Linux/arch/arm/crypto/aes-cipher-core.S

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Scalar AES core transform 4 * 5 * Copyright (C) 2017 Linaro Ltd. 6 * Author: Ard Biesheuvel <ard.biesheuvel@linar 7 */ 8 9 #include <linux/linkage.h> 10 #include <asm/assembler.h> 11 #include <asm/cache.h> 12 13 .text 14 .align 5 15 16 rk .req r0 17 rounds .req r1 18 in .req r2 19 out .req r3 20 ttab .req ip 21 22 t0 .req lr 23 t1 .req r2 24 t2 .req r3 25 26 .macro __select, out, in, idx 27 .if __LINUX_ARM_ARCH__ < 7 28 and \out, \in, #0xff << (8 29 .else 30 ubfx \out, \in, #(8 * \idx) 31 .endif 32 .endm 33 34 .macro __load, out, in, idx, 35 .if __LINUX_ARM_ARCH__ < 7 36 ldr\op \out, [ttab, \in, lsr 37 .else 38 ldr\op \out, [ttab, \in, lsl 39 .endif 40 .endm 41 42 .macro __hround, out0, out1, 43 __select \out0, \in0, 0 44 __select t0, \in1, 1 45 __load \out0, \out0, 0, \sz, 46 __load t0, t0, 1, \sz, \op 47 48 .if \enc 49 __select \out1, \in1, 0 50 __select t1, \in2, 1 51 .else 52 __select \out1, \in3, 0 53 __select t1, \in0, 1 54 .endif 55 __load \out1, \out1, 0, \sz, 56 __select t2, \in2, 2 57 __load t1, t1, 1, \sz, \op 58 __load t2, t2, 2, \sz, \op 59 60 eor \out0, \out0, t0, ror 61 62 __select t0, \in3, 3 63 .if \enc 64 __select \t3, \in3, 2 65 __select \t4, \in0, 3 66 .else 67 __select \t3, \in1, 2 68 __select \t4, \in2, 3 69 .endif 70 __load \t3, \t3, 2, \sz, \op 71 __load t0, t0, 3, \sz, \op 72 __load \t4, \t4, 3, \sz, \op 73 74 .ifnb \oldcpsr 75 /* 76 * This is the final round and we're d 77 * lookups, so we can safely re-enable 78 */ 79 restore_irqs \oldcpsr 80 .endif 81 82 eor \out1, \out1, t1, ror 83 eor \out0, \out0, t2, ror 84 ldm rk!, {t1, t2} 85 eor \out1, \out1, \t3, ror 86 eor \out0, \out0, t0, ror 87 eor \out1, \out1, \t4, ror 88 eor \out0, \out0, t1 89 eor \out1, \out1, t2 90 .endm 91 92 .macro fround, out0, out1, ou 93 __hround \out0, \out1, \in0, \i 94 __hround \out2, \out3, \in2, \i 95 .endm 96 97 .macro iround, out0, out1, ou 98 __hround \out0, \out1, \in0, \i 99 __hround \out2, \out3, \in2, \i 100 .endm 101 102 .macro do_crypt, round, ttab, 103 push {r3-r11, lr} 104 105 // Load keys first, to reduce latency 106 ldm rk!, {r8-r11} 107 108 ldr r4, [in] 109 ldr r5, [in, #4] 110 ldr r6, [in, #8] 111 ldr r7, [in, #12] 112 113 #ifdef CONFIG_CPU_BIG_ENDIAN 114 rev_l r4, t0 115 rev_l r5, t0 116 rev_l r6, t0 117 rev_l r7, t0 118 #endif 119 120 eor r4, r4, r8 121 eor r5, r5, r9 122 eor r6, r6, r10 123 eor r7, r7, r11 124 125 mov_l ttab, \ttab 126 /* 127 * Disable interrupts and prefetch the 128 * L1 cache, assuming cacheline size > 129 * intended to make cache-timing attac 130 * be fully prevented, however; see th 131 * https://cr.yp.to/antiforgery/cachet 132 * ("Cache-timing attacks on AES") for 133 * difficulties involved in writing tr 134 */ 135 save_and_disable_irqs t0 136 .set i, 0 137 .rept 1024 / 128 138 ldr r8, [ttab, #i + 0] 139 ldr r9, [ttab, #i + 32] 140 ldr r10, [ttab, #i + 64] 141 ldr r11, [ttab, #i + 96] 142 .set i, i + 128 143 .endr 144 push {t0} // old 145 146 tst rounds, #2 147 bne 1f 148 149 0: \round r8, r9, r10, r11, r4, 150 \round r4, r5, r6, r7, r8, r9 151 152 1: subs rounds, rounds, #4 153 \round r8, r9, r10, r11, r4, 154 bls 2f 155 \round r4, r5, r6, r7, r8, r9 156 b 0b 157 158 2: .ifb \ltab 159 add ttab, ttab, #1 160 .else 161 mov_l ttab, \ltab 162 // Prefetch inverse S-box for final ro 163 .set i, 0 164 .rept 256 / 64 165 ldr t0, [ttab, #i + 0] 166 ldr t1, [ttab, #i + 32] 167 .set i, i + 64 168 .endr 169 .endif 170 171 pop {rounds} // old 172 \round r4, r5, r6, r7, r8, r9 173 174 #ifdef CONFIG_CPU_BIG_ENDIAN 175 rev_l r4, t0 176 rev_l r5, t0 177 rev_l r6, t0 178 rev_l r7, t0 179 #endif 180 181 ldr out, [sp] 182 183 str r4, [out] 184 str r5, [out, #4] 185 str r6, [out, #8] 186 str r7, [out, #12] 187 188 pop {r3-r11, pc} 189 190 .align 3 191 .ltorg 192 .endm 193 194 ENTRY(__aes_arm_encrypt) 195 do_crypt fround, crypto_ft_tab, 196 ENDPROC(__aes_arm_encrypt) 197 198 .align 5 199 ENTRY(__aes_arm_decrypt) 200 do_crypt iround, crypto_it_tab, 201 ENDPROC(__aes_arm_decrypt)

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference
Linux/arch/arm/crypto/aes-cipher-core.S

Diff markup

Differences between /arch/arm/crypto/aes-cipher-core.S (Architecture i386) and /arch/mips/crypto/aes-cipher-core.S (Architecture mips)

TOMOYO Linux Cross Reference Linux/arch/arm/crypto/aes-cipher-core.S

Diff markup

Differences between /arch/arm/crypto/aes-cipher-core.S (Architecture i386) and /arch/mips/crypto/aes-cipher-core.S (Architecture mips)

TOMOYO Linux Cross Reference
Linux/arch/arm/crypto/aes-cipher-core.S