crypto: powerpc/aes - key handling

Key generation for big endian core routines. Signed-off-by: Markus Stockhausen <stockhausen@collogia.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Markus Stockhausen <stockhausen@collogia.de> 2015-02-22 03:59:54 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2015-03-01 05:02:28 -0500
commit: f98992af419e3b69696e9c418eda664bd5d7ceb2 (patch)
tree: 753a975b177d15201c5a6e0840ea19dd92d84e20
parent: 1c201e6420729f0aca9c844bb941ee2dd2b6c3c0 (diff)
1 files changed, 283 insertions, 0 deletions
diff --git a/arch/powerpc/crypto/aes-spe-keys.S b/arch/powerpc/crypto/aes-spe-keys.S
new file mode 100644
index 000000000000..be8090f3d700
--- /dev/null
+++ b/arch/powerpc/crypto/aes-spe-keys.S
@@ -0,0 +1,283 @@
+/*
+ * Key handling functions for PPC AES implementation
+ *
+ * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+#include <asm/ppc_asm.h>
+#ifdef __BIG_ENDIAN__
+#define LOAD_KEY(d, s, off) \
+        lwz             d,off(s);
+#else
+#define LOAD_KEY(d, s, off) \
+        li              r0,off; \
+        lwbrx           d,s,r0;
+#endif
+#define INITIALIZE_KEY \
+        stwu            r1,-32(r1);     /* create stack frame           */ \
+        stw             r14,8(r1);      /* save registers               */ \
+        stw             r15,12(r1);                                        \
+        stw             r16,16(r1);
+#define FINALIZE_KEY \
+        lwz             r14,8(r1);      /* restore registers            */ \
+        lwz             r15,12(r1);                                        \
+        lwz             r16,16(r1);                                        \
+        xor             r5,r5,r5;       /* clear sensitive data         */ \
+        xor             r6,r6,r6;                                          \
+        xor             r7,r7,r7;                                          \
+        xor             r8,r8,r8;                                          \
+        xor             r9,r9,r9;                                          \
+        xor             r10,r10,r10;                                       \
+        xor             r11,r11,r11;                                       \
+        xor             r12,r12,r12;                                       \
+        addi            r1,r1,32;       /* cleanup stack                */
+#define LS_BOX(r, t1, t2) \
+        lis             t2,PPC_AES_4K_ENCTAB@h;                            \
+        ori             t2,t2,PPC_AES_4K_ENCTAB@l;                         \
+        rlwimi          t2,r,4,20,27;                                      \
+        lbz             t1,8(t2);                                          \
+        rlwimi          r,t1,0,24,31;                                      \
+        rlwimi          t2,r,28,20,27;                                     \
+        lbz             t1,8(t2);                                          \
+        rlwimi          r,t1,8,16,23;                                      \
+        rlwimi          t2,r,20,20,27;                                     \
+        lbz             t1,8(t2);                                          \
+        rlwimi          r,t1,16,8,15;                                      \
+        rlwimi          t2,r,12,20,27;                                     \
+        lbz             t1,8(t2);                                          \
+        rlwimi          r,t1,24,0,7;
+#define GF8_MUL(out, in, t1, t2) \
+        lis t1,0x8080;                  /* multiplication in GF8        */ \
+        ori t1,t1,0x8080;                                                  \
+        and t1,t1,in;                                                      \
+        srwi t1,t1,7;                                                      \
+        mulli t1,t1,0x1b;                                                  \
+        lis t2,0x7f7f;                                                     \
+        ori t2,t2,0x7f7f;                                                  \
+        and t2,t2,in;                                                      \
+        slwi t2,t2,1;                                                      \
+        xor out,t1,t2;
+/*
+ * ppc_expand_key_128(u32 *key_enc, const u8 *key)
+ *
+ * Expand 128 bit key into 176 bytes encryption key. It consists of
+ * key itself plus 10 rounds with 16 bytes each
+ *
+ */
+_GLOBAL(ppc_expand_key_128)
+        INITIALIZE_KEY
+        LOAD_KEY(r5,r4,0)
+        LOAD_KEY(r6,r4,4)
+        LOAD_KEY(r7,r4,8)
+        LOAD_KEY(r8,r4,12)
+        stw             r5,0(r3)        /* key[0..3] = input data       */
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        li              r16,10          /* 10 expansion rounds          */
+        lis             r0,0x0100       /* RCO(1)                       */
+ppc_expand_128_loop:
+        addi            r3,r3,16
+        mr              r14,r8          /* apply LS_BOX to 4th temp     */
+        rotlwi          r14,r14,8
+        LS_BOX(r14, r15, r4)
+        xor             r14,r14,r0
+        xor             r5,r5,r14       /* xor next 4 keys              */
+        xor             r6,r6,r5
+        xor             r7,r7,r6
+        xor             r8,r8,r7
+        stw             r5,0(r3)        /* store next 4 keys            */
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        GF8_MUL(r0, r0, r4, r14)        /* multiply RCO by 2 in GF      */
+        subi            r16,r16,1
+        cmpwi           r16,0
+        bt              eq,ppc_expand_128_end
+        b               ppc_expand_128_loop
+ppc_expand_128_end:
+        FINALIZE_KEY
+        blr
+/*
+ * ppc_expand_key_192(u32 *key_enc, const u8 *key)
+ *
+ * Expand 192 bit key into 208 bytes encryption key. It consists of key
+ * itself plus 12 rounds with 16 bytes each
+ *
+ */
+_GLOBAL(ppc_expand_key_192)
+        INITIALIZE_KEY
+        LOAD_KEY(r5,r4,0)
+        LOAD_KEY(r6,r4,4)
+        LOAD_KEY(r7,r4,8)
+        LOAD_KEY(r8,r4,12)
+        LOAD_KEY(r9,r4,16)
+        LOAD_KEY(r10,r4,20)
+        stw             r5,0(r3)
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        stw             r9,16(r3)
+        stw             r10,20(r3)
+        li              r16,8           /* 8 expansion rounds           */
+        lis             r0,0x0100       /* RCO(1)                       */
+ppc_expand_192_loop:
+        addi            r3,r3,24
+        mr              r14,r10         /* apply LS_BOX to 6th temp     */
+        rotlwi          r14,r14,8
+        LS_BOX(r14, r15, r4)
+        xor             r14,r14,r0
+        xor             r5,r5,r14       /* xor next 6 keys              */
+        xor             r6,r6,r5
+        xor             r7,r7,r6
+        xor             r8,r8,r7
+        xor             r9,r9,r8
+        xor             r10,r10,r9
+        stw             r5,0(r3)
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        subi            r16,r16,1
+        cmpwi           r16,0           /* last round early kick out    */
+        bt              eq,ppc_expand_192_end
+        stw             r9,16(r3)
+        stw             r10,20(r3)
+        GF8_MUL(r0, r0, r4, r14)        /* multiply RCO GF8             */
+        b               ppc_expand_192_loop
+ppc_expand_192_end:
+        FINALIZE_KEY
+        blr
+/*
+ * ppc_expand_key_256(u32 *key_enc, const u8 *key)
+ *
+ * Expand 256 bit key into 240 bytes encryption key. It consists of key
+ * itself plus 14 rounds with 16 bytes each
+ *
+ */
+_GLOBAL(ppc_expand_key_256)
+        INITIALIZE_KEY
+        LOAD_KEY(r5,r4,0)
+        LOAD_KEY(r6,r4,4)
+        LOAD_KEY(r7,r4,8)
+        LOAD_KEY(r8,r4,12)
+        LOAD_KEY(r9,r4,16)
+        LOAD_KEY(r10,r4,20)
+        LOAD_KEY(r11,r4,24)
+        LOAD_KEY(r12,r4,28)
+        stw             r5,0(r3)
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        stw             r9,16(r3)
+        stw             r10,20(r3)
+        stw             r11,24(r3)
+        stw             r12,28(r3)
+        li              r16,7           /* 7 expansion rounds           */
+        lis             r0,0x0100       /* RCO(1)                       */
+ppc_expand_256_loop:
+        addi            r3,r3,32
+        mr              r14,r12         /* apply LS_BOX to 8th temp     */
+        rotlwi          r14,r14,8
+        LS_BOX(r14, r15, r4)
+        xor             r14,r14,r0
+        xor             r5,r5,r14       /* xor 4 keys                   */
+        xor             r6,r6,r5
+        xor             r7,r7,r6
+        xor             r8,r8,r7
+        mr              r14,r8
+        LS_BOX(r14, r15, r4)            /* apply LS_BOX to 4th temp     */
+        xor             r9,r9,r14       /* xor 4 keys                   */
+        xor             r10,r10,r9
+        xor             r11,r11,r10
+        xor             r12,r12,r11
+        stw             r5,0(r3)
+        stw             r6,4(r3)
+        stw             r7,8(r3)
+        stw             r8,12(r3)
+        subi            r16,r16,1
+        cmpwi           r16,0           /* last round early kick out    */
+        bt              eq,ppc_expand_256_end
+        stw             r9,16(r3)
+        stw             r10,20(r3)
+        stw             r11,24(r3)
+        stw             r12,28(r3)
+        GF8_MUL(r0, r0, r4, r14)
+        b               ppc_expand_256_loop
+ppc_expand_256_end:
+        FINALIZE_KEY
+        blr
+/*
+ * ppc_generate_decrypt_key: derive decryption key from encryption key
+ * number of bytes to handle are calculated from length of key (16/24/32)
+ *
+ */
+_GLOBAL(ppc_generate_decrypt_key)
+        addi            r6,r5,24
+        slwi            r6,r6,2
+        lwzx            r7,r4,r6        /* first/last 4 words are same  */
+        stw             r7,0(r3)
+        lwz             r7,0(r4)
+        stwx            r7,r3,r6
+        addi            r6,r6,4
+        lwzx            r7,r4,r6
+        stw             r7,4(r3)
+        lwz             r7,4(r4)
+        stwx            r7,r3,r6
+        addi            r6,r6,4
+        lwzx            r7,r4,r6
+        stw             r7,8(r3)
+        lwz             r7,8(r4)
+        stwx            r7,r3,r6
+        addi            r6,r6,4
+        lwzx            r7,r4,r6
+        stw             r7,12(r3)
+        lwz             r7,12(r4)
+        stwx            r7,r3,r6
+        addi            r3,r3,16
+        add             r4,r4,r6
+        subi            r4,r4,28
+        addi            r5,r5,20
+        srwi            r5,r5,2
+ppc_generate_decrypt_block:
+        li      r6,4
+        mtctr   r6
+ppc_generate_decrypt_word:
+        lwz             r6,0(r4)
+        GF8_MUL(r7, r6, r0, r7)
+        GF8_MUL(r8, r7, r0, r8)
+        GF8_MUL(r9, r8, r0, r9)
+        xor             r10,r9,r6
+        xor             r11,r7,r8
+        xor             r11,r11,r9
+        xor             r12,r7,r10
+        rotrwi          r12,r12,24
+        xor             r11,r11,r12
+        xor             r12,r8,r10
+        rotrwi          r12,r12,16
+        xor             r11,r11,r12
+        rotrwi          r12,r10,8
+        xor             r11,r11,r12
+        stw             r11,0(r3)
+        addi            r3,r3,4
+        addi            r4,r4,4
+        bdnz            ppc_generate_decrypt_word
+        subi            r4,r4,32
+        subi            r5,r5,1
+        cmpwi           r5,0
+        bt              gt,ppc_generate_decrypt_block
+        blr
author	Markus Stockhausen <stockhausen@collogia.de>	2015-02-22 03:59:54 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2015-03-01 05:02:28 -0500
commit	f98992af419e3b69696e9c418eda664bd5d7ceb2 (patch)
tree	753a975b177d15201c5a6e0840ea19dd92d84e20
parent	1c201e6420729f0aca9c844bb941ee2dd2b6c3c0 (diff)

diff --git a/arch/powerpc/crypto/aes-spe-keys.S b/arch/powerpc/crypto/aes-spe-keys.S new file mode 100644 index 000000000000..be8090f3d700 --- /dev/null +++ b/arch/powerpc/crypto/aes-spe-keys.S
@@ -0,0 +1,283 @@
	1	/*
	2	* Key handling functions for PPC AES implementation
	3	*
	4	* Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
	5	*
	6	* This program is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the Free
	8	* Software Foundation; either version 2 of the License, or (at your option)
	9	* any later version.
	10	*
	11	*/
	12
	13	#include <asm/ppc_asm.h>
	14
	15	#ifdef __BIG_ENDIAN__
	16	#define LOAD_KEY(d, s, off) \
	17	lwz d,off(s);
	18	#else
	19	#define LOAD_KEY(d, s, off) \
	20	li r0,off; \
	21	lwbrx d,s,r0;
	22	#endif
	23
	24	#define INITIALIZE_KEY \
	25	stwu r1,-32(r1); /* create stack frame */ \
	26	stw r14,8(r1); /* save registers */ \
	27	stw r15,12(r1); \
	28	stw r16,16(r1);
	29
	30	#define FINALIZE_KEY \
	31	lwz r14,8(r1); /* restore registers */ \
	32	lwz r15,12(r1); \
	33	lwz r16,16(r1); \
	34	xor r5,r5,r5; /* clear sensitive data */ \
	35	xor r6,r6,r6; \
	36	xor r7,r7,r7; \
	37	xor r8,r8,r8; \
	38	xor r9,r9,r9; \
	39	xor r10,r10,r10; \
	40	xor r11,r11,r11; \
	41	xor r12,r12,r12; \
	42	addi r1,r1,32; /* cleanup stack */
	43
	44	#define LS_BOX(r, t1, t2) \
	45	lis t2,PPC_AES_4K_ENCTAB@h; \
	46	ori t2,t2,PPC_AES_4K_ENCTAB@l; \
	47	rlwimi t2,r,4,20,27; \
	48	lbz t1,8(t2); \
	49	rlwimi r,t1,0,24,31; \
	50	rlwimi t2,r,28,20,27; \
	51	lbz t1,8(t2); \
	52	rlwimi r,t1,8,16,23; \
	53	rlwimi t2,r,20,20,27; \
	54	lbz t1,8(t2); \
	55	rlwimi r,t1,16,8,15; \
	56	rlwimi t2,r,12,20,27; \
	57	lbz t1,8(t2); \
	58	rlwimi r,t1,24,0,7;
	59
	60	#define GF8_MUL(out, in, t1, t2) \
	61	lis t1,0x8080; /* multiplication in GF8 */ \
	62	ori t1,t1,0x8080; \
	63	and t1,t1,in; \
	64	srwi t1,t1,7; \
	65	mulli t1,t1,0x1b; \
	66	lis t2,0x7f7f; \
	67	ori t2,t2,0x7f7f; \
	68	and t2,t2,in; \
	69	slwi t2,t2,1; \
	70	xor out,t1,t2;
	71
	72	/*
	73	* ppc_expand_key_128(u32 key_enc, const u8 key)
	74	*
	75	* Expand 128 bit key into 176 bytes encryption key. It consists of
	76	* key itself plus 10 rounds with 16 bytes each
	77	*
	78	*/
	79	_GLOBAL(ppc_expand_key_128)
	80	INITIALIZE_KEY
	81	LOAD_KEY(r5,r4,0)
	82	LOAD_KEY(r6,r4,4)
	83	LOAD_KEY(r7,r4,8)
	84	LOAD_KEY(r8,r4,12)
	85	stw r5,0(r3) /* key[0..3] = input data */
	86	stw r6,4(r3)
	87	stw r7,8(r3)
	88	stw r8,12(r3)
	89	li r16,10 /* 10 expansion rounds */
	90	lis r0,0x0100 /* RCO(1) */
	91	ppc_expand_128_loop:
	92	addi r3,r3,16
	93	mr r14,r8 /* apply LS_BOX to 4th temp */
	94	rotlwi r14,r14,8
	95	LS_BOX(r14, r15, r4)
	96	xor r14,r14,r0
	97	xor r5,r5,r14 /* xor next 4 keys */
	98	xor r6,r6,r5
	99	xor r7,r7,r6
	100	xor r8,r8,r7
	101	stw r5,0(r3) /* store next 4 keys */
	102	stw r6,4(r3)
	103	stw r7,8(r3)
	104	stw r8,12(r3)
	105	GF8_MUL(r0, r0, r4, r14) /* multiply RCO by 2 in GF */
	106	subi r16,r16,1
	107	cmpwi r16,0
	108	bt eq,ppc_expand_128_end
	109	b ppc_expand_128_loop
	110	ppc_expand_128_end:
	111	FINALIZE_KEY
	112	blr
	113
	114	/*
	115	* ppc_expand_key_192(u32 key_enc, const u8 key)
	116	*
	117	* Expand 192 bit key into 208 bytes encryption key. It consists of key
	118	* itself plus 12 rounds with 16 bytes each
	119	*
	120	*/
	121	_GLOBAL(ppc_expand_key_192)
	122	INITIALIZE_KEY
	123	LOAD_KEY(r5,r4,0)
	124	LOAD_KEY(r6,r4,4)
	125	LOAD_KEY(r7,r4,8)
	126	LOAD_KEY(r8,r4,12)
	127	LOAD_KEY(r9,r4,16)
	128	LOAD_KEY(r10,r4,20)
	129	stw r5,0(r3)
	130	stw r6,4(r3)
	131	stw r7,8(r3)
	132	stw r8,12(r3)
	133	stw r9,16(r3)
	134	stw r10,20(r3)
	135	li r16,8 /* 8 expansion rounds */
	136	lis r0,0x0100 /* RCO(1) */
	137	ppc_expand_192_loop:
	138	addi r3,r3,24
	139	mr r14,r10 /* apply LS_BOX to 6th temp */
	140	rotlwi r14,r14,8
	141	LS_BOX(r14, r15, r4)
	142	xor r14,r14,r0
	143	xor r5,r5,r14 /* xor next 6 keys */
	144	xor r6,r6,r5
	145	xor r7,r7,r6
	146	xor r8,r8,r7
	147	xor r9,r9,r8
	148	xor r10,r10,r9
	149	stw r5,0(r3)
	150	stw r6,4(r3)
	151	stw r7,8(r3)
	152	stw r8,12(r3)
	153	subi r16,r16,1
	154	cmpwi r16,0 /* last round early kick out */
	155	bt eq,ppc_expand_192_end
	156	stw r9,16(r3)
	157	stw r10,20(r3)
	158	GF8_MUL(r0, r0, r4, r14) /* multiply RCO GF8 */
	159	b ppc_expand_192_loop
	160	ppc_expand_192_end:
	161	FINALIZE_KEY
	162	blr
	163
	164	/*
	165	* ppc_expand_key_256(u32 key_enc, const u8 key)
	166	*
	167	* Expand 256 bit key into 240 bytes encryption key. It consists of key
	168	* itself plus 14 rounds with 16 bytes each
	169	*
	170	*/
	171	_GLOBAL(ppc_expand_key_256)
	172	INITIALIZE_KEY
	173	LOAD_KEY(r5,r4,0)
	174	LOAD_KEY(r6,r4,4)
	175	LOAD_KEY(r7,r4,8)
	176	LOAD_KEY(r8,r4,12)
	177	LOAD_KEY(r9,r4,16)
	178	LOAD_KEY(r10,r4,20)
	179	LOAD_KEY(r11,r4,24)
	180	LOAD_KEY(r12,r4,28)
	181	stw r5,0(r3)
	182	stw r6,4(r3)
	183	stw r7,8(r3)
	184	stw r8,12(r3)
	185	stw r9,16(r3)
	186	stw r10,20(r3)
	187	stw r11,24(r3)
	188	stw r12,28(r3)
	189	li r16,7 /* 7 expansion rounds */
	190	lis r0,0x0100 /* RCO(1) */
	191	ppc_expand_256_loop:
	192	addi r3,r3,32
	193	mr r14,r12 /* apply LS_BOX to 8th temp */
	194	rotlwi r14,r14,8
	195	LS_BOX(r14, r15, r4)
	196	xor r14,r14,r0
	197	xor r5,r5,r14 /* xor 4 keys */
	198	xor r6,r6,r5
	199	xor r7,r7,r6
	200	xor r8,r8,r7
	201	mr r14,r8
	202	LS_BOX(r14, r15, r4) /* apply LS_BOX to 4th temp */
	203	xor r9,r9,r14 /* xor 4 keys */
	204	xor r10,r10,r9
	205	xor r11,r11,r10
	206	xor r12,r12,r11
	207	stw r5,0(r3)
	208	stw r6,4(r3)
	209	stw r7,8(r3)
	210	stw r8,12(r3)
	211	subi r16,r16,1
	212	cmpwi r16,0 /* last round early kick out */
	213	bt eq,ppc_expand_256_end
	214	stw r9,16(r3)
	215	stw r10,20(r3)
	216	stw r11,24(r3)
	217	stw r12,28(r3)
	218	GF8_MUL(r0, r0, r4, r14)
	219	b ppc_expand_256_loop
	220	ppc_expand_256_end:
	221	FINALIZE_KEY
	222	blr
	223
	224	/*
	225	* ppc_generate_decrypt_key: derive decryption key from encryption key
	226	* number of bytes to handle are calculated from length of key (16/24/32)
	227	*
	228	*/
	229	_GLOBAL(ppc_generate_decrypt_key)
	230	addi r6,r5,24
	231	slwi r6,r6,2
	232	lwzx r7,r4,r6 /* first/last 4 words are same */
	233	stw r7,0(r3)
	234	lwz r7,0(r4)
	235	stwx r7,r3,r6
	236	addi r6,r6,4
	237	lwzx r7,r4,r6
	238	stw r7,4(r3)
	239	lwz r7,4(r4)
	240	stwx r7,r3,r6
	241	addi r6,r6,4
	242	lwzx r7,r4,r6
	243	stw r7,8(r3)
	244	lwz r7,8(r4)
	245	stwx r7,r3,r6
	246	addi r6,r6,4
	247	lwzx r7,r4,r6
	248	stw r7,12(r3)
	249	lwz r7,12(r4)
	250	stwx r7,r3,r6
	251	addi r3,r3,16
	252	add r4,r4,r6
	253	subi r4,r4,28
	254	addi r5,r5,20
	255	srwi r5,r5,2
	256	ppc_generate_decrypt_block:
	257	li r6,4
	258	mtctr r6
	259	ppc_generate_decrypt_word:
	260	lwz r6,0(r4)
	261	GF8_MUL(r7, r6, r0, r7)
	262	GF8_MUL(r8, r7, r0, r8)
	263	GF8_MUL(r9, r8, r0, r9)
	264	xor r10,r9,r6
	265	xor r11,r7,r8
	266	xor r11,r11,r9
	267	xor r12,r7,r10
	268	rotrwi r12,r12,24
	269	xor r11,r11,r12
	270	xor r12,r8,r10
	271	rotrwi r12,r12,16
	272	xor r11,r11,r12
	273	rotrwi r12,r10,8
	274	xor r11,r11,r12
	275	stw r11,0(r3)
	276	addi r3,r3,4
	277	addi r4,r4,4
	278	bdnz ppc_generate_decrypt_word
	279	subi r4,r4,32
	280	subi r5,r5,1
	281	cmpwi r5,0
	282	bt gt,ppc_generate_decrypt_block
	283	blr