1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
/**********************************************************************
Copyright(c) 2021 Arm Corporation All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Arm Corporation nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
**********************************************************************/
#include "gcm_common_256.S"
/*
void gist_aes_gcm_enc_finalize_##mode( \
const struct gcm_key_data *key_data, \
struct gcm_context_data *context, \
uint8_t *auth_tag, \
uint64_t auth_tag_len \
)
*/
declare_var_generic_reg key_data ,0
declare_var_generic_reg context ,1
declare_var_generic_reg auth_tag ,2
declare_var_generic_reg auth_tag_len ,3
declare_var_generic_reg partial_block_len ,4
declare_var_generic_reg partial_block ,1
declare_var_generic_reg hashkey_addr ,0
declare_var_generic_reg temp0 ,6
declare_var_vector_reg OrigIV ,0
declare_var_vector_reg AadHash ,1
declare_var_vector_reg HashKey0 ,2
declare_var_vector_reg HashKey0Ext ,3
declare_var_vector_reg High ,4
declare_var_vector_reg Low ,5
declare_var_vector_reg Middle0 ,6
declare_var_vector_reg Len ,7
declare_var_vector_reg Tmp0 ,8
declare_var_vector_reg Tmp1 ,9
declare_var_vector_reg Zero ,10
declare_var_vector_reg Poly ,11
declare_var_vector_reg PartitialBlock ,13
declare_var_vector_reg Tmp2 ,31
declare_var_vector_reg Tmp3 ,12
.set stack_size,48
.macro push_stack
stp d8, d9,[sp,-stack_size]!
stp d10,d11,[sp,16]
stp d12,d13,[sp,32]
.endm
.macro pop_stack
ldp d10,d11,[sp,16]
ldp d12,d13,[sp,32]
ldp d8, d9, [sp], stack_size
.endm
START_FUNC(enc,KEY_LEN,_finalize_)
START_FUNC(dec,KEY_LEN,_finalize_)
ldr partial_block_len,[context,PARTIAL_BLOCK_LENGTH_OFF]
load_aes_keys key_data
push_stack
ldr qOrigIV,[context,ORIG_IV_OFF] /* OrigIV */
ldp qAadHash,qLen,[context],PARTIAL_BLOCK_ENC_KEY_OFF /* Len , context move to partial block*/
/* Init Consts for ghash */
movi vZero.4s,0
mov temp0,0x87
dup vPoly.2d,temp0
/* complete part */
cbnz partial_block_len,10f
ldp qHashKey0,qHashKey0Ext,[hashkey_addr,(HASHKEY_TOTAL_NUM-2)*32]
aes_encrypt_round OrigIV,Key0
pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
aes_encrypt_round OrigIV,Key1
pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
shl vLen.2d,vLen.2d,3 /* Len */
aes_encrypt_round OrigIV,Key2
pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
rev64 vLen.16b,vLen.16b /* Len */
aes_encrypt_round OrigIV,Key3
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
rbit vAadHash.16b,vLen.16b /* Len */
ldp qHashKey0,qHashKey0Ext,[hashkey_addr,(HASHKEY_TOTAL_NUM-1)*32]
aes_encrypt_round OrigIV,Key4
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
aes_encrypt_round OrigIV,Key5
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d
aes_encrypt_round OrigIV,Key6
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d
aes_encrypt_round OrigIV,Key7
eor vHigh.16b,vHigh.16b,vTmp0.16b
eor vLow.16b ,vLow.16b ,vTmp1.16b
pmull2 vTmp2.1q ,vAadHash.2d,vHashKey0Ext.2d
aes_encrypt_round OrigIV,Key8
pmull vTmp3.1q ,vAadHash.1d,vHashKey0Ext.1d
aes_encrypt_round OrigIV,Key9
aes_encrypt_round OrigIV,Key10
aes_encrypt_round OrigIV,Key11
aes_encrypt_round OrigIV,Key12
aese vOrigIV.16b,vKey13.16b
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b
eor vOrigIV.16b,vOrigIV.16b,vKey14.16b
rbit vAadHash.16b,vOrigIV.16b
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
rbit vAadHash.16b,vAadHash.16b /* Aad */
/* output auth_tag */
cmp auth_tag_len,16
bne 1f
/* most likely auth_tag_len=16 */
str qAadHash,[auth_tag]
pop_stack
ret
1: /* auth_tag_len=12 */
cmp auth_tag_len,12
bne 1f
str dAadHash,[auth_tag],8
st1 {vAadHash.s}[2],[auth_tag]
pop_stack
ret
1: /* auth_tag_len=8 */
str dAadHash,[auth_tag]
pop_stack
ret
10: /* cbnz partial_block_len,10f */
ldp qHashKey0,qHashKey0Ext,[hashkey_addr,(HASHKEY_TOTAL_NUM-3)*32]
aes_encrypt_round OrigIV,Key0
read_small_data_start PartitialBlock,partial_block,partial_block_len,temp0,Tmp0
pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
aes_encrypt_round OrigIV,Key1
pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
aes_encrypt_round OrigIV,Key2
pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
aes_encrypt_round OrigIV,Key3
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
aes_encrypt_round OrigIV,Key4
rbit vAadHash.16b,vPartitialBlock.16b
ldp qHashKey0,qHashKey0Ext,[hashkey_addr,(HASHKEY_TOTAL_NUM-2)*32]
aes_encrypt_round OrigIV,Key5
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
pmull2 vTmp0.1q,vAadHash.2d,vHashKey0.2d
aes_encrypt_round OrigIV,Key6
shl vLen.2d,vLen.2d,3 /* Len */
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d
eor vHigh.16b,vHigh.16b,vTmp0.16b
aes_encrypt_round OrigIV,Key7
eor vLow.16b,vLow.16b,vTmp1.16b
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
rev64 vLen.16b,vLen.16b /* Len */
aes_encrypt_round OrigIV,Key8
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
pmull vTmp0.1q,vAadHash.1d,vHashKey0Ext.1d
aes_encrypt_round OrigIV,Key9
rbit vAadHash.16b,vLen.16b /* Len */
ldp qHashKey0,qHashKey0Ext,[hashkey_addr,(HASHKEY_TOTAL_NUM-1)*32]
aes_encrypt_round OrigIV,Key10
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
aes_encrypt_round OrigIV,Key11
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d
aes_encrypt_round OrigIV,Key12
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d
aese vOrigIV.16b,vKey13.16b
eor vHigh.16b,vHigh.16b,vTmp0.16b
eor vLow.16b ,vLow.16b ,vTmp1.16b
pmull2 vTmp2.1q ,vAadHash.2d,vHashKey0Ext.2d
pmull vTmp3.1q ,vAadHash.1d,vHashKey0Ext.1d
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b
eor vOrigIV.16b,vOrigIV.16b,vKey14.16b
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b
rbit vAadHash.16b,vOrigIV.16b
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
rbit vAadHash.16b,vAadHash.16b /* Aad */
/* output auth_tag */
cmp auth_tag_len,16
bne 1f
/* most likely auth_tag_len=16 */
str qAadHash,[auth_tag]
pop_stack
ret
1: /* auth_tag_len=12 */
cmp auth_tag_len,12
bne 1f
str dAadHash,[auth_tag],8
st1 {vAadHash.s}[2],[auth_tag]
pop_stack
ret
1: /* auth_tag_len=8 */
str dAadHash,[auth_tag]
pop_stack
ret
END_FUNC(enc,KEY_LEN,_finalize_)
END_FUNC(dec,KEY_LEN,_finalize_)
|