sha1-ce-core.S 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * SHA-1 secure hash using ARMv8 Crypto Extensions
  4. *
  5. * Copyright (C) 2015 Linaro Ltd.
  6. * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
  7. */
  8. #include <linux/linkage.h>
  9. #include <asm/assembler.h>
  10. .text
  11. .arch armv8-a
  12. .fpu crypto-neon-fp-armv8
  13. k0 .req q0
  14. k1 .req q1
  15. k2 .req q2
  16. k3 .req q3
  17. ta0 .req q4
  18. ta1 .req q5
  19. tb0 .req q5
  20. tb1 .req q4
  21. dga .req q6
  22. dgb .req q7
  23. dgbs .req s28
  24. dg0 .req q12
  25. dg1a0 .req q13
  26. dg1a1 .req q14
  27. dg1b0 .req q14
  28. dg1b1 .req q13
  29. .macro add_only, op, ev, rc, s0, dg1
  30. .ifnb \s0
  31. vadd.u32 tb\ev, q\s0, \rc
  32. .endif
  33. sha1h.32 dg1b\ev, dg0
  34. .ifb \dg1
  35. sha1\op\().32 dg0, dg1a\ev, ta\ev
  36. .else
  37. sha1\op\().32 dg0, \dg1, ta\ev
  38. .endif
  39. .endm
  40. .macro add_update, op, ev, rc, s0, s1, s2, s3, dg1
  41. sha1su0.32 q\s0, q\s1, q\s2
  42. add_only \op, \ev, \rc, \s1, \dg1
  43. sha1su1.32 q\s0, q\s3
  44. .endm
  45. .align 6
  46. .Lsha1_rcon:
  47. .word 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999
  48. .word 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1
  49. .word 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc
  50. .word 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6
  51. /*
  52. * void sha1_ce_transform(struct sha1_block_state *state,
  53. * const u8 *data, size_t nblocks);
  54. */
  55. ENTRY(sha1_ce_transform)
  56. /* load round constants */
  57. adr ip, .Lsha1_rcon
  58. vld1.32 {k0-k1}, [ip, :128]!
  59. vld1.32 {k2-k3}, [ip, :128]
  60. /* load state */
  61. vld1.32 {dga}, [r0]
  62. vldr dgbs, [r0, #16]
  63. /* load input */
  64. 0: vld1.32 {q8-q9}, [r1]!
  65. vld1.32 {q10-q11}, [r1]!
  66. subs r2, r2, #1
  67. #ifndef CONFIG_CPU_BIG_ENDIAN
  68. vrev32.8 q8, q8
  69. vrev32.8 q9, q9
  70. vrev32.8 q10, q10
  71. vrev32.8 q11, q11
  72. #endif
  73. vadd.u32 ta0, q8, k0
  74. vmov dg0, dga
  75. add_update c, 0, k0, 8, 9, 10, 11, dgb
  76. add_update c, 1, k0, 9, 10, 11, 8
  77. add_update c, 0, k0, 10, 11, 8, 9
  78. add_update c, 1, k0, 11, 8, 9, 10
  79. add_update c, 0, k1, 8, 9, 10, 11
  80. add_update p, 1, k1, 9, 10, 11, 8
  81. add_update p, 0, k1, 10, 11, 8, 9
  82. add_update p, 1, k1, 11, 8, 9, 10
  83. add_update p, 0, k1, 8, 9, 10, 11
  84. add_update p, 1, k2, 9, 10, 11, 8
  85. add_update m, 0, k2, 10, 11, 8, 9
  86. add_update m, 1, k2, 11, 8, 9, 10
  87. add_update m, 0, k2, 8, 9, 10, 11
  88. add_update m, 1, k2, 9, 10, 11, 8
  89. add_update m, 0, k3, 10, 11, 8, 9
  90. add_update p, 1, k3, 11, 8, 9, 10
  91. add_only p, 0, k3, 9
  92. add_only p, 1, k3, 10
  93. add_only p, 0, k3, 11
  94. add_only p, 1
  95. /* update state */
  96. vadd.u32 dga, dga, dg0
  97. vadd.u32 dgb, dgb, dg1a0
  98. bne 0b
  99. /* store new state */
  100. vst1.32 {dga}, [r0]
  101. vstr dgbs, [r0, #16]
  102. bx lr
  103. ENDPROC(sha1_ce_transform)