Re: [PATCH v8 07/14] target/riscv: rvk: add support for zkne/zknd extension in RV64
On Tue, Mar 1, 2022 at 10:03 PM Weiwei Li wrote: > > - add aes64dsm, aes64ds, aes64im, aes64es, aes64esm, aes64ks2, aes64ks1i > instructions > > Co-authored-by: Ruibo Lu > Co-authored-by: Zewen Ye > Signed-off-by: Weiwei Li > Signed-off-by: Junqiang Wang > Reviewed-by: Richard Henderson Acked-by: Alistair Francis Alistair > --- > target/riscv/crypto_helper.c| 169 > target/riscv/helper.h | 8 ++ > target/riscv/insn32.decode | 12 ++ > target/riscv/insn_trans/trans_rvk.c.inc | 47 +++ > 4 files changed, 236 insertions(+) > > diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c > index 220d51c742..cb4783a1e9 100644 > --- a/target/riscv/crypto_helper.c > +++ b/target/riscv/crypto_helper.c > @@ -102,4 +102,173 @@ target_ulong HELPER(aes32dsi)(target_ulong rs1, > target_ulong rs2, > { > return aes32_operation(shamt, rs1, rs2, false, false); > } > + > +#define BY(X, I) ((X >> (8 * I)) & 0xFF) > + > +#define AES_SHIFROWS_LO(RS1, RS2) ( \ > +(((RS1 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \ > +(((RS2 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \ > +(((RS2 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \ > +(((RS1 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0)) > + > +#define AES_INVSHIFROWS_LO(RS1, RS2) ( \ > +(((RS2 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \ > +(((RS1 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \ > +(((RS1 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \ > +(((RS2 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0)) > + > +#define AES_MIXBYTE(COL, B0, B1, B2, B3) ( \ > +BY(COL, B3) ^ BY(COL, B2) ^ AES_GFMUL(BY(COL, B1), 3) ^ \ > +AES_GFMUL(BY(COL, B0), 2)) > + > +#define AES_MIXCOLUMN(COL) ( \ > +AES_MIXBYTE(COL, 3, 0, 1, 2) << 24 | \ > +AES_MIXBYTE(COL, 2, 3, 0, 1) << 16 | \ > +AES_MIXBYTE(COL, 1, 2, 3, 0) << 8 | AES_MIXBYTE(COL, 0, 1, 2, 3) << 0) > + > +#define AES_INVMIXBYTE(COL, B0, B1, B2, B3) ( \ > +AES_GFMUL(BY(COL, B3), 0x9) ^ AES_GFMUL(BY(COL, B2), 0xd) ^ \ > +AES_GFMUL(BY(COL, B1), 0xb) ^ AES_GFMUL(BY(COL, B0), 0xe)) > + > +#define AES_INVMIXCOLUMN(COL) ( \ > +AES_INVMIXBYTE(COL, 3, 0, 1, 2) << 24 | \ > +AES_INVMIXBYTE(COL, 2, 3, 0, 1) << 16 | \ > +AES_INVMIXBYTE(COL, 1, 2, 3, 0) << 8 | \ > +AES_INVMIXBYTE(COL, 0, 1, 2, 3) << 0) > + > +static inline target_ulong aes64_operation(target_ulong rs1, target_ulong > rs2, > + bool enc, bool mix) > +{ > +uint64_t RS1 = rs1; > +uint64_t RS2 = rs2; > +uint64_t result; > +uint64_t temp; > +uint32_t col_0; > +uint32_t col_1; > + > +if (enc) { > +temp = AES_SHIFROWS_LO(RS1, RS2); > +temp = (((uint64_t)AES_sbox[(temp >> 0) & 0xFF] << 0) | > +((uint64_t)AES_sbox[(temp >> 8) & 0xFF] << 8) | > +((uint64_t)AES_sbox[(temp >> 16) & 0xFF] << 16) | > +((uint64_t)AES_sbox[(temp >> 24) & 0xFF] << 24) | > +((uint64_t)AES_sbox[(temp >> 32) & 0xFF] << 32) | > +((uint64_t)AES_sbox[(temp >> 40) & 0xFF] << 40) | > +((uint64_t)AES_sbox[(temp >> 48) & 0xFF] << 48) | > +((uint64_t)AES_sbox[(temp >> 56) & 0xFF] << 56)); > +if (mix) { > +col_0 = temp & 0x; > +col_1 = temp >> 32; > + > +col_0 = AES_MIXCOLUMN(col_0); > +col_1 = AES_MIXCOLUMN(col_1); > + > +result = ((uint64_t)col_1 << 32) | col_0; > +} else { > +result = temp; > +} > +} else { > +temp = AES_INVSHIFROWS_LO(RS1, RS2); > +temp = (((uint64_t)AES_isbox[(temp >> 0) & 0xFF] << 0) | > +((uint64_t)AES_isbox[(temp >> 8) & 0xFF] << 8) | > +((uint64_t)AES_isbox[(temp >> 16) & 0xFF] << 16) | > +((uint64_t)AES_isbox[(temp >> 24) & 0xFF] << 24) | > +((uint64_t)AES_isbox[(temp >> 32) & 0xFF] << 32) | > +((uint64_t)AES_isbox[(temp >> 40) & 0xFF] << 40) | > +((uint64_t)AES_isbox[(temp >> 48) & 0xFF] << 48) | > +((uint64_t)AES_isbox[(temp >> 56) & 0xFF] << 56)); > +if (mix) { > +col_0 = temp & 0x; > +col_1 = temp >> 32; > + > +col_0 = AES_INVMIXCOLUMN(col_0); > +col_1 = AES_INVMIXCOLUMN(col_1); > + > +result = ((uint64_t)col_1 << 32) | col_0; > +} else { > +result = temp; > +} > +} > + > +return result; > +} > + > +target_ulong HELPER(aes64esm)(target_ulong rs1, target_ulong rs2) > +{ > +return aes64_operation(rs1, rs2, true, true); > +} > + > +target_ulong HELPER(aes64es)(target_ulong rs1, target_ulong rs2) > +{ > +return aes64_operation(rs1, rs2, true, false); > +} > + > +target_ulong HELPER(aes64ds)(target_ulong rs1,
[PATCH v8 07/14] target/riscv: rvk: add support for zkne/zknd extension in RV64
- add aes64dsm, aes64ds, aes64im, aes64es, aes64esm, aes64ks2, aes64ks1i instructions Co-authored-by: Ruibo Lu Co-authored-by: Zewen Ye Signed-off-by: Weiwei Li Signed-off-by: Junqiang Wang Reviewed-by: Richard Henderson --- target/riscv/crypto_helper.c| 169 target/riscv/helper.h | 8 ++ target/riscv/insn32.decode | 12 ++ target/riscv/insn_trans/trans_rvk.c.inc | 47 +++ 4 files changed, 236 insertions(+) diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c index 220d51c742..cb4783a1e9 100644 --- a/target/riscv/crypto_helper.c +++ b/target/riscv/crypto_helper.c @@ -102,4 +102,173 @@ target_ulong HELPER(aes32dsi)(target_ulong rs1, target_ulong rs2, { return aes32_operation(shamt, rs1, rs2, false, false); } + +#define BY(X, I) ((X >> (8 * I)) & 0xFF) + +#define AES_SHIFROWS_LO(RS1, RS2) ( \ +(((RS1 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \ +(((RS2 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \ +(((RS2 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \ +(((RS1 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0)) + +#define AES_INVSHIFROWS_LO(RS1, RS2) ( \ +(((RS2 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \ +(((RS1 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \ +(((RS1 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \ +(((RS2 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0)) + +#define AES_MIXBYTE(COL, B0, B1, B2, B3) ( \ +BY(COL, B3) ^ BY(COL, B2) ^ AES_GFMUL(BY(COL, B1), 3) ^ \ +AES_GFMUL(BY(COL, B0), 2)) + +#define AES_MIXCOLUMN(COL) ( \ +AES_MIXBYTE(COL, 3, 0, 1, 2) << 24 | \ +AES_MIXBYTE(COL, 2, 3, 0, 1) << 16 | \ +AES_MIXBYTE(COL, 1, 2, 3, 0) << 8 | AES_MIXBYTE(COL, 0, 1, 2, 3) << 0) + +#define AES_INVMIXBYTE(COL, B0, B1, B2, B3) ( \ +AES_GFMUL(BY(COL, B3), 0x9) ^ AES_GFMUL(BY(COL, B2), 0xd) ^ \ +AES_GFMUL(BY(COL, B1), 0xb) ^ AES_GFMUL(BY(COL, B0), 0xe)) + +#define AES_INVMIXCOLUMN(COL) ( \ +AES_INVMIXBYTE(COL, 3, 0, 1, 2) << 24 | \ +AES_INVMIXBYTE(COL, 2, 3, 0, 1) << 16 | \ +AES_INVMIXBYTE(COL, 1, 2, 3, 0) << 8 | \ +AES_INVMIXBYTE(COL, 0, 1, 2, 3) << 0) + +static inline target_ulong aes64_operation(target_ulong rs1, target_ulong rs2, + bool enc, bool mix) +{ +uint64_t RS1 = rs1; +uint64_t RS2 = rs2; +uint64_t result; +uint64_t temp; +uint32_t col_0; +uint32_t col_1; + +if (enc) { +temp = AES_SHIFROWS_LO(RS1, RS2); +temp = (((uint64_t)AES_sbox[(temp >> 0) & 0xFF] << 0) | +((uint64_t)AES_sbox[(temp >> 8) & 0xFF] << 8) | +((uint64_t)AES_sbox[(temp >> 16) & 0xFF] << 16) | +((uint64_t)AES_sbox[(temp >> 24) & 0xFF] << 24) | +((uint64_t)AES_sbox[(temp >> 32) & 0xFF] << 32) | +((uint64_t)AES_sbox[(temp >> 40) & 0xFF] << 40) | +((uint64_t)AES_sbox[(temp >> 48) & 0xFF] << 48) | +((uint64_t)AES_sbox[(temp >> 56) & 0xFF] << 56)); +if (mix) { +col_0 = temp & 0x; +col_1 = temp >> 32; + +col_0 = AES_MIXCOLUMN(col_0); +col_1 = AES_MIXCOLUMN(col_1); + +result = ((uint64_t)col_1 << 32) | col_0; +} else { +result = temp; +} +} else { +temp = AES_INVSHIFROWS_LO(RS1, RS2); +temp = (((uint64_t)AES_isbox[(temp >> 0) & 0xFF] << 0) | +((uint64_t)AES_isbox[(temp >> 8) & 0xFF] << 8) | +((uint64_t)AES_isbox[(temp >> 16) & 0xFF] << 16) | +((uint64_t)AES_isbox[(temp >> 24) & 0xFF] << 24) | +((uint64_t)AES_isbox[(temp >> 32) & 0xFF] << 32) | +((uint64_t)AES_isbox[(temp >> 40) & 0xFF] << 40) | +((uint64_t)AES_isbox[(temp >> 48) & 0xFF] << 48) | +((uint64_t)AES_isbox[(temp >> 56) & 0xFF] << 56)); +if (mix) { +col_0 = temp & 0x; +col_1 = temp >> 32; + +col_0 = AES_INVMIXCOLUMN(col_0); +col_1 = AES_INVMIXCOLUMN(col_1); + +result = ((uint64_t)col_1 << 32) | col_0; +} else { +result = temp; +} +} + +return result; +} + +target_ulong HELPER(aes64esm)(target_ulong rs1, target_ulong rs2) +{ +return aes64_operation(rs1, rs2, true, true); +} + +target_ulong HELPER(aes64es)(target_ulong rs1, target_ulong rs2) +{ +return aes64_operation(rs1, rs2, true, false); +} + +target_ulong HELPER(aes64ds)(target_ulong rs1, target_ulong rs2) +{ +return aes64_operation(rs1, rs2, false, false); +} + +target_ulong HELPER(aes64dsm)(target_ulong rs1, target_ulong rs2) +{ +return aes64_operation(rs1, rs2, false, true); +} + +target_ulong HELPER(aes64ks2)(target_ulong rs1, target_ulong rs2) +{ +uint64_t RS1 = rs1; +uint64_t RS2 = rs2; +uint32_t rs1_hi =