1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
4  *
5  * Copyright (C) 2015 Linaro Ltd.
6  * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
7  */
8 
9 #include <linux/linkage.h>
10 #include <asm/assembler.h>
11 
12 	.text
13 	.arch		armv8-a
14 	.fpu		crypto-neon-fp-armv8
15 
16 	k0		.req	q7
17 	k1		.req	q8
18 	rk		.req	r3
19 
20 	ta0		.req	q9
21 	ta1		.req	q10
22 	tb0		.req	q10
23 	tb1		.req	q9
24 
25 	dga		.req	q11
26 	dgb		.req	q12
27 
28 	dg0		.req	q13
29 	dg1		.req	q14
30 	dg2		.req	q15
31 
32 	.macro		add_only, ev, s0
33 	vmov		dg2, dg0
34 	.ifnb		\s0
35 	vld1.32		{k\ev}, [rk, :128]!
36 	.endif
37 	sha256h.32	dg0, dg1, tb\ev
38 	sha256h2.32	dg1, dg2, tb\ev
39 	.ifnb		\s0
40 	vadd.u32	ta\ev, q\s0, k\ev
41 	.endif
42 	.endm
43 
44 	.macro		add_update, ev, s0, s1, s2, s3
45 	sha256su0.32	q\s0, q\s1
46 	add_only	\ev, \s1
47 	sha256su1.32	q\s0, q\s2, q\s3
48 	.endm
49 
50 	.align		6
51 .Lsha256_rcon:
52 	.word		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
53 	.word		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
54 	.word		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
55 	.word		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
56 	.word		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
57 	.word		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
58 	.word		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
59 	.word		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
60 	.word		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
61 	.word		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
62 	.word		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
63 	.word		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
64 	.word		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
65 	.word		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
66 	.word		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
67 	.word		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
68 
69 	/*
70 	 * void sha2_ce_transform(struct sha256_state *sst, u8 const *src,
71 				  int blocks);
72 	 */
73 ENTRY(sha2_ce_transform)
74 	/* load state */
75 	vld1.32		{dga-dgb}, [r0]
76 
77 	/* load input */
78 0:	vld1.32		{q0-q1}, [r1]!
79 	vld1.32		{q2-q3}, [r1]!
80 	subs		r2, r2, #1
81 
82 #ifndef CONFIG_CPU_BIG_ENDIAN
83 	vrev32.8	q0, q0
84 	vrev32.8	q1, q1
85 	vrev32.8	q2, q2
86 	vrev32.8	q3, q3
87 #endif
88 
89 	/* load first round constant */
90 	adr		rk, .Lsha256_rcon
91 	vld1.32		{k0}, [rk, :128]!
92 
93 	vadd.u32	ta0, q0, k0
94 	vmov		dg0, dga
95 	vmov		dg1, dgb
96 
97 	add_update	1, 0, 1, 2, 3
98 	add_update	0, 1, 2, 3, 0
99 	add_update	1, 2, 3, 0, 1
100 	add_update	0, 3, 0, 1, 2
101 	add_update	1, 0, 1, 2, 3
102 	add_update	0, 1, 2, 3, 0
103 	add_update	1, 2, 3, 0, 1
104 	add_update	0, 3, 0, 1, 2
105 	add_update	1, 0, 1, 2, 3
106 	add_update	0, 1, 2, 3, 0
107 	add_update	1, 2, 3, 0, 1
108 	add_update	0, 3, 0, 1, 2
109 
110 	add_only	1, 1
111 	add_only	0, 2
112 	add_only	1, 3
113 	add_only	0
114 
115 	/* update state */
116 	vadd.u32	dga, dga, dg0
117 	vadd.u32	dgb, dgb, dg1
118 	bne		0b
119 
120 	/* store new state */
121 	vst1.32		{dga-dgb}, [r0]
122 	bx		lr
123 ENDPROC(sha2_ce_transform)
124