1/* SPDX-License-Identifier: BSD-2-Clause */ 2/* 3 * Copyright (c) 2015-2020, Linaro Limited 4 * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 5 */ 6 7/* Core SHA-224/SHA-256 transform using v8 Crypto Extensions */ 8 9#include <asm.S> 10 11 .arch armv8-a+crypto 12 13 dga .req q20 14 dgav .req v20 15 dgb .req q21 16 dgbv .req v21 17 18 t0 .req v22 19 t1 .req v23 20 21 dg0q .req q24 22 dg0v .req v24 23 dg1q .req q25 24 dg1v .req v25 25 dg2q .req q26 26 dg2v .req v26 27 28 .macro add_only, ev, rc, s0 29 mov dg2v.16b, dg0v.16b 30 .ifeq \ev 31 add t1.4s, v\s0\().4s, \rc\().4s 32 sha256h dg0q, dg1q, t0.4s 33 sha256h2 dg1q, dg2q, t0.4s 34 .else 35 .ifnb \s0 36 add t0.4s, v\s0\().4s, \rc\().4s 37 .endif 38 sha256h dg0q, dg1q, t1.4s 39 sha256h2 dg1q, dg2q, t1.4s 40 .endif 41 .endm 42 43 .macro add_update, ev, rc, s0, s1, s2, s3 44 sha256su0 v\s0\().4s, v\s1\().4s 45 add_only \ev, \rc, \s1 46 sha256su1 v\s0\().4s, v\s2\().4s, v\s3\().4s 47 .endm 48 49 50 /* 51 * void sha2_ce_transform(struct sha256_ce_state *sst, u8 const *src, 52 * int blocks) 53 */ 54FUNC sha256_ce_transform , : 55 /* load round constants */ 56 adr x8, .Lsha2_rcon 57 ld1 { v0.4s- v3.4s}, [x8], #64 58 ld1 { v4.4s- v7.4s}, [x8], #64 59 ld1 { v8.4s-v11.4s}, [x8], #64 60 ld1 {v12.4s-v15.4s}, [x8] 61 62 /* load state */ 63 mov x9, x0 64 ld1 {dgav.4s}, [x9], #16 65 ld1 {dgbv.4s}, [x9] 66 67 /* load input */ 680: ld1 {v16.16b-v19.16b}, [x1], #64 69 sub w2, w2, #1 70 71 rev32 v16.16b, v16.16b 72 rev32 v17.16b, v17.16b 73 rev32 v18.16b, v18.16b 74 rev32 v19.16b, v19.16b 75 761: add t0.4s, v16.4s, v0.4s 77 mov dg0v.16b, dgav.16b 78 mov dg1v.16b, dgbv.16b 79 80 add_update 0, v1, 16, 17, 18, 19 81 add_update 1, v2, 17, 18, 19, 16 82 add_update 0, v3, 18, 19, 16, 17 83 add_update 1, v4, 19, 16, 17, 18 84 85 add_update 0, v5, 16, 17, 18, 19 86 add_update 1, v6, 17, 18, 19, 16 87 add_update 0, v7, 18, 19, 16, 17 88 add_update 1, v8, 19, 16, 17, 18 89 90 add_update 0, v9, 16, 17, 18, 19 91 add_update 1, v10, 17, 18, 19, 16 92 add_update 0, v11, 18, 19, 16, 17 93 add_update 1, v12, 19, 16, 17, 18 94 95 add_only 0, v13, 17 96 add_only 1, v14, 18 97 add_only 0, v15, 19 98 add_only 1 99 100 /* update state */ 101 add dgav.4s, dgav.4s, dg0v.4s 102 add dgbv.4s, dgbv.4s, dg1v.4s 103 104 /* handled all input blocks? */ 105 cbnz w2, 0b 106 107 /* store new state */ 1083: mov x9, x0 109 st1 {dgav.16b}, [x9], #16 110 st1 {dgbv.16b}, [x9] 111 ret 112 113 /* 114 * The SHA-256 round constants 115 */ 116 .align 4 117.Lsha2_rcon: 118 .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 119 .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 120 .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 121 .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 122 .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc 123 .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da 124 .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 125 .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 126 .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 127 .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 128 .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 129 .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 130 .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 131 .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 132 .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 133 .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 134END_FUNC sha256_ce_transform 135 136BTI(emit_aarch64_feature_1_and GNU_PROPERTY_AARCH64_FEATURE_1_BTI) 137