1// Copyright 2016 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5#include "textflag.h"
6
7// func cryptBlocks(c code, key, dst, src *byte, length int)
8TEXT ·cryptBlocks(SB),NOSPLIT,$0-40
9 MOVD key+8(FP), R1
10 MOVD dst+16(FP), R2
11 MOVD src+24(FP), R4
12 MOVD length+32(FP), R5
13 MOVD c+0(FP), R0
14loop:
15 KM R2, R4 // cipher message (KM)
16 BVS loop // branch back if interrupted
17 XOR R0, R0
18 RET
19
20// func cryptBlocksChain(c code, iv, key, dst, src *byte, length int)
21TEXT ·cryptBlocksChain(SB),NOSPLIT,$48-48
22 LA params-48(SP), R1
23 MOVD iv+8(FP), R8
24 MOVD key+16(FP), R9
25 MVC $16, 0(R8), 0(R1) // move iv into params
26 MVC $32, 0(R9), 16(R1) // move key into params
27 MOVD dst+24(FP), R2
28 MOVD src+32(FP), R4
29 MOVD length+40(FP), R5
30 MOVD c+0(FP), R0
31loop:
32 KMC R2, R4 // cipher message with chaining (KMC)
33 BVS loop // branch back if interrupted
34 XOR R0, R0
35 MVC $16, 0(R1), 0(R8) // update iv
36 RET
37
38// func xorBytes(dst, a, b []byte) int
39TEXT ·xorBytes(SB),NOSPLIT,$0-80
40 MOVD dst_base+0(FP), R1
41 MOVD a_base+24(FP), R2
42 MOVD b_base+48(FP), R3
43 MOVD a_len+32(FP), R4
44 MOVD b_len+56(FP), R5
45 CMPBLE R4, R5, skip
46 MOVD R5, R4
47skip:
48 MOVD R4, ret+72(FP)
49 MOVD $0, R5
50 CMPBLT R4, $8, tail
51loop:
52 MOVD 0(R2)(R5*1), R7
53 MOVD 0(R3)(R5*1), R8
54 XOR R7, R8
55 MOVD R8, 0(R1)(R5*1)
56 LAY 8(R5), R5
57 SUB $8, R4
58 CMPBGE R4, $8, loop
59tail:
60 CMPBEQ R4, $0, done
61 MOVB 0(R2)(R5*1), R7
62 MOVB 0(R3)(R5*1), R8
63 XOR R7, R8
64 MOVB R8, 0(R1)(R5*1)
65 LAY 1(R5), R5
66 SUB $1, R4
67 BR tail
68done:
69 RET
70
71// func cryptBlocksGCM(fn code, key, dst, src, buf []byte, cnt *[16]byte)
72TEXT ·cryptBlocksGCM(SB),NOSPLIT,$0-112
73 MOVD src_len+64(FP), R0
74 MOVD buf_base+80(FP), R1
75 MOVD cnt+104(FP), R12
76 LMG (R12), R2, R3
77
78 // Check that the src size is less than or equal to the buffer size.
79 MOVD buf_len+88(FP), R4
80 CMP R0, R4
81 BGT crash
82
83 // Check that the src size is a multiple of 16-bytes.
84 MOVD R0, R4
85 AND $0xf, R4
86 BLT crash // non-zero
87
88 // Check that the src size is less than or equal to the dst size.
89 MOVD dst_len+40(FP), R4
90 CMP R0, R4
91 BGT crash
92
93 MOVD R2, R4
94 MOVD R2, R6
95 MOVD R2, R8
96 MOVD R3, R5
97 MOVD R3, R7
98 MOVD R3, R9
99 ADDW $1, R5
100 ADDW $2, R7
101 ADDW $3, R9
102incr:
103 CMP R0, $64
104 BLT tail
105 STMG R2, R9, (R1)
106 ADDW $4, R3
107 ADDW $4, R5
108 ADDW $4, R7
109 ADDW $4, R9
110 MOVD $64(R1), R1
111 SUB $64, R0
112 BR incr
113tail:
114 CMP R0, $0
115 BEQ crypt
116 STMG R2, R3, (R1)
117 ADDW $1, R3
118 MOVD $16(R1), R1
119 SUB $16, R0
120 BR tail
121crypt:
122 STMG R2, R3, (R12) // update next counter value
123 MOVD fn+0(FP), R0 // function code (encryption)
124 MOVD key_base+8(FP), R1 // key
125 MOVD buf_base+80(FP), R2 // counter values
126 MOVD dst_base+32(FP), R4 // dst
127 MOVD src_base+56(FP), R6 // src
128 MOVD src_len+64(FP), R7 // len
129loop:
130 KMCTR R4, R2, R6 // cipher message with counter (KMCTR)
131 BVS loop // branch back if interrupted
132 RET
133crash:
134 MOVD $0, (R0)
135 RET
136
137// func ghash(key *gcmHashKey, hash *[16]byte, data []byte)
138TEXT ·ghash(SB),NOSPLIT,$32-40
139 MOVD $65, R0 // GHASH function code
140 MOVD key+0(FP), R2
141 LMG (R2), R6, R7
142 MOVD hash+8(FP), R8
143 LMG (R8), R4, R5
144 MOVD $params-32(SP), R1
145 STMG R4, R7, (R1)
146 LMG data+16(FP), R2, R3 // R2=base, R3=len
147loop:
148 KIMD R0, R2 // compute intermediate message digest (KIMD)
149 BVS loop // branch back if interrupted
150 MVC $16, (R1), (R8)
151 MOVD $0, R0
152 RET
153
154// func kmaGCM(fn code, key, dst, src, aad []byte, tag *[16]byte, cnt *gcmCount)
155TEXT ·kmaGCM(SB),NOSPLIT,$112-120
156 MOVD fn+0(FP), R0
157 MOVD $params-112(SP), R1
158
159 // load ptr/len pairs
160 LMG dst+32(FP), R2, R3 // R2=base R3=len
161 LMG src+56(FP), R4, R5 // R4=base R5=len
162 LMG aad+80(FP), R6, R7 // R6=base R7=len
163
164 // setup parameters
165 MOVD cnt+112(FP), R8
166 XC $12, (R1), (R1) // reserved
167 MVC $4, 12(R8), 12(R1) // set chain value
168 MVC $16, (R8), 64(R1) // set initial counter value
169 XC $32, 16(R1), 16(R1) // set hash subkey and tag
170 SLD $3, R7, R12
171 MOVD R12, 48(R1) // set total AAD length
172 SLD $3, R5, R12
173 MOVD R12, 56(R1) // set total plaintext/ciphertext length
174
175 LMG key+8(FP), R8, R9 // R8=base R9=len
176 MVC $16, (R8), 80(R1) // set key
177 CMPBEQ R9, $16, kma
178 MVC $8, 16(R8), 96(R1)
179 CMPBEQ R9, $24, kma
180 MVC $8, 24(R8), 104(R1)
181
182kma:
183 KMA R2, R6, R4 // Cipher Message with Authentication
184 BVS kma
185
186 MOVD tag+104(FP), R2
187 MVC $16, 16(R1), 0(R2) // copy tag to output
188 MOVD cnt+112(FP), R8
189 MVC $4, 12(R1), 12(R8) // update counter value
190
191 RET
View as plain text