Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
target/riscv: Use aesdec_ISB_ISR_IMC_AK
This implements the AES64DSM instruction.  This was the last use
of aes64_operation and its support macros, so remove them all.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
  • Loading branch information
rth7680 committed Jul 9, 2023
1 parent 274f337 commit 4ad6f9b
Showing 1 changed file with 10 additions and 91 deletions.
101 changes: 10 additions & 91 deletions target/riscv/crypto_helper.c
Expand Up @@ -104,98 +104,8 @@ target_ulong HELPER(aes32dsi)(target_ulong rs1, target_ulong rs2,
return aes32_operation(shamt, rs1, rs2, false, false);
}

#define BY(X, I) ((X >> (8 * I)) & 0xFF)

#define AES_SHIFROWS_LO(RS1, RS2) ( \
(((RS1 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \
(((RS2 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \
(((RS2 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \
(((RS1 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0))

#define AES_INVSHIFROWS_LO(RS1, RS2) ( \
(((RS2 >> 24) & 0xFF) << 56) | (((RS2 >> 48) & 0xFF) << 48) | \
(((RS1 >> 8) & 0xFF) << 40) | (((RS1 >> 32) & 0xFF) << 32) | \
(((RS1 >> 56) & 0xFF) << 24) | (((RS2 >> 16) & 0xFF) << 16) | \
(((RS2 >> 40) & 0xFF) << 8) | (((RS1 >> 0) & 0xFF) << 0))

#define AES_MIXBYTE(COL, B0, B1, B2, B3) ( \
BY(COL, B3) ^ BY(COL, B2) ^ AES_GFMUL(BY(COL, B1), 3) ^ \
AES_GFMUL(BY(COL, B0), 2))

#define AES_MIXCOLUMN(COL) ( \
AES_MIXBYTE(COL, 3, 0, 1, 2) << 24 | \
AES_MIXBYTE(COL, 2, 3, 0, 1) << 16 | \
AES_MIXBYTE(COL, 1, 2, 3, 0) << 8 | AES_MIXBYTE(COL, 0, 1, 2, 3) << 0)

#define AES_INVMIXBYTE(COL, B0, B1, B2, B3) ( \
AES_GFMUL(BY(COL, B3), 0x9) ^ AES_GFMUL(BY(COL, B2), 0xd) ^ \
AES_GFMUL(BY(COL, B1), 0xb) ^ AES_GFMUL(BY(COL, B0), 0xe))

#define AES_INVMIXCOLUMN(COL) ( \
AES_INVMIXBYTE(COL, 3, 0, 1, 2) << 24 | \
AES_INVMIXBYTE(COL, 2, 3, 0, 1) << 16 | \
AES_INVMIXBYTE(COL, 1, 2, 3, 0) << 8 | \
AES_INVMIXBYTE(COL, 0, 1, 2, 3) << 0)

static const AESState aes_zero = { };

static inline target_ulong aes64_operation(target_ulong rs1, target_ulong rs2,
bool enc, bool mix)
{
uint64_t RS1 = rs1;
uint64_t RS2 = rs2;
uint64_t result;
uint64_t temp;
uint32_t col_0;
uint32_t col_1;

if (enc) {
temp = AES_SHIFROWS_LO(RS1, RS2);
temp = (((uint64_t)AES_sbox[(temp >> 0) & 0xFF] << 0) |
((uint64_t)AES_sbox[(temp >> 8) & 0xFF] << 8) |
((uint64_t)AES_sbox[(temp >> 16) & 0xFF] << 16) |
((uint64_t)AES_sbox[(temp >> 24) & 0xFF] << 24) |
((uint64_t)AES_sbox[(temp >> 32) & 0xFF] << 32) |
((uint64_t)AES_sbox[(temp >> 40) & 0xFF] << 40) |
((uint64_t)AES_sbox[(temp >> 48) & 0xFF] << 48) |
((uint64_t)AES_sbox[(temp >> 56) & 0xFF] << 56));
if (mix) {
col_0 = temp & 0xFFFFFFFF;
col_1 = temp >> 32;

col_0 = AES_MIXCOLUMN(col_0);
col_1 = AES_MIXCOLUMN(col_1);

result = ((uint64_t)col_1 << 32) | col_0;
} else {
result = temp;
}
} else {
temp = AES_INVSHIFROWS_LO(RS1, RS2);
temp = (((uint64_t)AES_isbox[(temp >> 0) & 0xFF] << 0) |
((uint64_t)AES_isbox[(temp >> 8) & 0xFF] << 8) |
((uint64_t)AES_isbox[(temp >> 16) & 0xFF] << 16) |
((uint64_t)AES_isbox[(temp >> 24) & 0xFF] << 24) |
((uint64_t)AES_isbox[(temp >> 32) & 0xFF] << 32) |
((uint64_t)AES_isbox[(temp >> 40) & 0xFF] << 40) |
((uint64_t)AES_isbox[(temp >> 48) & 0xFF] << 48) |
((uint64_t)AES_isbox[(temp >> 56) & 0xFF] << 56));
if (mix) {
col_0 = temp & 0xFFFFFFFF;
col_1 = temp >> 32;

col_0 = AES_INVMIXCOLUMN(col_0);
col_1 = AES_INVMIXCOLUMN(col_1);

result = ((uint64_t)col_1 << 32) | col_0;
} else {
result = temp;
}
}

return result;
}

target_ulong HELPER(aes64esm)(target_ulong rs1, target_ulong rs2)
{
AESState t;
Expand Down Expand Up @@ -228,7 +138,16 @@ target_ulong HELPER(aes64ds)(target_ulong rs1, target_ulong rs2)

target_ulong HELPER(aes64dsm)(target_ulong rs1, target_ulong rs2)
{
return aes64_operation(rs1, rs2, false, true);
AESState t, z = { };

/*
* This instruction does not include a round key,
* so supply a zero to our primitive.
*/
t.d[HOST_BIG_ENDIAN] = rs1;
t.d[!HOST_BIG_ENDIAN] = rs2;
aesdec_ISB_ISR_IMC_AK(&t, &t, &z, false);
return t.d[HOST_BIG_ENDIAN];
}

target_ulong HELPER(aes64ks2)(target_ulong rs1, target_ulong rs2)
Expand Down

0 comments on commit 4ad6f9b

Please sign in to comment.