Lines Matching +full:0 +full:- +full:3
2 * crypto_helper.c - emulate v8 Crypto Extensions instructions
4 * Copyright (C) 2013 - 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
15 #include "tcg/tcg-gvec-desc.h"
16 #include "crypto/aes-round.h"
21 #include "exec/helper-proto.h.inc"
30 #define CR_ST_BYTE(state, i) ((state).bytes[(15 - (i)) ^ 8])
31 #define CR_ST_WORD(state, i) ((state).words[(3 - (i)) ^ 2])
56 for (i = 0; i < opr_sz; i += 16) { in HELPER()
63 * Our uint64_t are in the wrong order for big-endian. in HELPER()
68 t.d[0] = st->d[1] ^ rk->d[1]; in HELPER()
69 t.d[1] = st->d[0] ^ rk->d[0]; in HELPER()
71 ad->d[0] = t.d[1]; in HELPER()
72 ad->d[1] = t.d[0]; in HELPER()
74 t.v = st->v ^ rk->v; in HELPER()
85 for (i = 0; i < opr_sz; i += 16) { in HELPER()
91 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
93 t.d[0] = st->d[1] ^ rk->d[1]; in HELPER()
94 t.d[1] = st->d[0] ^ rk->d[0]; in HELPER()
96 ad->d[0] = t.d[1]; in HELPER()
97 ad->d[1] = t.d[0]; in HELPER()
99 t.v = st->v ^ rk->v; in HELPER()
110 for (i = 0; i < opr_sz; i += 16) { in HELPER()
115 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
117 t.d[0] = st->d[1]; in HELPER()
118 t.d[1] = st->d[0]; in HELPER()
120 ad->d[0] = t.d[1]; in HELPER()
121 ad->d[1] = t.d[0]; in HELPER()
133 for (i = 0; i < opr_sz; i += 16) { in HELPER()
138 /* Our uint64_t are in the wrong order for big-endian. */ in HELPER()
140 t.d[0] = st->d[1]; in HELPER()
141 t.d[1] = st->d[0]; in HELPER()
143 ad->d[0] = t.d[1]; in HELPER()
144 ad->d[1] = t.d[0]; in HELPER()
153 * SHA-1 logical functions
176 d0 = d[1] ^ d[0] ^ m[0]; in HELPER()
177 d1 = n[0] ^ d[1] ^ m[1]; in HELPER()
178 d[0] = d0; in HELPER()
188 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in crypto_sha1_3reg()
189 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in crypto_sha1_3reg()
190 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in crypto_sha1_3reg()
193 for (i = 0; i < 4; i++) { in crypto_sha1_3reg()
196 t += rol32(CR_ST_WORD(d, 0), 5) + CR_ST_WORD(n, 0) in crypto_sha1_3reg()
199 CR_ST_WORD(n, 0) = CR_ST_WORD(d, 3); in crypto_sha1_3reg()
200 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in crypto_sha1_3reg()
202 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in crypto_sha1_3reg()
203 CR_ST_WORD(d, 0) = t; in crypto_sha1_3reg()
205 rd[0] = d.l[0]; in crypto_sha1_3reg()
213 return cho(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1c()
223 return par(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1p()
233 return maj(CR_ST_WORD(*d, 1), CR_ST_WORD(*d, 2), CR_ST_WORD(*d, 3)); in do_sha1m()
245 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
247 CR_ST_WORD(m, 0) = ror32(CR_ST_WORD(m, 0), 2); in HELPER()
248 CR_ST_WORD(m, 1) = CR_ST_WORD(m, 2) = CR_ST_WORD(m, 3) = 0; in HELPER()
250 rd[0] = m.l[0]; in HELPER()
260 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
261 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
263 CR_ST_WORD(d, 0) = rol32(CR_ST_WORD(d, 0) ^ CR_ST_WORD(m, 1), 1); in HELPER()
265 CR_ST_WORD(d, 2) = rol32(CR_ST_WORD(d, 2) ^ CR_ST_WORD(m, 3), 1); in HELPER()
266 CR_ST_WORD(d, 3) = rol32(CR_ST_WORD(d, 3) ^ CR_ST_WORD(d, 0), 1); in HELPER()
268 rd[0] = d.l[0]; in HELPER()
275 * The SHA-256 logical functions, according to
276 * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
291 return ror32(x, 7) ^ ror32(x, 18) ^ (x >> 3); in s0()
304 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
305 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in HELPER()
306 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
309 for (i = 0; i < 4; i++) { in HELPER()
310 uint32_t t = cho(CR_ST_WORD(n, 0), CR_ST_WORD(n, 1), CR_ST_WORD(n, 2)) in HELPER()
311 + CR_ST_WORD(n, 3) + S1(CR_ST_WORD(n, 0)) in HELPER()
314 CR_ST_WORD(n, 3) = CR_ST_WORD(n, 2); in HELPER()
316 CR_ST_WORD(n, 1) = CR_ST_WORD(n, 0); in HELPER()
317 CR_ST_WORD(n, 0) = CR_ST_WORD(d, 3) + t; in HELPER()
319 t += maj(CR_ST_WORD(d, 0), CR_ST_WORD(d, 1), CR_ST_WORD(d, 2)) in HELPER()
320 + S0(CR_ST_WORD(d, 0)); in HELPER()
322 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in HELPER()
324 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in HELPER()
325 CR_ST_WORD(d, 0) = t; in HELPER()
328 rd[0] = d.l[0]; in HELPER()
339 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
340 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in HELPER()
341 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
344 for (i = 0; i < 4; i++) { in HELPER()
345 uint32_t t = cho(CR_ST_WORD(d, 0), CR_ST_WORD(d, 1), CR_ST_WORD(d, 2)) in HELPER()
346 + CR_ST_WORD(d, 3) + S1(CR_ST_WORD(d, 0)) in HELPER()
349 CR_ST_WORD(d, 3) = CR_ST_WORD(d, 2); in HELPER()
351 CR_ST_WORD(d, 1) = CR_ST_WORD(d, 0); in HELPER()
352 CR_ST_WORD(d, 0) = CR_ST_WORD(n, 3 - i) + t; in HELPER()
355 rd[0] = d.l[0]; in HELPER()
365 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
366 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
368 CR_ST_WORD(d, 0) += s0(CR_ST_WORD(d, 1)); in HELPER()
370 CR_ST_WORD(d, 2) += s0(CR_ST_WORD(d, 3)); in HELPER()
371 CR_ST_WORD(d, 3) += s0(CR_ST_WORD(m, 0)); in HELPER()
373 rd[0] = d.l[0]; in HELPER()
384 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
385 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in HELPER()
386 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
388 CR_ST_WORD(d, 0) += s1(CR_ST_WORD(m, 2)) + CR_ST_WORD(n, 1); in HELPER()
389 CR_ST_WORD(d, 1) += s1(CR_ST_WORD(m, 3)) + CR_ST_WORD(n, 2); in HELPER()
390 CR_ST_WORD(d, 2) += s1(CR_ST_WORD(d, 0)) + CR_ST_WORD(n, 3); in HELPER()
391 CR_ST_WORD(d, 3) += s1(CR_ST_WORD(d, 1)) + CR_ST_WORD(m, 0); in HELPER()
393 rd[0] = d.l[0]; in HELPER()
400 * The SHA-512 logical functions (same as above but using 64-bit operands)
438 uint64_t d0 = rd[0]; in HELPER()
441 d1 += S1_512(rm[1]) + cho512(rm[1], rn[0], rn[1]); in HELPER()
442 d0 += S1_512(d1 + rm[0]) + cho512(d1 + rm[0], rm[1], rn[0]); in HELPER()
444 rd[0] = d0; in HELPER()
455 uint64_t d0 = rd[0]; in HELPER()
458 d1 += S0_512(rm[0]) + maj512(rn[0], rm[1], rm[0]); in HELPER()
459 d0 += S0_512(d1) + maj512(d1, rm[0], rm[1]); in HELPER()
461 rd[0] = d0; in HELPER()
471 uint64_t d0 = rd[0]; in HELPER()
475 d1 += s0_512(rn[0]); in HELPER()
477 rd[0] = d0; in HELPER()
489 rd[0] += s1_512(rn[0]) + rm[0]; in HELPER()
500 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
501 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in HELPER()
502 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
505 t = CR_ST_WORD(d, 0) ^ CR_ST_WORD(n, 0) ^ ror32(CR_ST_WORD(m, 1), 17); in HELPER()
506 CR_ST_WORD(d, 0) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
511 t = CR_ST_WORD(d, 2) ^ CR_ST_WORD(n, 2) ^ ror32(CR_ST_WORD(m, 3), 17); in HELPER()
514 t = CR_ST_WORD(d, 3) ^ CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 0), 17); in HELPER()
515 CR_ST_WORD(d, 3) = t ^ ror32(t, 17) ^ ror32(t, 9); in HELPER()
517 rd[0] = d.l[0]; in HELPER()
528 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in HELPER()
529 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in HELPER()
530 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in HELPER()
531 uint32_t t = CR_ST_WORD(n, 0) ^ ror32(CR_ST_WORD(m, 0), 25); in HELPER()
533 CR_ST_WORD(d, 0) ^= t; in HELPER()
536 CR_ST_WORD(d, 3) ^= CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(m, 3), 25) ^ in HELPER()
539 rd[0] = d.l[0]; in HELPER()
549 union CRYPTO_STATE d = { .l = { rd[0], rd[1] } }; in crypto_sm3tt()
550 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in crypto_sm3tt()
551 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in crypto_sm3tt()
557 if (opcode == 0 || opcode == 2) { in crypto_sm3tt()
559 t = par(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
562 t = maj(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
563 } else if (opcode == 3) { in crypto_sm3tt()
565 t = cho(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); in crypto_sm3tt()
570 t += CR_ST_WORD(d, 0) + CR_ST_WORD(m, imm2); in crypto_sm3tt()
572 CR_ST_WORD(d, 0) = CR_ST_WORD(d, 1); in crypto_sm3tt()
576 t += CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 3), 20); in crypto_sm3tt()
581 t += CR_ST_WORD(n, 3); in crypto_sm3tt()
587 CR_ST_WORD(d, 2) = CR_ST_WORD(d, 3); in crypto_sm3tt()
588 CR_ST_WORD(d, 3) = t; in crypto_sm3tt()
590 rd[0] = d.l[0]; in crypto_sm3tt()
600 DO_SM3TT(crypto_sm3tt1a, 0)
603 DO_SM3TT(crypto_sm3tt2b, 3)
609 union CRYPTO_STATE d = { .l = { rn[0], rn[1] } }; in do_crypto_sm4e()
610 union CRYPTO_STATE n = { .l = { rm[0], rm[1] } }; in do_crypto_sm4e()
613 for (i = 0; i < 4; i++) { in do_crypto_sm4e()
616 CR_ST_WORD(d, (i + 3) % 4) ^ in do_crypto_sm4e()
625 rd[0] = d.l[0]; in do_crypto_sm4e()
633 for (i = 0; i < opr_sz; i += 16) { in HELPER()
642 union CRYPTO_STATE n = { .l = { rn[0], rn[1] } }; in do_crypto_sm4ekey()
643 union CRYPTO_STATE m = { .l = { rm[0], rm[1] } }; in do_crypto_sm4ekey()
647 for (i = 0; i < 4; i++) { in do_crypto_sm4ekey()
650 CR_ST_WORD(d, (i + 3) % 4) ^ in do_crypto_sm4ekey()
658 rd[0] = d.l[0]; in do_crypto_sm4ekey()
666 for (i = 0; i < opr_sz; i += 16) { in HELPER()
677 for (i = 0; i < opr_sz / 8; ++i) { in HELPER()