
     1  // Copyright 2016 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     5  #include "textflag.h"
     7  // func cryptBlocks(c code, key, dst, src *byte, length int)
     8  TEXT ·cryptBlocks(SB),NOSPLIT,$0-40
     9  	MOVD	key+8(FP), R1
    10  	MOVD	dst+16(FP), R2
    11  	MOVD	src+24(FP), R4
    12  	MOVD	length+32(FP), R5
    13  	MOVD	c+0(FP), R0
    14  loop:
    15  	WORD	$0xB92E0024 // cipher message (KM)
    16  	BVS	loop        // branch back if interrupted
    17  	XOR	R0, R0
    18  	RET
    20  // func cryptBlocksChain(c code, iv, key, dst, src *byte, length int)
    21  TEXT ·cryptBlocksChain(SB),NOSPLIT,$48-48
    22  	LA	params-48(SP), R1
    23  	MOVD	iv+8(FP), R8
    24  	MOVD	key+16(FP), R9
    25  	MVC	$16, 0(R8), 0(R1)  // move iv into params
    26  	MVC	$32, 0(R9), 16(R1) // move key into params
    27  	MOVD	dst+24(FP), R2
    28  	MOVD	src+32(FP), R4
    29  	MOVD	length+40(FP), R5
    30  	MOVD	c+0(FP), R0
    31  loop:
    32  	WORD	$0xB92F0024       // cipher message with chaining (KMC)
    33  	BVS	loop              // branch back if interrupted
    34  	XOR	R0, R0
    35  	MVC	$16, 0(R1), 0(R8) // update iv
    36  	RET
    38  // func xorBytes(dst, a, b []byte) int
    39  TEXT ·xorBytes(SB),NOSPLIT,$0-80
    40  	MOVD	dst_base+0(FP), R1
    41  	MOVD	a_base+24(FP), R2
    42  	MOVD	b_base+48(FP), R3
    43  	MOVD	a_len+32(FP), R4
    44  	MOVD	b_len+56(FP), R5
    45  	CMPBLE	R4, R5, skip
    46  	MOVD	R5, R4
    47  skip:
    48  	MOVD	R4, ret+72(FP)
    49  	MOVD	$0, R5
    50  	CMPBLT	R4, $8, tail
    51  loop:
    52  	MOVD	0(R2)(R5*1), R7
    53  	MOVD	0(R3)(R5*1), R8
    54  	XOR	R7, R8
    55  	MOVD	R8, 0(R1)(R5*1)
    56  	LAY	8(R5), R5
    57  	SUB	$8, R4
    58  	CMPBGE	R4, $8, loop
    59  tail:
    60  	CMPBEQ	R4, $0, done
    61  	MOVB	0(R2)(R5*1), R7
    62  	MOVB	0(R3)(R5*1), R8
    63  	XOR	R7, R8
    64  	MOVB	R8, 0(R1)(R5*1)
    65  	LAY	1(R5), R5
    66  	SUB	$1, R4
    67  	BR	tail
    68  done:
    69  	RET
    71  // func cryptBlocksGCM(fn code, key, dst, src, buf []byte, cnt *[16]byte)
    72  TEXT ·cryptBlocksGCM(SB),NOSPLIT,$0-112
    73  	MOVD	src_len+64(FP), R0
    74  	MOVD	buf_base+80(FP), R1
    75  	MOVD	cnt+104(FP), R12
    76  	LMG	(R12), R2, R3
    78  	// Check that the src size is less than or equal to the buffer size.
    79  	MOVD	buf_len+88(FP), R4
    80  	CMP	R0, R4
    81  	BGT	crash
    83  	// Check that the src size is a multiple of 16-bytes.
    84  	MOVD	R0, R4
    85  	AND	$0xf, R4
    86  	BLT	crash // non-zero
    88  	// Check that the src size is less than or equal to the dst size.
    89  	MOVD	dst_len+40(FP), R4
    90  	CMP	R0, R4
    91  	BGT	crash
    93  	MOVD	R2, R4
    94  	MOVD	R2, R6
    95  	MOVD	R2, R8
    96  	MOVD	R3, R5
    97  	MOVD	R3, R7
    98  	MOVD	R3, R9
    99  	ADDW	$1, R5
   100  	ADDW	$2, R7
   101  	ADDW	$3, R9
   102  incr:
   103  	CMP	R0, $64
   104  	BLT	tail
   105  	STMG	R2, R9, (R1)
   106  	ADDW	$4, R3
   107  	ADDW	$4, R5
   108  	ADDW	$4, R7
   109  	ADDW	$4, R9
   110  	MOVD	$64(R1), R1
   111  	SUB	$64, R0
   112  	BR	incr
   113  tail:
   114  	CMP	R0, $0
   115  	BEQ	crypt
   116  	STMG	R2, R3, (R1)
   117  	ADDW	$1, R3
   118  	MOVD	$16(R1), R1
   119  	SUB	$16, R0
   120  	BR	tail
   121  crypt:
   122  	STMG	R2, R3, (R12)       // update next counter value
   123  	MOVD	fn+0(FP), R0        // function code (encryption)
   124  	MOVD	key_base+8(FP), R1  // key
   125  	MOVD	buf_base+80(FP), R2 // counter values
   126  	MOVD	dst_base+32(FP), R4 // dst
   127  	MOVD	src_base+56(FP), R6 // src
   128  	MOVD	src_len+64(FP), R7  // len
   129  loop:
   130  	WORD	$0xB92D2046         // cipher message with counter (KMCTR)
   131  	BVS	loop                // branch back if interrupted
   132  	RET
   133  crash:
   134  	MOVD	$0, (R0)
   135  	RET
   137  // func ghash(key *gcmHashKey, hash *[16]byte, data []byte)
   138  TEXT ·ghash(SB),NOSPLIT,$32-40
   139  	MOVD    $65, R0 // GHASH function code
   140  	MOVD	key+0(FP), R2
   141  	LMG	(R2), R6, R7
   142  	MOVD	hash+8(FP), R8
   143  	LMG	(R8), R4, R5
   144  	MOVD	$params-32(SP), R1
   145  	STMG	R4, R7, (R1)
   146  	LMG	data+16(FP), R2, R3 // R2=base, R3=len
   147  loop:
   148  	WORD    $0xB93E0002 // compute intermediate message digest (KIMD)
   149  	BVS     loop        // branch back if interrupted
   150  	MVC     $16, (R1), (R8)
   151  	MOVD	$0, R0
   152  	RET
   154  // func supportsKMA() bool
   155  TEXT ·supportsKMA(SB),NOSPLIT,$24-1
   156  	MOVD	$tmp-24(SP), R1
   157  	MOVD	$2, R0       // store 24-bytes
   158  	XC	$24, (R1), (R1)
   159  	WORD	$0xb2b01000  // STFLE (R1)
   160  	MOVWZ	16(R1), R2
   161  	ANDW	$(1<<13), R2 // test bit 146 (message-security-assist 8)
   162  	BEQ	no
   164  	MOVD	$0, R0       // KMA-Query
   165  	XC	$16, (R1), (R1)
   166  	WORD	$0xb9296024  // kma %r6,%r2,%r4
   167  	MOVWZ	(R1), R2
   168  	WORD	$0xa7213800  // TMLL R2, $0x3800
   169  	BVS	yes
   170  no:
   171  	MOVB	$0, ret+0(FP)
   172  	RET
   173  yes:
   174  	MOVB	$1, ret+0(FP)
   175  	RET
   177  // func kmaGCM(fn code, key, dst, src, aad []byte, tag *[16]byte, cnt *gcmCount)
   178  TEXT ·kmaGCM(SB),NOSPLIT,$112-120
   179  	MOVD	fn+0(FP), R0
   180  	MOVD	$params-112(SP), R1
   182  	// load ptr/len pairs
   183  	LMG	dst+32(FP), R2, R3 // R2=base R3=len
   184  	LMG	src+56(FP), R4, R5 // R4=base R5=len
   185  	LMG	aad+80(FP), R6, R7 // R6=base R7=len
   187  	// setup parameters
   188  	MOVD	cnt+112(FP), R8
   189  	XC	$12, (R1), (R1)     // reserved
   190  	MVC	$4, 12(R8), 12(R1)  // set chain value
   191  	MVC	$16, (R8), 64(R1)   // set initial counter value
   192  	XC	$32, 16(R1), 16(R1) // set hash subkey and tag
   193  	SLD	$3, R7, R12
   194  	MOVD	R12, 48(R1)         // set total AAD length
   195  	SLD	$3, R5, R12
   196  	MOVD	R12, 56(R1)         // set total plaintext/ciphertext length
   198  	LMG	key+8(FP), R8, R9   // R8=base R9=len
   199  	MVC	$16, (R8), 80(R1)   // set key
   200  	CMPBEQ	R9, $16, kma
   201  	MVC	$8, 16(R8), 96(R1)
   202  	CMPBEQ	R9, $24, kma
   203  	MVC	$8, 24(R8), 104(R1)
   205  kma:
   206  	WORD	$0xb9296024 // kma %r6,%r2,%r4
   207  	BVS	kma
   209  	MOVD	tag+104(FP), R2
   210  	MVC	$16, 16(R1), 0(R2) // copy tag to output
   211  	MOVD	cnt+112(FP), R8
   212  	MVC	$4, 12(R1), 12(R8) // update counter value
   214  	RET