sha1-ce-core.S 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. /* SPDX-License-Identifier: GPL-2.0-only */
  2. /*
  3. * SHA-1 secure hash using ARMv8 Crypto Extensions
  4. *
  5. * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
  6. */
  7. #include <linux/linkage.h>
  8. #include <asm/assembler.h>
  9. .text
  10. .arch armv8-a+crypto
  11. k0 .req v0
  12. k1 .req v1
  13. k2 .req v2
  14. k3 .req v3
  15. t0 .req v4
  16. t1 .req v5
  17. dga .req q6
  18. dgav .req v6
  19. dgb .req s7
  20. dgbv .req v7
  21. dg0q .req q12
  22. dg0s .req s12
  23. dg0v .req v12
  24. dg1s .req s13
  25. dg1v .req v13
  26. dg2s .req s14
  27. .macro add_only, op, ev, rc, s0, dg1
  28. .ifc \ev, ev
  29. add t1.4s, v\s0\().4s, \rc\().4s
  30. sha1h dg2s, dg0s
  31. .ifnb \dg1
  32. sha1\op dg0q, \dg1, t0.4s
  33. .else
  34. sha1\op dg0q, dg1s, t0.4s
  35. .endif
  36. .else
  37. .ifnb \s0
  38. add t0.4s, v\s0\().4s, \rc\().4s
  39. .endif
  40. sha1h dg1s, dg0s
  41. sha1\op dg0q, dg2s, t1.4s
  42. .endif
  43. .endm
  44. .macro add_update, op, ev, rc, s0, s1, s2, s3, dg1
  45. sha1su0 v\s0\().4s, v\s1\().4s, v\s2\().4s
  46. add_only \op, \ev, \rc, \s1, \dg1
  47. sha1su1 v\s0\().4s, v\s3\().4s
  48. .endm
  49. .macro loadrc, k, val, tmp
  50. movz \tmp, :abs_g0_nc:\val
  51. movk \tmp, :abs_g1:\val
  52. dup \k, \tmp
  53. .endm
  54. /*
  55. * size_t __sha1_ce_transform(struct sha1_block_state *state,
  56. * const u8 *data, size_t nblocks);
  57. */
  58. SYM_FUNC_START(__sha1_ce_transform)
  59. /* load round constants */
  60. loadrc k0.4s, 0x5a827999, w6
  61. loadrc k1.4s, 0x6ed9eba1, w6
  62. loadrc k2.4s, 0x8f1bbcdc, w6
  63. loadrc k3.4s, 0xca62c1d6, w6
  64. /* load state */
  65. ld1 {dgav.4s}, [x0]
  66. ldr dgb, [x0, #16]
  67. /* load input */
  68. 0: ld1 {v8.4s-v11.4s}, [x1], #64
  69. sub x2, x2, #1
  70. CPU_LE( rev32 v8.16b, v8.16b )
  71. CPU_LE( rev32 v9.16b, v9.16b )
  72. CPU_LE( rev32 v10.16b, v10.16b )
  73. CPU_LE( rev32 v11.16b, v11.16b )
  74. add t0.4s, v8.4s, k0.4s
  75. mov dg0v.16b, dgav.16b
  76. add_update c, ev, k0, 8, 9, 10, 11, dgb
  77. add_update c, od, k0, 9, 10, 11, 8
  78. add_update c, ev, k0, 10, 11, 8, 9
  79. add_update c, od, k0, 11, 8, 9, 10
  80. add_update c, ev, k1, 8, 9, 10, 11
  81. add_update p, od, k1, 9, 10, 11, 8
  82. add_update p, ev, k1, 10, 11, 8, 9
  83. add_update p, od, k1, 11, 8, 9, 10
  84. add_update p, ev, k1, 8, 9, 10, 11
  85. add_update p, od, k2, 9, 10, 11, 8
  86. add_update m, ev, k2, 10, 11, 8, 9
  87. add_update m, od, k2, 11, 8, 9, 10
  88. add_update m, ev, k2, 8, 9, 10, 11
  89. add_update m, od, k2, 9, 10, 11, 8
  90. add_update m, ev, k3, 10, 11, 8, 9
  91. add_update p, od, k3, 11, 8, 9, 10
  92. add_only p, ev, k3, 9
  93. add_only p, od, k3, 10
  94. add_only p, ev, k3, 11
  95. add_only p, od
  96. /* update state */
  97. add dgbv.2s, dgbv.2s, dg1v.2s
  98. add dgav.4s, dgav.4s, dg0v.4s
  99. /* return early if voluntary preemption is needed */
  100. cond_yield 1f, x5, x6
  101. /* handled all input blocks? */
  102. cbnz x2, 0b
  103. /* store new state */
  104. 1: st1 {dgav.4s}, [x0]
  105. str dgb, [x0, #16]
  106. mov x0, x2
  107. ret
  108. SYM_FUNC_END(__sha1_ce_transform)