| Message ID | 20220227142553.25815-12-liweiwei@iscas.ac.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | support subsets of scalar crypto extension | expand |
On 2/27/22 04:25, Weiwei Li wrote: > - add sm3p0, sm3p1, sm4ed and sm4ks instructions > > Co-authored-by: Ruibo Lu <luruibo2000@163.com> > Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> > Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> > --- > target/riscv/crypto_helper.c | 49 +++++++++++++++++ > target/riscv/helper.h | 6 +++ > target/riscv/insn32.decode | 6 +++ > target/riscv/insn_trans/trans_rvk.c.inc | 72 +++++++++++++++++++++++++ > 4 files changed, 133 insertions(+) > > diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c > index fd50a034a3..d712854a9c 100644 > --- a/target/riscv/crypto_helper.c > +++ b/target/riscv/crypto_helper.c > @@ -391,4 +391,53 @@ target_ulong HELPER(sha512sum1)(target_ulong rs1) > return ROR64(a, 14) ^ ROR64(a, 18) ^ ROR64(a, 41); > } > #undef ROR64 > + > +#define ROL32(a, amt) ((a >> (-amt & 31)) | (a << (amt & 31))) > + > +target_ulong HELPER(sm3p0)(target_ulong rs1) > +{ > + uint32_t src = rs1; > + uint32_t result = src ^ ROL32(src, 9) ^ ROL32(src, 17); > + > + return sext_xlen(result); > +} > + > +target_ulong HELPER(sm3p1)(target_ulong rs1) > +{ > + uint32_t src = rs1; > + uint32_t result = src ^ ROL32(src, 15) ^ ROL32(src, 23); > + > + return sext_xlen(result); > +} > +#undef ROL32 > + Same comments as before, with the sticker being that you've defined ROL32 twice. > +target_ulong HELPER(sm4ed)(target_ulong rs2, target_ulong rt, target_ulong bs) > +{ > + uint8_t bs_t = bs; Why the intermediate? And again, perhaps better to pass in shamt. > + > + uint32_t sb_in = (uint8_t)(rs2 >> (8 * bs_t)); > + uint32_t sb_out = (uint32_t)sm4_sbox[sb_in]; > + > + uint32_t linear = sb_out ^ (sb_out << 8) ^ (sb_out << 2) ^ (sb_out << 18) ^ > + ((sb_out & 0x3f) << 26) ^ ((sb_out & 0xC0) << 10); > + > + uint32_t rotl = (linear << (8 * bs_t)) | (linear >> (32 - 8 * bs_t)); Again, broken rotate expression. > +target_ulong HELPER(sm4ks)(target_ulong rs2, target_ulong rs1, target_ulong bs) Same. > +static bool trans_sm3p0(DisasContext *ctx, arg_sm3p0 *a) > +{ > + REQUIRE_ZKSH(ctx); > + > + TCGv dest = dest_gpr(ctx, a->rd); > + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); > + > + gen_helper_sm3p0(dest, src1); > + gen_set_gpr(ctx, a->rd, dest); > + > + return true; > +} gen_unary, etc. > +static bool trans_sm4ks(DisasContext *ctx, arg_sm4ks *a) > +{ > + REQUIRE_ZKSED(ctx); > + > + TCGv bs = tcg_const_tl(a->bs); > + TCGv dest = dest_gpr(ctx, a->rd); > + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); > + TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE); > + > + gen_helper_sm4ks(dest, src2, src1, bs); > + gen_set_gpr(ctx, a->rd, dest); > + > + tcg_temp_free(bs); > + return true; > +} Reuse that helper you created for aes32esmi et al back in patch 6. r~
在 2022/2/28 上午3:41, Richard Henderson 写道: > On 2/27/22 04:25, Weiwei Li wrote: >> - add sm3p0, sm3p1, sm4ed and sm4ks instructions >> >> Co-authored-by: Ruibo Lu <luruibo2000@163.com> >> Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn> >> Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn> >> --- >> target/riscv/crypto_helper.c | 49 +++++++++++++++++ >> target/riscv/helper.h | 6 +++ >> target/riscv/insn32.decode | 6 +++ >> target/riscv/insn_trans/trans_rvk.c.inc | 72 +++++++++++++++++++++++++ >> 4 files changed, 133 insertions(+) >> >> diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c >> index fd50a034a3..d712854a9c 100644 >> --- a/target/riscv/crypto_helper.c >> +++ b/target/riscv/crypto_helper.c >> @@ -391,4 +391,53 @@ target_ulong HELPER(sha512sum1)(target_ulong rs1) >> return ROR64(a, 14) ^ ROR64(a, 18) ^ ROR64(a, 41); >> } >> #undef ROR64 >> + >> +#define ROL32(a, amt) ((a >> (-amt & 31)) | (a << (amt & 31))) >> + >> +target_ulong HELPER(sm3p0)(target_ulong rs1) >> +{ >> + uint32_t src = rs1; >> + uint32_t result = src ^ ROL32(src, 9) ^ ROL32(src, 17); >> + >> + return sext_xlen(result); >> +} >> + >> +target_ulong HELPER(sm3p1)(target_ulong rs1) >> +{ >> + uint32_t src = rs1; >> + uint32_t result = src ^ ROL32(src, 15) ^ ROL32(src, 23); >> + >> + return sext_xlen(result); >> +} >> +#undef ROL32 >> + > > Same comments as before, with the sticker being that you've defined > ROL32 twice. > >> +target_ulong HELPER(sm4ed)(target_ulong rs2, target_ulong rt, >> target_ulong bs) >> +{ >> + uint8_t bs_t = bs; > > Why the intermediate? And again, perhaps better to pass in shamt. > >> + >> + uint32_t sb_in = (uint8_t)(rs2 >> (8 * bs_t)); >> + uint32_t sb_out = (uint32_t)sm4_sbox[sb_in]; >> + >> + uint32_t linear = sb_out ^ (sb_out << 8) ^ (sb_out << 2) ^ >> (sb_out << 18) ^ >> + ((sb_out & 0x3f) << 26) ^ ((sb_out & 0xC0) << 10); >> + >> + uint32_t rotl = (linear << (8 * bs_t)) | (linear >> (32 - 8 * >> bs_t)); > > Again, broken rotate expression. > >> +target_ulong HELPER(sm4ks)(target_ulong rs2, target_ulong rs1, >> target_ulong bs) > > Same. > >> +static bool trans_sm3p0(DisasContext *ctx, arg_sm3p0 *a) >> +{ >> + REQUIRE_ZKSH(ctx); >> + >> + TCGv dest = dest_gpr(ctx, a->rd); >> + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); >> + >> + gen_helper_sm3p0(dest, src1); >> + gen_set_gpr(ctx, a->rd, dest); >> + >> + return true; >> +} > > gen_unary, etc. > >> +static bool trans_sm4ks(DisasContext *ctx, arg_sm4ks *a) >> +{ >> + REQUIRE_ZKSED(ctx); >> + >> + TCGv bs = tcg_const_tl(a->bs); >> + TCGv dest = dest_gpr(ctx, a->rd); >> + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); >> + TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE); >> + >> + gen_helper_sm4ks(dest, src2, src1, bs); >> + gen_set_gpr(ctx, a->rd, dest); >> + >> + tcg_temp_free(bs); >> + return true; >> +} > > Reuse that helper you created for aes32esmi et al back in patch 6. OK. I'll try to fix them. Thanks a lot. Regards, Weiwei Li > > > r~
diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c index fd50a034a3..d712854a9c 100644 --- a/target/riscv/crypto_helper.c +++ b/target/riscv/crypto_helper.c @@ -391,4 +391,53 @@ target_ulong HELPER(sha512sum1)(target_ulong rs1) return ROR64(a, 14) ^ ROR64(a, 18) ^ ROR64(a, 41); } #undef ROR64 + +#define ROL32(a, amt) ((a >> (-amt & 31)) | (a << (amt & 31))) + +target_ulong HELPER(sm3p0)(target_ulong rs1) +{ + uint32_t src = rs1; + uint32_t result = src ^ ROL32(src, 9) ^ ROL32(src, 17); + + return sext_xlen(result); +} + +target_ulong HELPER(sm3p1)(target_ulong rs1) +{ + uint32_t src = rs1; + uint32_t result = src ^ ROL32(src, 15) ^ ROL32(src, 23); + + return sext_xlen(result); +} +#undef ROL32 + +target_ulong HELPER(sm4ed)(target_ulong rs2, target_ulong rt, target_ulong bs) +{ + uint8_t bs_t = bs; + + uint32_t sb_in = (uint8_t)(rs2 >> (8 * bs_t)); + uint32_t sb_out = (uint32_t)sm4_sbox[sb_in]; + + uint32_t linear = sb_out ^ (sb_out << 8) ^ (sb_out << 2) ^ (sb_out << 18) ^ + ((sb_out & 0x3f) << 26) ^ ((sb_out & 0xC0) << 10); + + uint32_t rotl = (linear << (8 * bs_t)) | (linear >> (32 - 8 * bs_t)); + + return sext_xlen(rotl ^ (uint32_t)rt); +} + +target_ulong HELPER(sm4ks)(target_ulong rs2, target_ulong rs1, target_ulong bs) +{ + uint8_t bs_t = bs; + + uint32_t sb_in = (uint8_t)(rs2 >> (8 * bs_t)); + uint32_t sb_out = sm4_sbox[sb_in]; + + uint32_t x = sb_out ^ ((sb_out & 0x07) << 29) ^ ((sb_out & 0xFE) << 7) ^ + ((sb_out & 0x01) << 23) ^ ((sb_out & 0xF8) << 13); + + uint32_t rotl = (x << (8 * bs_t)) | (x >> (32 - 8 * bs_t)); + + return sext_xlen(rotl ^ (uint32_t)rs1); +} #undef sext_xlen diff --git a/target/riscv/helper.h b/target/riscv/helper.h index 393cca85b4..826eba032f 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -1146,3 +1146,9 @@ DEF_HELPER_1(sha512sig0, tl, tl) DEF_HELPER_1(sha512sig1, tl, tl) DEF_HELPER_1(sha512sum0, tl, tl) DEF_HELPER_1(sha512sum1, tl, tl) + +DEF_HELPER_1(sm3p0, tl, tl) +DEF_HELPER_1(sm3p1, tl, tl) + +DEF_HELPER_3(sm4ed, tl, tl, tl, tl) +DEF_HELPER_3(sm4ks, tl, tl, tl, tl) diff --git a/target/riscv/insn32.decode b/target/riscv/insn32.decode index 592efda019..37c29da763 100644 --- a/target/riscv/insn32.decode +++ b/target/riscv/insn32.decode @@ -870,3 +870,9 @@ sha512sig0 00 01000 00110 ..... 001 ..... 0010011 @r2 sha512sig1 00 01000 00111 ..... 001 ..... 0010011 @r2 sha512sum0 00 01000 00100 ..... 001 ..... 0010011 @r2 sha512sum1 00 01000 00101 ..... 001 ..... 0010011 @r2 +# *** RV32 Zksh Standard Extension *** +sm3p0 00 01000 01000 ..... 001 ..... 0010011 @r2 +sm3p1 00 01000 01001 ..... 001 ..... 0010011 @r2 +# *** RV32 Zksed Standard Extension *** +sm4ed .. 11000 ..... ..... 000 ..... 0110011 @k_aes +sm4ks .. 11010 ..... ..... 000 ..... 0110011 @k_aes diff --git a/target/riscv/insn_trans/trans_rvk.c.inc b/target/riscv/insn_trans/trans_rvk.c.inc index 2b3ac67afd..5b1770fe66 100644 --- a/target/riscv/insn_trans/trans_rvk.c.inc +++ b/target/riscv/insn_trans/trans_rvk.c.inc @@ -35,6 +35,18 @@ } \ } while (0) +#define REQUIRE_ZKSED(ctx) do { \ + if (!ctx->cfg_ptr->ext_zksed) { \ + return false; \ + } \ +} while (0) + +#define REQUIRE_ZKSH(ctx) do { \ + if (!ctx->cfg_ptr->ext_zksh) { \ + return false; \ + } \ +} while (0) + static bool trans_aes32esmi(DisasContext *ctx, arg_aes32esmi *a) { REQUIRE_ZKNE(ctx); @@ -398,3 +410,63 @@ static bool trans_sha512sum1(DisasContext *ctx, arg_sha512sum1 *a) return true; } + +/* SM3 */ +static bool trans_sm3p0(DisasContext *ctx, arg_sm3p0 *a) +{ + REQUIRE_ZKSH(ctx); + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); + + gen_helper_sm3p0(dest, src1); + gen_set_gpr(ctx, a->rd, dest); + + return true; +} + +static bool trans_sm3p1(DisasContext *ctx, arg_sm3p1 *a) +{ + REQUIRE_ZKSH(ctx); + + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); + + gen_helper_sm3p1(dest, src1); + gen_set_gpr(ctx, a->rd, dest); + + return true; +} + +/* SM4 */ +static bool trans_sm4ed(DisasContext *ctx, arg_sm4ed *a) +{ + REQUIRE_ZKSED(ctx); + + TCGv bs = tcg_const_tl(a->bs); + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); + TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + gen_helper_sm4ed(dest, src2, src1, bs); + gen_set_gpr(ctx, a->rd, dest); + + tcg_temp_free(bs); + return true; +} + +static bool trans_sm4ks(DisasContext *ctx, arg_sm4ks *a) +{ + REQUIRE_ZKSED(ctx); + + TCGv bs = tcg_const_tl(a->bs); + TCGv dest = dest_gpr(ctx, a->rd); + TCGv src1 = get_gpr(ctx, a->rs1, EXT_NONE); + TCGv src2 = get_gpr(ctx, a->rs2, EXT_NONE); + + gen_helper_sm4ks(dest, src2, src1, bs); + gen_set_gpr(ctx, a->rd, dest); + + tcg_temp_free(bs); + return true; +}