~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/arch/arm/crypto/aes-cipher-core.S

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SPDX-License-Identifier: GPL-2.0-only */
  2 /*
  3  * Scalar AES core transform
  4  *
  5  * Copyright (C) 2017 Linaro Ltd.
  6  * Author: Ard Biesheuvel <ard.biesheuvel@linaro.org>
  7  */
  8 
  9 #include <linux/linkage.h>
 10 #include <asm/assembler.h>
 11 #include <asm/cache.h>
 12 
 13         .text
 14         .align          5
 15 
 16         rk              .req    r0
 17         rounds          .req    r1
 18         in              .req    r2
 19         out             .req    r3
 20         ttab            .req    ip
 21 
 22         t0              .req    lr
 23         t1              .req    r2
 24         t2              .req    r3
 25 
 26         .macro          __select, out, in, idx
 27         .if             __LINUX_ARM_ARCH__ < 7
 28         and             \out, \in, #0xff << (8 * \idx)
 29         .else
 30         ubfx            \out, \in, #(8 * \idx), #8
 31         .endif
 32         .endm
 33 
 34         .macro          __load, out, in, idx, sz, op
 35         .if             __LINUX_ARM_ARCH__ < 7 && \idx > 0
 36         ldr\op          \out, [ttab, \in, lsr #(8 * \idx) - \sz]
 37         .else
 38         ldr\op          \out, [ttab, \in, lsl #\sz]
 39         .endif
 40         .endm
 41 
 42         .macro          __hround, out0, out1, in0, in1, in2, in3, t3, t4, enc, sz, op, oldcpsr
 43         __select        \out0, \in0, 0
 44         __select        t0, \in1, 1
 45         __load          \out0, \out0, 0, \sz, \op
 46         __load          t0, t0, 1, \sz, \op
 47 
 48         .if             \enc
 49         __select        \out1, \in1, 0
 50         __select        t1, \in2, 1
 51         .else
 52         __select        \out1, \in3, 0
 53         __select        t1, \in0, 1
 54         .endif
 55         __load          \out1, \out1, 0, \sz, \op
 56         __select        t2, \in2, 2
 57         __load          t1, t1, 1, \sz, \op
 58         __load          t2, t2, 2, \sz, \op
 59 
 60         eor             \out0, \out0, t0, ror #24
 61 
 62         __select        t0, \in3, 3
 63         .if             \enc
 64         __select        \t3, \in3, 2
 65         __select        \t4, \in0, 3
 66         .else
 67         __select        \t3, \in1, 2
 68         __select        \t4, \in2, 3
 69         .endif
 70         __load          \t3, \t3, 2, \sz, \op
 71         __load          t0, t0, 3, \sz, \op
 72         __load          \t4, \t4, 3, \sz, \op
 73 
 74         .ifnb           \oldcpsr
 75         /*
 76          * This is the final round and we're done with all data-dependent table
 77          * lookups, so we can safely re-enable interrupts.
 78          */
 79         restore_irqs    \oldcpsr
 80         .endif
 81 
 82         eor             \out1, \out1, t1, ror #24
 83         eor             \out0, \out0, t2, ror #16
 84         ldm             rk!, {t1, t2}
 85         eor             \out1, \out1, \t3, ror #16
 86         eor             \out0, \out0, t0, ror #8
 87         eor             \out1, \out1, \t4, ror #8
 88         eor             \out0, \out0, t1
 89         eor             \out1, \out1, t2
 90         .endm
 91 
 92         .macro          fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op, oldcpsr
 93         __hround        \out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op
 94         __hround        \out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op, \oldcpsr
 95         .endm
 96 
 97         .macro          iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op, oldcpsr
 98         __hround        \out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op
 99         __hround        \out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op, \oldcpsr
100         .endm
101 
102         .macro          do_crypt, round, ttab, ltab, bsz
103         push            {r3-r11, lr}
104 
105         // Load keys first, to reduce latency in case they're not cached yet.
106         ldm             rk!, {r8-r11}
107 
108         ldr             r4, [in]
109         ldr             r5, [in, #4]
110         ldr             r6, [in, #8]
111         ldr             r7, [in, #12]
112 
113 #ifdef CONFIG_CPU_BIG_ENDIAN
114         rev_l           r4, t0
115         rev_l           r5, t0
116         rev_l           r6, t0
117         rev_l           r7, t0
118 #endif
119 
120         eor             r4, r4, r8
121         eor             r5, r5, r9
122         eor             r6, r6, r10
123         eor             r7, r7, r11
124 
125         mov_l           ttab, \ttab
126         /*
127          * Disable interrupts and prefetch the 1024-byte 'ft' or 'it' table into
128          * L1 cache, assuming cacheline size >= 32.  This is a hardening measure
129          * intended to make cache-timing attacks more difficult.  They may not
130          * be fully prevented, however; see the paper
131          * https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
132          * ("Cache-timing attacks on AES") for a discussion of the many
133          * difficulties involved in writing truly constant-time AES software.
134          */
135          save_and_disable_irqs  t0
136         .set            i, 0
137         .rept           1024 / 128
138         ldr             r8, [ttab, #i + 0]
139         ldr             r9, [ttab, #i + 32]
140         ldr             r10, [ttab, #i + 64]
141         ldr             r11, [ttab, #i + 96]
142         .set            i, i + 128
143         .endr
144         push            {t0}            // oldcpsr
145 
146         tst             rounds, #2
147         bne             1f
148 
149 0:      \round          r8, r9, r10, r11, r4, r5, r6, r7
150         \round          r4, r5, r6, r7, r8, r9, r10, r11
151 
152 1:      subs            rounds, rounds, #4
153         \round          r8, r9, r10, r11, r4, r5, r6, r7
154         bls             2f
155         \round          r4, r5, r6, r7, r8, r9, r10, r11
156         b               0b
157 
158 2:      .ifb            \ltab
159         add             ttab, ttab, #1
160         .else
161         mov_l           ttab, \ltab
162         // Prefetch inverse S-box for final round; see explanation above
163         .set            i, 0
164         .rept           256 / 64
165         ldr             t0, [ttab, #i + 0]
166         ldr             t1, [ttab, #i + 32]
167         .set            i, i + 64
168         .endr
169         .endif
170 
171         pop             {rounds}        // oldcpsr
172         \round          r4, r5, r6, r7, r8, r9, r10, r11, \bsz, b, rounds
173 
174 #ifdef CONFIG_CPU_BIG_ENDIAN
175         rev_l           r4, t0
176         rev_l           r5, t0
177         rev_l           r6, t0
178         rev_l           r7, t0
179 #endif
180 
181         ldr             out, [sp]
182 
183         str             r4, [out]
184         str             r5, [out, #4]
185         str             r6, [out, #8]
186         str             r7, [out, #12]
187 
188         pop             {r3-r11, pc}
189 
190         .align          3
191         .ltorg
192         .endm
193 
194 ENTRY(__aes_arm_encrypt)
195         do_crypt        fround, crypto_ft_tab,, 2
196 ENDPROC(__aes_arm_encrypt)
197 
198         .align          5
199 ENTRY(__aes_arm_decrypt)
200         do_crypt        iround, crypto_it_tab, crypto_aes_inv_sbox, 0
201 ENDPROC(__aes_arm_decrypt)

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php