b, v0.16b
    425. 

  425. 	mov		RIV.16b, v1.16b
    426. 

  426. 	st1		{v5.16b}, [x1], #16
    427. 

  427. 	beq		.Lcbc_dec_end
    428. 

  428. 

  429. 	eor		v6.16b, v6.16b, v1.16b
    430. 

  430. 	mov		RIV.16b, v2.16b
    431. 

  431. 	st1		{v6.16b}, [x1], #16
    432. 

  432. 

  433. .Lcbc_dec_end:
    434. 

  434. 	/* store new IV */
    435. 

  435. 	st1		{RIV.16b}, [x3]
    436. 

  436. 

  437. 	ret
    438. 

  438. SYM_FUNC_END(sm4_neon_cbc_dec)
    439. 

  439. 

  440. .align 3
    441. 

  441. SYM_FUNC_START(sm4_neon_ctr_crypt)
    442. 

  442. 	/* input:
    443. 

  443. 	 *   x0: round key array, CTX
    444. 

  444. 	 *   x1: dst
    445. 

  445. 	 *   x2: src
    446. 

  446. 	 *   x3: ctr (big endian, 128 bit)
    447. 

  447. 	 *   w4: nblocks
    448. 

  448. 	 */
    449. 

  449. 	SM4_PREPARE()
    450. 

  450. 

  451. 	ldp		x7, x8, [x3]
    452. 

  452. 	rev		x7, x7
    453. 

  453. 	rev		x8, x8
    454. 

  454. 

  455. .Lctr_crypt_loop_8x:
    456. 

  456. 	sub		w4, w4, #8
    457. 

  457. 	tbnz		w4, #31, .Lctr_crypt_4x
    458. 

  458. 

  459. #define inc_le128(vctr)                             \
    460. 

  460. 		mov		vctr.d[1], x8;      \
    461. 

  461. 		mov		vctr.d[0], x7;      \
    462. 

  462. 		adds		x8, x8, #1;         \
    463. 

  463. 		rev64		vctr.16b, vctr.16b; \
    464. 

  464. 		adc		x7, x7, xzr;
    465. 

  465. 

  466. 	/* construct CTRs */
    467. 

  467. 	inc_le128(v0)			/* +0 */
    468. 

  468. 	inc_le128(v1)			/* +1 */
    469. 

  469. 	inc_le128(v2)			/* +2 */
    470. 

  470. 	inc_le128(v3)			/* +3 */
    471. 

  471. 	inc_le128(v4)			/* +4 */
    472. 

  472. 	inc_le128(v5)			/* +5 */
    473. 

  473. 	inc_le128(v6)			/* +6 */
    474. 

  474. 	inc_le128(v7)			/* +7 */
    475. 

  475. 

  476. 	transpose_4x4_2x(v0, v1, v2, v3, v4, v5, v6, v7)
    477. 

  477. 

  478. 	SM4_CRYPT_BLK8(v0, v1, v2, v3, v4, v5, v6, v7)
    479. 

  479. 

  480. 	ld1		{RTMP0.16b-RTMP3.16b}, [x2], #64
    481. 

  481. 	ld1		{RTMP4.16b-RTMP7.16b}, [x2], #64
    482. 

  482. 

  483. 	eor		v0.16b, v0.16b, RTMP0.16b
    484. 

  484. 	eor		v1.16b, v1.16b, RTMP1.16b
    485. 

  485. 	eor		v2.16b, v2.16b, RTMP2.16b
    486. 

  486. 	eor		v3.16b, v3.16b, RTMP3.16b
    487. 

  487. 	eor		v4.16b, v4.16b, RTMP4.16b
    488. 

  488. 	eor		v5.16b, v5.16b, RTMP5.16b
    489. 

  489. 	eor		v6.16b, v6.16b, RTMP6.16b
    490. 

  490. 	eor		v7.16b, v7.16b, RTMP7.16b
    491. 

  491. 

  492. 	st1		{v0.16b-v3.16b}, [x1], #64
    493. 

  493. 	st1		{v4.16b-v7.16b}, [x1], #64
    494. 

  494. 

  495. 	cbz		w4, .Lctr_crypt_end
    496. 

  496. 	b		.Lctr_crypt_loop_8x
    497. 

  497. 

  498. .Lctr_crypt_4x:
    499. 

  499. 	add		w4, w4, #8
    500. 

  500. 	cmp		w4, #4
    501. 

  501. 	blt		.Lctr_crypt_tail
    502. 

  502. 

  503. 	sub		w4, w4, #4
    504. 

  504. 

  505. 	/* construct CTRs */
    506. 

  506. 	inc_le128(v0)			/* +0 */
    507. 

  507. 	inc_le128(v1)			/* +1 */
    508. 

  508. 	inc_le128(v2)			/* +2 */
    509. 

  509. 	inc_le128(v3)			/* +3 */
    510. 

  510. 

  511. 	ld1		{v4.16b-v7.16b}, [x2], #64
    512. 

  512. 

  513. 	transpose_4x4(v0, v1, v2, v3)
    514. 

  514. 

  515. 	SM4_CRYPT_BLK4(v0, v1, v2, v3)
    516. 

  516. 

  517. 	eor		v0.16b, v0.16b, v4.16b
    518. 

  518. 	eor		v1.16b, v1.16b, v5.16b
    519. 

  519. 	eor		v2.16b, v2.16b, v6.16b
    520. 

  520. 	eor		v3.16b, v3.16b, v7.16b
    521. 

  521. 

  522. 	st1		{v0.16b-v3.16b}, [x1], #64
    523. 

  523. 

  524. 	cbz		w4, .Lctr_crypt_end
    525. 

  525. 

  526. .Lctr_crypt_tail:
    527. 

  527. 	/* inc_le128 will change the sign bit */
    528. 

  528. 	ld1		{v4.16b}, [x2], #16
    529. 

  529. 	inc_le128(v0)
    530. 

  530. 	cmp		w4, #2
    531. 

  531. 	blt		.Lctr_crypt_tail_load_done
    532. 

  532. 

  533. 	ld1		{v5.16b}, [x2], #16
    534. 

  534. 	inc_le128(v1)
    535. 

  535. 	cmp		w4, #2
    536. 

  536. 	beq		.Lctr_crypt_tail_load_done
    537. 

  537. 

  538. 	ld1		{v6.16b}, [x2], #16
    539. 

  539. 	inc_le128(v2)
    540. 

  540. 

  541. .Lctr_crypt_tail_load_done:
    542. 

  542. 	transpose_4x4(v0, v1, v2, v3)
    543. 

  543. 

  544. 	SM4_CRYPT_BLK4(v0, v1, v2, v3)
    545. 

  545. 

  546. 	cmp		w4, #2
    547. 

  547. 

  548. 	eor		v0.16b, v0.16b, v4.16b
    549. 

  549. 	st1		{v0.16b}, [x1], #16
    550. 

  550. 	blt		.Lctr_crypt_end
    551. 

  551. 

  552. 	eor		v1.16b, v1.16b, v5.16b
    553. 

  553. 	st1		{v1.16b}, [x1], #16
    554. 

  554. 	beq		.Lctr_crypt_end
    555. 

  555. 

  556. 	eor		v2.16b, v2.16b, v6.16b
    557. 

  557. 	st1		{v2.16b}, [x1], #16
    558. 

  558. 

  559. .Lctr_crypt_end:
    560. 

  560. 	/* store new CTR */
    561. 

  561. 	rev		x7, x7
    562. 

  562. 	rev		x8, x8
    563. 

  563. 	stp		x7, x8, [x3]
    564. 

  564. 

  565. 	ret
    566. 

  566. SYM_FUNC_END(sm4_neon_ctr_crypt)
    567.