1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
|
/**********************************************************************
Copyright(c) 2021 Arm Corporation All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
* Neither the name of Arm Corporation nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
**********************************************************************/
/*
void gist_aes_gcm_dec_##mode( \
const struct gcm_key_data *key_data, \
struct gcm_context_data *context, \
uint8_t *out, \
uint8_t const *in, \
uint64_t len, \
uint8_t *iv, \
\
uint8_t const *aad, \
uint64_t aad_len, \
uint8_t *auth_tag, \
uint64_t auth_tag_len \
\
)
*/
declare_var_generic_reg key_data ,0
declare_var_generic_reg context ,1
declare_var_generic_reg out ,2
declare_var_generic_reg in ,3
declare_var_generic_reg len ,4
declare_var_generic_reg iv ,5
declare_var_generic_reg aad ,6
declare_var_generic_reg aad_len ,7
declare_var_generic_reg hashkey_base,0
declare_var_generic_reg hashkey_addr,5
declare_var_generic_reg left_len ,12
declare_var_generic_reg aad_left ,13
declare_var_generic_reg temp0 ,14
declare_var_generic_reg temp1 ,15
declare_var_generic_reg auth_tag ,0 /* input param */
declare_var_generic_reg auth_tag_len,1 /* input param */
declare_var_vector_reg Ctr,0
declare_var_vector_reg AadHash,1
declare_var_vector_reg HashKey0,2
declare_var_vector_reg HashKey0Ext,3
declare_var_vector_reg High,4
declare_var_vector_reg Low,5
declare_var_vector_reg EncCtr,6
declare_var_vector_reg Dat0,6
declare_var_vector_reg Middle0,7
declare_var_vector_reg Tmp0,8
declare_var_vector_reg Tmp1,9
declare_var_vector_reg Zero,10
declare_var_vector_reg Poly,11
declare_var_vector_reg LeftDat ,12
declare_var_vector_reg Len ,13
declare_var_vector_reg Tmp2,14
declare_var_vector_reg Tmp3,15
declare_var_vector_reg One,31
.set stack_size,64
.macro push_stack
stp d8, d9,[sp,-stack_size]!
stp d10,d11,[sp,16]
stp d12,d13,[sp,32]
stp d14,d15,[sp,48]
.endm
.macro pop_stack
ldp d10,d11,[sp,16]
ldp d12,d13,[sp,32]
ldp d14,d15,[sp,48]
ldp d8, d9, [sp], stack_size
.endm
START_FUNC(enc,KEY_LEN,_)
START_FUNC(enc,KEY_LEN,_nt_)
push_stack
/*save in_length and aad_length*/
stp aad_len,len,[context,AAD_LEN_OFF]
load_aes_keys key_data
/* Init Consts and IV */
mov wtemp1,1
eor vOne.16b,vOne.16b,vOne.16b
ld1 {vCtr.d}[0],[iv],8
eor vZero.16b,vZero.16b,vZero.16b
ld1 {vCtr.s}[2],[iv]
mov temp0,0x87
rev32 vCtr.16b,vCtr.16b /* to cpu order */
ins vOne.s[3],wtemp1
mov vAadHash.16b,vZero.16b
dup vPoly.2d,temp0
ins vCtr.s[3],wtemp1 /* Initial Ctr and Orig IV */
and left_len,aad_len,0xf
cbz aad_len,24f
lsr aad_len,aad_len,4
/* Read small data */
cbz left_len,2f /* aad_len >= 16,skip */
add aad_left,aad,aad_len,lsl 4
read_small_data_start LeftDat,aad_left,left_len,temp0,Tmp0
cbnz left_len,1f /* aad_len & 0xf != 0 */
2:
cbz aad_len,1f /* aad_len <16 skip*/
/* left_len == 0 && aad_len !=0 */
sub aad_len,aad_len,1
/* leftDat = aad[-1] */
ldr qLeftDat,[aad,aad_len,lsl 4]
1:
cbnz aad_len,1f /* aad_len >16,skip */
rbit vAadHash.16b,vLeftDat.16b
b 24f /* aad_len <=16, skip aadhash caculate */
1:
/* aad_len > 16 */
ldr qAadHash,[aad],16
rbit vAadHash.16b,vAadHash.16b
sub aad_len,aad_len,1
1:
/* loop ghash_block */
cmp aad_len,HASHKEY_TOTAL_NUM - 1
bls 1f // break loop
sub aad_len,aad_len,HASHKEY_TOTAL_NUM
ghash_block_n HASHKEY_TOTAL_NUM,AadHash,Dat0,aad,hashkey_addr,hashkey_base, \
HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
Tmp0,Tmp1
b 1b /* back to loop start */
1:
cbnz aad_len,1f /* left aad_len >32,skip */
ldp qHashKey0,qHashKey0Ext,[hashkey_base,(HASHKEY_TOTAL_NUM-1)*32]
ghash_block_reg AadHash,LeftDat, \
HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
Tmp0
b 24f /* left aad_len <=32,skip below check */
1:
mov temp0,HASHKEY_TOTAL_NUM - 1
sub temp0,temp0,aad_len
add hashkey_addr,hashkey_base,temp0,lsl 5
ghash_mult_init_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Middle0,Tmp0,Dat0,2 /* load next hash */
sub aad_len,aad_len,1
1:
cbz aad_len,1f
ghash_mult_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Middle0,Tmp0,Tmp1,Dat0, 2
sub aad_len,aad_len,1
b 1b
1:
ghash_mult_round_noload AadHash,HashKey0,HashKey0Ext,High,Low,Middle0,Tmp0,Tmp1
rbit vAadHash.16b, vLeftDat.16b
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
24:
/* Enc/Dec loop */
and left_len,len,15
cbz len,24f
lsr len,len,4
1:
/* loop aes gcm enc/dec loop */
cmp len,HASHKEY_TOTAL_NUM - 1
bls 1f // break loop
sub len,len,HASHKEY_TOTAL_NUM
aes_gcm_n_round encrypt,HASHKEY_TOTAL_NUM,AadHash,in,hashkey_addr,hashkey_base, \
HashKey0,HashKey0Ext,High,Low,Poly, \
Ctr,EncCtr,One,out,Tmp0,Tmp1
b 1b /* back to loop start */
1:
cbz len,24f /* left len == 0 */
mov temp0,HASHKEY_TOTAL_NUM
sub temp0,temp0,len
add hashkey_addr,hashkey_base,temp0,lsl 5
sub len,len,1
aes_gcm_init encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
cbz len,2f
sub len,len,1
1:
cbz len,1f
aes_gcm_middle encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
sub len,len,1
b 1b
1:
aes_gcm_middle encrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,1 /* load next hash */
2:
poly_mult_final_x2 AadHash,High,Low,Tmp0,Tmp1,Poly
24:
/* complete part */
cmp left_len,0
movi vHigh.16b,0
mov temp0,HASHKEY_TOTAL_NUM-3
movi vLow.16b,0
cinc hashkey_addr,temp0,eq
movi vMiddle0.16b,0
add hashkey_addr,hashkey_base,hashkey_addr,lsl 5
ldp qHashKey0,qHashKey0Ext,[hashkey_addr],32
beq 2f
read_small_data_start LeftDat,in,left_len,temp0,Tmp0
add vCtr.4s,vCtr.4s,vOne.4s
rev32 vEncCtr.16b,vCtr.16b
aes_encrypt_round EncCtr,Key0
pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
aes_encrypt_round EncCtr,Key1
pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
aes_encrypt_round EncCtr,Key2
ldr qHashKey0,[hashkey_addr],16
aes_encrypt_round EncCtr,Key3
pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
aes_encrypt_round EncCtr,Key4
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
aes_encrypt_round EncCtr,Key5
ldr qHashKey0Ext,[hashkey_addr],16
aes_encrypt_round EncCtr,Key6
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
aes_encrypt_round EncCtr,Key7
aes_encrypt_round EncCtr,Key8
#if KEY_LEN==256
aes_encrypt_round EncCtr,Key9
aes_encrypt_round EncCtr,Key10
aes_encrypt_round EncCtr,Key11
aes_encrypt_round EncCtr,Key12
aese vEncCtr.16b,vKey13.16b
eor vEncCtr.16b,vEncCtr.16b,vKey14.16b
#else
aese vEncCtr.16b,vKey9.16b
eor vEncCtr.16b,vEncCtr.16b,vKey10.16b
#endif
eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
write_small_data_start EncCtr,out,left_len,temp0,Tmp0
clear_small_data EncCtr,Zero,left_len,temp0,Tmp0
rbit vAadHash.16b,vEncCtr.16b
2:
ldr qLen,[context,AAD_LEN_OFF] /* Len */
mov wtemp0,1 /* Ek */
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d /* auth_dat * HashKey[Total-2] */
shl vLen.2d,vLen.2d,3 /* Len */
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* auth_dat * HashKey[Total-2] */
rev64 vLen.16b,vLen.16b /* Len */
ins vCtr.4s[3],wtemp0 /* Ek */
ldr qHashKey0,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* auth_dat * HashKey[Total-2] */
rev32 vEncCtr.16b,vCtr.16b /* Ek */
eor vHigh.16b,vHigh.16b,vTmp0.16b /* auth_dat * HashKey[Total-2] */
pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* auth_dat * HashKey[Total-2] */
rbit vAadHash.16b,vLen.16b /* Len */
aes_encrypt_round EncCtr,Key0 /* Ek */
eor vLow.16b,vLow.16b,vTmp1.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key1 /* Ek */
ldr qHashKey0Ext,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key2 /* Ek */
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key3 /* Ek */
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key4 /* Ek */
pmull2 vTmp0.1q,vAadHash.2d,vHashKey0.2d /* Len * HashKey[Total-1] */
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key5 /* Ek */
aes_encrypt_round EncCtr,Key6 /* Ek */
pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key7 /* Ek */
eor vHigh.16b,vHigh.16b,vTmp0.16b /* Len * HashKey[Total-1] */
pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key8 /* Ek */
eor vLow.16b,vLow.16b,vTmp1.16b /* Len * HashKey[Total-1] */
#if KEY_LEN==256
aes_encrypt_round EncCtr,Key9 /* Ek */
aes_encrypt_round EncCtr,Key10 /* Ek */
aes_encrypt_round EncCtr,Key11 /* Ek */
aes_encrypt_round EncCtr,Key12 /* Ek */
aese vEncCtr.16b,vKey13.16b /* Ek */
eor vEncCtr.16b,vEncCtr.16b,vKey14.16b /* Ek */
#else
aese vEncCtr.16b,vKey9.16b /* Ek */
eor vEncCtr.16b,vEncCtr.16b,vKey10.16b /* Ek */
#endif
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* Len * HashKey[Total-1] */
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* Len * HashKey[Total-1] */
rbit vAadHash.16b,vEncCtr.16b /* Aad */
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
ldp auth_tag,auth_tag_len,[sp,stack_size] /* Adjust here : TODO TBD */
rbit vAadHash.16b,vAadHash.16b /* Aad */
/* output auth_tag */
cmp auth_tag_len,16
bne 1f
/* most likely auth_tag_len=16 */
str qAadHash,[auth_tag]
pop_stack
ret
1: /* auth_tag_len=12 */
cmp auth_tag_len,12
bne 1f
str dAadHash,[auth_tag],8
st1 {vAadHash.s}[2],[auth_tag]
pop_stack
ret
1: /* auth_tag_len=8 */
str dAadHash,[auth_tag]
pop_stack
ret
END_FUNC(enc,KEY_LEN,_)
END_FUNC(enc,KEY_LEN,_nt_)
START_FUNC(dec,KEY_LEN,_)
START_FUNC(dec,KEY_LEN,_nt_)
push_stack
/* save in_length and aad_length */
stp aad_len,len,[context,AAD_LEN_OFF]
load_aes_keys key_data
/* Init Consts and IV */
mov wtemp1,1
eor vOne.16b,vOne.16b,vOne.16b
ld1 {vCtr.d}[0],[iv],8
eor vZero.16b,vZero.16b,vZero.16b
ld1 {vCtr.s}[2],[iv]
mov temp0,0x87
rev32 vCtr.16b,vCtr.16b /* to cpu order */
mov vAadHash.16b,vZero.16b
ins vOne.s[3],wtemp1
dup vPoly.2d,temp0
ins vCtr.s[3],wtemp1 /* Initial Ctr and Orig IV */
ldp qHashKey0,qHashKey0Ext,[hashkey_base]
and left_len,aad_len,0xf
cbz aad_len,24f
lsr aad_len,aad_len,4
/* Read small data */
cbz left_len,2f /* aad_len >= 16,skip */
add aad_left,aad,aad_len,lsl 4
read_small_data_start LeftDat,aad_left,left_len,temp0,Tmp0
cbnz left_len,1f /* aad_len & 0xf != 0 */
2:
cbz aad_len,1f /* aad_len <16 skip */
/* left_len == 0 && aad_len !=0 */
sub aad_len,aad_len,1
/* leftDat = aad[-1] */
ldr qLeftDat,[aad,aad_len,lsl 4]
1:
cbnz aad_len,1f /* aad_len >16,skip */
rbit vAadHash.16b,vLeftDat.16b
b 24f /* aad_len <=16, skip aadhash caculate */
1:
/* aad_len > 16 */
ldr qAadHash,[aad],16
rbit vAadHash.16b,vAadHash.16b
sub aad_len,aad_len,1
1:
/** loop ghash_block */
cmp aad_len,HASHKEY_TOTAL_NUM - 1
bls 1f /* break loop */
sub aad_len,aad_len,HASHKEY_TOTAL_NUM
ghash_block_n HASHKEY_TOTAL_NUM,AadHash,Dat0,aad,hashkey_addr,hashkey_base, \
HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
Tmp0,Tmp1
b 1b /* back to loop start */
1:
cbnz aad_len,1f /* left aad_len >32,skip */
ldp qHashKey0,qHashKey0Ext,[hashkey_base,(HASHKEY_TOTAL_NUM-1)*32]
ghash_block_reg AadHash,LeftDat, \
HashKey0,HashKey0Ext,High,Low,Middle0,Zero,Poly , \
Tmp0
b 24f /* left aad_len <=32,skip below check */
1:
mov temp0,HASHKEY_TOTAL_NUM - 1
sub temp0,temp0,aad_len
add hashkey_addr,hashkey_base,temp0,lsl 5
ghash_mult_init_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Middle0,Tmp0,Dat0,2 /* load next hash */
sub aad_len,aad_len,1
1:
cbz aad_len,1f
ghash_mult_round AadHash,aad,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Middle0,Tmp0,Tmp1,Dat0, 2
sub aad_len,aad_len,1
b 1b
1:
ghash_mult_round_noload AadHash,HashKey0,HashKey0Ext,High,Low,Middle0,Tmp0,Tmp1
rbit vAadHash.16b, vLeftDat.16b
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
24:
/* Enc/Dec loop */
and left_len,len,15
cbz len,24f
lsr len,len,4
1:
/* loop aes gcm enc/dec loop */
cmp len,HASHKEY_TOTAL_NUM - 1
bls 1f // break loop
sub len,len,HASHKEY_TOTAL_NUM
aes_gcm_n_round decrypt,HASHKEY_TOTAL_NUM,AadHash,in,hashkey_addr,hashkey_base, \
HashKey0,HashKey0Ext,High,Low,Poly, \
Ctr,EncCtr,One,out,Tmp0,Tmp1
b 1b /* back to loop start */
1:
cbz len,24f /* left len == 0 */
mov temp0,HASHKEY_TOTAL_NUM
sub temp0,temp0,len
add hashkey_addr,hashkey_base,temp0,lsl 5
sub len,len,1
aes_gcm_init decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
cbz len,2f
sub len,len,1
1:
cbz len,1f
aes_gcm_middle decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,2 /* load next hash */
sub len,len,1
b 1b
1:
aes_gcm_middle decrypt,AadHash,in,hashkey_addr,HashKey0,HashKey0Ext, \
High,Low,Ctr,EncCtr,One,out,Tmp0,Tmp1,1 /* load next hash */
2:
poly_mult_final_x2 AadHash,High,Low,Tmp0,Tmp1,Poly
24:
/* complete part */
cmp left_len,0
movi vHigh.16b,0
mov temp0,21
movi vLow.16b,0
cinc hashkey_addr,temp0,eq
movi vMiddle0.16b,0
add hashkey_addr,hashkey_base,hashkey_addr,lsl 5
ldp qHashKey0,qHashKey0Ext,[hashkey_addr],32
beq 2f
read_small_data_start LeftDat,in,left_len,temp0,Tmp0
add vCtr.4s,vCtr.4s,vOne.4s
rev32 vEncCtr.16b,vCtr.16b
aes_encrypt_round EncCtr,Key0
pmull2 vHigh.1q,vAadHash.2d,vHashKey0.2d
aes_encrypt_round EncCtr,Key1
pmull vLow.1q ,vAadHash.1d,vHashKey0.1d
aes_encrypt_round EncCtr,Key2
ldr qHashKey0,[hashkey_addr],16
aes_encrypt_round EncCtr,Key3
pmull vMiddle0.1q,vAadHash.1d,vHashKey0Ext.1d
aes_encrypt_round EncCtr,Key4
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0Ext.2d
aes_encrypt_round EncCtr,Key5
ldr qHashKey0Ext,[hashkey_addr],16
aes_encrypt_round EncCtr,Key6
eor vMiddle0.16b,vMiddle0.16b,vTmp0.16b
aes_encrypt_round EncCtr,Key7
aes_encrypt_round EncCtr,Key8
#if KEY_LEN==256
aes_encrypt_round EncCtr,Key9
aes_encrypt_round EncCtr,Key10
aes_encrypt_round EncCtr,Key11
aes_encrypt_round EncCtr,Key12
aese vEncCtr.16b,vKey13.16b
eor vEncCtr.16b,vEncCtr.16b,vKey14.16b
eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
#endif
#if KEY_LEN==128
aese vEncCtr.16b,vKey9.16b
eor vEncCtr.16b,vEncCtr.16b,vKey10.16b
eor vEncCtr.16b,vEncCtr.16b,vLeftDat.16b
#endif
write_small_data_start EncCtr,out,left_len,temp0,Tmp0
rbit vAadHash.16b,vLeftDat.16b
2:
ldr qLen,[context,AAD_LEN_OFF] /* Len */
mov wtemp0,1 /* Ek */
pmull2 vTmp0.1q ,vAadHash.2d,vHashKey0.2d /* auth_dat * HashKey[Total-2] */
shl vLen.2d,vLen.2d,3 /* Len */
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* auth_dat * HashKey[Total-2] */
rev64 vLen.16b,vLen.16b /* Len */
ins vCtr.4s[3],wtemp0 /* Ek */
ldr qHashKey0,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* auth_dat * HashKey[Total-2] */
rev32 vEncCtr.16b,vCtr.16b /* Ek */
eor vHigh.16b,vHigh.16b,vTmp0.16b /* auth_dat * HashKey[Total-2] */
pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* auth_dat * HashKey[Total-2] */
rbit vAadHash.16b,vLen.16b /* Len */
aes_encrypt_round EncCtr,Key0 /* Ek */
eor vLow.16b,vLow.16b,vTmp1.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key1 /* Ek */
ldr qHashKey0Ext,[hashkey_addr],16 /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key2 /* Ek */
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key3 /* Ek */
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* auth_dat * HashKey[Total-2] */
aes_encrypt_round EncCtr,Key4 /* Ek */
pmull2 vTmp0.1q,vAadHash.2d,vHashKey0.2d /* Len * HashKey[Total-1] */
pmull vTmp1.1q ,vAadHash.1d,vHashKey0.1d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key5 /* Ek */
aes_encrypt_round EncCtr,Key6 /* Ek */
pmull vTmp2.1q,vAadHash.1d,vHashKey0Ext.1d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key7 /* Ek */
eor vHigh.16b,vHigh.16b,vTmp0.16b /* Len * HashKey[Total-1] */
pmull2 vTmp3.1q ,vAadHash.2d,vHashKey0Ext.2d /* Len * HashKey[Total-1] */
aes_encrypt_round EncCtr,Key8 /* Ek */
eor vLow.16b,vLow.16b,vTmp1.16b /* Len * HashKey[Total-1] */
#if KEY_LEN==256
aes_encrypt_round EncCtr,Key9 /* Ek */
aes_encrypt_round EncCtr,Key10 /* Ek */
aes_encrypt_round EncCtr,Key11 /* Ek */
aes_encrypt_round EncCtr,Key12 /* Ek */
aese vEncCtr.16b,vKey13.16b /* Ek */
eor vEncCtr.16b,vEncCtr.16b,vKey14.16b /* Ek */
#else
aese vEncCtr.16b,vKey9.16b /* Ek */
eor vEncCtr.16b,vEncCtr.16b,vKey10.16b /* Ek */
#endif
eor vMiddle0.16b,vMiddle0.16b,vTmp2.16b /* Len * HashKey[Total-1] */
eor vMiddle0.16b,vMiddle0.16b,vTmp3.16b /* Len * HashKey[Total-1] */
rbit vAadHash.16b,vEncCtr.16b /* Aad */
ghash_mult_final_round AadHash,High,Low,Middle0,Tmp0,Zero,Poly
ldp auth_tag,auth_tag_len,[sp,stack_size] /* Adjust here : TODO TBD */
rbit vAadHash.16b,vAadHash.16b /* Aad */
/* output auth_tag */
cmp auth_tag_len,16
bne 1f
/* most likely auth_tag_len=16 */
str qAadHash,[auth_tag]
pop_stack
ret
1: /* auth_tag_len=12 */
cmp auth_tag_len,12
bne 1f
str dAadHash,[auth_tag],8
st1 {vAadHash.s}[2],[auth_tag]
pop_stack
ret
1: /* auth_tag_len=8 */
str dAadHash,[auth_tag]
pop_stack
ret
END_FUNC(dec,KEY_LEN,_)
END_FUNC(dec,KEY_LEN,_nt_)
|