arch/arm64/crypto/sm4-ce-ccm-core.S

root/arch/arm64/crypto/sm4-ce-ccm-core.S
/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 * SM4-CCM AEAD Algorithm using ARMv8 Crypto Extensions
 * as specified in rfc8998
 * https://datatracker.ietf.org/doc/html/rfc8998
 *
 * Copyright (C) 2022 Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
 */

#include <linux/linkage.h>
#include <linux/cfi_types.h>
#include <asm/assembler.h>
#include "sm4-ce-asm.h"

.arch   armv8-a+crypto

.irp b, 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 16, 24, 25, 26, 27, 28, 29, 30, 31
        .set .Lv\b\().4s, \b
.endr

.macro sm4e, vd, vn
        .inst 0xcec08400 | (.L\vn << 5) | .L\vd
.endm

/* Register macros */

#define RMAC    v16

/* Helper macros. */

#define inc_le128(vctr)                                 \
                mov             vctr.d[1], x8;          \
                mov             vctr.d[0], x7;          \
                adds            x8, x8, #1;             \
                rev64           vctr.16b, vctr.16b;     \
                adc             x7, x7, xzr;


.align 3
SYM_FUNC_START(sm4_ce_cbcmac_update)
        /* input:
         *   x0: round key array, CTX
         *   x1: mac
         *   x2: src
         *   w3: nblocks
         */
        SM4_PREPARE(x0)

        ld1             {RMAC.16b}, [x1]

.Lcbcmac_loop_4x:
        cmp             w3, #4
        blt             .Lcbcmac_loop_1x

        sub             w3, w3, #4

        ld1             {v0.16b-v3.16b}, [x2], #64

        SM4_CRYPT_BLK(RMAC)
        eor             RMAC.16b, RMAC.16b, v0.16b
        SM4_CRYPT_BLK(RMAC)
        eor             RMAC.16b, RMAC.16b, v1.16b
        SM4_CRYPT_BLK(RMAC)
        eor             RMAC.16b, RMAC.16b, v2.16b
        SM4_CRYPT_BLK(RMAC)
        eor             RMAC.16b, RMAC.16b, v3.16b

        cbz             w3, .Lcbcmac_end
        b               .Lcbcmac_loop_4x

.Lcbcmac_loop_1x:
        sub             w3, w3, #1

        ld1             {v0.16b}, [x2], #16

        SM4_CRYPT_BLK(RMAC)
        eor             RMAC.16b, RMAC.16b, v0.16b

        cbnz            w3, .Lcbcmac_loop_1x

.Lcbcmac_end:
        st1             {RMAC.16b}, [x1]
        ret
SYM_FUNC_END(sm4_ce_cbcmac_update)

.align 3
SYM_FUNC_START(sm4_ce_ccm_final)
        /* input:
         *   x0: round key array, CTX
         *   x1: ctr0 (big endian, 128 bit)
         *   x2: mac
         */
        SM4_PREPARE(x0)

        ld1             {RMAC.16b}, [x2]
        ld1             {v0.16b}, [x1]

        SM4_CRYPT_BLK2(RMAC, v0)

        /* en-/decrypt the mac with ctr0 */
        eor             RMAC.16b, RMAC.16b, v0.16b
        st1             {RMAC.16b}, [x2]

        ret
SYM_FUNC_END(sm4_ce_ccm_final)

.align 3
SYM_TYPED_FUNC_START(sm4_ce_ccm_enc)
        /* input:
         *   x0: round key array, CTX
         *   x1: dst
         *   x2: src
         *   x3: ctr (big endian, 128 bit)
         *   w4: nbytes
         *   x5: mac
         */
        SM4_PREPARE(x0)

        ldp             x7, x8, [x3]
        rev             x7, x7
        rev             x8, x8

        ld1             {RMAC.16b}, [x5]

.Lccm_enc_loop_4x:
        cmp             w4, #(4 * 16)
        blt             .Lccm_enc_loop_1x

        sub             w4, w4, #(4 * 16)

        /* construct CTRs */
        inc_le128(v8)                   /* +0 */
        inc_le128(v9)                   /* +1 */
        inc_le128(v10)                  /* +2 */
        inc_le128(v11)                  /* +3 */

        ld1             {v0.16b-v3.16b}, [x2], #64

        SM4_CRYPT_BLK2(v8, RMAC)
        eor             v8.16b, v8.16b, v0.16b
        eor             RMAC.16b, RMAC.16b, v0.16b
        SM4_CRYPT_BLK2(v9, RMAC)
        eor             v9.16b, v9.16b, v1.16b
        eor             RMAC.16b, RMAC.16b, v1.16b
        SM4_CRYPT_BLK2(v10, RMAC)
        eor             v10.16b, v10.16b, v2.16b
        eor             RMAC.16b, RMAC.16b, v2.16b
        SM4_CRYPT_BLK2(v11, RMAC)
        eor             v11.16b, v11.16b, v3.16b
        eor             RMAC.16b, RMAC.16b, v3.16b

        st1             {v8.16b-v11.16b}, [x1], #64

        cbz             w4, .Lccm_enc_end
        b               .Lccm_enc_loop_4x

.Lccm_enc_loop_1x:
        cmp             w4, #16
        blt             .Lccm_enc_tail

        sub             w4, w4, #16

        /* construct CTRs */
        inc_le128(v8)

        ld1             {v0.16b}, [x2], #16

        SM4_CRYPT_BLK2(v8, RMAC)
        eor             v8.16b, v8.16b, v0.16b
        eor             RMAC.16b, RMAC.16b, v0.16b

        st1             {v8.16b}, [x1], #16

        cbz             w4, .Lccm_enc_end
        b               .Lccm_enc_loop_1x

.Lccm_enc_tail:
        /* construct CTRs */
        inc_le128(v8)

        SM4_CRYPT_BLK2(RMAC, v8)

        /* store new MAC */
        st1             {RMAC.16b}, [x5]

.Lccm_enc_tail_loop:
        ldrb            w0, [x2], #1            /* get 1 byte from input */
        umov            w9, v8.b[0]             /* get top crypted CTR byte */
        umov            w6, RMAC.b[0]           /* get top MAC byte */

        eor             w9, w9, w0              /* w9 = CTR ^ input */
        eor             w6, w6, w0              /* w6 = MAC ^ input */

        strb            w9, [x1], #1            /* store out byte */
        strb            w6, [x5], #1            /* store MAC byte */

        subs            w4, w4, #1
        beq             .Lccm_enc_ret

        /* shift out one byte */
        ext             RMAC.16b, RMAC.16b, RMAC.16b, #1
        ext             v8.16b, v8.16b, v8.16b, #1

        b               .Lccm_enc_tail_loop

.Lccm_enc_end:
        /* store new MAC */
        st1             {RMAC.16b}, [x5]

        /* store new CTR */
        rev             x7, x7
        rev             x8, x8
        stp             x7, x8, [x3]

.Lccm_enc_ret:
        ret
SYM_FUNC_END(sm4_ce_ccm_enc)

.align 3
SYM_TYPED_FUNC_START(sm4_ce_ccm_dec)
        /* input:
         *   x0: round key array, CTX
         *   x1: dst
         *   x2: src
         *   x3: ctr (big endian, 128 bit)
         *   w4: nbytes
         *   x5: mac
         */
        SM4_PREPARE(x0)

        ldp             x7, x8, [x3]
        rev             x7, x7
        rev             x8, x8

        ld1             {RMAC.16b}, [x5]

.Lccm_dec_loop_4x:
        cmp             w4, #(4 * 16)
        blt             .Lccm_dec_loop_1x

        sub             w4, w4, #(4 * 16)

        /* construct CTRs */
        inc_le128(v8)                   /* +0 */
        inc_le128(v9)                   /* +1 */
        inc_le128(v10)                  /* +2 */
        inc_le128(v11)                  /* +3 */

        ld1             {v0.16b-v3.16b}, [x2], #64

        SM4_CRYPT_BLK2(v8, RMAC)
        eor             v8.16b, v8.16b, v0.16b
        eor             RMAC.16b, RMAC.16b, v8.16b
        SM4_CRYPT_BLK2(v9, RMAC)
        eor             v9.16b, v9.16b, v1.16b
        eor             RMAC.16b, RMAC.16b, v9.16b
        SM4_CRYPT_BLK2(v10, RMAC)
        eor             v10.16b, v10.16b, v2.16b
        eor             RMAC.16b, RMAC.16b, v10.16b
        SM4_CRYPT_BLK2(v11, RMAC)
        eor             v11.16b, v11.16b, v3.16b
        eor             RMAC.16b, RMAC.16b, v11.16b

        st1             {v8.16b-v11.16b}, [x1], #64

        cbz             w4, .Lccm_dec_end
        b               .Lccm_dec_loop_4x

.Lccm_dec_loop_1x:
        cmp             w4, #16
        blt             .Lccm_dec_tail

        sub             w4, w4, #16

        /* construct CTRs */
        inc_le128(v8)

        ld1             {v0.16b}, [x2], #16

        SM4_CRYPT_BLK2(v8, RMAC)
        eor             v8.16b, v8.16b, v0.16b
        eor             RMAC.16b, RMAC.16b, v8.16b

        st1             {v8.16b}, [x1], #16

        cbz             w4, .Lccm_dec_end
        b               .Lccm_dec_loop_1x

.Lccm_dec_tail:
        /* construct CTRs */
        inc_le128(v8)

        SM4_CRYPT_BLK2(RMAC, v8)

        /* store new MAC */
        st1             {RMAC.16b}, [x5]

.Lccm_dec_tail_loop:
        ldrb            w0, [x2], #1            /* get 1 byte from input */
        umov            w9, v8.b[0]             /* get top crypted CTR byte */
        umov            w6, RMAC.b[0]           /* get top MAC byte */

        eor             w9, w9, w0              /* w9 = CTR ^ input */
        eor             w6, w6, w9              /* w6 = MAC ^ output */

        strb            w9, [x1], #1            /* store out byte */
        strb            w6, [x5], #1            /* store MAC byte */

        subs            w4, w4, #1
        beq             .Lccm_dec_ret

        /* shift out one byte */
        ext             RMAC.16b, RMAC.16b, RMAC.16b, #1
        ext             v8.16b, v8.16b, v8.16b, #1

        b               .Lccm_dec_tail_loop

.Lccm_dec_end:
        /* store new MAC */
        st1             {RMAC.16b}, [x5]

        /* store new CTR */
        rev             x7, x7
        rev             x8, x8
        stp             x7, x8, [x3]

.Lccm_dec_ret:
        ret
SYM_FUNC_END(sm4_ce_ccm_dec)
Linux
