1/* SPDX-License-Identifier: BSD-2-Clause */ 2/* 3 * Copyright (c) 2014-2020, Linaro Limited 4 * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org> 5 */ 6 7 /* SHA-1 secure hash using ARMv8 Crypto Extensions */ 8 9#include <asm.S> 10 11 .arch armv8-a+crypto 12 13 k0 .req v0 14 k1 .req v1 15 k2 .req v2 16 k3 .req v3 17 18 t0 .req v4 19 t1 .req v5 20 21 dga .req q6 22 dgav .req v6 23 dgb .req s7 24 dgbv .req v7 25 26 dg0q .req q12 27 dg0s .req s12 28 dg0v .req v12 29 dg1s .req s13 30 dg1v .req v13 31 dg2s .req s14 32 33 .macro add_only, op, ev, rc, s0, dg1 34 .ifc \ev, ev 35 add t1.4s, v\s0\().4s, \rc\().4s 36 sha1h dg2s, dg0s 37 .ifnb \dg1 38 sha1\op dg0q, \dg1, t0.4s 39 .else 40 sha1\op dg0q, dg1s, t0.4s 41 .endif 42 .else 43 .ifnb \s0 44 add t0.4s, v\s0\().4s, \rc\().4s 45 .endif 46 sha1h dg1s, dg0s 47 sha1\op dg0q, dg2s, t1.4s 48 .endif 49 .endm 50 51 .macro add_update, op, ev, rc, s0, s1, s2, s3, dg1 52 sha1su0 v\s0\().4s, v\s1\().4s, v\s2\().4s 53 add_only \op, \ev, \rc, \s1, \dg1 54 sha1su1 v\s0\().4s, v\s3\().4s 55 .endm 56 57 /* 58 * void sha1_ce_transform(u32 state[5], u8 const *src, int blocks) 59 */ 60FUNC sha1_ce_transform , : 61 /* load round constants */ 62 adr x6, .Lsha1_rcon 63 ld1r {k0.4s}, [x6], #4 64 ld1r {k1.4s}, [x6], #4 65 ld1r {k2.4s}, [x6], #4 66 ld1r {k3.4s}, [x6] 67 68 /* load state */ 69 ld1 {dgav.4s}, [x0] 70 ldr dgb, [x0, #16] 71 72 /* load input */ 730: ld1 {v8.16b-v11.16b}, [x1], #64 74 sub w2, w2, #1 75 76 rev32 v8.16b, v8.16b 77 rev32 v9.16b, v9.16b 78 rev32 v10.16b, v10.16b 79 rev32 v11.16b, v11.16b 80 811: add t0.4s, v8.4s, k0.4s 82 mov dg0v.16b, dgav.16b 83 84 add_update c, ev, k0, 8, 9, 10, 11, dgb 85 add_update c, od, k0, 9, 10, 11, 8 86 add_update c, ev, k0, 10, 11, 8, 9 87 add_update c, od, k0, 11, 8, 9, 10 88 add_update c, ev, k1, 8, 9, 10, 11 89 90 add_update p, od, k1, 9, 10, 11, 8 91 add_update p, ev, k1, 10, 11, 8, 9 92 add_update p, od, k1, 11, 8, 9, 10 93 add_update p, ev, k1, 8, 9, 10, 11 94 add_update p, od, k2, 9, 10, 11, 8 95 96 add_update m, ev, k2, 10, 11, 8, 9 97 add_update m, od, k2, 11, 8, 9, 10 98 add_update m, ev, k2, 8, 9, 10, 11 99 add_update m, od, k2, 9, 10, 11, 8 100 add_update m, ev, k3, 10, 11, 8, 9 101 102 add_update p, od, k3, 11, 8, 9, 10 103 add_only p, ev, k3, 9 104 add_only p, od, k3, 10 105 add_only p, ev, k3, 11 106 add_only p, od 107 108 /* update state */ 109 add dgbv.2s, dgbv.2s, dg1v.2s 110 add dgav.4s, dgav.4s, dg0v.4s 111 112 cbnz w2, 0b 113 114 /* store new state */ 1153: st1 {dgav.4s}, [x0] 116 str dgb, [x0, #16] 117 ret 118 119 /* The SHA1 round constants */ 120 .align 4 121.Lsha1_rcon: 122 .word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 123END_FUNC sha1_ce_transform 124 125BTI(emit_aarch64_feature_1_and GNU_PROPERTY_AARCH64_FEATURE_1_BTI) 126