Home Verkennen Help
Registreren Inloggen
dingyu
/
CooCenter-System-kernel
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: e68e7644fa
Aftakkingen Labels
CooCenter-Sy...
/
arch
/
arm64
/
crypto
/
aes-modes.S

aes-modes.S 12 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529 
  1. /*
    2. 

  2.  * linux/arch/arm64/crypto/aes-modes.S - chaining mode wrappers for AES
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  */
    10. 

  10. 

  11. /* included by aes-ce.S and aes-neon.S */
    12. 

  12. 

  13. 	.text
    14. 

  14. 	.align		4
    15. 

  15. 

  16. /*
    17. 

  17.  * There are several ways to instantiate this code:
    18. 

  18.  * - no interleave, all inline
    19. 

  19.  * - 2-way interleave, 2x calls out of line (-DINTERLEAVE=2)
    20. 

  20.  * - 2-way interleave, all inline (-DINTERLEAVE=2 -DINTERLEAVE_INLINE)
    21. 

  21.  * - 4-way interleave, 4x calls out of line (-DINTERLEAVE=4)
    22. 

  22.  * - 4-way interleave, all inline (-DINTERLEAVE=4 -DINTERLEAVE_INLINE)
    23. 

  23.  *
    24. 

  24.  * Macros imported by this code:
    25. 

  25.  * - enc_prepare	- setup NEON registers for encryption
    26. 

  26.  * - dec_prepare	- setup NEON registers for decryption
    27. 

  27.  * - enc_switch_key	- change to new key after having prepared for encryption
    28. 

  28.  * - encrypt_block	- encrypt a single block
    29. 

  29.  * - decrypt block	- decrypt a single block
    30. 

  30.  * - encrypt_block2x	- encrypt 2 blocks in parallel (if INTERLEAVE == 2)
    31. 

  31.  * - decrypt_block2x	- decrypt 2 blocks in parallel (if INTERLEAVE == 2)
    32. 

  32.  * - encrypt_block4x	- encrypt 4 blocks in parallel (if INTERLEAVE == 4)
    33. 

  33.  * - decrypt_block4x	- decrypt 4 blocks in parallel (if INTERLEAVE == 4)
    34. 

  34.  */
    35. 

  35. 

  36. #if defined(INTERLEAVE) && !defined(INTERLEAVE_INLINE)
    37. 

  37. #define FRAME_PUSH	stp x29, x30, [sp,#-16]! ; mov x29, sp
    38. 

  38. #define FRAME_POP	ldp x29, x30, [sp],#16
    39. 

  39. 

  40. #if INTERLEAVE == 2
    41. 

  41. 

  42. aes_encrypt_block2x:
    43. 

  43. 	encrypt_block2x	v0, v1, w3, x2, x6, w7
    44. 

  44. 	ret
    45. 

  45. ENDPROC(aes_encrypt_block2x)
    46. 

  46. 

  47. aes_decrypt_block2x:
    48. 

  48. 	decrypt_block2x	v0, v1, w3, x2, x6, w7
    49. 

  49. 	ret
    50. 

  50. ENDPROC(aes_decrypt_block2x)
    51. 

  51. 

  52. #elif INTERLEAVE == 4
    53. 

  53. 

  54. aes_encrypt_block4x:
    55. 

  55. 	encrypt_block4x	v0, v1, v2, v3, w3, x2, x6, w7
    56. 

  56. 	ret
    57. 

  57. ENDPROC(aes_encrypt_block4x)
    58. 

  58. 

  59. aes_decrypt_block4x:
    60. 

  60. 	decrypt_block4x	v0, v1, v2, v3, w3, x2, x6, w7
    61. 

  61. 	ret
    62. 

  62. ENDPROC(aes_decrypt_block4x)
    63. 

  63. 

  64. #else
    65. 

  65. #error INTERLEAVE should equal 2 or 4
    66. 

  66. #endif
    67. 

  67. 

  68. 	.macro		do_encrypt_block2x
    69. 

  69. 	bl		aes_encrypt_block2x
    70. 

  70. 	.endm
    71. 

  71. 

  72. 	.macro		do_decrypt_block2x
    73. 

  73. 	bl		aes_decrypt_block2x
    74. 

  74. 	.endm
    75. 

  75. 

  76. 	.macro		do_encrypt_block4x
    77. 

  77. 	bl		aes_encrypt_block4x
    78. 

  78. 	.endm
    79. 

  79. 

  80. 	.macro		do_decrypt_block4x
    81. 

  81. 	bl		aes_decrypt_block4x
    82. 

  82. 	.endm
    83. 

  83. 

  84. #else
    85. 

  85. #define FRAME_PUSH
    86. 

  86. #define FRAME_POP
    87. 

  87. 

  88. 	.macro		do_encrypt_block2x
    89. 

  89. 	encrypt_block2x	v0, v1, w3, x2, x6, w7
    90. 

  90. 	.endm
    91. 

  91. 

  92. 	.macro		do_decrypt_block2x
    93. 

  93. 	decrypt_block2x	v0, v1, w3, x2, x6, w7
    94. 

  94. 	.endm
    95. 

  95. 

  96. 	.macro		do_encrypt_block4x
    97. 

  97. 	encrypt_block4x	v0, v1, v2, v3, w3, x2, x6, w7
    98. 

  98. 	.endm
    99. 

  99. 

  100. 	.macro		do_decrypt_block4x
    101. 

  101. 	decrypt_block4x	v0, v1, v2, v3, w3, x2, x6, w7
    102. 

  102. 	.endm
    103. 

  103. 

  104. #endif
    105. 

  105. 

  106. 	/*
    107. 

  107. 	 * aes_ecb_encrypt(u8 out[], u8 const in[], u8 const rk[], int rounds,
    108. 

  108. 	 *		   int blocks, int first)
    109. 

  109. 	 * aes_ecb_decrypt(u8 out[], u8 const in[], u8 const rk[], int rounds,
    110. 

  110. 	 *		   int blocks, int first)
    111. 

  111. 	 */
    112. 

  112. 

  113. AES_ENTRY(aes_ecb_encrypt)
    114. 

  114. 	FRAME_PUSH
    115. 

  115. 	cbz		w5, .LecbencloopNx
    116. 

  116. 

  117. 	enc_prepare	w3, x2, x5
    118. 

  118. 

  119. .LecbencloopNx:
    120. 

  120. #if INTERLEAVE >= 2
    121. 

  121. 	subs		w4, w4, #INTERLEAVE
    122. 

  122. 	bmi		.Lecbenc1x
    123. 

  123. #if INTERLEAVE == 2
    124. 

  124. 	ld1		{v0.16b-v1.16b}, [x1], #32	/* get 2 pt blocks */
    125. 

  125. 	do_encrypt_block2x
    126. 

  126. 	st1		{v0.16b-v1.16b}, [x0], #32
    127. 

  127. #else
    128. 

  128. 	ld1		{v0.16b-v3.16b}, [x1], #64	/* get 4 pt blocks */
    129. 

  129. 	do_encrypt_block4x
    130. 

  130. 	st1		{v0.16b-v3.16b}, [x0], #64
    131. 

  131. #endif
    132. 

  132. 	b		.LecbencloopNx
    133. 

  133. .Lecbenc1x:
    134. 

  134. 	adds		w4, w4, #INTERLEAVE
    135. 

  135. 	beq		.Lecbencout
    136. 

  136. #endif
    137. 

  137. .Lecbencloop:
    138. 

  138. 	ld1		{v0.16b}, [x1], #16		/* get next pt block */
    139. 

  139. 	encrypt_block	v0, w3, x2, x5, w6
    140. 

  140. 	st1		{v0.16b}, [x0], #16
    141. 

  141. 	subs		w4, w4, #1
    142. 

  142. 	bne		.Lecbencloop
    143. 

  143. .Lecbencout:
    144. 

  144. 	FRAME_POP
    145. 

  145. 	ret
    146. 

  146. AES_ENDPROC(aes_ecb_encrypt)
    147. 

  147. 

  148. 

  149. AES_ENTRY(aes_ecb_decrypt)
    150. 

  150. 	FRAME_PUSH
    151. 

  151. 	cbz		w5, .LecbdecloopNx
    152. 

  152. 

  153. 	dec_prepare	w3, x2, x5
    154. 

  154. 

  155. .LecbdecloopNx:
    156. 

  156. #if INTERLEAVE >= 2
    157. 

  157. 	subs		w4, w4, #INTERLEAVE
    158. 

  158. 	bmi		.Lecbdec1x
    159. 

  159. #if INTERLEAVE == 2
    160. 

  160. 	ld1		{v0.16b-v1.16b}, [x1], #32	/* get 2 ct blocks */
    161. 

  161. 	do_decrypt_block2x
    162. 

  162. 	st1		{v0.16b-v1.16b}, [x0], #32
    163. 

  163. #else
    164. 

  164. 	ld1		{v0.16b-v3.16b}, [x1], #64	/* get 4 ct blocks */
    165. 

  165. 	do_decrypt_block4x
    166. 

  166. 	st1		{v0.16b-v3.16b}, [x0], #64
    167. 

  167. #endif
    168. 

  168. 	b		.LecbdecloopNx
    169. 

  169. .Lecbdec1x:
    170. 

  170. 	adds		w4, w4, #INTERLEAVE
    171. 

  171. 	beq		.Lecbdecout
    172. 

  172. #endif
    173. 

  173. .Lecbdecloop:
    174. 

  174. 	ld1		{v0.16b}, [x1], #16		/* get next ct block */
    175. 

  175. 	decrypt_block	v0, w3, x2, x5, w6
    176. 

  176. 	st1		{v0.16b}, [x0], #16
    177. 

  177. 	subs		w4, w4, #1
    178. 

  178. 	bne		.Lecbdecloop
    179. 

  179. .Lecbdecout:
    180. 

  180. 	FRAME_POP
    181. 

  181. 	ret
    182. 

  182. AES_ENDPROC(aes_ecb_decrypt)
    183. 

  183. 

  184. 

  185. 	/*
    186. 

  186. 	 * aes_cbc_encrypt(u8 out[], u8 const in[], u8 const rk[], int rounds,
    187. 

  187. 	 *		   int blocks, u8 iv[], int first)
    188. 

  188. 	 * aes_cbc_decrypt(u8 out[], u8 const in[], u8 const rk[], int rounds,
    189. 

  189. 	 *		   int blocks, u8 iv[], int first)
    190. 

  190. 	 */
    191. 

  191. 

  192. AES_ENTRY(aes_cbc_encrypt)
    193. 

  193. 	cbz		w6, .Lcbcencloop
    194. 

  194. 

  195. 	ld1		{v0.16b}, [x5]			/* get iv */
    196. 

  196. 	enc_prepare	w3, x2, x6
    197. 

  197. 

  198. .Lcbcencloop:
    199. 

  199. 	ld1		{v1.16b}, [x1], #16		/* get next pt block */
    200. 

  200. 	eor		v0.16b, v0.16b, v1.16b		/* ..and xor with iv */
    201. 

  201. 	encrypt_block	v0, w3, x2, x6, w7
    202. 

  202. 	st1		{v0.16b}, [x0], #16
    203. 

  203. 	subs		w4, w4, #1
    204. 

  204. 	bne		.Lcbcencloop
    205. 

  205. 	st1		{v0.16b}, [x5]			/* return iv */
    206. 

  206. 	ret
    207. 

  207. AES_ENDPROC(aes_cbc_encrypt)
    208. 

  208. 

  209. 

  210. AES_ENTRY(aes_cbc_decrypt)
    211. 

  211. 	FRAME_PUSH
    212. 

  212. 	cbz		w6, .LcbcdecloopNx
    213. 

  213. 

  214. 	ld1		{v7.16b}, [x5]			/* get iv */
    215. 

  215. 	dec_prepare	w3, x2, x6
    216. 

  216. 

  217. .LcbcdecloopNx:
    218. 

  218. #if INTERLEAVE >= 2
    219. 

  219. 	subs		w4, w4, #INTERLEAVE
    220. 

  220. 	bmi		.Lcbcdec1x
    221. 

  221. #if INTERLEAVE == 2
    222. 

  222. 	ld1		{v0.16b-v1.16b}, [x1], #32	/* get 2 ct blocks */
    223. 

  223. 	mov		v2.16b, v0.16b
    224. 

  224. 	mov		v3.16b, v1.16b
    225. 

  225. 	do_decrypt_block2x
    226. 

  226. 	eor		v0.16b, v0.16b, v7.16b
    227. 

  227. 	eor		v1.16b, v1.16b, v2.16b
    228. 

  228. 	mov		v7.16b, v3.16b
    229. 

  229. 	st1		{v0.16b-v1.16b}, [x0], #32
    230. 

  230. #else
    231. 

  231. 	ld1		{v0.16b-v3.16b}, [x1], #64	/* get 4 ct blocks */
    232. 

  232. 	mov		v4.16b, v0.16b
    233. 

  233. 	mov		v5.16b, v1.16b
    234. 

  234. 	mov		v6.16b, v2.16b
    235. 

  235. 	do_decrypt_block4x
    236. 

  236. 	sub		x1, x1, #16
    237. 

  237. 	eor		v0.16b, v0.16b, v7.16b
    238. 

  238. 	eor		v1.16b, v1.16b, v4.16b
    239. 

  239. 	ld1		{v7.16b}, [x1], #16		/* reload 1 ct block */
    240. 

  240. 	eor		v2.16b, v2.16b, v5.16b
    241. 

  241. 	eor		v3.16b, v3.16b, v6.16b
    242. 

  242. 	st1		{v0.16b-v3.16b}, [x0], #64
    243. 

  243. #endif
    244. 

  244. 	b		.LcbcdecloopNx
    245. 

  245. .Lcbcdec1x:
    246. 

  246. 	adds		w4, w4, #INTERLEAVE
    247. 

  247. 	beq		.Lcbcdecout
    248. 

  248. #endif
    249. 

  249. .Lcbcdecloop:
    250. 

  250. 	ld1		{v1.16b}, [x1], #16		/* get next ct block */
    251. 

  251. 	mov		v0.16b, v1.16b			/* ...and copy to v0 */
    252. 

  252. 	decrypt_block	v0, w3, x2, x6, w7
    253. 

  253. 	eor		v0.16b, v0.16b, v7.16b		/* xor with iv => pt */
    254. 

  254. 	mov		v7.16b, v1.16b			/* ct is next iv */
    255. 

  255. 	st1		{v0.16b}, [x0], #16
    256. 

  256. 	subs		w4, w4, #1
    257. 

  257. 	bne		.Lcbcdecloop
    258. 

  258. .Lcbcdecout:
    259. 

  259. 	FRAME_POP
    260. 

  260. 	st1		{v7.16b}, [x5]			/* return iv */
    261. 

  261. 	ret
    262. 

  262. AES_ENDPROC(aes_cbc_decrypt)
    263. 

  263. 

  264. 

  265. 	/*
    266. 

  266. 	 * aes_ctr_encrypt(u8 out[], u8 const in[], u8 const rk[], int rounds,
    267. 

  267. 	 *		   int blocks, u8 ctr[], int first)
    268. 

  268. 	 */
    269. 

  269. 

  270. AES_ENTRY(aes_ctr_encrypt)
    271. 

  271. 	FRAME_PUSH
    272. 

  272. 	cbz		w6, .Lctrnotfirst	/* 1st time around? */
    273. 

  273. 	enc_prepare	w3, x2, x6
    274. 

  274. 	ld1		{v4.16b}, [x5]
    275. 

  275. 

  276. .Lctrnotfirst:
    277. 

  277. 	umov		x8, v4.d[1]		/* keep swabbed ctr in reg */
    278. 

  278. 	rev		x8, x8
    279. 

  279. #if INTERLEAVE >= 2
    280. 

  280. 	cmn		w8, w4			/* 32 bit overflow? */
    281. 

  281. 	bcs		.Lctrloop
    282. 

  282. .LctrloopNx:
    283. 

  283. 	subs		w4, w4, #INTERLEAVE
    284. 

  284. 	bmi		.Lctr1x
    285. 

  285. #if INTERLEAVE == 2
    286. 

  286. 	mov		v0.8b, v4.8b
    287. 

  287. 	mov		v1.8b, v4.8b
    288. 

  288. 	rev		x7, x8
    289. 

  289. 	add		x8, x8, #1
    290. 

  290. 	ins		v0.d[1], x7
    291. 

  291. 	rev		x7, x8
    292. 

  292. 	add		x8, x8, #1
    293. 

  293. 	ins		v1.d[1], x7
    294. 

  294. 	ld1		{v2.16b-v3.16b}, [x1], #32	/* get 2 input blocks */
    295. 

  295. 	do_encrypt_block2x
    296. 

  296. 	eor		v0.16b, v0.16b, v2.16b
    297. 

  297. 	eor		v1.16b, v1.16b, v3.16b
    298. 

  298. 	st1		{v0.16b-v1.16b}, [x0], #32
    299. 

  299. #else
    300. 

  300. 	ldr		q8, =0x30000000200000001	/* addends 1,2,3[,0] */
    301. 

  301. 	dup		v7.4s, w8
    302. 

  302. 	mov		v0.16b, v4.16b
    303. 

  303. 	add		v7.4s, v7.4s, v8.4s
    304. 

  304. 	mov		v1.16b, v4.16b
    305. 

  305. 	rev32		v8.16b, v7.16b
    306. 

  306. 	mov		v2.16b, v4.16b
    307. 

  307. 	mov		v3.16b, v4.16b
    308. 

  308. 	mov		v1.s[3], v8.s[0]
    309. 

  309. 	mov		v2.s[3], v8.s[1]
    310. 

  310. 	mov		v3.s[3], v8.s[2]
    311. 

  311. 	ld1		{v5.16b-v7.16b}, [x1], #48	/* get 3 input blocks */
    312. 

  312. 	do_encrypt_block4x
    313. 

  313. 	eor		v0.16b, v5.16b, v0.16b
    314. 

  314. 	ld1		{v5.16b}, [x1], #16		/* get 1 input block  */
    315. 

  315. 	eor		v1.16b, v6.16b, v1.16b
    316. 

  316. 	eor		v2.16b, v7.16b, v2.16b
    317. 

  317. 	eor		v3.16b, v5.16b, v3.16b
    318. 

  318. 	st1		{v0.16b-v3.16b}, [x0], #64
    319. 

  319. 	add		x8, x8, #INTERLEAVE
    320. 

  320. #endif
    321. 

  321. 	rev		x7, x8
    322. 

  322. 	ins		v4.d[1], x7
    323. 

  323. 	cbz		w4, .Lctrout
    324. 

  324. 	b		.LctrloopNx
    325. 

  325. .Lctr1x:
    326. 

  326. 	adds		w4, w4, #INTERLEAVE
    327. 

  327. 	beq		.Lctrout
    328. 

  328. #endif
    329. 

  329. .Lctrloop:
    330. 

  330. 	mov		v0.16b, v4.16b
    331. 

  331. 	encrypt_block	v0, w3, x2, x6, w7
    332. 

  332. 

  333. 	adds		x8, x8, #1		/* increment BE ctr */
    334. 

  334. 	rev		x7, x8
    335. 

  335. 	ins		v4.d[1], x7
    336. 

  336. 	bcs		.Lctrcarry		/* overflow? */
    337. 

  337. 

  338. .Lctrcarrydone:
    339. 

  339. 	subs		w4, w4, #1
    340. 

  340. 	bmi		.Lctrhalfblock		/* blocks < 0 means 1/2 block */
    341. 

  341. 	ld1		{v3.16b}, [x1], #16
    342. 

  342. 	eor		v3.16b, v0.16b, v3.16b
    343. 

  343. 	st1		{v3.16b}, [x0], #16
    344. 

  344. 	bne		.Lctrloop
    345. 

  345. 

  346. .Lctrout:
    347. 

  347. 	st1		{v4.16b}, [x5]		/* return next CTR value */
    348. 

  348. 	FRAME_POP
    349. 

  349. 	ret
    350. 

  350. 

  351. .Lctrhalfblock:
    352. 

  352. 	ld1		{v3.8b}, [x1]
    353. 

  353. 	eor		v3.8b, v0.8b, v3.8b
    354. 

  354. 	st1		{v3.8b}, [x0]
    355. 

  355. 	FRAME_POP
    356. 

  356. 	ret
    357. 

  357. 

  358. .Lctrcarry:
    359. 

  359. 	umov		x7, v4.d[0]		/* load upper word of ctr  */
    360. 

  360. 	rev		x7, x7			/* ... to handle the carry */
    361. 

  361. 	add		x7, x7, #1
    362. 

  362. 	rev		x7, x7
    363. 

  363. 	ins		v4.d[0], x7
    364. 

  364. 	b		.Lctrcarrydone
    365. 

  365. AES_ENDPROC(aes_ctr_encrypt)
    366. 

  366. 	.ltorg
    367. 

  367. 

  368. 

  369. 	/*
    370. 

  370. 	 * aes_xts_decrypt(u8 out[], u8 const in[], u8 const rk1[], int rounds,
    371. 

  371. 	 *		   int blocks, u8 const rk2[], u8 iv[], int first)
    372. 

  372. 	 * aes_xts_decrypt(u8 out[], u8 const in[], u8 const rk1[], int rounds,
    373. 

  373. 	 *		   int blocks, u8 const rk2[], u8 iv[], int first)
    374. 

  374. 	 */
    375. 

  375. 

  376. 	.macro		next_tweak, out, in, const, tmp
    377. 

  377. 	sshr		\tmp\().2d,  \in\().2d,   #63
    378. 

  378. 	and		\tmp\().16b, \tmp\().16b, \const\().16b
    379. 

  379. 	add		\out\().2d,  \in\().2d,   \in\().2d
    380. 

  380. 	ext		\tmp\().16b, \tmp\().16b, \tmp\().16b, #8
    381. 

  381. 	eor		\out\().16b, \out\().16b, \tmp\().16b
    382. 

  382. 	.endm
    383. 

  383. 

  384. .Lxts_mul_x:
    385. 

  385. CPU_LE(	.quad		1, 0x87		)
    386. 

  386. CPU_BE(	.quad		0x87, 1		)
    387. 

  387. 

  388. AES_ENTRY(aes_xts_encrypt)
    389. 

  389. 	FRAME_PUSH
    390. 

  390. 	cbz		w7, .LxtsencloopNx
    391. 

  391. 

  392. 	ld1		{v4.16b}, [x6]
    393. 

  393. 	enc_prepare	w3, x5, x6
    394. 

  394. 	encrypt_block	v4, w3, x5, x6, w7		/* first tweak */
    395. 

  395. 	enc_switch_key	w3, x2, x6
    396. 

  396. 	ldr		q7, .Lxts_mul_x
    397. 

  397. 	b		.LxtsencNx
    398. 

  398. 

  399. .LxtsencloopNx:
    400. 

  400. 	ldr		q7, .Lxts_mul_x
    401. 

  401. 	next_tweak	v4, v4, v7, v8
    402. 

  402. .LxtsencNx:
    403. 

  403. #if INTERLEAVE >= 2
    404. 

  404. 	subs		w4, w4, #INTERLEAVE
    405. 

  405. 	bmi		.Lxtsenc1x
    406. 

  406. #if INTERLEAVE == 2
    407. 

  407. 	ld1		{v0.16b-v1.16b}, [x1], #32	/* get 2 pt blocks */
    408. 

  408. 	next_tweak	v5, v4, v7, v8
    409. 

  409. 	eor		v0.16b, v0.16b, v4.16b
    410. 

  410. 	eor		v1.16b, v1.16b, v5.16b
    411. 

  411. 	do_encrypt_block2x
    412. 

  412. 	eor		v0.16b, v0.16b, v4.16b
    413. 

  413. 	eor		v1.16b, v1.16b, v5.16b
    414. 

  414. 	st1		{v0.16b-v1.16b}, [x0], #32
    415. 

  415. 	cbz		w4, .LxtsencoutNx
    416. 

  416. 	next_tweak	v4, v5, v7, v8
    417. 

  417. 	b		.LxtsencNx
    418. 

  418. .LxtsencoutNx:
    419. 

  419. 	mov		v4.16b, v5.16b
    420. 

  420. 	b		.Lxtsencout
    421. 

  421. #else
    422. 

  422. 	ld1		{v0.16b-v3.16b}, [x1], #64	/* get 4 pt blocks */
    423. 

  423. 	next_tweak	v5, v4, v7, v8
    424. 

  424. 	eor		v0.16b, v0.16b, v4.16b
    425. 

  425. 	next_tweak	v6, v5, v7, v8
    426. 

  426. 	eor		v1.16b, v1.16b, v5.16b
    427. 

  427. 	eor		v2.16b, v2.16b, v6.16b
    428. 

  428. 	next_tweak	v7, v6, v7, v8
    429. 

  429. 	eor		v3.16b, v3.16b, v7.16b
    430. 

  430. 	do_encrypt_block4x
    431. 

  431. 	eor		v3.16b, v3.16b, v7.16b
    432. 

  432. 	eor		v0.16b, v0.16b, v4.16b
    433. 

  433. 	eor		v1.16b, v1.16b, v5.16b
    434. 

  434. 	eor		v2.16b, v2.16b, v6.16b
    435. 

  435. 	st1		{v0.16b-v3.16b}, [x0], #64
    436. 

  436. 	mov		v4.16b, v7.16b
    437. 

  437. 	cbz		w4, .Lxtsencout
    438. 

  438. 	b		.LxtsencloopNx
    439. 

  439. #endif
    440. 

  440. .Lxtsenc1x:
    441. 

  441. 	adds		w4, w4, #INTERLEAVE
    442. 

  442. 	beq		.Lxtsencout
    443. 

  443. #endif
    444. 

  444. .Lxtsencloop:
    445. 

  445. 	ld1		{v1.16b}, [x1], #16
    446. 

  446. 	eor		v0.16b, v1.16b, v4.16b
    447. 

  447. 	encrypt_block	v0, w3, x2, x6, w7
    448. 

  448. 	eor		v0.16b, v0.16b, v4.16b
    449. 

  449. 	st1		{v0.16b}, [x0], #16
    450. 

  450. 	subs		w4, w4, #1
    451. 

  451. 	beq		.Lxtsencout
    452. 

  452. 	next_tweak	v4, v4, v7, v8
    453. 

  453. 	b		.Lxtsencloop
    454. 

  454. .Lxtsencout:
    455. 

  455. 	FRAME_POP
    456. 

  456. 	ret
    457. 

  457. AES_ENDPROC(aes_xts_encrypt)
    458. 

  458. 

  459. 

  460. AES_ENTRY(aes_xts_decrypt)
    461. 

  461. 	FRAME_PUSH
    462. 

  462. 	cbz		w7, .LxtsdecloopNx
    463. 

  463. 

  464. 	ld1		{v4.16b}, [x6]
    465. 

  465. 	enc_prepare	w3, x5, x6
    466. 

  466. 	encrypt_block	v4, w3, x5, x6, w7		/* first tweak */
    467. 

  467. 	dec_prepare	w3, x2, x6
    468. 

  468. 	ldr		q7, .Lxts_mul_x
    469. 

  469. 	b		.LxtsdecNx
    470. 

  470. 

  471. .LxtsdecloopNx:
    472. 

  472. 	ldr		q7, .Lxts_mul_x
    473. 

  473. 	next_tweak	v4, v4, v7, v8
    474. 

  474. .LxtsdecNx:
    475. 

  475. #if INTERLEAVE >= 2
    476. 

  476. 	subs		w4, w4, #INTERLEAVE
    477. 

  477. 	bmi		.Lxtsdec1x
    478. 

  478. #if INTERLEAVE == 2
    479. 

  479. 	ld1		{v0.16b-v1.16b}, [x1], #32	/* get 2 ct blocks */
    480. 

  480. 	next_tweak	v5, v4, v7, v8
    481. 

  481. 	eor		v0.16b, v0.16b, v4.16b
    482. 

  482. 	eor		v1.16b, v1.16b, v5.16b
    483. 

  483. 	do_decrypt_block2x
    484. 

  484. 	eor		v0.16b, v0.16b, v4.16b
    485. 

  485. 	eor		v1.16b, v1.16b, v5.16b
    486. 

  486. 	st1		{v0.16b-v1.16b}, [x0], #32
    487. 

  487. 	cbz		w4, .LxtsdecoutNx
    488. 

  488. 	next_tweak	v4, v5, v7, v8
    489. 

  489. 	b		.LxtsdecNx
    490. 

  490. .LxtsdecoutNx:
    491. 

  491. 	mov		v4.16b, v5.16b
    492. 

  492. 	b		.Lxtsdecout
    493. 

  493. #else
    494. 

  494. 	ld1		{v0.16b-v3.16b}, [x1], #64	/* get 4 ct blocks */
    495. 

  495. 	next_tweak	v5, v4, v7, v8
    496. 

  496. 	eor		v0.16b, v0.16b, v4.16b
    497. 

  497. 	next_tweak	v6, v5, v7, v8
    498. 

  498. 	eor		v1.16b, v1.16b, v5.16b
    499. 

  499. 	eor		v2.16b, v2.16b, v6.16b
    500. 

  500. 	next_tweak	v7, v6, v7, v8
    501. 

  501. 	eor		v3.16b, v3.16b, v7.16b
    502. 

  502. 	do_decrypt_block4x
    503. 

  503. 	eor		v3.16b, v3.16b, v7.16b
    504. 

  504. 	eor		v0.16b, v0.16b, v4.16b
    505. 

  505. 	eor		v1.16b, v1.16b, v5.16b
    506. 

  506. 	eor		v2.16b, v2.16b, v6.16b
    507. 

  507. 	st1		{v0.16b-v3.16b}, [x0], #64
    508. 

  508. 	mov		v4.16b, v7.16b
    509. 

  509. 	cbz		w4, .Lxtsdecout
    510. 

  510. 	b		.LxtsdecloopNx
    511. 

  511. #endif
    512. 

  512. .Lxtsdec1x:
    513. 

  513. 	adds		w4, w4, #INTERLEAVE
    514. 

  514. 	beq		.Lxtsdecout
    515. 

  515. #endif
    516. 

  516. .Lxtsdecloop:
    517. 

  517. 	ld1		{v1.16b}, [x1], #16
    518. 

  518. 	eor		v0.16b, v1.16b, v4.16b
    519. 

  519. 	decrypt_block	v0, w3, x2, x6, w7
    520. 

  520. 	eor		v0.16b, v0.16b, v4.16b
    521. 

  521. 	st1		{v0.16b}, [x0], #16
    522. 

  522. 	subs		w4, w4, #1
    523. 

  523. 	beq		.Lxtsdecout
    524. 

  524. 	next_tweak	v4, v4, v7, v8
    525. 

  525. 	b		.Lxtsdecloop
    526. 

  526. .Lxtsdecout:
    527. 

  527. 	FRAME_POP
    528. 

  528. 	ret
    529. 

  529. AES_ENDPROC(aes_xts_decrypt)
    530.