]>
Commit | Line | Data |
---|---|---|
2874c5fd | 1 | /* SPDX-License-Identifier: GPL-2.0-or-later */ |
f98992af MS |
2 | /* |
3 | * Key handling functions for PPC AES implementation | |
4 | * | |
5 | * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de> | |
f98992af MS |
6 | */ |
7 | ||
8 | #include <asm/ppc_asm.h> | |
9 | ||
10 | #ifdef __BIG_ENDIAN__ | |
11 | #define LOAD_KEY(d, s, off) \ | |
12 | lwz d,off(s); | |
13 | #else | |
14 | #define LOAD_KEY(d, s, off) \ | |
15 | li r0,off; \ | |
16 | lwbrx d,s,r0; | |
17 | #endif | |
18 | ||
19 | #define INITIALIZE_KEY \ | |
20 | stwu r1,-32(r1); /* create stack frame */ \ | |
21 | stw r14,8(r1); /* save registers */ \ | |
22 | stw r15,12(r1); \ | |
23 | stw r16,16(r1); | |
24 | ||
25 | #define FINALIZE_KEY \ | |
26 | lwz r14,8(r1); /* restore registers */ \ | |
27 | lwz r15,12(r1); \ | |
28 | lwz r16,16(r1); \ | |
29 | xor r5,r5,r5; /* clear sensitive data */ \ | |
30 | xor r6,r6,r6; \ | |
31 | xor r7,r7,r7; \ | |
32 | xor r8,r8,r8; \ | |
33 | xor r9,r9,r9; \ | |
34 | xor r10,r10,r10; \ | |
35 | xor r11,r11,r11; \ | |
36 | xor r12,r12,r12; \ | |
37 | addi r1,r1,32; /* cleanup stack */ | |
38 | ||
39 | #define LS_BOX(r, t1, t2) \ | |
40 | lis t2,PPC_AES_4K_ENCTAB@h; \ | |
41 | ori t2,t2,PPC_AES_4K_ENCTAB@l; \ | |
42 | rlwimi t2,r,4,20,27; \ | |
43 | lbz t1,8(t2); \ | |
44 | rlwimi r,t1,0,24,31; \ | |
45 | rlwimi t2,r,28,20,27; \ | |
46 | lbz t1,8(t2); \ | |
47 | rlwimi r,t1,8,16,23; \ | |
48 | rlwimi t2,r,20,20,27; \ | |
49 | lbz t1,8(t2); \ | |
50 | rlwimi r,t1,16,8,15; \ | |
51 | rlwimi t2,r,12,20,27; \ | |
52 | lbz t1,8(t2); \ | |
53 | rlwimi r,t1,24,0,7; | |
54 | ||
55 | #define GF8_MUL(out, in, t1, t2) \ | |
56 | lis t1,0x8080; /* multiplication in GF8 */ \ | |
57 | ori t1,t1,0x8080; \ | |
58 | and t1,t1,in; \ | |
59 | srwi t1,t1,7; \ | |
60 | mulli t1,t1,0x1b; \ | |
61 | lis t2,0x7f7f; \ | |
62 | ori t2,t2,0x7f7f; \ | |
63 | and t2,t2,in; \ | |
64 | slwi t2,t2,1; \ | |
65 | xor out,t1,t2; | |
66 | ||
67 | /* | |
68 | * ppc_expand_key_128(u32 *key_enc, const u8 *key) | |
69 | * | |
70 | * Expand 128 bit key into 176 bytes encryption key. It consists of | |
71 | * key itself plus 10 rounds with 16 bytes each | |
72 | * | |
73 | */ | |
74 | _GLOBAL(ppc_expand_key_128) | |
75 | INITIALIZE_KEY | |
76 | LOAD_KEY(r5,r4,0) | |
77 | LOAD_KEY(r6,r4,4) | |
78 | LOAD_KEY(r7,r4,8) | |
79 | LOAD_KEY(r8,r4,12) | |
80 | stw r5,0(r3) /* key[0..3] = input data */ | |
81 | stw r6,4(r3) | |
82 | stw r7,8(r3) | |
83 | stw r8,12(r3) | |
84 | li r16,10 /* 10 expansion rounds */ | |
85 | lis r0,0x0100 /* RCO(1) */ | |
86 | ppc_expand_128_loop: | |
87 | addi r3,r3,16 | |
88 | mr r14,r8 /* apply LS_BOX to 4th temp */ | |
89 | rotlwi r14,r14,8 | |
90 | LS_BOX(r14, r15, r4) | |
91 | xor r14,r14,r0 | |
92 | xor r5,r5,r14 /* xor next 4 keys */ | |
93 | xor r6,r6,r5 | |
94 | xor r7,r7,r6 | |
95 | xor r8,r8,r7 | |
96 | stw r5,0(r3) /* store next 4 keys */ | |
97 | stw r6,4(r3) | |
98 | stw r7,8(r3) | |
99 | stw r8,12(r3) | |
100 | GF8_MUL(r0, r0, r4, r14) /* multiply RCO by 2 in GF */ | |
101 | subi r16,r16,1 | |
102 | cmpwi r16,0 | |
103 | bt eq,ppc_expand_128_end | |
104 | b ppc_expand_128_loop | |
105 | ppc_expand_128_end: | |
106 | FINALIZE_KEY | |
107 | blr | |
108 | ||
109 | /* | |
110 | * ppc_expand_key_192(u32 *key_enc, const u8 *key) | |
111 | * | |
112 | * Expand 192 bit key into 208 bytes encryption key. It consists of key | |
113 | * itself plus 12 rounds with 16 bytes each | |
114 | * | |
115 | */ | |
116 | _GLOBAL(ppc_expand_key_192) | |
117 | INITIALIZE_KEY | |
118 | LOAD_KEY(r5,r4,0) | |
119 | LOAD_KEY(r6,r4,4) | |
120 | LOAD_KEY(r7,r4,8) | |
121 | LOAD_KEY(r8,r4,12) | |
122 | LOAD_KEY(r9,r4,16) | |
123 | LOAD_KEY(r10,r4,20) | |
124 | stw r5,0(r3) | |
125 | stw r6,4(r3) | |
126 | stw r7,8(r3) | |
127 | stw r8,12(r3) | |
128 | stw r9,16(r3) | |
129 | stw r10,20(r3) | |
130 | li r16,8 /* 8 expansion rounds */ | |
131 | lis r0,0x0100 /* RCO(1) */ | |
132 | ppc_expand_192_loop: | |
133 | addi r3,r3,24 | |
134 | mr r14,r10 /* apply LS_BOX to 6th temp */ | |
135 | rotlwi r14,r14,8 | |
136 | LS_BOX(r14, r15, r4) | |
137 | xor r14,r14,r0 | |
138 | xor r5,r5,r14 /* xor next 6 keys */ | |
139 | xor r6,r6,r5 | |
140 | xor r7,r7,r6 | |
141 | xor r8,r8,r7 | |
142 | xor r9,r9,r8 | |
143 | xor r10,r10,r9 | |
144 | stw r5,0(r3) | |
145 | stw r6,4(r3) | |
146 | stw r7,8(r3) | |
147 | stw r8,12(r3) | |
148 | subi r16,r16,1 | |
149 | cmpwi r16,0 /* last round early kick out */ | |
150 | bt eq,ppc_expand_192_end | |
151 | stw r9,16(r3) | |
152 | stw r10,20(r3) | |
153 | GF8_MUL(r0, r0, r4, r14) /* multiply RCO GF8 */ | |
154 | b ppc_expand_192_loop | |
155 | ppc_expand_192_end: | |
156 | FINALIZE_KEY | |
157 | blr | |
158 | ||
159 | /* | |
160 | * ppc_expand_key_256(u32 *key_enc, const u8 *key) | |
161 | * | |
162 | * Expand 256 bit key into 240 bytes encryption key. It consists of key | |
163 | * itself plus 14 rounds with 16 bytes each | |
164 | * | |
165 | */ | |
166 | _GLOBAL(ppc_expand_key_256) | |
167 | INITIALIZE_KEY | |
168 | LOAD_KEY(r5,r4,0) | |
169 | LOAD_KEY(r6,r4,4) | |
170 | LOAD_KEY(r7,r4,8) | |
171 | LOAD_KEY(r8,r4,12) | |
172 | LOAD_KEY(r9,r4,16) | |
173 | LOAD_KEY(r10,r4,20) | |
174 | LOAD_KEY(r11,r4,24) | |
175 | LOAD_KEY(r12,r4,28) | |
176 | stw r5,0(r3) | |
177 | stw r6,4(r3) | |
178 | stw r7,8(r3) | |
179 | stw r8,12(r3) | |
180 | stw r9,16(r3) | |
181 | stw r10,20(r3) | |
182 | stw r11,24(r3) | |
183 | stw r12,28(r3) | |
184 | li r16,7 /* 7 expansion rounds */ | |
185 | lis r0,0x0100 /* RCO(1) */ | |
186 | ppc_expand_256_loop: | |
187 | addi r3,r3,32 | |
188 | mr r14,r12 /* apply LS_BOX to 8th temp */ | |
189 | rotlwi r14,r14,8 | |
190 | LS_BOX(r14, r15, r4) | |
191 | xor r14,r14,r0 | |
192 | xor r5,r5,r14 /* xor 4 keys */ | |
193 | xor r6,r6,r5 | |
194 | xor r7,r7,r6 | |
195 | xor r8,r8,r7 | |
196 | mr r14,r8 | |
197 | LS_BOX(r14, r15, r4) /* apply LS_BOX to 4th temp */ | |
198 | xor r9,r9,r14 /* xor 4 keys */ | |
199 | xor r10,r10,r9 | |
200 | xor r11,r11,r10 | |
201 | xor r12,r12,r11 | |
202 | stw r5,0(r3) | |
203 | stw r6,4(r3) | |
204 | stw r7,8(r3) | |
205 | stw r8,12(r3) | |
206 | subi r16,r16,1 | |
207 | cmpwi r16,0 /* last round early kick out */ | |
208 | bt eq,ppc_expand_256_end | |
209 | stw r9,16(r3) | |
210 | stw r10,20(r3) | |
211 | stw r11,24(r3) | |
212 | stw r12,28(r3) | |
213 | GF8_MUL(r0, r0, r4, r14) | |
214 | b ppc_expand_256_loop | |
215 | ppc_expand_256_end: | |
216 | FINALIZE_KEY | |
217 | blr | |
218 | ||
219 | /* | |
220 | * ppc_generate_decrypt_key: derive decryption key from encryption key | |
221 | * number of bytes to handle are calculated from length of key (16/24/32) | |
222 | * | |
223 | */ | |
224 | _GLOBAL(ppc_generate_decrypt_key) | |
225 | addi r6,r5,24 | |
226 | slwi r6,r6,2 | |
227 | lwzx r7,r4,r6 /* first/last 4 words are same */ | |
228 | stw r7,0(r3) | |
229 | lwz r7,0(r4) | |
230 | stwx r7,r3,r6 | |
231 | addi r6,r6,4 | |
232 | lwzx r7,r4,r6 | |
233 | stw r7,4(r3) | |
234 | lwz r7,4(r4) | |
235 | stwx r7,r3,r6 | |
236 | addi r6,r6,4 | |
237 | lwzx r7,r4,r6 | |
238 | stw r7,8(r3) | |
239 | lwz r7,8(r4) | |
240 | stwx r7,r3,r6 | |
241 | addi r6,r6,4 | |
242 | lwzx r7,r4,r6 | |
243 | stw r7,12(r3) | |
244 | lwz r7,12(r4) | |
245 | stwx r7,r3,r6 | |
246 | addi r3,r3,16 | |
247 | add r4,r4,r6 | |
248 | subi r4,r4,28 | |
249 | addi r5,r5,20 | |
250 | srwi r5,r5,2 | |
251 | ppc_generate_decrypt_block: | |
252 | li r6,4 | |
253 | mtctr r6 | |
254 | ppc_generate_decrypt_word: | |
255 | lwz r6,0(r4) | |
256 | GF8_MUL(r7, r6, r0, r7) | |
257 | GF8_MUL(r8, r7, r0, r8) | |
258 | GF8_MUL(r9, r8, r0, r9) | |
259 | xor r10,r9,r6 | |
260 | xor r11,r7,r8 | |
261 | xor r11,r11,r9 | |
262 | xor r12,r7,r10 | |
263 | rotrwi r12,r12,24 | |
264 | xor r11,r11,r12 | |
265 | xor r12,r8,r10 | |
266 | rotrwi r12,r12,16 | |
267 | xor r11,r11,r12 | |
268 | rotrwi r12,r10,8 | |
269 | xor r11,r11,r12 | |
270 | stw r11,0(r3) | |
271 | addi r3,r3,4 | |
272 | addi r4,r4,4 | |
273 | bdnz ppc_generate_decrypt_word | |
274 | subi r4,r4,32 | |
275 | subi r5,r5,1 | |
276 | cmpwi r5,0 | |
277 | bt gt,ppc_generate_decrypt_block | |
278 | blr |