| Message ID | 20220318041944.19859-12-liweiwei@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | support subsets of scalar crypto extension | expand |
On Fri, Mar 18, 2022 at 2:29 PM Weiwei Li <liweiwei@iscas.ac.cn> wrote: > > - add sm3p0, sm3p1, sm4ed and sm4ks instructions > > Co-authored-by: Ruibo Lu <luruibo2000@163.com> > Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> > Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> > Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Acked-by: Alistair Francis <alistair.francis@wdc.com> Alistair > --- > target/riscv/crypto_helper.c | 28 ++++++++++++ > target/riscv/helper.h | 3 ++ > target/riscv/insn32.decode | 6 +++ > target/riscv/insn_trans/trans_rvk.c.inc | 58 +++++++++++++++++++++++++ > 4 files changed, 95 insertions(+) > > diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c > index cb4783a1e9..2ef30281b1 100644 > --- a/target/riscv/crypto_helper.c > +++ b/target/riscv/crypto_helper.c > @@ -271,4 +271,32 @@ target_ulong HELPER(aes64im)(target_ulong rs1) > > return result; > } > + > +target_ulong HELPER(sm4ed)(target_ulong rs1, target_ulong rs2, > + target_ulong shamt) > +{ > + uint32_t sb_in = (uint8_t)(rs2 >> shamt); > + uint32_t sb_out = (uint32_t)sm4_sbox[sb_in]; > + > + uint32_t x = sb_out ^ (sb_out << 8) ^ (sb_out << 2) ^ (sb_out << 18) ^ > + ((sb_out & 0x3f) << 26) ^ ((sb_out & 0xC0) << 10); > + > + uint32_t rotl = rol32(x, shamt); > + > + return sext32_xlen(rotl ^ (uint32_t)rs1); > +} > + > +target_ulong HELPER(sm4ks)(target_ulong rs1, target_ulong rs2, > + target_ulong shamt) > +{ > + uint32_t sb_in = (uint8_t)(rs2 >> shamt); > + uint32_t sb_out = sm4_sbox[sb_in]; > + > + uint32_t x = sb_out ^ ((sb_out & 0x07) << 29) ^ ((sb_out & 0xFE) << 7) ^ > + ((sb_out & 0x01) << 23) ^ ((sb_out & 0xF8) << 13); > + > + uint32_t rotl = rol32(x, shamt); > + > + return sext32_xlen(rotl ^ (uint32_t)rs1); > +} > #undef sext32_xlen > diff --git a/target/riscv/helper.h b/target/riscv/helper.h > index 0df0a05b11..863e0edd84 100644 > --- a/target/riscv/helper.h > +++ b/target/riscv/helper.h > @@ -1129,3 +1129,6 @@ DEF_HELPER_FLAGS_2(aes64dsm, TCG_CALL_NO_RWG_SE, tl, tl, tl) > DEF_HELPER_FLAGS_2(aes64ks2, TCG_CALL_NO_RWG_SE, tl, tl, tl) > DEF_HELPER_FLAGS_2(aes64ks1i, TCG_CALL_NO_RWG_SE, tl, tl, tl) > DEF_HELPER_FLAGS_1(aes64im, TCG_CALL_NO_RWG_SE, tl, tl) > + > +DEF_HELPER_FLAGS_3(sm4ed, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl) > +DEF_HELPER_FLAGS_3(sm4ks, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl) > diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode > index d9ebb138d1..4033565393 100644 > --- a/target/riscv/insn32.decode > +++ b/target/riscv/insn32.decode > @@ -873,3 +873,9 @@ sha512sig0 00 01000 00110 ..... 001 ..... 0010011 @r2 > sha512sig1 00 01000 00111 ..... 001 ..... 0010011 @r2 > sha512sum0 00 01000 00100 ..... 001 ..... 0010011 @r2 > sha512sum1 00 01000 00101 ..... 001 ..... 0010011 @r2 > +# *** RV32 Zksh Standard Extension *** > +sm3p0 00 01000 01000 ..... 001 ..... 0010011 @r2 > +sm3p1 00 01000 01001 ..... 001 ..... 0010011 @r2 > +# *** RV32 Zksed Standard Extension *** > +sm4ed .. 11000 ..... ..... 000 ..... 0110011 @k_aes > +sm4ks .. 11010 ..... ..... 000 ..... 0110011 @k_aes > diff --git a/target/riscv/insn_trans/trans_rvk.c.inc b/target/riscv/insn_trans/trans_rvk.c.inc > index b1ce4f27cf..b5e946566a 100644 > --- a/target/riscv/insn_trans/trans_rvk.c.inc > +++ b/target/riscv/insn_trans/trans_rvk.c.inc > @@ -35,6 +35,18 @@ > } \ > } while (0) > > +#define REQUIRE_ZKSED(ctx) do { \ > + if (!ctx->cfg_ptr->ext_zksed) { \ > + return false; \ > + } \ > +} while (0) > + > +#define REQUIRE_ZKSH(ctx) do { \ > + if (!ctx->cfg_ptr->ext_zksh) { \ > + return false; \ > + } \ > +} while (0) > + > static bool gen_aes32_sm4(DisasContext *ctx, arg_k_aes *a, > void (*func)(TCGv, TCGv, TCGv, TCGv)) > { > @@ -320,3 +332,49 @@ static bool trans_sha512sum1(DisasContext *ctx, arg_sha512sum1 *a) > REQUIRE_ZKNH(ctx); > return gen_sha512_rv64(ctx, a, EXT_NONE, tcg_gen_rotri_i64, 14, 18, 41); > } > + > +/* SM3 */ > +static bool gen_sm3(DisasContext *ctx, arg_r2 *a, int32_t b, int32_t c) > +{ > + TCGv dest = dest_gpr(ctx, a->rd); > + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); > + TCGv_i32 t0 = tcg_temp_new_i32(); > + TCGv_i32 t1 = tcg_temp_new_i32(); > + > + tcg_gen_trunc_tl_i32(t0, src1); > + tcg_gen_rotli_i32(t1, t0, b); > + tcg_gen_xor_i32(t1, t0, t1); > + tcg_gen_rotli_i32(t0, t0, c); > + tcg_gen_xor_i32(t1, t1, t0); > + tcg_gen_ext_i32_tl(dest, t1); > + gen_set_gpr(ctx, a->rd, dest); > + > + tcg_temp_free_i32(t0); > + tcg_temp_free_i32(t1); > + return true; > +} > + > +static bool trans_sm3p0(DisasContext *ctx, arg_sm3p0 *a) > +{ > + REQUIRE_ZKSH(ctx); > + return gen_sm3(ctx, a, 9, 17); > +} > + > +static bool trans_sm3p1(DisasContext *ctx, arg_sm3p1 *a) > +{ > + REQUIRE_ZKSH(ctx); > + return gen_sm3(ctx, a, 15, 23); > +} > + > +/* SM4 */ > +static bool trans_sm4ed(DisasContext *ctx, arg_sm4ed *a) > +{ > + REQUIRE_ZKSED(ctx); > + return gen_aes32_sm4(ctx, a, gen_helper_sm4ed); > +} > + > +static bool trans_sm4ks(DisasContext *ctx, arg_sm4ks *a) > +{ > + REQUIRE_ZKSED(ctx); > + return gen_aes32_sm4(ctx, a, gen_helper_sm4ks); > +} > -- > 2.17.1 > >
diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c index cb4783a1e9..2ef30281b1 100644 --- a/target/riscv/crypto_helper.c +++ b/target/riscv/crypto_helper.c @@ -271,4 +271,32 @@ target_ulong HELPER(aes64im)(target_ulong rs1) return result; } + +target_ulong HELPER(sm4ed)(target_ulong rs1, target_ulong rs2, + target_ulong shamt) +{ + uint32_t sb_in = (uint8_t)(rs2 >> shamt); + uint32_t sb_out = (uint32_t)sm4_sbox[sb_in]; + + uint32_t x = sb_out ^ (sb_out << 8) ^ (sb_out << 2) ^ (sb_out << 18) ^ + ((sb_out & 0x3f) << 26) ^ ((sb_out & 0xC0) << 10); + + uint32_t rotl = rol32(x, shamt); + + return sext32_xlen(rotl ^ (uint32_t)rs1); +} + +target_ulong HELPER(sm4ks)(target_ulong rs1, target_ulong rs2, + target_ulong shamt) +{ + uint32_t sb_in = (uint8_t)(rs2 >> shamt); + uint32_t sb_out = sm4_sbox[sb_in]; + + uint32_t x = sb_out ^ ((sb_out & 0x07) << 29) ^ ((sb_out & 0xFE) << 7) ^ + ((sb_out & 0x01) << 23) ^ ((sb_out & 0xF8) << 13); + + uint32_t rotl = rol32(x, shamt); + + return sext32_xlen(rotl ^ (uint32_t)rs1); +} #undef sext32_xlen diff --git a/target/riscv/helper.h b/target/riscv/helper.h index 0df0a05b11..863e0edd84 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -1129,3 +1129,6 @@ DEF_HELPER_FLAGS_2(aes64dsm, TCG_CALL_NO_RWG_SE, tl, tl, tl) DEF_HELPER_FLAGS_2(aes64ks2, TCG_CALL_NO_RWG_SE, tl, tl, tl) DEF_HELPER_FLAGS_2(aes64ks1i, TCG_CALL_NO_RWG_SE, tl, tl, tl) DEF_HELPER_FLAGS_1(aes64im, TCG_CALL_NO_RWG_SE, tl, tl) + +DEF_HELPER_FLAGS_3(sm4ed, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl) +DEF_HELPER_FLAGS_3(sm4ks, TCG_CALL_NO_RWG_SE, tl, tl, tl, tl) diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index d9ebb138d1..4033565393 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -873,3 +873,9 @@ sha512sig0 00 01000 00110 ..... 001 ..... 0010011 @r2 sha512sig1 00 01000 00111 ..... 001 ..... 0010011 @r2 sha512sum0 00 01000 00100 ..... 001 ..... 0010011 @r2 sha512sum1 00 01000 00101 ..... 001 ..... 0010011 @r2 +# *** RV32 Zksh Standard Extension *** +sm3p0 00 01000 01000 ..... 001 ..... 0010011 @r2 +sm3p1 00 01000 01001 ..... 001 ..... 0010011 @r2 +# *** RV32 Zksed Standard Extension *** +sm4ed .. 11000 ..... ..... 000 ..... 0110011 @k_aes +sm4ks .. 11010 ..... ..... 000 ..... 0110011 @k_aes diff --git a/target/riscv/insn_trans/trans_rvk.c.inc b/target/riscv/insn_trans/trans_rvk.c.inc index b1ce4f27cf..b5e946566a 100644 --- a/target/riscv/insn_trans/trans_rvk.c.inc +++ b/target/riscv/insn_trans/trans_rvk.c.inc @@ -35,6 +35,18 @@ } \ } while (0) +#define REQUIRE_ZKSED(ctx) do { \ + if (!ctx->cfg_ptr->ext_zksed) { \ + return false; \ + } \ +} while (0) + +#define REQUIRE_ZKSH(ctx) do { \ + if (!ctx->cfg_ptr->ext_zksh) { \ + return false; \ + } \ +} while (0) + static bool gen_aes32_sm4(DisasContext *ctx, arg_k_aes *a, void (*func)(TCGv, TCGv, TCGv, TCGv)) { @@ -320,3 +332,49 @@ static bool trans_sha512sum1(DisasContext *ctx, arg_sha512sum1 *a) REQUIRE_ZKNH(ctx); return gen_sha512_rv64(ctx, a, EXT_NONE, tcg_gen_rotri_i64, 14, 18, 41); } + +/* SM3 */ +static bool gen_sm3(DisasContext *ctx, arg_r2 *a, int32_t b, int32_t c) +{ + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); + TCGv_i32 t0 = tcg_temp_new_i32(); + TCGv_i32 t1 = tcg_temp_new_i32(); + + tcg_gen_trunc_tl_i32(t0, src1); + tcg_gen_rotli_i32(t1, t0, b); + tcg_gen_xor_i32(t1, t0, t1); + tcg_gen_rotli_i32(t0, t0, c); + tcg_gen_xor_i32(t1, t1, t0); + tcg_gen_ext_i32_tl(dest, t1); + gen_set_gpr(ctx, a->rd, dest); + + tcg_temp_free_i32(t0); + tcg_temp_free_i32(t1); + return true; +} + +static bool trans_sm3p0(DisasContext *ctx, arg_sm3p0 *a) +{ + REQUIRE_ZKSH(ctx); + return gen_sm3(ctx, a, 9, 17); +} + +static bool trans_sm3p1(DisasContext *ctx, arg_sm3p1 *a) +{ + REQUIRE_ZKSH(ctx); + return gen_sm3(ctx, a, 15, 23); +} + +/* SM4 */ +static bool trans_sm4ed(DisasContext *ctx, arg_sm4ed *a) +{ + REQUIRE_ZKSED(ctx); + return gen_aes32_sm4(ctx, a, gen_helper_sm4ed); +} + +static bool trans_sm4ks(DisasContext *ctx, arg_sm4ks *a) +{ + REQUIRE_ZKSED(ctx); + return gen_aes32_sm4(ctx, a, gen_helper_sm4ks); +}