1 /* SPDX-License-Identifier: GPL-2.0-or-later */
3 * AES modes (ECB/CBC/CTR/XTS) for PPC AES implementation
5 * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
8 #include <asm/ppc_asm.h>
9 #include "aes-spe-regs.h"
11 #ifdef __BIG_ENDIAN__ /* Macros for big endian builds */
13 #define LOAD_DATA(reg, off) \
14 lwz reg,off(rSP); /* load with offset */
15 #define SAVE_DATA(reg, off) \
16 stw reg,off(rDP); /* save with offset */
18 addi rSP,rSP,16; /* increment pointers per bloc */ \
20 #define LOAD_IV(reg, off) \
21 lwz reg,off(rIP); /* IV loading with offset */
22 #define SAVE_IV(reg, off) \
23 stw reg,off(rIP); /* IV saving with offset */
24 #define START_IV /* nothing to reset */
25 #define CBC_DEC 16 /* CBC decrement per block */
26 #define CTR_DEC 1 /* CTR decrement one byte */
28 #else /* Macros for little endian */
30 #define LOAD_DATA(reg, off) \
31 lwbrx reg,0,rSP; /* load reversed */ \
32 addi rSP,rSP,4; /* and increment pointer */
33 #define SAVE_DATA(reg, off) \
34 stwbrx reg,0,rDP; /* save reversed */ \
35 addi rDP,rDP,4; /* and increment pointer */
36 #define NEXT_BLOCK /* nothing todo */
37 #define LOAD_IV(reg, off) \
38 lwbrx reg,0,rIP; /* load reversed */ \
39 addi rIP,rIP,4; /* and increment pointer */
40 #define SAVE_IV(reg, off) \
41 stwbrx reg,0,rIP; /* load reversed */ \
42 addi rIP,rIP,4; /* and increment pointer */
44 subi rIP,rIP,16; /* must reset pointer */
45 #define CBC_DEC 32 /* 2 blocks because of incs */
46 #define CTR_DEC 17 /* 1 block because of incs */
54 stw rI0,96(r1); /* save 32 bit registers */ \
60 lwz rI0,96(r1); /* restore 32 bit registers */ \
67 stw rG0,112(r1); /* save 32 bit registers */ \
74 lwz rG0,112(r1); /* restore 32 bit registers */ \
79 #define INITIALIZE_CRYPT(tab,nr32bitregs) \
81 stwu r1,-160(r1); /* create stack frame */ \
82 lis rT0,tab@h; /* en-/decryption table pointer */ \
83 stw r0,8(r1); /* save link register */ \
87 evstdw r15,24(r1); /* We must save non volatile */ \
88 evstdw r16,32(r1); /* registers. Take the chance */ \
89 evstdw r17,40(r1); /* and save the SPE part too */ \
96 SAVE_##nr32bitregs##_REGS
98 #define FINALIZE_CRYPT(nr32bitregs) \
100 evldw r14,16(r1); /* restore SPE registers */ \
110 LOAD_##nr32bitregs##_REGS \
111 mtlr r0; /* restore link register */ \
113 stw r0,16(r1); /* delete sensitive data */ \
114 stw r0,24(r1); /* that we might have pushed */ \
115 stw r0,32(r1); /* from other context that runs */ \
116 stw r0,40(r1); /* the same code */ \
123 addi r1,r1,160; /* cleanup stack frame */
125 #define ENDIAN_SWAP(t0, t1, s0, s1) \
126 rotrwi t0,s0,8; /* swap endianness for 2 GPRs */ \
128 rlwimi t0,s0,8,8,15; \
129 rlwimi t1,s1,8,8,15; \
130 rlwimi t0,s0,8,24,31; \
131 rlwimi t1,s1,8,24,31;
133 #define GF128_MUL(d0, d1, d2, d3, t0) \
134 li t0,0x87; /* multiplication in GF128 */ \
137 rlwimi d3,d2,0,0,0; /* propagate "carry" bits */ \
139 rlwimi d2,d1,0,0,0; \
141 rlwimi d1,d0,0,0,0; \
142 slwi d0,d0,1; /* shift left 128 bit */ \
146 #define START_KEY(d0, d1, d2, d3) \
158 * ppc_encrypt_aes(u8 *out, const u8 *in, u32 *key_enc,
161 * called from glue layer to encrypt a single 16 byte block
162 * round values are AES128 = 4, AES192 = 5, AES256 = 6
165 _GLOBAL(ppc_encrypt_aes)
166 INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 0)
171 START_KEY(rD0, rD1, rD2, rD3)
185 * ppc_decrypt_aes(u8 *out, const u8 *in, u32 *key_dec,
188 * called from glue layer to decrypt a single 16 byte block
189 * round values are AES128 = 4, AES192 = 5, AES256 = 6
192 _GLOBAL(ppc_decrypt_aes)
193 INITIALIZE_CRYPT(PPC_AES_4K_DECTAB,0)
199 START_KEY(rD0, rD1, rD2, rD3)
213 * ppc_encrypt_ecb(u8 *out, const u8 *in, u32 *key_enc,
214 * u32 rounds, u32 bytes);
216 * called from glue layer to encrypt multiple blocks via ECB
217 * Bytes must be larger or equal 16 and only whole blocks are
218 * processed. round values are AES128 = 4, AES192 = 5 and
222 _GLOBAL(ppc_encrypt_ecb)
223 INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 0)
224 ppc_encrypt_ecb_loop:
232 START_KEY(rD0, rD1, rD2, rD3)
243 bt gt,ppc_encrypt_ecb_loop
248 * ppc_decrypt_ecb(u8 *out, const u8 *in, u32 *key_dec,
249 * u32 rounds, u32 bytes);
251 * called from glue layer to decrypt multiple blocks via ECB
252 * Bytes must be larger or equal 16 and only whole blocks are
253 * processed. round values are AES128 = 4, AES192 = 5 and
257 _GLOBAL(ppc_decrypt_ecb)
258 INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 0)
260 ppc_decrypt_ecb_loop:
268 START_KEY(rD0, rD1, rD2, rD3)
279 bt gt,ppc_decrypt_ecb_loop
284 * ppc_encrypt_cbc(u8 *out, const u8 *in, u32 *key_enc,
285 * 32 rounds, u32 bytes, u8 *iv);
287 * called from glue layer to encrypt multiple blocks via CBC
288 * Bytes must be larger or equal 16 and only whole blocks are
289 * processed. round values are AES128 = 4, AES192 = 5 and
293 _GLOBAL(ppc_encrypt_cbc)
294 INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 4)
299 ppc_encrypt_cbc_loop:
311 START_KEY(rD0, rD1, rD2, rD3)
322 bt gt,ppc_encrypt_cbc_loop
332 * ppc_decrypt_cbc(u8 *out, const u8 *in, u32 *key_dec,
333 * u32 rounds, u32 bytes, u8 *iv);
335 * called from glue layer to decrypt multiple blocks via CBC
336 * round values are AES128 = 4, AES192 = 5, AES256 = 6
339 _GLOBAL(ppc_decrypt_cbc)
340 INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 4)
347 add rSP,rSP,rLN /* reverse processing */
361 bt lt,ppc_decrypt_cbc_end
362 ppc_decrypt_cbc_loop:
364 START_KEY(rD0, rD1, rD2, rD3)
386 bt gt,ppc_decrypt_cbc_loop
389 START_KEY(rD0, rD1, rD2, rD3)
395 xor rW0,rW0,rI0 /* decrypt with initial IV */
407 * ppc_crypt_ctr(u8 *out, const u8 *in, u32 *key_enc,
408 * u32 rounds, u32 bytes, u8 *iv);
410 * called from glue layer to encrypt/decrypt multiple blocks
411 * via CTR. Number of bytes does not need to be a multiple of
412 * 16. Round values are AES128 = 4, AES192 = 5, AES256 = 6
415 _GLOBAL(ppc_crypt_ctr)
416 INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 4)
423 bt lt,ppc_crypt_ctr_partial
426 START_KEY(rI0, rI1, rI2, rI3)
445 addic rI3,rI3,1 /* increase counter */
451 bt gt,ppc_crypt_ctr_loop
452 ppc_crypt_ctr_partial:
454 bt eq,ppc_crypt_ctr_end
456 START_KEY(rI0, rI1, rI2, rI3)
470 ppc_crypt_ctr_xorbyte:
471 lbzu rW4,1(rIP) /* bytewise xor for partial block */
475 bdnz ppc_crypt_ctr_xorbyte
491 * ppc_encrypt_xts(u8 *out, const u8 *in, u32 *key_enc,
492 * u32 rounds, u32 bytes, u8 *iv, u32 *key_twk);
494 * called from glue layer to encrypt multiple blocks via XTS
495 * If key_twk is given, the initial IV encryption will be
496 * processed too. Round values are AES128 = 4, AES192 = 5,
500 _GLOBAL(ppc_encrypt_xts)
501 INITIALIZE_CRYPT(PPC_AES_4K_ENCTAB, 8)
507 bt eq,ppc_encrypt_xts_notweak
509 START_KEY(rI0, rI1, rI2, rI3)
515 ppc_encrypt_xts_notweak:
516 ENDIAN_SWAP(rG0, rG1, rI0, rI1)
517 ENDIAN_SWAP(rG2, rG3, rI2, rI3)
518 ppc_encrypt_xts_loop:
529 START_KEY(rD0, rD1, rD2, rD3)
543 GF128_MUL(rG0, rG1, rG2, rG3, rW0)
544 ENDIAN_SWAP(rI0, rI1, rG0, rG1)
545 ENDIAN_SWAP(rI2, rI3, rG2, rG3)
548 bt gt,ppc_encrypt_xts_loop
558 * ppc_decrypt_xts(u8 *out, const u8 *in, u32 *key_dec,
559 * u32 rounds, u32 blocks, u8 *iv, u32 *key_twk);
561 * called from glue layer to decrypt multiple blocks via XTS
562 * If key_twk is given, the initial IV encryption will be
563 * processed too. Round values are AES128 = 4, AES192 = 5,
567 _GLOBAL(ppc_decrypt_xts)
568 INITIALIZE_CRYPT(PPC_AES_4K_DECTAB, 8)
575 bt eq,ppc_decrypt_xts_notweak
578 START_KEY(rI0, rI1, rI2, rI3)
585 ppc_decrypt_xts_notweak:
586 ENDIAN_SWAP(rG0, rG1, rI0, rI1)
587 ENDIAN_SWAP(rG2, rG3, rI2, rI3)
588 ppc_decrypt_xts_loop:
599 START_KEY(rD0, rD1, rD2, rD3)
613 GF128_MUL(rG0, rG1, rG2, rG3, rW0)
614 ENDIAN_SWAP(rI0, rI1, rG0, rG1)
615 ENDIAN_SWAP(rI2, rI3, rG2, rG3)
618 bt gt,ppc_decrypt_xts_loop
projects / librecmc / linux-libre.git / blob