cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

aes-spe-keys.S (6102B)


      1/* SPDX-License-Identifier: GPL-2.0-or-later */
      2/*
      3 * Key handling functions for PPC AES implementation
      4 *
      5 * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
      6 */
      7
      8#include <asm/ppc_asm.h>
      9
     10#ifdef __BIG_ENDIAN__
     11#define LOAD_KEY(d, s, off) \
     12	lwz		d,off(s);
     13#else
     14#define LOAD_KEY(d, s, off) \
     15	li		r0,off; \
     16	lwbrx		d,s,r0;
     17#endif
     18
     19#define INITIALIZE_KEY \
     20	stwu		r1,-32(r1);	/* create stack frame		*/ \
     21	stw		r14,8(r1);	/* save registers		*/ \
     22	stw		r15,12(r1);					   \
     23	stw		r16,16(r1);
     24
     25#define FINALIZE_KEY \
     26	lwz		r14,8(r1);	/* restore registers		*/ \
     27	lwz		r15,12(r1);					   \
     28	lwz		r16,16(r1);					   \
     29	xor		r5,r5,r5;	/* clear sensitive data		*/ \
     30	xor		r6,r6,r6;					   \
     31	xor		r7,r7,r7;					   \
     32	xor		r8,r8,r8;					   \
     33	xor		r9,r9,r9;					   \
     34	xor		r10,r10,r10;					   \
     35	xor		r11,r11,r11;					   \
     36	xor		r12,r12,r12;					   \
     37	addi		r1,r1,32;	/* cleanup stack		*/
     38
     39#define LS_BOX(r, t1, t2) \
     40	lis		t2,PPC_AES_4K_ENCTAB@h;				   \
     41	ori		t2,t2,PPC_AES_4K_ENCTAB@l;			   \
     42	rlwimi		t2,r,4,20,27;					   \
     43	lbz		t1,8(t2);					   \
     44	rlwimi		r,t1,0,24,31;					   \
     45	rlwimi		t2,r,28,20,27;					   \
     46	lbz		t1,8(t2);					   \
     47	rlwimi		r,t1,8,16,23;					   \
     48	rlwimi		t2,r,20,20,27;					   \
     49	lbz		t1,8(t2);					   \
     50	rlwimi		r,t1,16,8,15;					   \
     51	rlwimi		t2,r,12,20,27;					   \
     52	lbz		t1,8(t2);					   \
     53	rlwimi		r,t1,24,0,7;
     54
     55#define GF8_MUL(out, in, t1, t2) \
     56	lis t1,0x8080;			/* multiplication in GF8	*/ \
     57	ori t1,t1,0x8080; 						   \
     58	and t1,t1,in; 							   \
     59	srwi t1,t1,7; 							   \
     60	mulli t1,t1,0x1b; 						   \
     61	lis t2,0x7f7f; 							   \
     62	ori t2,t2,0x7f7f; 						   \
     63	and t2,t2,in; 							   \
     64	slwi t2,t2,1; 							   \
     65	xor out,t1,t2;
     66
     67/*
     68 * ppc_expand_key_128(u32 *key_enc, const u8 *key)
     69 *
     70 * Expand 128 bit key into 176 bytes encryption key. It consists of
     71 * key itself plus 10 rounds with 16 bytes each
     72 *
     73 */
     74_GLOBAL(ppc_expand_key_128)
     75	INITIALIZE_KEY
     76	LOAD_KEY(r5,r4,0)
     77	LOAD_KEY(r6,r4,4)
     78	LOAD_KEY(r7,r4,8)
     79	LOAD_KEY(r8,r4,12)
     80	stw		r5,0(r3)	/* key[0..3] = input data	*/
     81	stw		r6,4(r3)
     82	stw		r7,8(r3)
     83	stw		r8,12(r3)
     84	li		r16,10		/* 10 expansion rounds		*/
     85	lis		r0,0x0100	/* RCO(1)			*/
     86ppc_expand_128_loop:
     87	addi		r3,r3,16
     88	mr		r14,r8		/* apply LS_BOX to 4th temp	*/
     89	rotlwi		r14,r14,8
     90	LS_BOX(r14, r15, r4)
     91	xor		r14,r14,r0
     92	xor		r5,r5,r14	/* xor next 4 keys		*/
     93	xor		r6,r6,r5
     94	xor		r7,r7,r6
     95	xor		r8,r8,r7
     96	stw		r5,0(r3)	/* store next 4 keys		*/
     97	stw		r6,4(r3)
     98	stw		r7,8(r3)
     99	stw		r8,12(r3)
    100	GF8_MUL(r0, r0, r4, r14)	/* multiply RCO by 2 in GF	*/
    101	subi		r16,r16,1
    102	cmpwi		r16,0
    103	bt		eq,ppc_expand_128_end
    104	b		ppc_expand_128_loop
    105ppc_expand_128_end:
    106	FINALIZE_KEY
    107	blr
    108
    109/*
    110 * ppc_expand_key_192(u32 *key_enc, const u8 *key)
    111 *
    112 * Expand 192 bit key into 208 bytes encryption key. It consists of key
    113 * itself plus 12 rounds with 16 bytes each
    114 *
    115 */
    116_GLOBAL(ppc_expand_key_192)
    117	INITIALIZE_KEY
    118	LOAD_KEY(r5,r4,0)
    119	LOAD_KEY(r6,r4,4)
    120	LOAD_KEY(r7,r4,8)
    121	LOAD_KEY(r8,r4,12)
    122	LOAD_KEY(r9,r4,16)
    123	LOAD_KEY(r10,r4,20)
    124	stw		r5,0(r3)
    125	stw		r6,4(r3)
    126	stw		r7,8(r3)
    127	stw		r8,12(r3)
    128	stw		r9,16(r3)
    129	stw		r10,20(r3)
    130	li		r16,8		/* 8 expansion rounds		*/
    131	lis		r0,0x0100	/* RCO(1)			*/
    132ppc_expand_192_loop:
    133	addi		r3,r3,24
    134	mr		r14,r10		/* apply LS_BOX to 6th temp	*/
    135	rotlwi		r14,r14,8
    136	LS_BOX(r14, r15, r4)
    137	xor		r14,r14,r0
    138	xor		r5,r5,r14	/* xor next 6 keys		*/
    139	xor		r6,r6,r5
    140	xor		r7,r7,r6
    141	xor		r8,r8,r7
    142	xor		r9,r9,r8
    143	xor		r10,r10,r9
    144	stw		r5,0(r3)
    145	stw		r6,4(r3)
    146	stw		r7,8(r3)
    147	stw		r8,12(r3)
    148	subi		r16,r16,1
    149	cmpwi		r16,0		/* last round early kick out	*/
    150	bt		eq,ppc_expand_192_end
    151	stw		r9,16(r3)
    152	stw		r10,20(r3)
    153	GF8_MUL(r0, r0, r4, r14)	/* multiply RCO GF8		*/
    154	b		ppc_expand_192_loop
    155ppc_expand_192_end:
    156	FINALIZE_KEY
    157	blr
    158
    159/*
    160 * ppc_expand_key_256(u32 *key_enc, const u8 *key)
    161 *
    162 * Expand 256 bit key into 240 bytes encryption key. It consists of key
    163 * itself plus 14 rounds with 16 bytes each
    164 *
    165 */
    166_GLOBAL(ppc_expand_key_256)
    167	INITIALIZE_KEY
    168	LOAD_KEY(r5,r4,0)
    169	LOAD_KEY(r6,r4,4)
    170	LOAD_KEY(r7,r4,8)
    171	LOAD_KEY(r8,r4,12)
    172	LOAD_KEY(r9,r4,16)
    173	LOAD_KEY(r10,r4,20)
    174	LOAD_KEY(r11,r4,24)
    175	LOAD_KEY(r12,r4,28)
    176	stw		r5,0(r3)
    177	stw		r6,4(r3)
    178	stw		r7,8(r3)
    179	stw		r8,12(r3)
    180	stw		r9,16(r3)
    181	stw		r10,20(r3)
    182	stw		r11,24(r3)
    183	stw		r12,28(r3)
    184	li		r16,7		/* 7 expansion rounds		*/
    185	lis		r0,0x0100	/* RCO(1)			*/
    186ppc_expand_256_loop:
    187	addi		r3,r3,32
    188	mr		r14,r12		/* apply LS_BOX to 8th temp	*/
    189	rotlwi		r14,r14,8
    190	LS_BOX(r14, r15, r4)
    191	xor		r14,r14,r0
    192	xor		r5,r5,r14	/* xor 4 keys			*/
    193	xor		r6,r6,r5
    194	xor		r7,r7,r6
    195	xor		r8,r8,r7
    196	mr		r14,r8
    197	LS_BOX(r14, r15, r4)		/* apply LS_BOX to 4th temp	*/
    198	xor		r9,r9,r14	/* xor 4 keys			*/
    199	xor		r10,r10,r9
    200	xor		r11,r11,r10
    201	xor		r12,r12,r11
    202	stw		r5,0(r3)
    203	stw		r6,4(r3)
    204	stw		r7,8(r3)
    205	stw		r8,12(r3)
    206	subi		r16,r16,1
    207	cmpwi		r16,0		/* last round early kick out	*/
    208	bt		eq,ppc_expand_256_end
    209	stw		r9,16(r3)
    210	stw		r10,20(r3)
    211	stw		r11,24(r3)
    212	stw		r12,28(r3)
    213	GF8_MUL(r0, r0, r4, r14)
    214	b		ppc_expand_256_loop
    215ppc_expand_256_end:
    216	FINALIZE_KEY
    217	blr
    218
    219/*
    220 * ppc_generate_decrypt_key: derive decryption key from encryption key
    221 * number of bytes to handle are calculated from length of key (16/24/32)
    222 *
    223 */
    224_GLOBAL(ppc_generate_decrypt_key)
    225	addi		r6,r5,24
    226	slwi		r6,r6,2
    227	lwzx		r7,r4,r6	/* first/last 4 words are same	*/
    228	stw		r7,0(r3)
    229	lwz		r7,0(r4)
    230	stwx		r7,r3,r6
    231	addi		r6,r6,4
    232	lwzx		r7,r4,r6
    233	stw		r7,4(r3)
    234	lwz		r7,4(r4)
    235	stwx		r7,r3,r6
    236	addi		r6,r6,4
    237	lwzx		r7,r4,r6
    238	stw		r7,8(r3)
    239	lwz		r7,8(r4)
    240	stwx		r7,r3,r6
    241	addi		r6,r6,4
    242	lwzx		r7,r4,r6
    243	stw		r7,12(r3)
    244	lwz		r7,12(r4)
    245	stwx		r7,r3,r6
    246	addi		r3,r3,16
    247	add		r4,r4,r6
    248	subi		r4,r4,28
    249	addi		r5,r5,20
    250	srwi		r5,r5,2
    251ppc_generate_decrypt_block:
    252	li	r6,4
    253	mtctr	r6
    254ppc_generate_decrypt_word:
    255	lwz		r6,0(r4)
    256	GF8_MUL(r7, r6, r0, r7)
    257	GF8_MUL(r8, r7, r0, r8)
    258	GF8_MUL(r9, r8, r0, r9)
    259	xor		r10,r9,r6
    260	xor		r11,r7,r8
    261	xor		r11,r11,r9
    262	xor		r12,r7,r10
    263	rotrwi		r12,r12,24
    264	xor		r11,r11,r12
    265	xor		r12,r8,r10
    266	rotrwi		r12,r12,16
    267	xor		r11,r11,r12
    268	rotrwi		r12,r10,8
    269	xor		r11,r11,r12
    270	stw		r11,0(r3)
    271	addi		r3,r3,4
    272	addi		r4,r4,4
    273	bdnz		ppc_generate_decrypt_word
    274	subi		r4,r4,32
    275	subi		r5,r5,1
    276	cmpwi		r5,0
    277	bt		gt,ppc_generate_decrypt_block
    278	blr