ark1668ed-bsp/linux/arch/powerpc/crypto/curve25519-ppc64le_asm.S

/* SPDX-License-Identifier: GPL-2.0-or-later */
#
# This code is taken from CRYPTOGAMs[1] and is included here using the option
# in the license to distribute the code under the GPL. Therefore this program
# is free software; you can redistribute it and/or modify it under the terms of
# the GNU General Public License version 2 as published by the Free Software
# Foundation.
#
# [1] https://github.com/dot-asm/cryptogams/

# Copyright (c) 2006-2017, CRYPTOGAMS by <appro@openssl.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
#       * Redistributions of source code must retain copyright notices,
#         this list of conditions and the following disclaimer.
#
#       * Redistributions in binary form must reproduce the above
#         copyright notice, this list of conditions and the following
#         disclaimer in the documentation and/or other materials
#         provided with the distribution.
#
#       * Neither the name of the CRYPTOGAMS nor the names of its
#         copyright holder and contributors may be used to endorse or
#         promote products derived from this software without specific
#         prior written permission.
#
# ALTERNATIVELY, provided that this notice is retained in full, this
# product may be distributed under the terms of the GNU General Public
# License (GPL), in which case the provisions of the GPL apply INSTEAD OF
# those given above.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# ====================================================================
# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see https://www.openssl.org/~appro/cryptogams/.
# ====================================================================

#
# ====================================================================
# Written and Modified by Danny Tsen <dtsen@us.ibm.com>
# - Added x25519_fe51_sqr_times, x25519_fe51_frombytes, x25519_fe51_tobytes
#   and x25519_cswap
#
# Copyright 2024- IBM Corp.
#
# X25519 lower-level primitives for PPC64.
#

#include <linux/linkage.h>

.text

.align	5
SYM_FUNC_START(x25519_fe51_mul)

	stdu	1,-144(1)
	std	21,56(1)
	std	22,64(1)
	std	23,72(1)
	std	24,80(1)
	std	25,88(1)
	std	26,96(1)
	std	27,104(1)
	std	28,112(1)
	std	29,120(1)
	std	30,128(1)
	std	31,136(1)

	ld	6,0(5)
	ld	7,0(4)
	ld	8,8(4)
	ld	9,16(4)
	ld	10,24(4)
	ld	11,32(4)

	mulld	22,7,6
	mulhdu	23,7,6

	mulld	24,8,6
	mulhdu	25,8,6

	mulld	30,11,6
	mulhdu	31,11,6
	ld	4,8(5)
	mulli	11,11,19

	mulld	26,9,6
	mulhdu	27,9,6

	mulld	28,10,6
	mulhdu	29,10,6
	mulld	12,11,4
	mulhdu	21,11,4
	addc	22,22,12
	adde	23,23,21

	mulld	12,7,4
	mulhdu	21,7,4
	addc	24,24,12
	adde	25,25,21

	mulld	12,10,4
	mulhdu	21,10,4
	ld	6,16(5)
	mulli	10,10,19
	addc	30,30,12
	adde	31,31,21

	mulld	12,8,4
	mulhdu	21,8,4
	addc	26,26,12
	adde	27,27,21

	mulld	12,9,4
	mulhdu	21,9,4
	addc	28,28,12
	adde	29,29,21
	mulld	12,10,6
	mulhdu	21,10,6
	addc	22,22,12
	adde	23,23,21

	mulld	12,11,6
	mulhdu	21,11,6
	addc	24,24,12
	adde	25,25,21

	mulld	12,9,6
	mulhdu	21,9,6
	ld	4,24(5)
	mulli	9,9,19
	addc	30,30,12
	adde	31,31,21

	mulld	12,7,6
	mulhdu	21,7,6
	addc	26,26,12
	adde	27,27,21

	mulld	12,8,6
	mulhdu	21,8,6
	addc	28,28,12
	adde	29,29,21
	mulld	12,9,4
	mulhdu	21,9,4
	addc	22,22,12
	adde	23,23,21

	mulld	12,10,4
	mulhdu	21,10,4
	addc	24,24,12
	adde	25,25,21

	mulld	12,8,4
	mulhdu	21,8,4
	ld	6,32(5)
	mulli	8,8,19
	addc	30,30,12
	adde	31,31,21

	mulld	12,11,4
	mulhdu	21,11,4
	addc	26,26,12
	adde	27,27,21

	mulld	12,7,4
	mulhdu	21,7,4
	addc	28,28,12
	adde	29,29,21
	mulld	12,8,6
	mulhdu	21,8,6
	addc	22,22,12
	adde	23,23,21

	mulld	12,9,6
	mulhdu	21,9,6
	addc	24,24,12
	adde	25,25,21

	mulld	12,10,6
	mulhdu	21,10,6
	addc	26,26,12
	adde	27,27,21

	mulld	12,11,6
	mulhdu	21,11,6
	addc	28,28,12
	adde	29,29,21

	mulld	12,7,6
	mulhdu	21,7,6
	addc	30,30,12
	adde	31,31,21

.Lfe51_reduce:
	li	0,-1
	srdi	0,0,13

	srdi	12,26,51
	and	9,26,0
	insrdi	12,27,51,0
	srdi	21,22,51
	and	7,22,0
	insrdi	21,23,51,0
	addc	28,28,12
	addze	29,29
	addc	24,24,21
	addze	25,25

	srdi	12,28,51
	and	10,28,0
	insrdi	12,29,51,0
	srdi	21,24,51
	and	8,24,0
	insrdi	21,25,51,0
	addc	30,30,12
	addze	31,31
	add	9,9,21

	srdi	12,30,51
	and	11,30,0
	insrdi	12,31,51,0
	mulli	12,12,19

	add	7,7,12

	srdi	21,9,51
	and	9,9,0
	add	10,10,21

	srdi	12,7,51
	and	7,7,0
	add	8,8,12

	std	9,16(3)
	std	10,24(3)
	std	11,32(3)
	std	7,0(3)
	std	8,8(3)

	ld	21,56(1)
	ld	22,64(1)
	ld	23,72(1)
	ld	24,80(1)
	ld	25,88(1)
	ld	26,96(1)
	ld	27,104(1)
	ld	28,112(1)
	ld	29,120(1)
	ld	30,128(1)
	ld	31,136(1)
	addi	1,1,144
	blr
SYM_FUNC_END(x25519_fe51_mul)

.align	5
SYM_FUNC_START(x25519_fe51_sqr)

	stdu	1,-144(1)
	std	21,56(1)
	std	22,64(1)
	std	23,72(1)
	std	24,80(1)
	std	25,88(1)
	std	26,96(1)
	std	27,104(1)
	std	28,112(1)
	std	29,120(1)
	std	30,128(1)
	std	31,136(1)

	ld	7,0(4)
	ld	8,8(4)
	ld	9,16(4)
	ld	10,24(4)
	ld	11,32(4)

	add	6,7,7
	mulli	21,11,19

	mulld	22,7,7
	mulhdu	23,7,7
	mulld	24,8,6
	mulhdu	25,8,6
	mulld	26,9,6
	mulhdu	27,9,6
	mulld	28,10,6
	mulhdu	29,10,6
	mulld	30,11,6
	mulhdu	31,11,6
	add	6,8,8
	mulld	12,11,21
	mulhdu	11,11,21
	addc	28,28,12
	adde	29,29,11

	mulli	5,10,19

	mulld	12,8,8
	mulhdu	11,8,8
	addc	26,26,12
	adde	27,27,11
	mulld	12,9,6
	mulhdu	11,9,6
	addc	28,28,12
	adde	29,29,11
	mulld	12,10,6
	mulhdu	11,10,6
	addc	30,30,12
	adde	31,31,11
	mulld	12,21,6
	mulhdu	11,21,6
	add	6,10,10
	addc	22,22,12
	adde	23,23,11
	mulld	12,10,5
	mulhdu	10,10,5
	addc	24,24,12
	adde	25,25,10
	mulld	12,6,21
	mulhdu	10,6,21
	add	6,9,9
	addc	26,26,12
	adde	27,27,10

	mulld	12,9,9
	mulhdu	10,9,9
	addc	30,30,12
	adde	31,31,10
	mulld	12,5,6
	mulhdu	10,5,6
	addc	22,22,12
	adde	23,23,10
	mulld	12,21,6
	mulhdu	10,21,6
	addc	24,24,12
	adde	25,25,10

	b	.Lfe51_reduce
SYM_FUNC_END(x25519_fe51_sqr)

.align	5
SYM_FUNC_START(x25519_fe51_mul121666)

	stdu	1,-144(1)
	std	21,56(1)
	std	22,64(1)
	std	23,72(1)
	std	24,80(1)
	std	25,88(1)
	std	26,96(1)
	std	27,104(1)
	std	28,112(1)
	std	29,120(1)
	std	30,128(1)
	std	31,136(1)

	lis	6,1
	ori	6,6,56130
	ld	7,0(4)
	ld	8,8(4)
	ld	9,16(4)
	ld	10,24(4)
	ld	11,32(4)

	mulld	22,7,6
	mulhdu	23,7,6
	mulld	24,8,6
	mulhdu	25,8,6
	mulld	26,9,6
	mulhdu	27,9,6
	mulld	28,10,6
	mulhdu	29,10,6
	mulld	30,11,6
	mulhdu	31,11,6

	b	.Lfe51_reduce
SYM_FUNC_END(x25519_fe51_mul121666)

.align	5
SYM_FUNC_START(x25519_fe51_sqr_times)

	stdu	1,-144(1)
	std	21,56(1)
	std	22,64(1)
	std	23,72(1)
	std	24,80(1)
	std	25,88(1)
	std	26,96(1)
	std	27,104(1)
	std	28,112(1)
	std	29,120(1)
	std	30,128(1)
	std	31,136(1)

	ld	7,0(4)
	ld	8,8(4)
	ld	9,16(4)
	ld	10,24(4)
	ld	11,32(4)

	mtctr	5

.Lsqr_times_loop:
	add	6,7,7
	mulli	21,11,19

	mulld	22,7,7
	mulhdu	23,7,7
	mulld	24,8,6
	mulhdu	25,8,6
	mulld	26,9,6
	mulhdu	27,9,6
	mulld	28,10,6
	mulhdu	29,10,6
	mulld	30,11,6
	mulhdu	31,11,6
	add	6,8,8
	mulld	12,11,21
	mulhdu	11,11,21
	addc	28,28,12
	adde	29,29,11

	mulli	5,10,19

	mulld	12,8,8
	mulhdu	11,8,8
	addc	26,26,12
	adde	27,27,11
	mulld	12,9,6
	mulhdu	11,9,6
	addc	28,28,12
	adde	29,29,11
	mulld	12,10,6
	mulhdu	11,10,6
	addc	30,30,12
	adde	31,31,11
	mulld	12,21,6
	mulhdu	11,21,6
	add	6,10,10
	addc	22,22,12
	adde	23,23,11
	mulld	12,10,5
	mulhdu	10,10,5
	addc	24,24,12
	adde	25,25,10
	mulld	12,6,21
	mulhdu	10,6,21
	add	6,9,9
	addc	26,26,12
	adde	27,27,10

	mulld	12,9,9
	mulhdu	10,9,9
	addc	30,30,12
	adde	31,31,10
	mulld	12,5,6
	mulhdu	10,5,6
	addc	22,22,12
	adde	23,23,10
	mulld	12,21,6
	mulhdu	10,21,6
	addc	24,24,12
	adde	25,25,10

	# fe51_reduce
	li	0,-1
	srdi	0,0,13

	srdi	12,26,51
	and	9,26,0
	insrdi	12,27,51,0
	srdi	21,22,51
	and	7,22,0
	insrdi	21,23,51,0
	addc	28,28,12
	addze	29,29
	addc	24,24,21
	addze	25,25

	srdi	12,28,51
	and	10,28,0
	insrdi	12,29,51,0
	srdi	21,24,51
	and	8,24,0
	insrdi	21,25,51,0
	addc	30,30,12
	addze	31,31
	add	9,9,21

	srdi	12,30,51
	and	11,30,0
	insrdi	12,31,51,0
	mulli	12,12,19

	add	7,7,12

	srdi	21,9,51
	and	9,9,0
	add	10,10,21

	srdi	12,7,51
	and	7,7,0
	add	8,8,12

	bdnz	.Lsqr_times_loop

	std	9,16(3)
	std	10,24(3)
	std	11,32(3)
	std	7,0(3)
	std	8,8(3)

	ld	21,56(1)
	ld	22,64(1)
	ld	23,72(1)
	ld	24,80(1)
	ld	25,88(1)
	ld	26,96(1)
	ld	27,104(1)
	ld	28,112(1)
	ld	29,120(1)
	ld	30,128(1)
	ld	31,136(1)
	addi	1,1,144
	blr
SYM_FUNC_END(x25519_fe51_sqr_times)

.align	5
SYM_FUNC_START(x25519_fe51_frombytes)

	li	12, -1
	srdi	12, 12, 13	# 0x7ffffffffffff

	ld	5, 0(4)
	ld	6, 8(4)
	ld	7, 16(4)
	ld	8, 24(4)

	srdi	10, 5, 51
	and	5, 5, 12	# h0

	sldi	11, 6, 13
	or	11, 10, 11	# h1t
	srdi	10, 6, 38
	and	6, 11, 12	# h1

	sldi	11, 7, 26
	or	10, 10, 11	# h2t

	srdi	11, 7, 25
	and	7, 10, 12	# h2
	sldi	10, 8, 39
	or	11, 11, 10	# h3t

	srdi	9, 8, 12
	and	8, 11, 12	# h3
	and	9, 9, 12	# h4

	std	5, 0(3)
	std	6, 8(3)
	std	7, 16(3)
	std	8, 24(3)
	std	9, 32(3)

	blr
SYM_FUNC_END(x25519_fe51_frombytes)

.align	5
SYM_FUNC_START(x25519_fe51_tobytes)

	ld	5, 0(4)
	ld	6, 8(4)
	ld	7, 16(4)
	ld	8, 24(4)
	ld	9, 32(4)

	li	12, -1
	srdi	12, 12, 13	# 0x7ffffffffffff

	# Full reducuction
	addi	10, 5, 19
	srdi	10, 10, 51
	add	10, 10, 6
	srdi	10, 10, 51
	add	10, 10, 7
	srdi	10, 10, 51
	add	10, 10, 8
	srdi	10, 10, 51
	add	10, 10, 9
	srdi	10, 10, 51

	mulli	10, 10, 19
	add	5, 5, 10
	srdi	11, 5, 51
	add	6, 6, 11
	srdi	11, 6, 51
	add	7, 7, 11
	srdi	11, 7, 51
	add	8, 8, 11
	srdi	11, 8, 51
	add	9, 9, 11

	and	5, 5, 12
	and	6, 6, 12
	and	7, 7, 12
	and	8, 8, 12
	and	9, 9, 12

	sldi	10, 6, 51
	or	5, 5, 10	# s0

	srdi	11, 6, 13
	sldi	10, 7, 38
	or	6, 11, 10	# s1

	srdi	11, 7, 26
	sldi	10, 8, 25
	or	7, 11, 10	# s2

	srdi	11, 8, 39
	sldi	10, 9, 12
	or	8, 11, 10	# s4

	std	5, 0(3)
	std	6, 8(3)
	std	7, 16(3)
	std	8, 24(3)

	blr
SYM_FUNC_END(x25519_fe51_tobytes)

.align	5
SYM_FUNC_START(x25519_cswap)

	li	7, 5
	neg	6, 5
	mtctr	7

.Lswap_loop:
	ld	8, 0(3)
	ld	9, 0(4)
	xor	10, 8, 9
	and	10, 10, 6
	xor	11, 8, 10
	xor	12, 9, 10
	std	11, 0(3)
	addi	3, 3, 8
	std	12, 0(4)
	addi	4, 4, 8
	bdnz	.Lswap_loop

	blr
SYM_FUNC_END(x25519_cswap)