hcq/openGauss-third_party
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
openGauss-third_party/dependency/openssl/Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch
muyulinzhong 82923bf300 替换openSSL版本,从1.1.1n替换为1.1.1m
2023-12-26 10:47:01 +08:00

622 lines
19 KiB
Diff
Raw Permalink Blame History

From 3f0898b2aea424f18f58a182803478f25548674e Mon Sep 17 00:00:00 2001
From: Xu Yizhou <xuyizhou1@huawei.com>
Date: Wed, 2 Nov 2022 11:13:07 +0800
Subject: [PATCH 3/3] SM4 XTS optimization for ARM by HW instruction
This patch implements the SM4 XTS optimization for ARM processor,
using SM4 HW instruction, which is an optional feature of
crypto extension for aarch64 V8.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
---
crypto/evp/e_sm4.c | 28 ++
crypto/sm4/asm/sm4-armv8.pl | 498 +++++++++++++++++++++++++++++++++-
include/crypto/sm4_platform.h | 14 +
3 files changed, 537 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c
index eaa5ba0..da4dbd3 100644
--- a/crypto/evp/e_sm4.c
+++ b/crypto/evp/e_sm4.c
@@ -281,6 +281,34 @@ static int sm4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
xctx->stream_gb = NULL;
xctx->stream = NULL;
+#ifdef HWSM4_CAPABLE
+ if (HWSM4_CAPABLE) {
+ if (enc) {
+ HWSM4_set_encrypt_key(key, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) HWSM4_encrypt;
+# ifdef HWSM4_xts_encrypt_gb
+ xctx->stream_gb = HWSM4_xts_encrypt_gb;
+# endif
+# ifdef HWSM4_xts_encrypt
+ xctx->stream = HWSM4_xts_encrypt;
+# endif
+ } else {
+ HWSM4_set_decrypt_key(key, &xctx->ks1.ks);
+ xctx->xts.block1 = (block128_f) HWSM4_decrypt;
+# ifdef HWSM4_xts_decrypt_gb
+ xctx->stream_gb = HWSM4_xts_decrypt_gb;
+# endif
+# ifdef HWSM4_xts_decrypt
+ xctx->stream = HWSM4_xts_decrypt;
+# endif
+ }
+ HWSM4_set_encrypt_key(key + bytes, &xctx->ks2.ks);
+ xctx->xts.block2 = (block128_f) HWSM4_encrypt;
+
+ xctx->xts.key1 = &xctx->ks1;
+ break;
+ } else
+#endif
#ifdef VPSM4_EX_CAPABLE
if (VPSM4_EX_CAPABLE) {
if (enc) {
diff --git a/crypto/sm4/asm/sm4-armv8.pl b/crypto/sm4/asm/sm4-armv8.pl
index dbacad2..923c1c0 100644
--- a/crypto/sm4/asm/sm4-armv8.pl
+++ b/crypto/sm4/asm/sm4-armv8.pl
@@ -11,9 +11,9 @@
# Oct 2021
#
-# $output is the last argument if it looks like a file (it has an extension)
+# $outut is the last argument if it looks like a file (it has an extension)
# $flavour is the first argument if it doesn't look like a file
-$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
+$outut = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
@@ -21,7 +21,7 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
die "can't locate arm-xlate.pl";
-open OUT,"| \"$^X\" $xlate $flavour \"$output\""
+open OUT,"| \"$^X\" $xlate $flavour \"$outut\""
or die "can't call $xlate: $!";
*STDOUT=*OUT;
@@ -110,6 +110,120 @@ $code.=<<___;
___
}
+sub mov_reg_to_vec() {
+ my $src0 = shift;
+ my $src1 = shift;
+ my $desv = shift;
+$code.=<<___;
+ mov $desv.d[0],$src0
+ mov $desv.d[1],$src1
+#ifdef __ARMEB__
+ rev32 $desv.16b,$desv.16b
+#endif
+___
+}
+
+sub mov_vec_to_reg() {
+ my $srcv = shift;
+ my $des0 = shift;
+ my $des1 = shift;
+$code.=<<___;
+ mov $des0,$srcv.d[0]
+ mov $des1,$srcv.d[1]
+___
+}
+
+sub compute_tweak() {
+ my $src0 = shift;
+ my $src1 = shift;
+ my $des0 = shift;
+ my $des1 = shift;
+ my $tmp0 = shift;
+ my $tmp1 = shift;
+ my $magic = shift;
+$code.=<<___;
+ extr x$tmp1,$src1,$src1,#32
+ extr $des1,$src1,$src0,#63
+ and w$tmp0,w$magic,w$tmp1,asr#31
+ eor $des0,x$tmp0,$src0,lsl#1
+___
+}
+
+sub compute_tweak_vec() {
+ my $src = shift;
+ my $des = shift;
+ my $tmp0 = shift;
+ my $tmp1 = shift;
+ my $magic = shift;
+ &rbit($tmp1,$src);
+$code.=<<___;
+ shl $des.16b, $tmp1.16b, #1
+ ext $tmp0.16b, $tmp1.16b, $tmp1.16b,#15
+ ushr $tmp0.16b, $tmp0.16b, #7
+ mul $tmp0.16b, $tmp0.16b, $magic.16b
+ eor $des.16b, $des.16b, $tmp0.16b
+___
+ &rbit($des,$des);
+}
+
+sub mov_en_to_enc(){
+ my $en = shift;
+ my $enc = shift;
+ if ($en eq "en") {
+$code.=<<___;
+ mov $enc,1
+___
+ } else {
+$code.=<<___;
+ mov $enc,0
+___
+ }
+}
+
+sub rbit() {
+ my $dst = shift;
+ my $src = shift;
+
+ if ($src and ("$src" ne "$dst")) {
+ if ($standard eq "_gb") {
+$code.=<<___;
+ rbit $dst.16b,$src.16b
+___
+ } else {
+$code.=<<___;
+ mov $dst.16b,$src.16b
+___
+ }
+ } else {
+ if ($standard eq "_gb") {
+$code.=<<___;
+ rbit $dst.16b,$src.16b
+___
+ }
+ }
+}
+
+sub rev32_armeb() {
+ my $dst = shift;
+ my $src = shift;
+
+ if ($src and ("$src" ne "$dst")) {
+$code.=<<___;
+#ifdef __ARMEB__
+ rev32 $dst.16b,$src.16b
+#else
+ mov $dst.16b,$src.16b
+#endif
+___
+ } else {
+$code.=<<___;
+#ifdef __ARMEB__
+ rev32 $dst.16b,$dst.16b
+#endif
+___
+ }
+}
+
$code=<<___;
#include "arm_arch.h"
.arch armv8-a+crypto
@@ -595,6 +709,384 @@ $code.=<<___;
.size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks
___
}}}
+
+
+{{{
+my ($inp,$out,$len,$rk1,$rk2,$ivp)=map("x$_",(0..5));
+my ($blocks)=("x2");
+my ($enc)=("x6");
+my ($remain)=("x7");
+my @twx=map("x$_",(9..24));
+my $lastBlk=("x25");
+
+my @tweak=map("v$_",(8..15));
+my @dat=map("v$_",(16..23));
+my $lastTweak=("v24");
+
+# x/w/v/q registers for compute tweak
+my ($magic)=("8");
+my ($tmp0,$tmp1)=("26","27");
+my ($qMagic,$vMagic)=("q25","v25");
+my ($vTmp0,$vTmp1)=("v26","v27");
+
+sub gen_xts_do_cipher() {
+$code.=<<___;
+.globl ${prefix}_xts_do_cipher${standard}
+.type ${prefix}_xts_do_cipher${standard},%function
+.align 5
+${prefix}_xts_do_cipher${standard}:
+ mov w$magic,0x87
+ ldr $qMagic, =0x01010101010101010101010101010187
+ // used to encrypt the XORed plaintext blocks
+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk2],#64
+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk2]
+ ld1 {@tweak[0].4s}, [$ivp]
+___
+ &rev32(@tweak[0],@tweak[0]);
+ &enc_blk(@tweak[0]);
+ &rev32(@tweak[0],@tweak[0]);
+$code.=<<___;
+ // used to encrypt the initial vector to yield the initial tweak
+ ld1 {@rks[0].4s,@rks[1].4s,@rks[2].4s,@rks[3].4s},[$rk1],#64
+ ld1 {@rks[4].4s,@rks[5].4s,@rks[6].4s,@rks[7].4s},[$rk1]
+
+ and $remain,$len,#0x0F
+ // convert length into blocks
+ lsr $blocks,$len,4
+ cmp $blocks,#1 // $len must be at least 16
+ b.lt 99f
+
+ cmp $remain,0 // if $len is a multiple of 16
+ b.eq .xts_encrypt_blocks${standard}
+ // if $len is not a multiple of 16
+ subs $blocks,$blocks,#1
+ b.eq .only_2blks_tweak${standard} // if $len is less than 32
+
+.xts_encrypt_blocks${standard}:
+___
+ &rbit(@tweak[0],@tweak[0]);
+ &rev32_armeb(@tweak[0],@tweak[0]);
+ &mov_vec_to_reg(@tweak[0],@twx[0],@twx[1]);
+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13],$tmp0,$tmp1,$magic);
+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15],$tmp0,$tmp1,$magic);
+$code.=<<___;
+1:
+ cmp $blocks,#8
+___
+ &mov_reg_to_vec(@twx[0],@twx[1],@tweak[0]);
+ &compute_tweak(@twx[14],@twx[15],@twx[0],@twx[1],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[2],@twx[3],@tweak[1]);
+ &compute_tweak(@twx[0],@twx[1],@twx[2],@twx[3],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[4],@twx[5],@tweak[2]);
+ &compute_tweak(@twx[2],@twx[3],@twx[4],@twx[5],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[6],@twx[7],@tweak[3]);
+ &compute_tweak(@twx[4],@twx[5],@twx[6],@twx[7],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[8],@twx[9],@tweak[4]);
+ &compute_tweak(@twx[6],@twx[7],@twx[8],@twx[9],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[10],@twx[11],@tweak[5]);
+ &compute_tweak(@twx[8],@twx[9],@twx[10],@twx[11],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[12],@twx[13],@tweak[6]);
+ &compute_tweak(@twx[10],@twx[11],@twx[12],@twx[13],$tmp0,$tmp1,$magic);
+ &mov_reg_to_vec(@twx[14],@twx[15],@tweak[7]);
+ &compute_tweak(@twx[12],@twx[13],@twx[14],@twx[15],$tmp0,$tmp1,$magic);
+$code.=<<___;
+ b.lt 2f
+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64
+___
+ &rbit(@tweak[0],@tweak[0]);
+ &rbit(@tweak[1],@tweak[1]);
+ &rbit(@tweak[2],@tweak[2]);
+ &rbit(@tweak[3],@tweak[3]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b
+ ld1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$inp],#64
+___
+ &rbit(@tweak[4],@tweak[4]);
+ &rbit(@tweak[5],@tweak[5]);
+ &rbit(@tweak[6],@tweak[6]);
+ &rbit(@tweak[7],@tweak[7]);
+$code.=<<___;
+ eor @dat[4].16b, @dat[4].16b, @tweak[4].16b
+ eor @dat[5].16b, @dat[5].16b, @tweak[5].16b
+ eor @dat[6].16b, @dat[6].16b, @tweak[6].16b
+ eor @dat[7].16b, @dat[7].16b, @tweak[7].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+ &rev32(@dat[3],@dat[3]);
+ &rev32(@dat[4],@dat[4]);
+ &rev32(@dat[5],@dat[5]);
+ &rev32(@dat[6],@dat[6]);
+ &rev32(@dat[7],@dat[7]);
+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]);
+ &enc_4blks(@dat[4],@dat[5],@dat[6],@dat[7]);
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+ &rev32(@dat[3],@dat[3]);
+ &rev32(@dat[4],@dat[4]);
+ &rev32(@dat[5],@dat[5]);
+ &rev32(@dat[6],@dat[6]);
+ &rev32(@dat[7],@dat[7]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b
+ eor @dat[4].16b, @dat[4].16b, @tweak[4].16b
+ eor @dat[5].16b, @dat[5].16b, @tweak[5].16b
+ eor @dat[6].16b, @dat[6].16b, @tweak[6].16b
+ eor @dat[7].16b, @dat[7].16b, @tweak[7].16b
+
+ // save the last tweak
+ mov $lastTweak.16b,@tweak[7].16b
+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64
+ st1 {@dat[4].4s,@dat[5].4s,@dat[6].4s,@dat[7].4s},[$out],#64
+ subs $blocks,$blocks,#8
+ b.eq 100f
+ b 1b
+2:
+ // process 4 blocks
+ cmp $blocks,#4
+ b.lt 1f
+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$inp],#64
+___
+ &rbit(@tweak[0],@tweak[0]);
+ &rbit(@tweak[1],@tweak[1]);
+ &rbit(@tweak[2],@tweak[2]);
+ &rbit(@tweak[3],@tweak[3]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+ &rev32(@dat[3],@dat[3]);
+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]);
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+ &rev32(@dat[3],@dat[3]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+ eor @dat[3].16b, @dat[3].16b, @tweak[3].16b
+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s,@dat[3].4s},[$out],#64
+ sub $blocks,$blocks,#4
+ mov @tweak[0].16b,@tweak[4].16b
+ mov @tweak[1].16b,@tweak[5].16b
+ mov @tweak[2].16b,@tweak[6].16b
+ // save the last tweak
+ mov $lastTweak.16b,@tweak[3].16b
+1:
+ // process last block
+ cmp $blocks,#1
+ b.lt 100f
+ b.gt 1f
+ ld1 {@dat[0].4s},[$inp],#16
+___
+ &rbit(@tweak[0],@tweak[0]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &enc_blk(@dat[0]);
+ &rev32(@dat[0],@dat[0]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ st1 {@dat[0].4s},[$out],#16
+ // save the last tweak
+ mov $lastTweak.16b,@tweak[0].16b
+ b 100f
+1: // process last 2 blocks
+ cmp $blocks,#2
+ b.gt 1f
+ ld1 {@dat[0].4s,@dat[1].4s},[$inp],#32
+___
+ &rbit(@tweak[0],@tweak[0]);
+ &rbit(@tweak[1],@tweak[1]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]);
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ st1 {@dat[0].4s,@dat[1].4s},[$out],#32
+ // save the last tweak
+ mov $lastTweak.16b,@tweak[1].16b
+ b 100f
+1: // process last 3 blocks
+ ld1 {@dat[0].4s,@dat[1].4s,@dat[2].4s},[$inp],#48
+___
+ &rbit(@tweak[0],@tweak[0]);
+ &rbit(@tweak[1],@tweak[1]);
+ &rbit(@tweak[2],@tweak[2]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+ &enc_4blks(@dat[0],@dat[1],@dat[2],@dat[3]);
+ &rev32(@dat[0],@dat[0]);
+ &rev32(@dat[1],@dat[1]);
+ &rev32(@dat[2],@dat[2]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[0].16b
+ eor @dat[1].16b, @dat[1].16b, @tweak[1].16b
+ eor @dat[2].16b, @dat[2].16b, @tweak[2].16b
+ st1 {@dat[0].4s,@dat[1].4s,@dat[2].4s},[$out],#48
+ // save the last tweak
+ mov $lastTweak.16b,@tweak[2].16b
+100:
+ cmp $remain,0
+ b.eq 99f
+
+// This brance calculates the last two tweaks,
+// while the encryption/decryption length is larger than 32
+.last_2blks_tweak${standard}:
+___
+ &rev32_armeb($lastTweak,$lastTweak);
+ &compute_tweak_vec($lastTweak,@tweak[1],$vTmp0,$vTmp1,$vMagic);
+ &compute_tweak_vec(@tweak[1],@tweak[2],$vTmp0,$vTmp1,$vMagic);
+$code.=<<___;
+ b .check_dec${standard}
+
+
+// This brance calculates the last two tweaks,
+// while the encryption/decryption length is less than 32, who only need two tweaks
+.only_2blks_tweak${standard}:
+ mov @tweak[1].16b,@tweak[0].16b
+___
+ &rev32_armeb(@tweak[1],@tweak[1]);
+ &compute_tweak_vec(@tweak[1],@tweak[2],$vTmp0,$vTmp1,$vMagic);
+$code.=<<___;
+ b .check_dec${standard}
+
+
+// Determine whether encryption or decryption is required.
+// The last two tweaks need to be swapped for decryption.
+.check_dec${standard}:
+ // encryption:1 decryption:0
+ cmp $enc,1
+ b.eq .prcess_last_2blks${standard}
+ mov $vTmp0.16B,@tweak[1].16b
+ mov @tweak[1].16B,@tweak[2].16b
+ mov @tweak[2].16B,$vTmp0.16b
+
+.prcess_last_2blks${standard}:
+___
+ &rev32_armeb(@tweak[1],@tweak[1]);
+ &rev32_armeb(@tweak[2],@tweak[2]);
+$code.=<<___;
+ ld1 {@dat[0].4s},[$inp],#16
+ eor @dat[0].16b, @dat[0].16b, @tweak[1].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &enc_blk(@dat[0]);
+ &rev32(@dat[0],@dat[0]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[1].16b
+ st1 {@dat[0].4s},[$out],#16
+
+ sub $lastBlk,$out,16
+ .loop${standard}:
+ subs $remain,$remain,1
+ ldrb w$tmp0,[$lastBlk,$remain]
+ ldrb w$tmp1,[$inp,$remain]
+ strb w$tmp1,[$lastBlk,$remain]
+ strb w$tmp0,[$out,$remain]
+ b.gt .loop${standard}
+ ld1 {@dat[0].4s}, [$lastBlk]
+ eor @dat[0].16b, @dat[0].16b, @tweak[2].16b
+___
+ &rev32(@dat[0],@dat[0]);
+ &enc_blk(@dat[0]);
+ &rev32(@dat[0],@dat[0]);
+$code.=<<___;
+ eor @dat[0].16b, @dat[0].16b, @tweak[2].16b
+ st1 {@dat[0].4s}, [$lastBlk]
+99:
+ ret
+.size ${prefix}_xts_do_cipher${standard},.-${prefix}_xts_do_cipher${standard}
+___
+} #end of gen_xts_do_cipher
+
+}}}
+
+{{{
+my ($enc)=("w6");
+
+sub gen_xts_cipher() {
+ my $en = shift;
+$code.=<<___;
+.globl ${prefix}_xts_${en}crypt${standard}
+.type ${prefix}_xts_${en}crypt${standard},%function
+.align 5
+${prefix}_xts_${en}crypt${standard}:
+ stp x15, x16, [sp, #-0x10]!
+ stp x17, x18, [sp, #-0x10]!
+ stp x19, x20, [sp, #-0x10]!
+ stp x21, x22, [sp, #-0x10]!
+ stp x23, x24, [sp, #-0x10]!
+ stp x25, x26, [sp, #-0x10]!
+ stp x27, x28, [sp, #-0x10]!
+ stp x29, x30, [sp, #-0x10]!
+ stp d8, d9, [sp, #-0x10]!
+ stp d10, d11, [sp, #-0x10]!
+ stp d12, d13, [sp, #-0x10]!
+ stp d14, d15, [sp, #-0x10]!
+___
+ &mov_en_to_enc($en,$enc);
+$code.=<<___;
+ bl ${prefix}_xts_do_cipher${standard}
+ ldp d14, d15, [sp], #0x10
+ ldp d12, d13, [sp], #0x10
+ ldp d10, d11, [sp], #0x10
+ ldp d8, d9, [sp], #0x10
+ ldp x29, x30, [sp], #0x10
+ ldp x27, x28, [sp], #0x10
+ ldp x25, x26, [sp], #0x10
+ ldp x23, x24, [sp], #0x10
+ ldp x21, x22, [sp], #0x10
+ ldp x19, x20, [sp], #0x10
+ ldp x17, x18, [sp], #0x10
+ ldp x15, x16, [sp], #0x10
+ ret
+.size ${prefix}_xts_${en}crypt${standard},.-${prefix}_xts_${en}crypt${standard}
+___
+
+} # end of gen_xts_cipher
+$standard="_gb";
+&gen_xts_do_cipher();
+&gen_xts_cipher("en");
+&gen_xts_cipher("de");
+$standard="";
+&gen_xts_do_cipher();
+&gen_xts_cipher("en");
+&gen_xts_cipher("de");
+}}}
########################################
{ my %opcode = (
"sm4e" => 0xcec08400,
diff --git a/include/crypto/sm4_platform.h b/include/crypto/sm4_platform.h
index 2f5a6cf..0bde96f 100644
--- a/include/crypto/sm4_platform.h
+++ b/include/crypto/sm4_platform.h
@@ -26,6 +26,10 @@
# define HWSM4_cbc_encrypt sm4_v8_cbc_encrypt
# define HWSM4_ecb_encrypt sm4_v8_ecb_encrypt
# define HWSM4_ctr32_encrypt_blocks sm4_v8_ctr32_encrypt_blocks
+# define HWSM4_xts_encrypt_gb sm4_v8_xts_encrypt_gb
+# define HWSM4_xts_decrypt_gb sm4_v8_xts_decrypt_gb
+# define HWSM4_xts_encrypt sm4_v8_xts_encrypt
+# define HWSM4_xts_decrypt sm4_v8_xts_decrypt
# endif
# endif
# endif /* OPENSSL_CPUID_OBJ */
@@ -46,6 +50,16 @@ void HWSM4_ecb_encrypt(const unsigned char *in, unsigned char *out,
void HWSM4_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
const unsigned char ivec[16]);
+/* xts mode in GB/T 17964-2021 */
+void HWSM4_xts_encrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+ const SM4_KEY *key2, const uint8_t iv[16]);
+void HWSM4_xts_decrypt_gb(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+ const SM4_KEY *key2, const uint8_t iv[16]);
+/* xts mode in IEEE Std 1619-2007 */
+void HWSM4_xts_encrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+ const SM4_KEY *key2, const uint8_t iv[16]);
+void HWSM4_xts_decrypt(const unsigned char *in, unsigned char *out, size_t length, const SM4_KEY *key1,
+ const SM4_KEY *key2, const uint8_t iv[16]);
# endif /* HWSM4_CAPABLE */
#ifdef VPSM4_EX_CAPABLE
--
2.36.1
Reference in New Issue View Git Blame Copy Permalink