Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 55ca75dd8f
Branches Tags
openssl
/
crypto
/
aes
/
asm
/
aes-riscv64-zkn.pl

aes-riscv64-zkn.pl 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594 
  1. #! /usr/bin/env perl
    2. 

  2. # This file is dual-licensed, meaning that you can use it under your
    3. 

  3. # choice of either of the following two licenses:
    4. 

  4. #
    5. 

  5. # Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
    6. 

  6. #
    7. 

  7. # Licensed under the Apache License 2.0 (the "License"). You can obtain
    8. 

  8. # a copy in the file LICENSE in the source distribution or at
    9. 

  9. # https://www.openssl.org/source/license.html
    10. 

  10. #
    11. 

  11. # or
    12. 

  12. #
    13. 

  13. # Copyright (c) 2022, Hongren (Zenithal) Zheng <i@zenithal.me>
    14. 

  14. # All rights reserved.
    15. 

  15. #
    16. 

  16. # Redistribution and use in source and binary forms, with or without
    17. 

  17. # modification, are permitted provided that the following conditions
    18. 

  18. # are met:
    19. 

  19. # 1. Redistributions of source code must retain the above copyright
    20. 

  20. #    notice, this list of conditions and the following disclaimer.
    21. 

  21. # 2. Redistributions in binary form must reproduce the above copyright
    22. 

  22. #    notice, this list of conditions and the following disclaimer in the
    23. 

  23. #    documentation and/or other materials provided with the distribution.
    24. 

  24. #
    25. 

  25. # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    26. 

  26. # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    27. 

  27. # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    28. 

  28. # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    29. 

  29. # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    30. 

  30. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    31. 

  31. # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    32. 

  32. # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    33. 

  33. # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    34. 

  34. # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    35. 

  35. # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    36. 

  36. 

  37. use strict;
    38. 

  38. use warnings;
    39. 

  39. 

  40. use FindBin qw($Bin);
    41. 

  41. use lib "$Bin";
    42. 

  42. use lib "$Bin/../../perlasm";
    43. 

  43. use riscv;
    44. 

  44. 

  45. # $output is the last argument if it looks like a file (it has an extension)
    46. 

  46. # $flavour is the first argument if it doesn't look like a file
    47. 

  47. my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
    48. 

  48. my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
    49. 

  49. 

  50. $output and open STDOUT,">$output";
    51. 

  51. 

  52. ################################################################################
    53. 

  53. # Utility functions to help with keeping track of which registers to stack/
    54. 

  54. # unstack when entering / exiting routines.
    55. 

  55. ################################################################################
    56. 

  56. {
    57. 

  57.     # Callee-saved registers
    58. 

  58.     my @callee_saved = map("x$_",(2,8,9,18..27));
    59. 

  59.     # Caller-saved registers
    60. 

  60.     my @caller_saved = map("x$_",(1,5..7,10..17,28..31));
    61. 

  61.     my @must_save;
    62. 

  62.     sub use_reg {
    63. 

  63.         my $reg = shift;
    64. 

  64.         if (grep(/^$reg$/, @callee_saved)) {
    65. 

  65.             push(@must_save, $reg);
    66. 

  66.         } elsif (!grep(/^$reg$/, @caller_saved)) {
    67. 

  67.             # Register is not usable!
    68. 

  68.             die("Unusable register ".$reg);
    69. 

  69.         }
    70. 

  70.         return $reg;
    71. 

  71.     }
    72. 

  72.     sub use_regs {
    73. 

  73.         return map(use_reg("x$_"), @_);
    74. 

  74.     }
    75. 

  75.     sub save_regs {
    76. 

  76.         my $ret = '';
    77. 

  77.         my $stack_reservation = ($#must_save + 1) * 8;
    78. 

  78.         my $stack_offset = $stack_reservation;
    79. 

  79.         if ($stack_reservation % 16) {
    80. 

  80.             $stack_reservation += 8;
    81. 

  81.         }
    82. 

  82.         $ret.="    addi    sp,sp,-$stack_reservation\n";
    83. 

  83.         foreach (@must_save) {
    84. 

  84.             $stack_offset -= 8;
    85. 

  85.             $ret.="    sd      $_,$stack_offset(sp)\n";
    86. 

  86.         }
    87. 

  87.         return $ret;
    88. 

  88.     }
    89. 

  89.     sub load_regs {
    90. 

  90.         my $ret = '';
    91. 

  91.         my $stack_reservation = ($#must_save + 1) * 8;
    92. 

  92.         my $stack_offset = $stack_reservation;
    93. 

  93.         if ($stack_reservation % 16) {
    94. 

  94.             $stack_reservation += 8;
    95. 

  95.         }
    96. 

  96.         foreach (@must_save) {
    97. 

  97.             $stack_offset -= 8;
    98. 

  98.             $ret.="    ld      $_,$stack_offset(sp)\n";
    99. 

  99.         }
    100. 

  100.         $ret.="    addi    sp,sp,$stack_reservation\n";
    101. 

  101.         return $ret;
    102. 

  102.     }
    103. 

  103.     sub clear_regs {
    104. 

  104.         @must_save = ();
    105. 

  105.     }
    106. 

  106. }
    107. 

  107. 

  108. ################################################################################
    109. 

  109. # Register assignment for rv64i_zkne_encrypt and rv64i_zknd_decrypt
    110. 

  110. ################################################################################
    111. 

  111. 

  112. # Registers to hold AES state (called s0-s3 or y0-y3 elsewhere)
    113. 

  113. my ($Q0,$Q1,$Q2,$Q3) = use_regs(6..9);
    114. 

  114. 

  115. # Function arguments (x10-x12 are a0-a2 in the ABI)
    116. 

  116. # Input block pointer, output block pointer, key pointer
    117. 

  117. my ($INP,$OUTP,$KEYP) = use_regs(10..12);
    118. 

  118. 

  119. # Temporaries
    120. 

  120. my ($T0,$T1) = use_regs(13..14);
    121. 

  121. 

  122. # Loop counter
    123. 

  123. my ($loopcntr) = use_regs(30);
    124. 

  124. 

  125. ################################################################################
    126. 

  126. # void rv64i_zkne_encrypt(const unsigned char *in, unsigned char *out,
    127. 

  127. #   const AES_KEY *key);
    128. 

  128. ################################################################################
    129. 

  129. my $code .= <<___;
    130. 

  130. .text
    131. 

  131. .balign 16
    132. 

  132. .globl rv64i_zkne_encrypt
    133. 

  133. .type   rv64i_zkne_encrypt,\@function
    134. 

  134. rv64i_zkne_encrypt:
    135. 

  135. ___
    136. 

  136. 

  137. $code .= save_regs();
    138. 

  138. 

  139. $code .= <<___;
    140. 

  140. 

  141.     # Load input to block cipher
    142. 

  142.     ld      $Q0,0($INP)
    143. 

  143.     ld      $Q1,8($INP)
    144. 

  144. 

  145.     # Load key
    146. 

  146.     ld      $T0,0($KEYP)
    147. 

  147.     ld      $T1,8($KEYP)
    148. 

  148. 

  149.     # Load number of rounds
    150. 

  150.     lwu     $loopcntr,240($KEYP)
    151. 

  151. 

  152.     # initial transformation
    153. 

  153.     xor     $Q0,$Q0,$T0
    154. 

  154.     xor     $Q1,$Q1,$T1
    155. 

  155. 

  156.     # The main loop only executes the first N-1 rounds.
    157. 

  157.     add     $loopcntr,$loopcntr,-1
    158. 

  158. 

  159.     # Do Nr - 1 rounds (final round is special)
    160. 

  160. 1:
    161. 

  161.     @{[aes64esm $Q2,$Q0,$Q1]}
    162. 

  162.     @{[aes64esm $Q3,$Q1,$Q0]}
    163. 

  163. 

  164.     # Update key ptr to point to next key in schedule
    165. 

  165.     add     $KEYP,$KEYP,16
    166. 

  166. 

  167.     # Grab next key in schedule
    168. 

  168.     ld      $T0,0($KEYP)
    169. 

  169.     ld      $T1,8($KEYP)
    170. 

  170.     xor     $Q0,$Q2,$T0
    171. 

  171.     xor     $Q1,$Q3,$T1
    172. 

  172. 

  173.     add     $loopcntr,$loopcntr,-1
    174. 

  174.     bgtz    $loopcntr,1b
    175. 

  175. 

  176.     # final round
    177. 

  177.     @{[aes64es $Q2,$Q0,$Q1]}
    178. 

  178.     @{[aes64es $Q3,$Q1,$Q0]}
    179. 

  179. 

  180.     # since not added 16 before
    181. 

  181.     ld      $T0,16($KEYP)
    182. 

  182.     ld      $T1,24($KEYP)
    183. 

  183.     xor     $Q0,$Q2,$T0
    184. 

  184.     xor     $Q1,$Q3,$T1
    185. 

  185. 

  186.     sd      $Q0,0($OUTP)
    187. 

  187.     sd      $Q1,8($OUTP)
    188. 

  188. 

  189.     # Pop registers and return
    190. 

  190. ___
    191. 

  191. 

  192. $code .= load_regs();
    193. 

  193. 

  194. $code .= <<___;
    195. 

  195.     ret
    196. 

  196. ___
    197. 

  197. 

  198. ################################################################################
    199. 

  199. # void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out,
    200. 

  200. #   const AES_KEY *key);
    201. 

  201. ################################################################################
    202. 

  202. $code .= <<___;
    203. 

  203. .text
    204. 

  204. .balign 16
    205. 

  205. .globl rv64i_zknd_decrypt
    206. 

  206. .type   rv64i_zknd_decrypt,\@function
    207. 

  207. rv64i_zknd_decrypt:
    208. 

  208. ___
    209. 

  209. 

  210. $code .= save_regs();
    211. 

  211. 

  212. $code .= <<___;
    213. 

  213. 

  214.     # Load input to block cipher
    215. 

  215.     ld      $Q0,0($INP)
    216. 

  216.     ld      $Q1,8($INP)
    217. 

  217. 

  218.     # Load number of rounds
    219. 

  219.     lwu     $loopcntr,240($KEYP)
    220. 

  220. 

  221.     # Load the last key
    222. 

  222.     slli    $T0,$loopcntr,4
    223. 

  223.     add     $KEYP,$KEYP,$T0
    224. 

  224.     ld      $T0,0($KEYP)
    225. 

  225.     ld      $T1,8($KEYP)
    226. 

  226. 

  227.     xor     $Q0,$Q0,$T0
    228. 

  228.     xor     $Q1,$Q1,$T1
    229. 

  229. 

  230.     # The main loop only executes the first N-1 rounds.
    231. 

  231.     add     $loopcntr,$loopcntr,-1
    232. 

  232. 

  233.     # Do Nr - 1 rounds (final round is special)
    234. 

  234. 1:
    235. 

  235.     @{[aes64dsm $Q2,$Q0,$Q1]}
    236. 

  236.     @{[aes64dsm $Q3,$Q1,$Q0]}
    237. 

  237. 

  238.     # Update key ptr to point to next key in schedule
    239. 

  239.     add     $KEYP,$KEYP,-16
    240. 

  240. 

  241.     # Grab next key in schedule
    242. 

  242.     ld      $T0,0($KEYP)
    243. 

  243.     ld      $T1,8($KEYP)
    244. 

  244.     xor     $Q0,$Q2,$T0
    245. 

  245.     xor     $Q1,$Q3,$T1
    246. 

  246. 

  247.     add     $loopcntr,$loopcntr,-1
    248. 

  248.     bgtz    $loopcntr,1b
    249. 

  249. 

  250.     # final round
    251. 

  251.     @{[aes64ds $Q2,$Q0,$Q1]}
    252. 

  252.     @{[aes64ds $Q3,$Q1,$Q0]}
    253. 

  253. 

  254.     add     $KEYP,$KEYP,-16
    255. 

  255.     ld      $T0,0($KEYP)
    256. 

  256.     ld      $T1,8($KEYP)
    257. 

  257.     xor     $Q0,$Q2,$T0
    258. 

  258.     xor     $Q1,$Q3,$T1
    259. 

  259. 

  260.     sd      $Q0,0($OUTP)
    261. 

  261.     sd      $Q1,8($OUTP)
    262. 

  262.     # Pop registers and return
    263. 

  263. ___
    264. 

  264. 

  265. $code .= load_regs();
    266. 

  266. 

  267. $code .= <<___;
    268. 

  268.     ret
    269. 

  269. ___
    270. 

  270. 

  271. clear_regs();
    272. 

  272. 

  273. ################################################################################
    274. 

  274. # Register assignment for rv64i_zkn[e/d]_set_[en/de]crypt_key
    275. 

  275. ################################################################################
    276. 

  276. 

  277. # Function arguments (x10-x12 are a0-a2 in the ABI)
    278. 

  278. # Pointer to user key, number of bits in key, key pointer
    279. 

  279. my ($UKEY,$BITS,$KEYP) = use_regs(10..12);
    280. 

  280. 

  281. # Temporaries
    282. 

  282. my ($T0,$T1,$T2,$T3,$T4) = use_regs(6..8,13..14);
    283. 

  283. 

  284. ################################################################################
    285. 

  285. # utility functions for rv64i_zkne_set_encrypt_key
    286. 

  286. ################################################################################
    287. 

  287. sub ke128enc {
    288. 

  288.     my $rnum = 0;
    289. 

  289.     my $ret = '';
    290. 

  290. $ret .= <<___;
    291. 

  291.     ld      $T0,0($UKEY)
    292. 

  292.     ld      $T1,8($UKEY)
    293. 

  293.     sd      $T0,0($KEYP)
    294. 

  294.     sd      $T1,8($KEYP)
    295. 

  295. ___
    296. 

  296.     while($rnum < 10) {
    297. 

  297. $ret .= <<___;
    298. 

  298.     @{[aes64ks1i   $T2,$T1,$rnum]}
    299. 

  299.     @{[aes64ks2    $T0,$T2,$T0]}
    300. 

  300.     @{[aes64ks2    $T1,$T0,$T1]}
    301. 

  301.     add         $KEYP,$KEYP,16
    302. 

  302.     sd          $T0,0($KEYP)
    303. 

  303.     sd          $T1,8($KEYP)
    304. 

  304. ___
    305. 

  305.         $rnum++;
    306. 

  306.     }
    307. 

  307.     return $ret;
    308. 

  308. }
    309. 

  309. 

  310. sub ke192enc {
    311. 

  311.     my $rnum = 0;
    312. 

  312.     my $ret = '';
    313. 

  313. $ret .= <<___;
    314. 

  314.     ld      $T0,0($UKEY)
    315. 

  315.     ld      $T1,8($UKEY)
    316. 

  316.     ld      $T2,16($UKEY)
    317. 

  317.     sd      $T0,0($KEYP)
    318. 

  318.     sd      $T1,8($KEYP)
    319. 

  319.     sd      $T2,16($KEYP)
    320. 

  320. ___
    321. 

  321.     while($rnum < 8) {
    322. 

  322. $ret .= <<___;
    323. 

  323.     @{[aes64ks1i   $T3,$T2,$rnum]}
    324. 

  324.     @{[aes64ks2    $T0,$T3,$T0]}
    325. 

  325.     @{[aes64ks2    $T1,$T0,$T1]}
    326. 

  326. ___
    327. 

  327.         if ($rnum != 7) {
    328. 

  328.         # note that (8+1)*24 = 216, (12+1)*16 = 208
    329. 

  329.         # thus the last 8 bytes can be dropped
    330. 

  330. $ret .= <<___;
    331. 

  331.     @{[aes64ks2    $T2,$T1,$T2]}
    332. 

  332. ___
    333. 

  333.         }
    334. 

  334. $ret .= <<___;
    335. 

  335.     add         $KEYP,$KEYP,24
    336. 

  336.     sd          $T0,0($KEYP)
    337. 

  337.     sd          $T1,8($KEYP)
    338. 

  338. ___
    339. 

  339.         if ($rnum != 7) {
    340. 

  340. $ret .= <<___;
    341. 

  341.     sd          $T2,16($KEYP)
    342. 

  342. ___
    343. 

  343.         }
    344. 

  344.         $rnum++;
    345. 

  345.     }
    346. 

  346.     return $ret;
    347. 

  347. }
    348. 

  348. 

  349. sub ke256enc {
    350. 

  350.     my $rnum = 0;
    351. 

  351.     my $ret = '';
    352. 

  352. $ret .= <<___;
    353. 

  353.     ld      $T0,0($UKEY)
    354. 

  354.     ld      $T1,8($UKEY)
    355. 

  355.     ld      $T2,16($UKEY)
    356. 

  356.     ld      $T3,24($UKEY)
    357. 

  357.     sd      $T0,0($KEYP)
    358. 

  358.     sd      $T1,8($KEYP)
    359. 

  359.     sd      $T2,16($KEYP)
    360. 

  360.     sd      $T3,24($KEYP)
    361. 

  361. ___
    362. 

  362.     while($rnum < 7) {
    363. 

  363. $ret .= <<___;
    364. 

  364.     @{[aes64ks1i   $T4,$T3,$rnum]}
    365. 

  365.     @{[aes64ks2    $T0,$T4,$T0]}
    366. 

  366.     @{[aes64ks2    $T1,$T0,$T1]}
    367. 

  367.     add         $KEYP,$KEYP,32
    368. 

  368.     sd          $T0,0($KEYP)
    369. 

  369.     sd          $T1,8($KEYP)
    370. 

  370. ___
    371. 

  371.         if ($rnum != 6) {
    372. 

  372.         # note that (7+1)*32 = 256, (14+1)*16 = 240
    373. 

  373.         # thus the last 16 bytes can be dropped
    374. 

  374. $ret .= <<___;
    375. 

  375.     @{[aes64ks1i   $T4,$T1,0xA]}
    376. 

  376.     @{[aes64ks2    $T2,$T4,$T2]}
    377. 

  377.     @{[aes64ks2    $T3,$T2,$T3]}
    378. 

  378.     sd          $T2,16($KEYP)
    379. 

  379.     sd          $T3,24($KEYP)
    380. 

  380. ___
    381. 

  381.         }
    382. 

  382.         $rnum++;
    383. 

  383.     }
    384. 

  384.     return $ret;
    385. 

  385. }
    386. 

  386. 

  387. ################################################################################
    388. 

  388. # void rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
    389. 

  389. #   AES_KEY *key)
    390. 

  390. ################################################################################
    391. 

  391. sub AES_set_common {
    392. 

  392.     my ($ke128, $ke192, $ke256) = @_;
    393. 

  393.     my $ret = '';
    394. 

  394. $ret .= <<___;
    395. 

  395.     bnez    $UKEY,1f        # if (!userKey || !key) return -1;
    396. 

  396.     bnez    $KEYP,1f
    397. 

  397.     li      a0,-1
    398. 

  398.     ret
    399. 

  399. 1:
    400. 

  400.     # Determine number of rounds from key size in bits
    401. 

  401.     li      $T0,128
    402. 

  402.     bne     $BITS,$T0,1f
    403. 

  403.     li      $T1,10          # key->rounds = 10 if bits == 128
    404. 

  404.     sw      $T1,240($KEYP)  # store key->rounds
    405. 

  405. $ke128
    406. 

  406.     j       4f
    407. 

  407. 1:
    408. 

  408.     li      $T0,192
    409. 

  409.     bne     $BITS,$T0,2f
    410. 

  410.     li      $T1,12          # key->rounds = 12 if bits == 192
    411. 

  411.     sw      $T1,240($KEYP)  # store key->rounds
    412. 

  412. $ke192
    413. 

  413.     j       4f
    414. 

  414. 2:
    415. 

  415.     li      $T1,14          # key->rounds = 14 if bits == 256
    416. 

  416.     li      $T0,256
    417. 

  417.     beq     $BITS,$T0,3f
    418. 

  418.     li      a0,-2           # If bits != 128, 192, or 256, return -2
    419. 

  419.     j       5f
    420. 

  420. 3:
    421. 

  421.     sw      $T1,240($KEYP)  # store key->rounds
    422. 

  422. $ke256
    423. 

  423. 4:  # return 0
    424. 

  424.     li      a0,0
    425. 

  425. 5:  # return a0
    426. 

  426. ___
    427. 

  427.     return $ret;
    428. 

  428. }
    429. 

  429. $code .= <<___;
    430. 

  430. .text
    431. 

  431. .balign 16
    432. 

  432. .globl rv64i_zkne_set_encrypt_key
    433. 

  433. .type   rv64i_zkne_set_encrypt_key,\@function
    434. 

  434. rv64i_zkne_set_encrypt_key:
    435. 

  435. ___
    436. 

  436. $code .= save_regs();
    437. 

  437. $code .= AES_set_common(ke128enc(), ke192enc(),ke256enc());
    438. 

  438. $code .= load_regs();
    439. 

  439. $code .= <<___;
    440. 

  440.     ret
    441. 

  441. ___
    442. 

  442. 

  443. ################################################################################
    444. 

  444. # utility functions for rv64i_zknd_set_decrypt_key
    445. 

  445. ################################################################################
    446. 

  446. sub ke128dec {
    447. 

  447.     my $rnum = 0;
    448. 

  448.     my $ret = '';
    449. 

  449. $ret .= <<___;
    450. 

  450.     ld      $T0,0($UKEY)
    451. 

  451.     ld      $T1,8($UKEY)
    452. 

  452.     sd      $T0,0($KEYP)
    453. 

  453.     sd      $T1,8($KEYP)
    454. 

  454. ___
    455. 

  455.     while($rnum < 10) {
    456. 

  456. $ret .= <<___;
    457. 

  457.     @{[aes64ks1i   $T2,$T1,$rnum]}
    458. 

  458.     @{[aes64ks2    $T0,$T2,$T0]}
    459. 

  459.     @{[aes64ks2    $T1,$T0,$T1]}
    460. 

  460.     add         $KEYP,$KEYP,16
    461. 

  461. ___
    462. 

  462.     # need to aes64im for [1:N-1] round keys
    463. 

  463.     # this is from the fact that aes64dsm subwords first then mix column
    464. 

  464.     # intuitively decryption needs to first mix column then subwords
    465. 

  465.     # however, for merging datapaths (encryption first subwords then mix column)
    466. 

  466.     # aes64dsm chooses to inverse the order of them, thus
    467. 

  467.     # transform should then be done on the round key
    468. 

  468.         if ($rnum < 9) {
    469. 

  469. $ret .= <<___;
    470. 

  470.     @{[aes64im     $T2,$T0]}
    471. 

  471.     sd          $T2,0($KEYP)
    472. 

  472.     @{[aes64im     $T2,$T1]}
    473. 

  473.     sd          $T2,8($KEYP)
    474. 

  474. ___
    475. 

  475.         } else {
    476. 

  476. $ret .= <<___;
    477. 

  477.     sd          $T0,0($KEYP)
    478. 

  478.     sd          $T1,8($KEYP)
    479. 

  479. ___
    480. 

  480.         }
    481. 

  481.         $rnum++;
    482. 

  482.     }
    483. 

  483.     return $ret;
    484. 

  484. }
    485. 

  485. 

  486. sub ke192dec {
    487. 

  487.     my $rnum = 0;
    488. 

  488.     my $ret = '';
    489. 

  489. $ret .= <<___;
    490. 

  490.     ld      $T0,0($UKEY)
    491. 

  491.     ld      $T1,8($UKEY)
    492. 

  492.     ld      $T2,16($UKEY)
    493. 

  493.     sd      $T0,0($KEYP)
    494. 

  494.     sd      $T1,8($KEYP)
    495. 

  495.     @{[aes64im $T3,$T2]}
    496. 

  496.     sd      $T3,16($KEYP)
    497. 

  497. ___
    498. 

  498.     while($rnum < 8) {
    499. 

  499. $ret .= <<___;
    500. 

  500.     @{[aes64ks1i   $T3,$T2,$rnum]}
    501. 

  501.     @{[aes64ks2    $T0,$T3,$T0]}
    502. 

  502.     @{[aes64ks2    $T1,$T0,$T1]}
    503. 

  503.     add         $KEYP,$KEYP,24
    504. 

  504. ___
    505. 

  505.         if ($rnum < 7) {
    506. 

  506. $ret .= <<___;
    507. 

  507.     @{[aes64im     $T3,$T0]}
    508. 

  508.     sd          $T3,0($KEYP)
    509. 

  509.     @{[aes64im     $T3,$T1]}
    510. 

  510.     sd          $T3,8($KEYP)
    511. 

  511.     # the reason is in ke192enc
    512. 

  512.     @{[aes64ks2    $T2,$T1,$T2]}
    513. 

  513.     @{[aes64im     $T3,$T2]}
    514. 

  514.     sd          $T3,16($KEYP)
    515. 

  515. ___
    516. 

  516.         } else { # rnum == 7
    517. 

  517. $ret .= <<___;
    518. 

  518.     sd          $T0,0($KEYP)
    519. 

  519.     sd          $T1,8($KEYP)
    520. 

  520. ___
    521. 

  521.         }
    522. 

  522.         $rnum++;
    523. 

  523.     }
    524. 

  524.     return $ret;
    525. 

  525. }
    526. 

  526. 

  527. sub ke256dec {
    528. 

  528.     my $rnum = 0;
    529. 

  529.     my $ret = '';
    530. 

  530. $ret .= <<___;
    531. 

  531.     ld      $T0,0($UKEY)
    532. 

  532.     ld      $T1,8($UKEY)
    533. 

  533.     ld      $T2,16($UKEY)
    534. 

  534.     ld      $T3,24($UKEY)
    535. 

  535.     sd      $T0,0($KEYP)
    536. 

  536.     sd      $T1,8($KEYP)
    537. 

  537.     @{[aes64im $T4,$T2]}
    538. 

  538.     sd      $T4,16($KEYP)
    539. 

  539.     @{[aes64im $T4,$T3]}
    540. 

  540.     sd      $T4,24($KEYP)
    541. 

  541. ___
    542. 

  542.     while($rnum < 7) {
    543. 

  543. $ret .= <<___;
    544. 

  544.     @{[aes64ks1i   $T4,$T3,$rnum]}
    545. 

  545.     @{[aes64ks2    $T0,$T4,$T0]}
    546. 

  546.     @{[aes64ks2    $T1,$T0,$T1]}
    547. 

  547.     add         $KEYP,$KEYP,32
    548. 

  548. ___
    549. 

  549.         if ($rnum < 6) {
    550. 

  550. $ret .= <<___;
    551. 

  551.     @{[aes64ks1i   $T4,$T1,0xA]}
    552. 

  552.     @{[aes64ks2    $T2,$T4,$T2]}
    553. 

  553.     @{[aes64ks2    $T3,$T2,$T3]}
    554. 

  554.     @{[aes64im     $T4,$T0]}
    555. 

  555.     sd          $T4,0($KEYP)
    556. 

  556.     @{[aes64im     $T4,$T1]}
    557. 

  557.     sd          $T4,8($KEYP)
    558. 

  558.     @{[aes64im     $T4,$T2]}
    559. 

  559.     sd          $T4,16($KEYP)
    560. 

  560.     @{[aes64im     $T4,$T3]}
    561. 

  561.     sd          $T4,24($KEYP)
    562. 

  562. ___
    563. 

  563.         } else {
    564. 

  564. $ret .= <<___;
    565. 

  565.     sd          $T0,0($KEYP)
    566. 

  566.     sd          $T1,8($KEYP)
    567. 

  567.     # last two one dropped
    568. 

  568. ___
    569. 

  569.         }
    570. 

  570.         $rnum++;
    571. 

  571.     }
    572. 

  572.     return $ret;
    573. 

  573. }
    574. 

  574. 

  575. ################################################################################
    576. 

  576. # void rv64i_zknd_set_decrypt_key(const unsigned char *userKey, const int bits,
    577. 

  577. #   AES_KEY *key)
    578. 

  578. ################################################################################
    579. 

  579. $code .= <<___;
    580. 

  580. .text
    581. 

  581. .balign 16
    582. 

  582. .globl rv64i_zknd_set_decrypt_key
    583. 

  583. .type   rv64i_zknd_set_decrypt_key,\@function
    584. 

  584. rv64i_zknd_set_decrypt_key:
    585. 

  585. ___
    586. 

  586. $code .= save_regs();
    587. 

  587. $code .= AES_set_common(ke128dec(), ke192dec(),ke256dec());
    588. 

  588. $code .= load_regs();
    589. 

  589. $code .= <<___;
    590. 

  590.     ret
    591. 

  591. ___
    592. 

  592. 

  593. print $code;
    594. 

  594. close STDOUT or die "error closing STDOUT: $!";
    595.