Re: [PATCH v8 06/14] target/riscv: rvk: add support for zknd/zkne extension in RV32

2022-03-10 Thread Alistair Francis 
On Tue, Mar 1, 2022 at 10:08 PM Weiwei Li  wrote:
>
>  - add aes32esmi, aes32esi, aes32dsmi and aes32dsi instructions
>
> Co-authored-by: Zewen Ye 
> Signed-off-by: Weiwei Li 
> Signed-off-by: Junqiang Wang 
> Reviewed-by: Richard Henderson 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  target/riscv/crypto_helper.c| 105 
>  target/riscv/helper.h   |   6 ++
>  target/riscv/insn32.decode  |  11 +++
>  target/riscv/insn_trans/trans_rvk.c.inc |  67 +++
>  target/riscv/meson.build|   3 +-
>  target/riscv/translate.c|   1 +
>  6 files changed, 192 insertions(+), 1 deletion(-)
>  create mode 100644 target/riscv/crypto_helper.c
>  create mode 100644 target/riscv/insn_trans/trans_rvk.c.inc
>
> diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c
> new file mode 100644
> index 00..220d51c742
> --- /dev/null
> +++ b/target/riscv/crypto_helper.c
> @@ -0,0 +1,105 @@
> +/*
> + * RISC-V Crypto Emulation Helpers for QEMU.
> + *
> + * Copyright (c) 2021 Ruibo Lu, luruibo2...@163.com
> + * Copyright (c) 2021 Zewen Ye, lust...@foxmail.com
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2 or later, as published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope it will be useful, but WITHOUT
> + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
> + * more details.
> + *
> + * You should have received a copy of the GNU General Public License along 
> with
> + * this program.  If not, see .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "cpu.h"
> +#include "exec/exec-all.h"
> +#include "exec/helper-proto.h"
> +#include "crypto/aes.h"
> +#include "crypto/sm4.h"
> +
> +#define AES_XTIME(a) \
> +((a << 1) ^ ((a & 0x80) ? 0x1b : 0))
> +
> +#define AES_GFMUL(a, b) (( \
> +(((b) & 0x1) ? (a) : 0) ^ \
> +(((b) & 0x2) ? AES_XTIME(a) : 0) ^ \
> +(((b) & 0x4) ? AES_XTIME(AES_XTIME(a)) : 0) ^ \
> +(((b) & 0x8) ? AES_XTIME(AES_XTIME(AES_XTIME(a))) : 0)) & 0xFF)
> +
> +static inline uint32_t aes_mixcolumn_byte(uint8_t x, bool fwd)
> +{
> +uint32_t u;
> +
> +if (fwd) {
> +u = (AES_GFMUL(x, 3) << 24) | (x << 16) | (x << 8) |
> +(AES_GFMUL(x, 2) << 0);
> +} else {
> +u = (AES_GFMUL(x, 0xb) << 24) | (AES_GFMUL(x, 0xd) << 16) |
> +(AES_GFMUL(x, 0x9) << 8) | (AES_GFMUL(x, 0xe) << 0);
> +}
> +return u;
> +}
> +
> +#define sext32_xlen(x) (target_ulong)(int32_t)(x)
> +
> +static inline target_ulong aes32_operation(target_ulong shamt,
> +   target_ulong rs1, target_ulong 
> rs2,
> +   bool enc, bool mix)
> +{
> +uint8_t si = rs2 >> shamt;
> +uint8_t so;
> +uint32_t mixed;
> +target_ulong res;
> +
> +if (enc) {
> +so = AES_sbox[si];
> +if (mix) {
> +mixed = aes_mixcolumn_byte(so, true);
> +} else {
> +mixed = so;
> +}
> +} else {
> +so = AES_isbox[si];
> +if (mix) {
> +mixed = aes_mixcolumn_byte(so, false);
> +} else {
> +mixed = so;
> +}
> +}
> +mixed = rol32(mixed, shamt);
> +res = rs1 ^ mixed;
> +
> +return sext32_xlen(res);
> +}
> +
> +target_ulong HELPER(aes32esmi)(target_ulong rs1, target_ulong rs2,
> +   target_ulong shamt)
> +{
> +return aes32_operation(shamt, rs1, rs2, true, true);
> +}
> +
> +target_ulong HELPER(aes32esi)(target_ulong rs1, target_ulong rs2,
> +  target_ulong shamt)
> +{
> +return aes32_operation(shamt, rs1, rs2, true, false);
> +}
> +
> +target_ulong HELPER(aes32dsmi)(target_ulong rs1, target_ulong rs2,
> +   target_ulong shamt)
> +{
> +return aes32_operation(shamt, rs1, rs2, false, true);
> +}
> +
> +target_ulong HELPER(aes32dsi)(target_ulong rs1, target_ulong rs2,
> +  target_ulong shamt)
> +{
> +return aes32_operation(shamt, rs1, rs2, false, false);
> +}
> +#undef sext32_xlen
> diff --git a/target/riscv/helper.h b/target/riscv/helper.h
> index a1d28b257f..d31bfadb3e 100644
> --- a/target/riscv/helper.h
> +++ b/target/riscv/helper.h
> @@ -1115,3 +1115,9 @@ DEF_HELPER_5(divu_i128, tl, env, tl, tl, tl, tl)
>  DEF_HELPER_5(divs_i128, tl, env, tl, tl, tl, tl)
>  DEF_HELPER_5(remu_i128, tl, env, tl, tl, tl, tl)
>  DEF_HELPER_5(rems_i128, tl, env, tl, tl, tl, tl)
> +
> +/* Crypto functions */
> +DEF_HELPER_FLAGS_3(aes32esmi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
> +DEF_HELPER_FLAGS_3(aes32esi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
> +DEF_HELPER_FLAGS_3(aes32dsmi,

[PATCH v8 06/14] target/riscv: rvk: add support for zknd/zkne extension in RV32

2022-03-01 Thread Weiwei Li 
 - add aes32esmi, aes32esi, aes32dsmi and aes32dsi instructions

Co-authored-by: Zewen Ye 
Signed-off-by: Weiwei Li 
Signed-off-by: Junqiang Wang 
Reviewed-by: Richard Henderson 
---
 target/riscv/crypto_helper.c| 105 
 target/riscv/helper.h   |   6 ++
 target/riscv/insn32.decode  |  11 +++
 target/riscv/insn_trans/trans_rvk.c.inc |  67 +++
 target/riscv/meson.build|   3 +-
 target/riscv/translate.c|   1 +
 6 files changed, 192 insertions(+), 1 deletion(-)
 create mode 100644 target/riscv/crypto_helper.c
 create mode 100644 target/riscv/insn_trans/trans_rvk.c.inc

diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c
new file mode 100644
index 00..220d51c742
--- /dev/null
+++ b/target/riscv/crypto_helper.c
@@ -0,0 +1,105 @@
+/*
+ * RISC-V Crypto Emulation Helpers for QEMU.
+ *
+ * Copyright (c) 2021 Ruibo Lu, luruibo2...@163.com
+ * Copyright (c) 2021 Zewen Ye, lust...@foxmail.com
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
+#include "crypto/aes.h"
+#include "crypto/sm4.h"
+
+#define AES_XTIME(a) \
+((a << 1) ^ ((a & 0x80) ? 0x1b : 0))
+
+#define AES_GFMUL(a, b) (( \
+(((b) & 0x1) ? (a) : 0) ^ \
+(((b) & 0x2) ? AES_XTIME(a) : 0) ^ \
+(((b) & 0x4) ? AES_XTIME(AES_XTIME(a)) : 0) ^ \
+(((b) & 0x8) ? AES_XTIME(AES_XTIME(AES_XTIME(a))) : 0)) & 0xFF)
+
+static inline uint32_t aes_mixcolumn_byte(uint8_t x, bool fwd)
+{
+uint32_t u;
+
+if (fwd) {
+u = (AES_GFMUL(x, 3) << 24) | (x << 16) | (x << 8) |
+(AES_GFMUL(x, 2) << 0);
+} else {
+u = (AES_GFMUL(x, 0xb) << 24) | (AES_GFMUL(x, 0xd) << 16) |
+(AES_GFMUL(x, 0x9) << 8) | (AES_GFMUL(x, 0xe) << 0);
+}
+return u;
+}
+
+#define sext32_xlen(x) (target_ulong)(int32_t)(x)
+
+static inline target_ulong aes32_operation(target_ulong shamt,
+   target_ulong rs1, target_ulong rs2,
+   bool enc, bool mix)
+{
+uint8_t si = rs2 >> shamt;
+uint8_t so;
+uint32_t mixed;
+target_ulong res;
+
+if (enc) {
+so = AES_sbox[si];
+if (mix) {
+mixed = aes_mixcolumn_byte(so, true);
+} else {
+mixed = so;
+}
+} else {
+so = AES_isbox[si];
+if (mix) {
+mixed = aes_mixcolumn_byte(so, false);
+} else {
+mixed = so;
+}
+}
+mixed = rol32(mixed, shamt);
+res = rs1 ^ mixed;
+
+return sext32_xlen(res);
+}
+
+target_ulong HELPER(aes32esmi)(target_ulong rs1, target_ulong rs2,
+   target_ulong shamt)
+{
+return aes32_operation(shamt, rs1, rs2, true, true);
+}
+
+target_ulong HELPER(aes32esi)(target_ulong rs1, target_ulong rs2,
+  target_ulong shamt)
+{
+return aes32_operation(shamt, rs1, rs2, true, false);
+}
+
+target_ulong HELPER(aes32dsmi)(target_ulong rs1, target_ulong rs2,
+   target_ulong shamt)
+{
+return aes32_operation(shamt, rs1, rs2, false, true);
+}
+
+target_ulong HELPER(aes32dsi)(target_ulong rs1, target_ulong rs2,
+  target_ulong shamt)
+{
+return aes32_operation(shamt, rs1, rs2, false, false);
+}
+#undef sext32_xlen
diff --git a/target/riscv/helper.h b/target/riscv/helper.h
index a1d28b257f..d31bfadb3e 100644
--- a/target/riscv/helper.h
+++ b/target/riscv/helper.h
@@ -1115,3 +1115,9 @@ DEF_HELPER_5(divu_i128, tl, env, tl, tl, tl, tl)
 DEF_HELPER_5(divs_i128, tl, env, tl, tl, tl, tl)
 DEF_HELPER_5(remu_i128, tl, env, tl, tl, tl, tl)
 DEF_HELPER_5(rems_i128, tl, env, tl, tl, tl, tl)
+
+/* Crypto functions */
+DEF_HELPER_FLAGS_3(aes32esmi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
+DEF_HELPER_FLAGS_3(aes32esi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
+DEF_HELPER_FLAGS_3(aes32dsmi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
+DEF_HELPER_FLAGS_3(aes32dsi, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl)
diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode
index 75ffac9c81..0f2e661583 100644
--- a/target/riscv/insn32.decode
+++ b/target/riscv/insn32.decode
@@ -35,6 +35,7 @@
 %imm_b31:s1 7:1 25:6 8:4 !function=ex_shift_1
 %imm_j31:s1 12:8 20:1 21:10