sha2-ce-core.S - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
sha2-ce-core.S (2770B)
      1/* SPDX-License-Identifier: GPL-2.0-only */
      2/*
      3 * sha2-ce-core.S - SHA-224/256 secure hash using ARMv8 Crypto Extensions
      4 *
      5 * Copyright (C) 2015 Linaro Ltd.
      6 * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      7 */
      8
      9#include <linux/linkage.h>
     10#include <asm/assembler.h>
     11
     12	.text
     13	.arch		armv8-a
     14	.fpu		crypto-neon-fp-armv8
     15
     16	k0		.req	q7
     17	k1		.req	q8
     18	rk		.req	r3
     19
     20	ta0		.req	q9
     21	ta1		.req	q10
     22	tb0		.req	q10
     23	tb1		.req	q9
     24
     25	dga		.req	q11
     26	dgb		.req	q12
     27
     28	dg0		.req	q13
     29	dg1		.req	q14
     30	dg2		.req	q15
     31
     32	.macro		add_only, ev, s0
     33	vmov		dg2, dg0
     34	.ifnb		\s0
     35	vld1.32		{k\ev}, [rk, :128]!
     36	.endif
     37	sha256h.32	dg0, dg1, tb\ev
     38	sha256h2.32	dg1, dg2, tb\ev
     39	.ifnb		\s0
     40	vadd.u32	ta\ev, q\s0, k\ev
     41	.endif
     42	.endm
     43
     44	.macro		add_update, ev, s0, s1, s2, s3
     45	sha256su0.32	q\s0, q\s1
     46	add_only	\ev, \s1
     47	sha256su1.32	q\s0, q\s2, q\s3
     48	.endm
     49
     50	.align		6
     51.Lsha256_rcon:
     52	.word		0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
     53	.word		0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
     54	.word		0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
     55	.word		0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
     56	.word		0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
     57	.word		0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
     58	.word		0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
     59	.word		0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
     60	.word		0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
     61	.word		0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
     62	.word		0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
     63	.word		0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
     64	.word		0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
     65	.word		0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
     66	.word		0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
     67	.word		0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
     68
     69	/*
     70	 * void sha2_ce_transform(struct sha256_state *sst, u8 const *src,
     71				  int blocks);
     72	 */
     73ENTRY(sha2_ce_transform)
     74	/* load state */
     75	vld1.32		{dga-dgb}, [r0]
     76
     77	/* load input */
     780:	vld1.32		{q0-q1}, [r1]!
     79	vld1.32		{q2-q3}, [r1]!
     80	subs		r2, r2, #1
     81
     82#ifndef CONFIG_CPU_BIG_ENDIAN
     83	vrev32.8	q0, q0
     84	vrev32.8	q1, q1
     85	vrev32.8	q2, q2
     86	vrev32.8	q3, q3
     87#endif
     88
     89	/* load first round constant */
     90	adr		rk, .Lsha256_rcon
     91	vld1.32		{k0}, [rk, :128]!
     92
     93	vadd.u32	ta0, q0, k0
     94	vmov		dg0, dga
     95	vmov		dg1, dgb
     96
     97	add_update	1, 0, 1, 2, 3
     98	add_update	0, 1, 2, 3, 0
     99	add_update	1, 2, 3, 0, 1
    100	add_update	0, 3, 0, 1, 2
    101	add_update	1, 0, 1, 2, 3
    102	add_update	0, 1, 2, 3, 0
    103	add_update	1, 2, 3, 0, 1
    104	add_update	0, 3, 0, 1, 2
    105	add_update	1, 0, 1, 2, 3
    106	add_update	0, 1, 2, 3, 0
    107	add_update	1, 2, 3, 0, 1
    108	add_update	0, 3, 0, 1, 2
    109
    110	add_only	1, 1
    111	add_only	0, 2
    112	add_only	1, 3
    113	add_only	0
    114
    115	/* update state */
    116	vadd.u32	dga, dga, dg0
    117	vadd.u32	dgb, dgb, dg1
    118	bne		0b
    119
    120	/* store new state */
    121	vst1.32		{dga-dgb}, [r0]
    122	bx		lr
    123ENDPROC(sha2_ce_transform)