summaryrefslogtreecommitdiffstats
path: root/src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S')
-rw-r--r--src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S588
1 files changed, 588 insertions, 0 deletions
diff --git a/src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S b/src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S
new file mode 100644
index 000000000..927179cfc
--- /dev/null
+++ b/src/crypto/isa-l/isa-l_crypto/aes/aarch64/gcm_enc_dec.S
@@ -0,0 +1,588 @@
+/**********************************************************************
+ Copyright(c) 2021 Arm Corporation All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ * Neither the name of Arm Corporation nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+**********************************************************************/
+/*
+void gist_aes_gcm_dec_##mode( \
+ const struct gcm_key_data *key_data, \
+ struct gcm_context_data *context, \
+ uint8_t *out, \
+ uint8_t const *in, \
+ uint64_t len, \
+ uint8_t *iv, \
+ \
+ uint8_t const *aad, \
+ uint64_t aad_len, \
+ uint8_t *auth_tag, \
+ uint64_t auth_tag_len \
+ \
+ )
+ */
+
+ declare_var_generic_reg key_data ,0
+ declare_var_generic_reg context ,1
+ declare_var_generic_reg out ,2
+ declare_var_generic_reg in ,3
+ declare_var_generic_reg len ,4
+ declare_var_generic_reg iv ,5
+ declare_var_generic_reg aad ,6
+ declare_var_generic_reg aad_len ,7
+
+ declare_var_generic_reg hashkey_base,0
+ declare_var_generic_reg hashkey_addr,5
+ declare_var_generic_reg left_len ,12
+ declare_var_generic_reg aad_left ,13
+ declare_var_generic_reg temp0 ,14
+ declare_var_generic_reg temp1 ,15
+
+ declare_var_generic_reg auth_tag ,0 /* input param */
+ declare_var_generic_reg auth_tag_len,1 /* input param */
+
+
+ declare_var_vector_reg Ctr,0
+ declare_var_vector_reg AadHash,1
+ declare_var_vector_reg HashKey0,2
+ declare_var_vector_reg HashKey0Ext,3
+ declare_var_vector_reg High,4
+ declare_var_vector_reg Low,5
+ declare_var_vector_reg EncCtr,6
+ declare_var_vector_reg Dat0,6
+ declare_var_vector_reg Middle0,7
+
+ declare_var_vector_reg Tmp0,8
+ declare_var_vector_reg Tmp1,9
+ declare_var_vector_reg Zero,10
+ declare_var_vector_reg Poly,11
+ declare_var_vector_reg LeftDat ,12
+ declare_var_vector_reg Len ,13
+ declare_var_vector_reg Tmp2,14
+ declare_var_vector_reg Tmp3,15
+
+ declare_var_vector_reg One,31
+ .set stack_size,64
+ .macro push_stack
+ stp d8, d9,[sp,-stack_size]!
+ stp d10,d11,[sp,16]
+ stp d12,d13,[sp,32]
+ stp d14,d15,[sp,48]
+
+ .endm
+
+ .macro pop_stack
+ ldp d10,d11,[sp,16]
+ ldp d12,d13,[sp,32]
+ ldp d14,d15,[sp,48]
+ ldp d8, d9, [sp], stack_size
+ .endm
+
+START_FUNC(enc,KEY_LEN,_)
+START_FUNC(enc,KEY_LEN,_nt_)
+ push_stack
+ /*save in_length and aad_length*/
+ stp aad_len,len,[context,AAD_LEN_OFF]
+ load_aes_keys key_data
+ /* Init Consts and IV */
+ mov wtemp1,1
+ eor vOne.16b,vOne.16b,vOne.16b
+ ld1 {vCtr.d}[0],[iv],8
+ eor vZero.16b,vZero.16b,vZero.16b
+ ld1 {vCtr.s}[2],[iv]
+ mov temp0,0x87
+ rev32 vCtr.16b,vCtr.16b /* to cpu order */
+ ins vOne.s[3],wtemp1
+ mov vAadHash.16b,vZero.16b
+ dup vPoly.2d,temp0
+ ins vCtr.s[3],wtemp1 /* Initial Ctr and Orig IV */
+
+
+ and left_len,aad_len,0xf
+ cbz aad_len,24f
+ lsr aad_len,aad_len,4
+ /* Read small data */
+ cbz left_len,2f /* aad_len >= 16,skip */
+ add aad_left,aad,aad_len,lsl 4
+ read_small_data_start LeftDat,aad_left,left_len,temp0,Tmp0
+ cbnz left_len,1f /* aad_len & 0xf != 0 */
+2:
+ cbz aad_len,1f /* aad_len <16 skip*/
+ /* left_len == 0 && aad_len !=0 */
+ sub aad_len,aad_len,1
+ /* leftDat = aad[-1] */
+ ldr qLeftDat,[aad,aad_len,lsl 4]
+1:
+ cbnz aad_len,1f /* aad_len >16,skip */
+ rbit vAadHash.16b,vLeftDat.16b
+ b 24f /* aad_len <=16, skip aadhash caculate */
+1:
+ /* aad_len > 16 */
+ ldr qAadHash,[aad],16
+ rbit vAadHash.16b,vAadHash.16b
+ sub aad_len,aad_len,1
+
+1:
+ /* loop ghash_block */
+ cmp aad_len,HASHKEY_TOTAL_NUM - 1
+ bls 1f // break loop
+ sub aad_len,aad_len,HASHKEY_TOTAL_NUM
+ ghash_block_n HASHKEY_TOTAL_NUM,AadHash,Dat0,aad,hashkey_addr,hashkey_base, \
+ HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
+ Tmp0,Tmp1
+ b 1b /* back to loop start */
+1:
+ cbnz aad_len,1f /* left aad_len >32,skip */
+ ldp qHashKey0,qHashKey0Ext,[hashkey_base,(HASHKEY_TOTAL_NUM-1)*32]
+ ghash_block_reg AadHash,LeftDat, \
+ HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
+ Tmp0
+ b 24f /* left aad_len <=32,skip below check */
+1:
+ mov temp0,HASHKEY_TOTAL_NUM - 1
+ sub temp0,temp0,aad_len
+ add hashkey_addr,hashkey_base,temp0,lsl 5
+
+ ghash_mult_init_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Middle0,Tmp0,Dat0,2 /* load next hash */
+ sub aad_len,aad_len,1
+
+1:
+ cbz aad_len,1f
+ ghash_mult_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Middle0,Tmp0,Tmp1,Dat0, 2
+
+ sub aad_len,aad_len,1
+ b 1b
+1:
+ ghash_mult_round_noload AadHash,HashKey0,HashKey0Ext,High,Low,Middle0,Tmp0,Tmp1
+ rbit vAadHash.16b, vLeftDat.16b
+ ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
+
+24:
+
+ /* Enc/Dec loop */
+ and left_len,len,15
+ cbz len,24f
+ lsr len,len,4
+1:
+ /* loop aes gcm enc/dec loop */
+ cmp len,HASHKEY_TOTAL_NUM - 1
+ bls 1f // break loop
+ sub len,len,HASHKEY_TOTAL_NUM
+ aes_gcm_n_round encrypt,HASHKEY_TOTAL_NUM,AadHash,in,hashkey_addr,hashkey_base, \
+ HashKey0,HashKey0Ext,High,Low,Poly, \
+ Ctr,EncCtr,One,out,Tmp0,Tmp1
+ b 1b /* back to loop start */
+1:
+ cbz len,24f /* left len == 0 */
+ mov temp0,HASHKEY_TOTAL_NUM
+ sub temp0,temp0,len
+ add hashkey_addr,hashkey_base,temp0,lsl 5
+
+ sub len,len,1
+ aes_gcm_init encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
+ cbz len,2f
+ sub len,len,1
+1:
+
+ cbz len,1f
+ aes_gcm_middle encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
+ sub len,len,1
+ b 1b
+1:
+ aes_gcm_middle encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,1 /* load next hash */
+2:
+ poly_mult_final_x2 AadHash,High,Low,Tmp0,Tmp1,Poly
+24:
+ /* complete part */
+ cmp left_len,0
+ movi vHigh.16b,0
+ mov temp0,HASHKEY_TOTAL_NUM-3
+ movi vLow.16b,0
+ cinc hashkey_addr,temp0,eq
+ movi vMiddle0.16b,0
+ add hashkey_addr,hashkey_base,hashkey_addr,lsl 5
+ ldp qHashKey0,qHashKey0Ext,[hashkey_addr],32
+ beq 2f
+ read_small_data_start LeftDat,in,left_len,temp0,Tmp0
+ add vCtr.4s,vCtr.4s,vOne.4s
+ rev32 vEncCtr.16b,vCtr.16b
+ aes_encrypt_round EncCtr,Key0
+ pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
+ aes_encrypt_round EncCtr,Key1
+ pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
+ aes_encrypt_round EncCtr,Key2
+ ldr qHashKey0,[hashkey_addr],16
+ aes_encrypt_round EncCtr,Key3
+ pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
+ aes_encrypt_round EncCtr,Key4
+ pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
+ aes_encrypt_round EncCtr,Key5
+ ldr qHashKey0Ext,[hashkey_addr],16
+ aes_encrypt_round EncCtr,Key6
+ eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
+ aes_encrypt_round EncCtr,Key7
+ aes_encrypt_round EncCtr,Key8
+#if KEY_LEN==256
+ aes_encrypt_round EncCtr,Key9
+ aes_encrypt_round EncCtr,Key10
+ aes_encrypt_round EncCtr,Key11
+ aes_encrypt_round EncCtr,Key12
+ aese vEncCtr.16b,vKey13.16b
+ eor vEncCtr.16b,vEncCtr.16b,vKey14.16b
+#else
+ aese vEncCtr.16b,vKey9.16b
+ eor vEncCtr.16b,vEncCtr.16b,vKey10.16b
+#endif
+ eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
+ write_small_data_start EncCtr,out,left_len,temp0,Tmp0
+ clear_small_data EncCtr,Zero,left_len,temp0,Tmp0
+ rbit vAadHash.16b,vEncCtr.16b
+2:
+
+ ldr qLen,[context,AAD_LEN_OFF] /* Len */
+ mov wtemp0,1 /* Ek */
+ pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d /* auth_dat * HashKey[Total-2] */
+ shl vLen.2d,vLen.2d,3 /* Len */
+ pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* auth_dat * HashKey[Total-2] */
+ rev64 vLen.16b,vLen.16b /* Len */
+ ins vCtr.4s[3],wtemp0 /* Ek */
+ ldr qHashKey0,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
+ pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* auth_dat * HashKey[Total-2] */
+ rev32 vEncCtr.16b,vCtr.16b /* Ek */
+ eor vHigh.16b,vHigh.16b,vTmp0.16b /* auth_dat * HashKey[Total-2] */
+ pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* auth_dat * HashKey[Total-2] */
+ rbit vAadHash.16b,vLen.16b /* Len */
+
+ aes_encrypt_round EncCtr,Key0 /* Ek */
+ eor vLow.16b,vLow.16b,vTmp1.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key1 /* Ek */
+ ldr qHashKey0Ext,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key2 /* Ek */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key3 /* Ek */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key4 /* Ek */
+
+ pmull2 vTmp0.1q,vAadHash.2d,vHashKey0.2d /* Len * HashKey[Total-1] */
+ pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key5 /* Ek */
+ aes_encrypt_round EncCtr,Key6 /* Ek */
+ pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key7 /* Ek */
+ eor vHigh.16b,vHigh.16b,vTmp0.16b /* Len * HashKey[Total-1] */
+ pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key8 /* Ek */
+ eor vLow.16b,vLow.16b,vTmp1.16b /* Len * HashKey[Total-1] */
+#if KEY_LEN==256
+ aes_encrypt_round EncCtr,Key9 /* Ek */
+ aes_encrypt_round EncCtr,Key10 /* Ek */
+ aes_encrypt_round EncCtr,Key11 /* Ek */
+ aes_encrypt_round EncCtr,Key12 /* Ek */
+ aese vEncCtr.16b,vKey13.16b /* Ek */
+ eor vEncCtr.16b,vEncCtr.16b,vKey14.16b /* Ek */
+#else
+ aese vEncCtr.16b,vKey9.16b /* Ek */
+ eor vEncCtr.16b,vEncCtr.16b,vKey10.16b /* Ek */
+#endif
+ eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* Len * HashKey[Total-1] */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* Len * HashKey[Total-1] */
+ rbit vAadHash.16b,vEncCtr.16b /* Aad */
+
+ ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
+
+ ldp auth_tag,auth_tag_len,[sp,stack_size] /* Adjust here : TODO TBD */
+ rbit vAadHash.16b,vAadHash.16b /* Aad */
+
+
+ /* output auth_tag */
+ cmp auth_tag_len,16
+ bne 1f
+ /* most likely auth_tag_len=16 */
+ str qAadHash,[auth_tag]
+ pop_stack
+ ret
+1: /* auth_tag_len=12 */
+ cmp auth_tag_len,12
+ bne 1f
+ str dAadHash,[auth_tag],8
+ st1 {vAadHash.s}[2],[auth_tag]
+ pop_stack
+ ret
+1: /* auth_tag_len=8 */
+ str dAadHash,[auth_tag]
+ pop_stack
+ ret
+END_FUNC(enc,KEY_LEN,_)
+END_FUNC(enc,KEY_LEN,_nt_)
+
+
+START_FUNC(dec,KEY_LEN,_)
+START_FUNC(dec,KEY_LEN,_nt_)
+ push_stack
+ /* save in_length and aad_length */
+ stp aad_len,len,[context,AAD_LEN_OFF]
+ load_aes_keys key_data
+ /* Init Consts and IV */
+ mov wtemp1,1
+ eor vOne.16b,vOne.16b,vOne.16b
+ ld1 {vCtr.d}[0],[iv],8
+ eor vZero.16b,vZero.16b,vZero.16b
+ ld1 {vCtr.s}[2],[iv]
+ mov temp0,0x87
+ rev32 vCtr.16b,vCtr.16b /* to cpu order */
+ mov vAadHash.16b,vZero.16b
+ ins vOne.s[3],wtemp1
+ dup vPoly.2d,temp0
+ ins vCtr.s[3],wtemp1 /* Initial Ctr and Orig IV */
+
+ ldp qHashKey0,qHashKey0Ext,[hashkey_base]
+ and left_len,aad_len,0xf
+ cbz aad_len,24f
+ lsr aad_len,aad_len,4
+ /* Read small data */
+ cbz left_len,2f /* aad_len >= 16,skip */
+ add aad_left,aad,aad_len,lsl 4
+ read_small_data_start LeftDat,aad_left,left_len,temp0,Tmp0
+ cbnz left_len,1f /* aad_len & 0xf != 0 */
+2:
+ cbz aad_len,1f /* aad_len <16 skip */
+ /* left_len == 0 && aad_len !=0 */
+ sub aad_len,aad_len,1
+ /* leftDat = aad[-1] */
+ ldr qLeftDat,[aad,aad_len,lsl 4]
+1:
+ cbnz aad_len,1f /* aad_len >16,skip */
+ rbit vAadHash.16b,vLeftDat.16b
+ b 24f /* aad_len <=16, skip aadhash caculate */
+1:
+ /* aad_len > 16 */
+ ldr qAadHash,[aad],16
+ rbit vAadHash.16b,vAadHash.16b
+ sub aad_len,aad_len,1
+
+1:
+ /** loop ghash_block */
+ cmp aad_len,HASHKEY_TOTAL_NUM - 1
+ bls 1f /* break loop */
+ sub aad_len,aad_len,HASHKEY_TOTAL_NUM
+ ghash_block_n HASHKEY_TOTAL_NUM,AadHash,Dat0,aad,hashkey_addr,hashkey_base, \
+ HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
+ Tmp0,Tmp1
+ b 1b /* back to loop start */
+1:
+ cbnz aad_len,1f /* left aad_len >32,skip */
+ ldp qHashKey0,qHashKey0Ext,[hashkey_base,(HASHKEY_TOTAL_NUM-1)*32]
+ ghash_block_reg AadHash,LeftDat, \
+ HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
+ Tmp0
+ b 24f /* left aad_len <=32,skip below check */
+1:
+ mov temp0,HASHKEY_TOTAL_NUM - 1
+ sub temp0,temp0,aad_len
+ add hashkey_addr,hashkey_base,temp0,lsl 5
+
+ ghash_mult_init_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Middle0,Tmp0,Dat0,2 /* load next hash */
+ sub aad_len,aad_len,1
+
+1:
+ cbz aad_len,1f
+ ghash_mult_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Middle0,Tmp0,Tmp1,Dat0, 2
+
+ sub aad_len,aad_len,1
+ b 1b
+1:
+ ghash_mult_round_noload AadHash,HashKey0,HashKey0Ext,High,Low,Middle0,Tmp0,Tmp1
+ rbit vAadHash.16b, vLeftDat.16b
+ ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
+
+24:
+
+
+ /* Enc/Dec loop */
+ and left_len,len,15
+ cbz len,24f
+ lsr len,len,4
+1:
+ /* loop aes gcm enc/dec loop */
+ cmp len,HASHKEY_TOTAL_NUM - 1
+ bls 1f // break loop
+ sub len,len,HASHKEY_TOTAL_NUM
+ aes_gcm_n_round decrypt,HASHKEY_TOTAL_NUM,AadHash,in,hashkey_addr,hashkey_base, \
+ HashKey0,HashKey0Ext,High,Low,Poly, \
+ Ctr,EncCtr,One,out,Tmp0,Tmp1
+ b 1b /* back to loop start */
+1:
+ cbz len,24f /* left len == 0 */
+ mov temp0,HASHKEY_TOTAL_NUM
+ sub temp0,temp0,len
+ add hashkey_addr,hashkey_base,temp0,lsl 5
+
+ sub len,len,1
+ aes_gcm_init decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
+ cbz len,2f
+ sub len,len,1
+1:
+
+ cbz len,1f
+ aes_gcm_middle decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
+ sub len,len,1
+ b 1b
+1:
+ aes_gcm_middle decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
+ High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,1 /* load next hash */
+2:
+ poly_mult_final_x2 AadHash,High,Low,Tmp0,Tmp1,Poly
+24:
+ /* complete part */
+ cmp left_len,0
+ movi vHigh.16b,0
+ mov temp0,21
+ movi vLow.16b,0
+ cinc hashkey_addr,temp0,eq
+ movi vMiddle0.16b,0
+ add hashkey_addr,hashkey_base,hashkey_addr,lsl 5
+ ldp qHashKey0,qHashKey0Ext,[hashkey_addr],32
+ beq 2f
+ read_small_data_start LeftDat,in,left_len,temp0,Tmp0
+ add vCtr.4s,vCtr.4s,vOne.4s
+ rev32 vEncCtr.16b,vCtr.16b
+ aes_encrypt_round EncCtr,Key0
+ pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
+ aes_encrypt_round EncCtr,Key1
+ pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
+ aes_encrypt_round EncCtr,Key2
+ ldr qHashKey0,[hashkey_addr],16
+ aes_encrypt_round EncCtr,Key3
+ pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
+ aes_encrypt_round EncCtr,Key4
+ pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
+ aes_encrypt_round EncCtr,Key5
+ ldr qHashKey0Ext,[hashkey_addr],16
+ aes_encrypt_round EncCtr,Key6
+ eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
+ aes_encrypt_round EncCtr,Key7
+ aes_encrypt_round EncCtr,Key8
+#if KEY_LEN==256
+ aes_encrypt_round EncCtr,Key9
+ aes_encrypt_round EncCtr,Key10
+ aes_encrypt_round EncCtr,Key11
+ aes_encrypt_round EncCtr,Key12
+ aese vEncCtr.16b,vKey13.16b
+ eor vEncCtr.16b,vEncCtr.16b,vKey14.16b
+ eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
+#endif
+#if KEY_LEN==128
+ aese vEncCtr.16b,vKey9.16b
+ eor vEncCtr.16b,vEncCtr.16b,vKey10.16b
+ eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
+#endif
+ write_small_data_start EncCtr,out,left_len,temp0,Tmp0
+ rbit vAadHash.16b,vLeftDat.16b
+
+2:
+
+ ldr qLen,[context,AAD_LEN_OFF] /* Len */
+ mov wtemp0,1 /* Ek */
+ pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d /* auth_dat * HashKey[Total-2] */
+ shl vLen.2d,vLen.2d,3 /* Len */
+ pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* auth_dat * HashKey[Total-2] */
+ rev64 vLen.16b,vLen.16b /* Len */
+ ins vCtr.4s[3],wtemp0 /* Ek */
+ ldr qHashKey0,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
+ pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* auth_dat * HashKey[Total-2] */
+ rev32 vEncCtr.16b,vCtr.16b /* Ek */
+ eor vHigh.16b,vHigh.16b,vTmp0.16b /* auth_dat * HashKey[Total-2] */
+ pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* auth_dat * HashKey[Total-2] */
+ rbit vAadHash.16b,vLen.16b /* Len */
+
+ aes_encrypt_round EncCtr,Key0 /* Ek */
+ eor vLow.16b,vLow.16b,vTmp1.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key1 /* Ek */
+ ldr qHashKey0Ext,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key2 /* Ek */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key3 /* Ek */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* auth_dat * HashKey[Total-2] */
+ aes_encrypt_round EncCtr,Key4 /* Ek */
+
+ pmull2 vTmp0.1q,vAadHash.2d,vHashKey0.2d /* Len * HashKey[Total-1] */
+ pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key5 /* Ek */
+ aes_encrypt_round EncCtr,Key6 /* Ek */
+ pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key7 /* Ek */
+ eor vHigh.16b,vHigh.16b,vTmp0.16b /* Len * HashKey[Total-1] */
+ pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* Len * HashKey[Total-1] */
+ aes_encrypt_round EncCtr,Key8 /* Ek */
+ eor vLow.16b,vLow.16b,vTmp1.16b /* Len * HashKey[Total-1] */
+#if KEY_LEN==256
+ aes_encrypt_round EncCtr,Key9 /* Ek */
+ aes_encrypt_round EncCtr,Key10 /* Ek */
+ aes_encrypt_round EncCtr,Key11 /* Ek */
+ aes_encrypt_round EncCtr,Key12 /* Ek */
+ aese vEncCtr.16b,vKey13.16b /* Ek */
+ eor vEncCtr.16b,vEncCtr.16b,vKey14.16b /* Ek */
+#else
+ aese vEncCtr.16b,vKey9.16b /* Ek */
+ eor vEncCtr.16b,vEncCtr.16b,vKey10.16b /* Ek */
+#endif
+ eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* Len * HashKey[Total-1] */
+ eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* Len * HashKey[Total-1] */
+ rbit vAadHash.16b,vEncCtr.16b /* Aad */
+
+ ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
+
+ ldp auth_tag,auth_tag_len,[sp,stack_size] /* Adjust here : TODO TBD */
+ rbit vAadHash.16b,vAadHash.16b /* Aad */
+
+
+ /* output auth_tag */
+ cmp auth_tag_len,16
+ bne 1f
+ /* most likely auth_tag_len=16 */
+ str qAadHash,[auth_tag]
+ pop_stack
+ ret
+1: /* auth_tag_len=12 */
+ cmp auth_tag_len,12
+ bne 1f
+ str dAadHash,[auth_tag],8
+ st1 {vAadHash.s}[2],[auth_tag]
+ pop_stack
+ ret
+1: /* auth_tag_len=8 */
+ str dAadHash,[auth_tag]
+ pop_stack
+ ret
+END_FUNC(dec,KEY_LEN,_)
+END_FUNC(dec,KEY_LEN,_nt_)
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-11 22:58:47 +0000