arch/riscv/crypto/aes-riscv64-zvkned.S

   1 /* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
   2 //
   3 // This file is dual-licensed, meaning that you can use it under your
   4 // choice of either of the following two licenses:
   5 //
   6 // Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
   7 //
   8 // Licensed under the Apache License 2.0 (the "License"). You can obtain
   9 // a copy in the file LICENSE in the source distribution or at
  10 // https://www.openssl.org/source/license.html
  11 //
  12 // or
  13 //
  14 // Copyright (c) 2023, Christoph Müllner <christoph.muellner@vrull.eu>
  15 // Copyright (c) 2023, Phoebe Chen <phoebe.chen@sifive.com>
  16 // Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
  17 // Copyright 2024 Google LLC
  18 // All rights reserved.
  19 //
  20 // Redistribution and use in source and binary forms, with or without
  21 // modification, are permitted provided that the following conditions
  22 // are met:
  23 // 1. Redistributions of source code must retain the above copyright
  24 //    notice, this list of conditions and the following disclaimer.
  25 // 2. Redistributions in binary form must reproduce the above copyright
  26 //    notice, this list of conditions and the following disclaimer in the
  27 //    documentation and/or other materials provided with the distribution.
  28 //
  29 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  30 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  31 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  32 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  33 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  34 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  35 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  36 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  37 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  38 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  39 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  40
  41 // The generated code of this file depends on the following RISC-V extensions:
  42 // - RV64I
  43 // - RISC-V Vector ('V') with VLEN >= 128
  44 // - RISC-V Vector AES block cipher extension ('Zvkned')
  45
  46 #include <linux/linkage.h>
  47
  48 .text
  49 .option arch, +zvkned
  50
  51 #include "aes-macros.S"
  52
  53 #define KEYP            a0
  54 #define INP             a1
  55 #define OUTP            a2
  56 #define LEN             a3
  57 #define IVP             a4
  58
  59 .macro  __aes_crypt_zvkned      enc, keylen
  60         vle32.v         v16, (INP)
  61         aes_crypt       v16, \enc, \keylen
  62         vse32.v         v16, (OUTP)
  63         ret
  64 .endm
  65
  66 .macro  aes_crypt_zvkned        enc
  67         aes_begin       KEYP, 128f, 192f
  68         __aes_crypt_zvkned      \enc, 256
  69 128:
  70         __aes_crypt_zvkned      \enc, 128
  71 192:
  72         __aes_crypt_zvkned      \enc, 192
  73 .endm
  74
  75 // void aes_encrypt_zvkned(const struct crypto_aes_ctx *key,
  76 //                         const u8 in[16], u8 out[16]);
  77 SYM_FUNC_START(aes_encrypt_zvkned)
  78         aes_crypt_zvkned        1
  79 SYM_FUNC_END(aes_encrypt_zvkned)
  80
  81 // Same prototype and calling convention as the encryption function
  82 SYM_FUNC_START(aes_decrypt_zvkned)
  83         aes_crypt_zvkned        0
  84 SYM_FUNC_END(aes_decrypt_zvkned)
  85
  86 .macro  __aes_ecb_crypt enc, keylen
  87         srli            t0, LEN, 2
  88         // t0 is the remaining length in 32-bit words.  It's a multiple of 4.
  89 1:
  90         vsetvli         t1, t0, e32, m8, ta, ma
  91         sub             t0, t0, t1      // Subtract number of words processed
  92         slli            t1, t1, 2       // Words to bytes
  93         vle32.v         v16, (INP)
  94         aes_crypt       v16, \enc, \keylen
  95         vse32.v         v16, (OUTP)
  96         add             INP, INP, t1
  97         add             OUTP, OUTP, t1
  98         bnez            t0, 1b
  99
 100         ret
 101 .endm
 102
 103 .macro  aes_ecb_crypt   enc
 104         aes_begin       KEYP, 128f, 192f
 105         __aes_ecb_crypt \enc, 256
 106 128:
 107         __aes_ecb_crypt \enc, 128
 108 192:
 109         __aes_ecb_crypt \enc, 192
 110 .endm
 111
 112 // void aes_ecb_encrypt_zvkned(const struct crypto_aes_ctx *key,
 113 //                             const u8 *in, u8 *out, size_t len);
 114 //
 115 // |len| must be nonzero and a multiple of 16 (AES_BLOCK_SIZE).
 116 SYM_FUNC_START(aes_ecb_encrypt_zvkned)
 117         aes_ecb_crypt   1
 118 SYM_FUNC_END(aes_ecb_encrypt_zvkned)
 119
 120 // Same prototype and calling convention as the encryption function
 121 SYM_FUNC_START(aes_ecb_decrypt_zvkned)
 122         aes_ecb_crypt   0
 123 SYM_FUNC_END(aes_ecb_decrypt_zvkned)
 124
 125 .macro  aes_cbc_encrypt keylen
 126         vle32.v         v16, (IVP)      // Load IV
 127 1:
 128         vle32.v         v17, (INP)      // Load plaintext block
 129         vxor.vv         v16, v16, v17   // XOR with IV or prev ciphertext block
 130         aes_encrypt     v16, \keylen    // Encrypt
 131         vse32.v         v16, (OUTP)     // Store ciphertext block
 132         addi            INP, INP, 16
 133         addi            OUTP, OUTP, 16
 134         addi            LEN, LEN, -16
 135         bnez            LEN, 1b
 136
 137         vse32.v         v16, (IVP)      // Store next IV
 138         ret
 139 .endm
 140
 141 .macro  aes_cbc_decrypt keylen
 142         vle32.v         v16, (IVP)      // Load IV
 143 1:
 144         vle32.v         v17, (INP)      // Load ciphertext block
 145         vmv.v.v         v18, v17        // Save ciphertext block
 146         aes_decrypt     v17, \keylen    // Decrypt
 147         vxor.vv         v17, v17, v16   // XOR with IV or prev ciphertext block
 148         vse32.v         v17, (OUTP)     // Store plaintext block
 149         vmv.v.v         v16, v18        // Next "IV" is prev ciphertext block
 150         addi            INP, INP, 16
 151         addi            OUTP, OUTP, 16
 152         addi            LEN, LEN, -16
 153         bnez            LEN, 1b
 154
 155         vse32.v         v16, (IVP)      // Store next IV
 156         ret
 157 .endm
 158
 159 // void aes_cbc_encrypt_zvkned(const struct crypto_aes_ctx *key,
 160 //                             const u8 *in, u8 *out, size_t len, u8 iv[16]);
 161 //
 162 // |len| must be nonzero and a multiple of 16 (AES_BLOCK_SIZE).
 163 SYM_FUNC_START(aes_cbc_encrypt_zvkned)
 164         aes_begin       KEYP, 128f, 192f
 165         aes_cbc_encrypt 256
 166 128:
 167         aes_cbc_encrypt 128
 168 192:
 169         aes_cbc_encrypt 192
 170 SYM_FUNC_END(aes_cbc_encrypt_zvkned)
 171
 172 // Same prototype and calling convention as the encryption function
 173 SYM_FUNC_START(aes_cbc_decrypt_zvkned)
 174         aes_begin       KEYP, 128f, 192f
 175         aes_cbc_decrypt 256
 176 128:
 177         aes_cbc_decrypt 128
 178 192:
 179         aes_cbc_decrypt 192
 180 SYM_FUNC_END(aes_cbc_decrypt_zvkned)