1
/* SPDX-License-Identifier: Apache-2.0 OR BSD-2-Clause */
2
//
3
// This file is dual-licensed, meaning that you can use it under your
4
// choice of either of the following two licenses:
5
//
6
// Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
7
//
8
// Licensed under the Apache License 2.0 (the "License"). You can obtain
9
// a copy in the file LICENSE in the source distribution or at
10
// https://www.openssl.org/source/license.html
11
//
12
// or
13
//
14
// Copyright (c) 2023, Christoph Müllner <christoph.muellner@vrull.eu>
15
// Copyright (c) 2023, Jerry Shih <jerry.shih@sifive.com>
16
// Copyright 2024 Google LLC
17
// All rights reserved.
18
//
19
// Redistribution and use in source and binary forms, with or without
20
// modification, are permitted provided that the following conditions
21
// are met:
22
// 1. Redistributions of source code must retain the above copyright
23
//    notice, this list of conditions and the following disclaimer.
24
// 2. Redistributions in binary form must reproduce the above copyright
25
//    notice, this list of conditions and the following disclaimer in the
26
//    documentation and/or other materials provided with the distribution.
27
//
28
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
31
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
33
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
34
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
38
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39

40
// The generated code of this file depends on the following RISC-V extensions:
41
// - RV64I
42
// - RISC-V Vector ('V') with VLEN >= 128
43
// - RISC-V Vector SM4 Block Cipher extension ('Zvksed')
44
// - RISC-V Vector Cryptography Bit-manipulation extension ('Zvkb')
45

46
#include <linux/linkage.h>
47

48
.text
49
.option arch, +zvksed, +zvkb
50

51
// void sm4_expandkey_zksed_zvkb(const u8 user_key[16], u32 rkey_enc[32],
52
//				 u32 rkey_dec[32]);
53
SYM_FUNC_START(sm4_expandkey_zvksed_zvkb)
54
	vsetivli	zero, 4, e32, m1, ta, ma
55

56
	// Load the user key.
57
	vle32.v		v1, (a0)
58
	vrev8.v		v1, v1
59

60
	// XOR the user key with the family key.
61
	la		t0, FAMILY_KEY
62
	vle32.v		v2, (t0)
63
	vxor.vv		v1, v1, v2
64

65
	// Compute the round keys.  Store them in forwards order in rkey_enc
66
	// and in reverse order in rkey_dec.
67
	addi		a2, a2, 31*4
68
	li		t0, -4
69
	.set		i, 0
70
.rept 8
71
	vsm4k.vi	v1, v1, i
72
	vse32.v		v1, (a1)	// Store to rkey_enc.
73
	vsse32.v	v1, (a2), t0	// Store to rkey_dec.
74
.if i < 7
75
	addi		a1, a1, 16
76
	addi		a2, a2, -16
77
.endif
78
	.set		i, i + 1
79
.endr
80

81
	ret
82
SYM_FUNC_END(sm4_expandkey_zvksed_zvkb)
83

84
// void sm4_crypt_zvksed_zvkb(const u32 rkey[32], const u8 in[16], u8 out[16]);
85
SYM_FUNC_START(sm4_crypt_zvksed_zvkb)
86
	vsetivli	zero, 4, e32, m1, ta, ma
87

88
	// Load the input data.
89
	vle32.v		v1, (a1)
90
	vrev8.v		v1, v1
91

92
	// Do the 32 rounds of SM4, 4 at a time.
93
	.set		i, 0
94
.rept 8
95
	vle32.v		v2, (a0)
96
	vsm4r.vs	v1, v2
97
.if i < 7
98
	addi		a0, a0, 16
99
.endif
100
	.set		i, i + 1
101
.endr
102

103
	// Store the output data (in reverse element order).
104
	vrev8.v		v1, v1
105
	li		t0, -4
106
	addi		a2, a2, 12
107
	vsse32.v	v1, (a2), t0
108

109
	ret
110
SYM_FUNC_END(sm4_crypt_zvksed_zvkb)
111

112
.section ".rodata"
113
.p2align 2
114
.type FAMILY_KEY, @object
115
FAMILY_KEY:
116
	.word 0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC
117
.size FAMILY_KEY, . - FAMILY_KEY
118

119