12 #include <botan/aes.h>
13 #include <botan/cpuid.h>
27 inline Altivec8x16 reverse_vec(Altivec8x16 src)
31 const Altivec8x16 mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0};
32 const Altivec8x16 zero = {0};
33 return vec_perm(src, zero, mask);
41 inline Altivec64x2
load_key(
const uint32_t key[])
43 return (Altivec64x2)reverse_vec((Altivec8x16)vec_vsx_ld(0, key));;
46 inline Altivec64x2 load_block(
const uint8_t src[])
48 return (Altivec64x2)reverse_vec(vec_vsx_ld(0, src));
51 inline void store_block(Altivec64x2 src, uint8_t dest[])
53 vec_vsx_st(reverse_vec((Altivec8x16)src), 0, dest);
56 inline void store_blocks(Altivec64x2 B0, Altivec64x2 B1,
57 Altivec64x2 B2, Altivec64x2 B3,
61 store_block(B1, out+16);
62 store_block(B2, out+16*2);
63 store_block(B3, out+16*3);
66 #define AES_XOR_4(B0, B1, B2, B3, K) do { \
67 B0 = vec_xor(B0, K); \
68 B1 = vec_xor(B1, K); \
69 B2 = vec_xor(B2, K); \
70 B3 = vec_xor(B3, K); \
73 #define AES_ENCRYPT_4(B0, B1, B2, B3, K) do { \
74 B0 = __builtin_crypto_vcipher(B0, K); \
75 B1 = __builtin_crypto_vcipher(B1, K); \
76 B2 = __builtin_crypto_vcipher(B2, K); \
77 B3 = __builtin_crypto_vcipher(B3, K); \
80 #define AES_ENCRYPT_4_LAST(B0, B1, B2, B3, K) do { \
81 B0 = __builtin_crypto_vcipherlast(B0, K); \
82 B1 = __builtin_crypto_vcipherlast(B1, K); \
83 B2 = __builtin_crypto_vcipherlast(B2, K); \
84 B3 = __builtin_crypto_vcipherlast(B3, K); \
87 #define AES_DECRYPT_4(B0, B1, B2, B3, K) do { \
88 B0 = __builtin_crypto_vncipher(B0, K); \
89 B1 = __builtin_crypto_vncipher(B1, K); \
90 B2 = __builtin_crypto_vncipher(B2, K); \
91 B3 = __builtin_crypto_vncipher(B3, K); \
94 #define AES_DECRYPT_4_LAST(B0, B1, B2, B3, K) do { \
95 B0 = __builtin_crypto_vncipherlast(B0, K); \
96 B1 = __builtin_crypto_vncipherlast(B1, K); \
97 B2 = __builtin_crypto_vncipherlast(B2, K); \
98 B3 = __builtin_crypto_vncipherlast(B3, K); \
104 void AES_128::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
106 const Altivec64x2 K0 =
load_key(&m_EK[0]);
114 const Altivec64x2 K8 =
load_key(&m_EK[32]);
115 const Altivec64x2 K9 =
load_key(&m_EK[36]);
116 const Altivec64x2 K10 =
load_key(&m_EK[40]);
120 Altivec64x2 B0 = load_block(in);
121 Altivec64x2 B1 = load_block(in+16);
122 Altivec64x2 B2 = load_block(in+16*2);
123 Altivec64x2 B3 = load_block(in+16*3);
137 store_blocks(B0, B1, B2, B3, out);
144 for(
size_t i = 0; i != blocks; ++i)
146 Altivec64x2
B = load_block(in);
149 B = __builtin_crypto_vcipher(B, K1);
150 B = __builtin_crypto_vcipher(B, K2);
151 B = __builtin_crypto_vcipher(B, K3);
152 B = __builtin_crypto_vcipher(B, K4);
153 B = __builtin_crypto_vcipher(B, K5);
154 B = __builtin_crypto_vcipher(B, K6);
155 B = __builtin_crypto_vcipher(B, K7);
156 B = __builtin_crypto_vcipher(B, K8);
157 B = __builtin_crypto_vcipher(B, K9);
158 B = __builtin_crypto_vcipherlast(B, K10);
168 void AES_128::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
170 const Altivec64x2 K0 =
load_key(&m_EK[40]);
171 const Altivec64x2 K1 =
load_key(&m_EK[36]);
172 const Altivec64x2 K2 =
load_key(&m_EK[32]);
173 const Altivec64x2 K3 =
load_key(&m_EK[28]);
174 const Altivec64x2 K4 =
load_key(&m_EK[24]);
175 const Altivec64x2 K5 =
load_key(&m_EK[20]);
176 const Altivec64x2 K6 =
load_key(&m_EK[16]);
177 const Altivec64x2 K7 =
load_key(&m_EK[12]);
178 const Altivec64x2 K8 =
load_key(&m_EK[8]);
179 const Altivec64x2 K9 =
load_key(&m_EK[4]);
180 const Altivec64x2 K10 =
load_key(&m_EK[0]);
184 Altivec64x2 B0 = load_block(in);
185 Altivec64x2 B1 = load_block(in+16);
186 Altivec64x2 B2 = load_block(in+16*2);
187 Altivec64x2 B3 = load_block(in+16*3);
201 store_blocks(B0, B1, B2, B3, out);
208 for(
size_t i = 0; i != blocks; ++i)
210 Altivec64x2
B = load_block(in);
213 B = __builtin_crypto_vncipher(B, K1);
214 B = __builtin_crypto_vncipher(B, K2);
215 B = __builtin_crypto_vncipher(B, K3);
216 B = __builtin_crypto_vncipher(B, K4);
217 B = __builtin_crypto_vncipher(B, K5);
218 B = __builtin_crypto_vncipher(B, K6);
219 B = __builtin_crypto_vncipher(B, K7);
220 B = __builtin_crypto_vncipher(B, K8);
221 B = __builtin_crypto_vncipher(B, K9);
222 B = __builtin_crypto_vncipherlast(B, K10);
232 void AES_192::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
234 const Altivec64x2 K0 =
load_key(&m_EK[0]);
235 const Altivec64x2 K1 =
load_key(&m_EK[4]);
236 const Altivec64x2 K2 =
load_key(&m_EK[8]);
237 const Altivec64x2 K3 =
load_key(&m_EK[12]);
238 const Altivec64x2 K4 =
load_key(&m_EK[16]);
239 const Altivec64x2 K5 =
load_key(&m_EK[20]);
240 const Altivec64x2 K6 =
load_key(&m_EK[24]);
241 const Altivec64x2 K7 =
load_key(&m_EK[28]);
242 const Altivec64x2 K8 =
load_key(&m_EK[32]);
243 const Altivec64x2 K9 =
load_key(&m_EK[36]);
244 const Altivec64x2 K10 =
load_key(&m_EK[40]);
245 const Altivec64x2 K11 =
load_key(&m_EK[44]);
246 const Altivec64x2 K12 =
load_key(&m_EK[48]);
250 Altivec64x2 B0 = load_block(in);
251 Altivec64x2 B1 = load_block(in+16);
252 Altivec64x2 B2 = load_block(in+16*2);
253 Altivec64x2 B3 = load_block(in+16*3);
269 store_blocks(B0, B1, B2, B3, out);
276 for(
size_t i = 0; i != blocks; ++i)
278 Altivec64x2
B = load_block(in);
281 B = __builtin_crypto_vcipher(B, K1);
282 B = __builtin_crypto_vcipher(B, K2);
283 B = __builtin_crypto_vcipher(B, K3);
284 B = __builtin_crypto_vcipher(B, K4);
285 B = __builtin_crypto_vcipher(B, K5);
286 B = __builtin_crypto_vcipher(B, K6);
287 B = __builtin_crypto_vcipher(B, K7);
288 B = __builtin_crypto_vcipher(B, K8);
289 B = __builtin_crypto_vcipher(B, K9);
290 B = __builtin_crypto_vcipher(B, K10);
291 B = __builtin_crypto_vcipher(B, K11);
292 B = __builtin_crypto_vcipherlast(B, K12);
302 void AES_192::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
304 const Altivec64x2 K0 =
load_key(&m_EK[48]);
305 const Altivec64x2 K1 =
load_key(&m_EK[44]);
306 const Altivec64x2 K2 =
load_key(&m_EK[40]);
307 const Altivec64x2 K3 =
load_key(&m_EK[36]);
308 const Altivec64x2 K4 =
load_key(&m_EK[32]);
309 const Altivec64x2 K5 =
load_key(&m_EK[28]);
310 const Altivec64x2 K6 =
load_key(&m_EK[24]);
311 const Altivec64x2 K7 =
load_key(&m_EK[20]);
312 const Altivec64x2 K8 =
load_key(&m_EK[16]);
313 const Altivec64x2 K9 =
load_key(&m_EK[12]);
314 const Altivec64x2 K10 =
load_key(&m_EK[8]);
315 const Altivec64x2 K11 =
load_key(&m_EK[4]);
316 const Altivec64x2 K12 =
load_key(&m_EK[0]);
320 Altivec64x2 B0 = load_block(in);
321 Altivec64x2 B1 = load_block(in+16);
322 Altivec64x2 B2 = load_block(in+16*2);
323 Altivec64x2 B3 = load_block(in+16*3);
339 store_blocks(B0, B1, B2, B3, out);
346 for(
size_t i = 0; i != blocks; ++i)
348 Altivec64x2
B = load_block(in);
351 B = __builtin_crypto_vncipher(B, K1);
352 B = __builtin_crypto_vncipher(B, K2);
353 B = __builtin_crypto_vncipher(B, K3);
354 B = __builtin_crypto_vncipher(B, K4);
355 B = __builtin_crypto_vncipher(B, K5);
356 B = __builtin_crypto_vncipher(B, K6);
357 B = __builtin_crypto_vncipher(B, K7);
358 B = __builtin_crypto_vncipher(B, K8);
359 B = __builtin_crypto_vncipher(B, K9);
360 B = __builtin_crypto_vncipher(B, K10);
361 B = __builtin_crypto_vncipher(B, K11);
362 B = __builtin_crypto_vncipherlast(B, K12);
372 void AES_256::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
374 const Altivec64x2 K0 =
load_key(&m_EK[0]);
375 const Altivec64x2 K1 =
load_key(&m_EK[4]);
376 const Altivec64x2 K2 =
load_key(&m_EK[8]);
377 const Altivec64x2 K3 =
load_key(&m_EK[12]);
378 const Altivec64x2 K4 =
load_key(&m_EK[16]);
379 const Altivec64x2 K5 =
load_key(&m_EK[20]);
380 const Altivec64x2 K6 =
load_key(&m_EK[24]);
381 const Altivec64x2 K7 =
load_key(&m_EK[28]);
382 const Altivec64x2 K8 =
load_key(&m_EK[32]);
383 const Altivec64x2 K9 =
load_key(&m_EK[36]);
384 const Altivec64x2 K10 =
load_key(&m_EK[40]);
385 const Altivec64x2 K11 =
load_key(&m_EK[44]);
386 const Altivec64x2 K12 =
load_key(&m_EK[48]);
387 const Altivec64x2 K13 =
load_key(&m_EK[52]);
388 const Altivec64x2 K14 =
load_key(&m_EK[56]);
392 Altivec64x2 B0 = load_block(in);
393 Altivec64x2 B1 = load_block(in+16);
394 Altivec64x2 B2 = load_block(in+16*2);
395 Altivec64x2 B3 = load_block(in+16*3);
413 store_blocks(B0, B1, B2, B3, out);
420 for(
size_t i = 0; i != blocks; ++i)
422 Altivec64x2
B = load_block(in);
425 B = __builtin_crypto_vcipher(B, K1);
426 B = __builtin_crypto_vcipher(B, K2);
427 B = __builtin_crypto_vcipher(B, K3);
428 B = __builtin_crypto_vcipher(B, K4);
429 B = __builtin_crypto_vcipher(B, K5);
430 B = __builtin_crypto_vcipher(B, K6);
431 B = __builtin_crypto_vcipher(B, K7);
432 B = __builtin_crypto_vcipher(B, K8);
433 B = __builtin_crypto_vcipher(B, K9);
434 B = __builtin_crypto_vcipher(B, K10);
435 B = __builtin_crypto_vcipher(B, K11);
436 B = __builtin_crypto_vcipher(B, K12);
437 B = __builtin_crypto_vcipher(B, K13);
438 B = __builtin_crypto_vcipherlast(B, K14);
448 void AES_256::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[],
size_t blocks)
const
450 const Altivec64x2 K0 =
load_key(&m_EK[56]);
451 const Altivec64x2 K1 =
load_key(&m_EK[52]);
452 const Altivec64x2 K2 =
load_key(&m_EK[48]);
453 const Altivec64x2 K3 =
load_key(&m_EK[44]);
454 const Altivec64x2 K4 =
load_key(&m_EK[40]);
455 const Altivec64x2 K5 =
load_key(&m_EK[36]);
456 const Altivec64x2 K6 =
load_key(&m_EK[32]);
457 const Altivec64x2 K7 =
load_key(&m_EK[28]);
458 const Altivec64x2 K8 =
load_key(&m_EK[24]);
459 const Altivec64x2 K9 =
load_key(&m_EK[20]);
460 const Altivec64x2 K10 =
load_key(&m_EK[16]);
461 const Altivec64x2 K11 =
load_key(&m_EK[12]);
462 const Altivec64x2 K12 =
load_key(&m_EK[8]);
463 const Altivec64x2 K13 =
load_key(&m_EK[4]);
464 const Altivec64x2 K14 =
load_key(&m_EK[0]);
468 Altivec64x2 B0 = load_block(in);
469 Altivec64x2 B1 = load_block(in+16);
470 Altivec64x2 B2 = load_block(in+16*2);
471 Altivec64x2 B3 = load_block(in+16*3);
489 store_blocks(B0, B1, B2, B3, out);
496 for(
size_t i = 0; i != blocks; ++i)
498 Altivec64x2
B = load_block(in);
501 B = __builtin_crypto_vncipher(B, K1);
502 B = __builtin_crypto_vncipher(B, K2);
503 B = __builtin_crypto_vncipher(B, K3);
504 B = __builtin_crypto_vncipher(B, K4);
505 B = __builtin_crypto_vncipher(B, K5);
506 B = __builtin_crypto_vncipher(B, K6);
507 B = __builtin_crypto_vncipher(B, K7);
508 B = __builtin_crypto_vncipher(B, K8);
509 B = __builtin_crypto_vncipher(B, K9);
510 B = __builtin_crypto_vncipher(B, K10);
511 B = __builtin_crypto_vncipher(B, K11);
512 B = __builtin_crypto_vncipher(B, K12);
513 B = __builtin_crypto_vncipher(B, K13);
514 B = __builtin_crypto_vncipherlast(B, K14);
525 #undef AES_ENCRYPT_4_LAST
527 #undef AES_DECRYPT_4_LAST
void BOTAN_FUNC_ISA("arch=armv8.2-a+sm4") SM4 const uint32x4_t K1
__vector unsigned char Altivec8x16
#define BOTAN_FUNC_ISA(isa)
#define AES_XOR_4(B0, B1, B2, B3, K)
__vector unsigned int Altivec32x4
static bool is_little_endian()
#define AES_ENCRYPT_4_LAST(B0, B1, B2, B3, K)
#define AES_ENCRYPT_4(B0, B1, B2, B3, K)
std::unique_ptr< Private_Key > load_key(DataSource &source, std::function< std::string()> get_pass)
__vector unsigned long long Altivec64x2
#define AES_DECRYPT_4(B0, B1, B2, B3, K)
#define AES_DECRYPT_4_LAST(B0, B1, B2, B3, K)