1/* SPDX-License-Identifier: BSD-2-Clause */
2/*
3 * Copyright (c) 2014-2020, Linaro Limited
4 */
5
6/* SHA-1 secure hash using ARMv8 Crypto Extensions */
7
8#include <asm.S>
9
10	.fpu		crypto-neon-fp-armv8
11
12	k0		.req	q0
13	k1		.req	q1
14	k2		.req	q2
15	k3		.req	q3
16
17	ta0		.req	q4
18	ta1		.req	q5
19	tb0		.req	q5
20	tb1		.req	q4
21
22	dga		.req	q6
23	dgb		.req	q7
24	dgbs		.req	s28
25
26	dg0		.req	q12
27
28	dg1a0		.req	q13
29	dg1a1		.req	q14
30	dg1b0		.req	q14
31	dg1b1		.req	q13
32
33	.macro		add_only, op, ev, rc, s0, dg1
34	.ifnb		\s0
35	vadd.u32	tb\ev, q\s0, \rc
36	.endif
37	sha1h.32	dg1b\ev, dg0
38	.ifb		\dg1
39	sha1\op\().32	dg0, dg1a\ev, ta\ev
40	.else
41	sha1\op\().32	dg0, \dg1, ta\ev
42	.endif
43	.endm
44
45	.macro		add_update, op, ev, rc, s0, s1, s2, s3, dg1
46	sha1su0.32	q\s0, q\s1, q\s2
47	add_only	\op, \ev, \rc, \s1, \dg1
48	sha1su1.32	q\s0, q\s3
49	.endm
50
51
52FUNC sha1_ce_transform , :
53	/* load round constants */
54	adr		r3, .Lsha1_rcon
55	vld1.32		{k0-k1}, [r3]!
56	vld1.32		{k2-k3}, [r3]
57
58	/* load state */
59	vld1.32		{dga}, [r0]
60	vldr		dgbs, [r0, #16]
61
620:	/* load input */
63	vld1.8		{q8-q9}, [r1]!
64	vrev32.8	q8, q8
65	vrev32.8	q9, q9
66	vld1.8		{q10-q11}, [r1]!
67	vrev32.8	q10, q10
68	vrev32.8	q11, q11
69	subs		r2, r2, #1
70
71	vadd.u32	ta0, q8, k0
72	vmov		dg0, dga
73
74	add_update	c, 0, k0,  8,  9, 10, 11, dgb
75	add_update	c, 1, k0,  9, 10, 11,  8
76	add_update	c, 0, k0, 10, 11,  8,  9
77	add_update	c, 1, k0, 11,  8,  9, 10
78	add_update	c, 0, k1,  8,  9, 10, 11
79
80	add_update	p, 1, k1,  9, 10, 11,  8
81	add_update	p, 0, k1, 10, 11,  8,  9
82	add_update	p, 1, k1, 11,  8,  9, 10
83	add_update	p, 0, k1,  8,  9, 10, 11
84	add_update	p, 1, k2,  9, 10, 11,  8
85
86	add_update	m, 0, k2, 10, 11,  8,  9
87	add_update	m, 1, k2, 11,  8,  9, 10
88	add_update	m, 0, k2,  8,  9, 10, 11
89	add_update	m, 1, k2,  9, 10, 11,  8
90	add_update	m, 0, k3, 10, 11,  8,  9
91
92	add_update	p, 1, k3, 11,  8,  9, 10
93	add_only	p, 0, k3,  9
94	add_only	p, 1, k3, 10
95	add_only	p, 0, k3, 11
96	add_only	p, 1
97
98	/* update state */
99	vadd.u32	dga, dga, dg0
100	vadd.u32	dgb, dgb, dg1a0
101	bne		0b
102
103	/* store new state */
104	vst1.32		{dga}, [r0]
105	vstr		dgbs, [r0, #16]
106	bx		lr
107
108	.align		4
109.Lsha1_rcon:
110	.word		0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999
111	.word		0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1
112	.word		0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc
113	.word		0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6
114END_FUNC sha1_ce_transform
115