root/arch/powerpc/crypto/sha256-spe-asm.S

/* [<][>][^][v][top][bottom][index][help] */
   1 /* SPDX-License-Identifier: GPL-2.0-or-later */
   2 /*
   3  * Fast SHA-256 implementation for SPE instruction set (PPC)
   4  *
   5  * This code makes use of the SPE SIMD instruction set as defined in
   6  * http://cache.freescale.com/files/32bit/doc/ref_manual/SPEPIM.pdf
   7  * Implementation is based on optimization guide notes from
   8  * http://cache.freescale.com/files/32bit/doc/app_note/AN2665.pdf
   9  *
  10  * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
  11  */
  12 
  13 #include <asm/ppc_asm.h>
  14 #include <asm/asm-offsets.h>
  15 
  16 #define rHP     r3      /* pointer to hash values in memory             */
  17 #define rKP     r24     /* pointer to round constants                   */
  18 #define rWP     r4      /* pointer to input data                        */
  19 
  20 #define rH0     r5      /* 8 32 bit hash values in 8 registers          */
  21 #define rH1     r6
  22 #define rH2     r7
  23 #define rH3     r8
  24 #define rH4     r9
  25 #define rH5     r10
  26 #define rH6     r11
  27 #define rH7     r12
  28 
  29 #define rW0     r14     /* 64 bit registers. 16 words in 8 registers    */
  30 #define rW1     r15
  31 #define rW2     r16
  32 #define rW3     r17
  33 #define rW4     r18
  34 #define rW5     r19
  35 #define rW6     r20
  36 #define rW7     r21
  37 
  38 #define rT0     r22     /* 64 bit temporaries                           */
  39 #define rT1     r23
  40 #define rT2     r0      /* 32 bit temporaries                           */
  41 #define rT3     r25
  42 
  43 #define CMP_KN_LOOP
  44 #define CMP_KC_LOOP \
  45         cmpwi           rT1,0;
  46 
  47 #define INITIALIZE \
  48         stwu            r1,-128(r1);    /* create stack frame           */ \
  49         evstdw          r14,8(r1);      /* We must save non volatile    */ \
  50         evstdw          r15,16(r1);     /* registers. Take the chance   */ \
  51         evstdw          r16,24(r1);     /* and save the SPE part too    */ \
  52         evstdw          r17,32(r1);                                        \
  53         evstdw          r18,40(r1);                                        \
  54         evstdw          r19,48(r1);                                        \
  55         evstdw          r20,56(r1);                                        \
  56         evstdw          r21,64(r1);                                        \
  57         evstdw          r22,72(r1);                                        \
  58         evstdw          r23,80(r1);                                        \
  59         stw             r24,88(r1);     /* save normal registers        */ \
  60         stw             r25,92(r1);
  61 
  62 
  63 #define FINALIZE \
  64         evldw           r14,8(r1);      /* restore SPE registers        */ \
  65         evldw           r15,16(r1);                                        \
  66         evldw           r16,24(r1);                                        \
  67         evldw           r17,32(r1);                                        \
  68         evldw           r18,40(r1);                                        \
  69         evldw           r19,48(r1);                                        \
  70         evldw           r20,56(r1);                                        \
  71         evldw           r21,64(r1);                                        \
  72         evldw           r22,72(r1);                                        \
  73         evldw           r23,80(r1);                                        \
  74         lwz             r24,88(r1);     /* restore normal registers     */ \
  75         lwz             r25,92(r1);                                        \
  76         xor             r0,r0,r0;                                          \
  77         stw             r0,8(r1);       /* Delete sensitive data        */ \
  78         stw             r0,16(r1);      /* that we might have pushed    */ \
  79         stw             r0,24(r1);      /* from other context that runs */ \
  80         stw             r0,32(r1);      /* the same code. Assume that   */ \
  81         stw             r0,40(r1);      /* the lower part of the GPRs   */ \
  82         stw             r0,48(r1);      /* was already overwritten on   */ \
  83         stw             r0,56(r1);      /* the way down to here         */ \
  84         stw             r0,64(r1);                                         \
  85         stw             r0,72(r1);                                         \
  86         stw             r0,80(r1);                                         \
  87         addi            r1,r1,128;      /* cleanup stack frame          */
  88 
  89 #ifdef __BIG_ENDIAN__
  90 #define LOAD_DATA(reg, off) \
  91         lwz             reg,off(rWP);   /* load data                    */
  92 #define NEXT_BLOCK \
  93         addi            rWP,rWP,64;     /* increment per block          */
  94 #else
  95 #define LOAD_DATA(reg, off) \
  96         lwbrx           reg,0,rWP;      /* load data                    */ \
  97         addi            rWP,rWP,4;      /* increment per word           */
  98 #define NEXT_BLOCK                      /* nothing to do                */
  99 #endif
 100 
 101 #define R_LOAD_W(a, b, c, d, e, f, g, h, w, off) \
 102         LOAD_DATA(w, off)               /* 1: W                         */ \
 103         rotrwi          rT0,e,6;        /* 1: S1 = e rotr 6             */ \
 104         rotrwi          rT1,e,11;       /* 1: S1' = e rotr 11           */ \
 105         rotrwi          rT2,e,25;       /* 1: S1" = e rotr 25           */ \
 106         xor             rT0,rT0,rT1;    /* 1: S1 = S1 xor S1'           */ \
 107         and             rT3,e,f;        /* 1: ch = e and f              */ \
 108         xor             rT0,rT0,rT2;    /* 1: S1 = S1 xor S1"           */ \
 109         andc            rT1,g,e;        /* 1: ch' = ~e and g            */ \
 110         lwz             rT2,off(rKP);   /* 1: K                         */ \
 111         xor             rT3,rT3,rT1;    /* 1: ch = ch xor ch'           */ \
 112         add             h,h,rT0;        /* 1: temp1 = h + S1            */ \
 113         add             rT3,rT3,w;      /* 1: temp1' = ch + w           */ \
 114         rotrwi          rT0,a,2;        /* 1: S0 = a rotr 2             */ \
 115         add             h,h,rT3;        /* 1: temp1 = temp1 + temp1'    */ \
 116         rotrwi          rT1,a,13;       /* 1: S0' = a rotr 13           */ \
 117         add             h,h,rT2;        /* 1: temp1 = temp1 + K         */ \
 118         rotrwi          rT3,a,22;       /* 1: S0" = a rotr 22           */ \
 119         xor             rT0,rT0,rT1;    /* 1: S0 = S0 xor S0'           */ \
 120         add             d,d,h;          /* 1: d = d + temp1             */ \
 121         xor             rT3,rT0,rT3;    /* 1: S0 = S0 xor S0"           */ \
 122         evmergelo       w,w,w;          /*    shift W                   */ \
 123         or              rT2,a,b;        /* 1: maj = a or b              */ \
 124         and             rT1,a,b;        /* 1: maj' = a and b            */ \
 125         and             rT2,rT2,c;      /* 1: maj = maj and c           */ \
 126         LOAD_DATA(w, off+4)             /* 2: W                         */ \
 127         or              rT2,rT1,rT2;    /* 1: maj = maj or maj'         */ \
 128         rotrwi          rT0,d,6;        /* 2: S1 = e rotr 6             */ \
 129         add             rT3,rT3,rT2;    /* 1: temp2 = S0 + maj          */ \
 130         rotrwi          rT1,d,11;       /* 2: S1' = e rotr 11           */ \
 131         add             h,h,rT3;        /* 1: h = temp1 + temp2         */ \
 132         rotrwi          rT2,d,25;       /* 2: S1" = e rotr 25           */ \
 133         xor             rT0,rT0,rT1;    /* 2: S1 = S1 xor S1'           */ \
 134         and             rT3,d,e;        /* 2: ch = e and f              */ \
 135         xor             rT0,rT0,rT2;    /* 2: S1 = S1 xor S1"           */ \
 136         andc            rT1,f,d;        /* 2: ch' = ~e and g            */ \
 137         lwz             rT2,off+4(rKP); /* 2: K                         */ \
 138         xor             rT3,rT3,rT1;    /* 2: ch = ch xor ch'           */ \
 139         add             g,g,rT0;        /* 2: temp1 = h + S1            */ \
 140         add             rT3,rT3,w;      /* 2: temp1' = ch + w           */ \
 141         rotrwi          rT0,h,2;        /* 2: S0 = a rotr 2             */ \
 142         add             g,g,rT3;        /* 2: temp1 = temp1 + temp1'    */ \
 143         rotrwi          rT1,h,13;       /* 2: S0' = a rotr 13           */ \
 144         add             g,g,rT2;        /* 2: temp1 = temp1 + K         */ \
 145         rotrwi          rT3,h,22;       /* 2: S0" = a rotr 22           */ \
 146         xor             rT0,rT0,rT1;    /* 2: S0 = S0 xor S0'           */ \
 147         or              rT2,h,a;        /* 2: maj = a or b              */ \
 148         xor             rT3,rT0,rT3;    /* 2: S0 = S0 xor S0"           */ \
 149         and             rT1,h,a;        /* 2: maj' = a and b            */ \
 150         and             rT2,rT2,b;      /* 2: maj = maj and c           */ \
 151         add             c,c,g;          /* 2: d = d + temp1             */ \
 152         or              rT2,rT1,rT2;    /* 2: maj = maj or maj'         */ \
 153         add             rT3,rT3,rT2;    /* 2: temp2 = S0 + maj          */ \
 154         add             g,g,rT3         /* 2: h = temp1 + temp2         */
 155 
 156 #define R_CALC_W(a, b, c, d, e, f, g, h, w0, w1, w4, w5, w7, k, off) \
 157         rotrwi          rT2,e,6;        /* 1: S1 = e rotr 6             */ \
 158         evmergelohi     rT0,w0,w1;      /*    w[-15]                    */ \
 159         rotrwi          rT3,e,11;       /* 1: S1' = e rotr 11           */ \
 160         evsrwiu         rT1,rT0,3;      /*    s0 = w[-15] >> 3          */ \
 161         xor             rT2,rT2,rT3;    /* 1: S1 = S1 xor S1'           */ \
 162         evrlwi          rT0,rT0,25;     /*    s0' = w[-15] rotr 7       */ \
 163         rotrwi          rT3,e,25;       /* 1: S1' = e rotr 25           */ \
 164         evxor           rT1,rT1,rT0;    /*    s0 = s0 xor s0'           */ \
 165         xor             rT2,rT2,rT3;    /* 1: S1 = S1 xor S1'           */ \
 166         evrlwi          rT0,rT0,21;     /*    s0' = w[-15] rotr 18      */ \
 167         add             h,h,rT2;        /* 1: temp1 = h + S1            */ \
 168         evxor           rT0,rT0,rT1;    /*    s0 = s0 xor s0'           */ \
 169         and             rT2,e,f;        /* 1: ch = e and f              */ \
 170         evaddw          w0,w0,rT0;      /*    w = w[-16] + s0           */ \
 171         andc            rT3,g,e;        /* 1: ch' = ~e and g            */ \
 172         evsrwiu         rT0,w7,10;      /*    s1 = w[-2] >> 10          */ \
 173         xor             rT2,rT2,rT3;    /* 1: ch = ch xor ch'           */ \
 174         evrlwi          rT1,w7,15;      /*    s1' = w[-2] rotr 17       */ \
 175         add             h,h,rT2;        /* 1: temp1 = temp1 + ch        */ \
 176         evxor           rT0,rT0,rT1;    /*    s1 = s1 xor s1'           */ \
 177         rotrwi          rT2,a,2;        /* 1: S0 = a rotr 2             */ \
 178         evrlwi          rT1,w7,13;      /*    s1' = w[-2] rotr 19       */ \
 179         rotrwi          rT3,a,13;       /* 1: S0' = a rotr 13           */ \
 180         evxor           rT0,rT0,rT1;    /*    s1 = s1 xor s1'           */ \
 181         xor             rT2,rT2,rT3;    /* 1: S0 = S0 xor S0'           */ \
 182         evldw           rT1,off(rKP);   /*    k                         */ \
 183         rotrwi          rT3,a,22;       /* 1: S0' = a rotr 22           */ \
 184         evaddw          w0,w0,rT0;      /*    w = w + s1                */ \
 185         xor             rT2,rT2,rT3;    /* 1: S0 = S0 xor S0'           */ \
 186         evmergelohi     rT0,w4,w5;      /*    w[-7]                     */ \
 187         and             rT3,a,b;        /* 1: maj = a and b             */ \
 188         evaddw          w0,w0,rT0;      /*    w = w + w[-7]             */ \
 189         CMP_K##k##_LOOP                                                    \
 190         add             rT2,rT2,rT3;    /* 1: temp2 = S0 + maj          */ \
 191         evaddw          rT1,rT1,w0;     /*    wk = w + k                */ \
 192         xor             rT3,a,b;        /* 1: maj = a xor b             */ \
 193         evmergehi       rT0,rT1,rT1;    /*    wk1/wk2                   */ \
 194         and             rT3,rT3,c;      /* 1: maj = maj and c           */ \
 195         add             h,h,rT0;        /* 1: temp1 = temp1 + wk        */ \
 196         add             rT2,rT2,rT3;    /* 1: temp2 = temp2 + maj       */ \
 197         add             g,g,rT1;        /* 2: temp1 = temp1 + wk        */ \
 198         add             d,d,h;          /* 1: d = d + temp1             */ \
 199         rotrwi          rT0,d,6;        /* 2: S1 = e rotr 6             */ \
 200         add             h,h,rT2;        /* 1: h = temp1 + temp2         */ \
 201         rotrwi          rT1,d,11;       /* 2: S1' = e rotr 11           */ \
 202         rotrwi          rT2,d,25;       /* 2: S" = e rotr 25            */ \
 203         xor             rT0,rT0,rT1;    /* 2: S1 = S1 xor S1'           */ \
 204         and             rT3,d,e;        /* 2: ch = e and f              */ \
 205         xor             rT0,rT0,rT2;    /* 2: S1 = S1 xor S1"           */ \
 206         andc            rT1,f,d;        /* 2: ch' = ~e and g            */ \
 207         add             g,g,rT0;        /* 2: temp1 = h + S1            */ \
 208         xor             rT3,rT3,rT1;    /* 2: ch = ch xor ch'           */ \
 209         rotrwi          rT0,h,2;        /* 2: S0 = a rotr 2             */ \
 210         add             g,g,rT3;        /* 2: temp1 = temp1 + ch        */ \
 211         rotrwi          rT1,h,13;       /* 2: S0' = a rotr 13           */ \
 212         rotrwi          rT3,h,22;       /* 2: S0" = a rotr 22           */ \
 213         xor             rT0,rT0,rT1;    /* 2: S0 = S0 xor S0'           */ \
 214         or              rT2,h,a;        /* 2: maj = a or b              */ \
 215         and             rT1,h,a;        /* 2: maj' = a and b            */ \
 216         and             rT2,rT2,b;      /* 2: maj = maj and c           */ \
 217         xor             rT3,rT0,rT3;    /* 2: S0 = S0 xor S0"           */ \
 218         or              rT2,rT1,rT2;    /* 2: maj = maj or maj'         */ \
 219         add             c,c,g;          /* 2: d = d + temp1             */ \
 220         add             rT3,rT3,rT2;    /* 2: temp2 = S0 + maj          */ \
 221         add             g,g,rT3         /* 2: h = temp1 + temp2         */
 222 
 223 _GLOBAL(ppc_spe_sha256_transform)
 224         INITIALIZE
 225 
 226         mtctr           r5
 227         lwz             rH0,0(rHP)
 228         lwz             rH1,4(rHP)
 229         lwz             rH2,8(rHP)
 230         lwz             rH3,12(rHP)
 231         lwz             rH4,16(rHP)
 232         lwz             rH5,20(rHP)
 233         lwz             rH6,24(rHP)
 234         lwz             rH7,28(rHP)
 235 
 236 ppc_spe_sha256_main:
 237         lis             rKP,PPC_SPE_SHA256_K@ha
 238         addi            rKP,rKP,PPC_SPE_SHA256_K@l
 239 
 240         R_LOAD_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7, rW0, 0)
 241         R_LOAD_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5, rW1, 8)
 242         R_LOAD_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3, rW2, 16)
 243         R_LOAD_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1, rW3, 24)
 244         R_LOAD_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7, rW4, 32)
 245         R_LOAD_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5, rW5, 40)
 246         R_LOAD_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3, rW6, 48)
 247         R_LOAD_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1, rW7, 56)
 248 ppc_spe_sha256_16_rounds:
 249         addi            rKP,rKP,64
 250         R_CALC_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7,
 251                  rW0, rW1, rW4, rW5, rW7, N, 0)
 252         R_CALC_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5,
 253                  rW1, rW2, rW5, rW6, rW0, N, 8)
 254         R_CALC_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3,
 255                  rW2, rW3, rW6, rW7, rW1, N, 16)
 256         R_CALC_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1,
 257                  rW3, rW4, rW7, rW0, rW2, N, 24)
 258         R_CALC_W(rH0, rH1, rH2, rH3, rH4, rH5, rH6, rH7,
 259                  rW4, rW5, rW0, rW1, rW3, N, 32)
 260         R_CALC_W(rH6, rH7, rH0, rH1, rH2, rH3, rH4, rH5,
 261                  rW5, rW6, rW1, rW2, rW4, N, 40)
 262         R_CALC_W(rH4, rH5, rH6, rH7, rH0, rH1, rH2, rH3,
 263                  rW6, rW7, rW2, rW3, rW5, N, 48)
 264         R_CALC_W(rH2, rH3, rH4, rH5, rH6, rH7, rH0, rH1,
 265                  rW7, rW0, rW3, rW4, rW6, C, 56)
 266         bt              gt,ppc_spe_sha256_16_rounds
 267 
 268         lwz             rW0,0(rHP)
 269         NEXT_BLOCK
 270         lwz             rW1,4(rHP)
 271         lwz             rW2,8(rHP)
 272         lwz             rW3,12(rHP)
 273         lwz             rW4,16(rHP)
 274         lwz             rW5,20(rHP)
 275         lwz             rW6,24(rHP)
 276         lwz             rW7,28(rHP)
 277 
 278         add             rH0,rH0,rW0
 279         stw             rH0,0(rHP)
 280         add             rH1,rH1,rW1
 281         stw             rH1,4(rHP)
 282         add             rH2,rH2,rW2
 283         stw             rH2,8(rHP)
 284         add             rH3,rH3,rW3
 285         stw             rH3,12(rHP)
 286         add             rH4,rH4,rW4
 287         stw             rH4,16(rHP)
 288         add             rH5,rH5,rW5
 289         stw             rH5,20(rHP)
 290         add             rH6,rH6,rW6
 291         stw             rH6,24(rHP)
 292         add             rH7,rH7,rW7
 293         stw             rH7,28(rHP)
 294 
 295         bdnz            ppc_spe_sha256_main
 296 
 297         FINALIZE
 298         blr
 299 
 300 .data
 301 .align 5
 302 PPC_SPE_SHA256_K:
 303         .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
 304         .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 305         .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 306         .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
 307         .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 308         .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 309         .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
 310         .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 311         .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 312         .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 313         .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
 314         .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070
 315         .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
 316         .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
 317         .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 318         .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2

/* [<][>][^][v][top][bottom][index][help] */