From patchwork Mon Jul 31 09:39:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 1814904 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256 header.s=k20201202 header.b=Ve0AGcht; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RDtW82JJ4z20G9 for ; Mon, 31 Jul 2023 19:39:48 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qQPMx-0004v7-82; Mon, 31 Jul 2023 05:39:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qQPMv-0004uO-Dk for qemu-devel@nongnu.org; Mon, 31 Jul 2023 05:39:13 -0400 Received: from dfw.source.kernel.org ([139.178.84.217]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qQPMt-00077p-Ct for qemu-devel@nongnu.org; Mon, 31 Jul 2023 05:39:13 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B66FA60FD0; Mon, 31 Jul 2023 09:39:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 21129C433C8; Mon, 31 Jul 2023 09:39:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1690796349; bh=e5b+jaLb9qzOD64Op6iaJSDogIEYmK5afQapkfb1vj8=; h=From:To:Cc:Subject:Date:From; b=Ve0AGchtr4uvvrBK6fkwhrTC54RVtehU6xfhhANwK6Mv6NvVvDHk1lzNO7fSmpK2V t+7Pm1NB+Vz+Qic6Ei0dZqtEStSF8YY6+pb1xVTQNOzdnv1w1cafbJK2lusIfCJ0+d w75peVPmi6HheUUCLzhkltDwp/3/A2gWoMb8tdprNhYhQ61WHzrBkq52ztBxYv5PlD KXumx6RhKXNSh9OFYWJBIHEsoJ/oZC8r6abPQXZ5YXtVuL1N94T97lxzrLO05WblFh 50r07/bpNAK/pxdvvXxWFfywFQIfGZ7rwGJhlQFBzfa1suIO4zB5QgLFABJa7MCz00 IOEeFaUP/eqrA== From: Ard Biesheuvel To: qemu-devel@nongnu.org Cc: Ard Biesheuvel , Richard Henderson , =?utf-8?q?Philippe_Mathie?= =?utf-8?q?u-Daud=C3=A9?= Subject: [PATCH] target/riscv: Use accelerated helper for AES64KS1I Date: Mon, 31 Jul 2023 11:39:02 +0200 Message-Id: <20230731093902.1796249-1-ardb@kernel.org> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1698; i=ardb@kernel.org; h=from:subject; bh=e5b+jaLb9qzOD64Op6iaJSDogIEYmK5afQapkfb1vj8=; b=owGbwMvMwCFmkMcZplerG8N4Wi2JIeV4o4lRgvDD1T5+Ksszbd4oHntcOlNvxrOjwY+Up2p/y rl5buGujlIWBjEOBlkxRRaB2X/f7Tw9UarWeZYszBxWJpAhDFycAjCR1/8Z/ntn/9c+IDLzQPup La/v+Oqc7/+6t36ixe3vjIbX5vUsWi7P8Id/harO5/K/57xrl/NN3jt1xRv1PbMeVzffF7H3c3G IrGECAA== X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 Received-SPF: pass client-ip=139.178.84.217; envelope-from=ardb@kernel.org; helo=dfw.source.kernel.org X-Spam_score_int: -70 X-Spam_score: -7.1 X-Spam_bar: ------- X-Spam_report: (-7.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Use the accelerated SubBytes/ShiftRows/AddRoundKey AES helper to implement the first half of the key schedule derivation. This does not actually involve shifting rows, so clone the same uint32_t 4 times into the AES vector to counter that. Cc: Richard Henderson Cc: Philippe Mathieu-Daudé Signed-off-by: Ard Biesheuvel --- target/riscv/crypto_helper.c | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c index 4d65945429c6dcc4..257c5c4863fb160f 100644 --- a/target/riscv/crypto_helper.c +++ b/target/riscv/crypto_helper.c @@ -148,24 +148,17 @@ target_ulong HELPER(aes64ks1i)(target_ulong rs1, target_ulong rnum) uint8_t enc_rnum = rnum; uint32_t temp = (RS1 >> 32) & 0xFFFFFFFF; - uint8_t rcon_ = 0; - target_ulong result; + AESState t, rc = {}; if (enc_rnum != 0xA) { temp = ror32(temp, 8); /* Rotate right by 8 */ - rcon_ = round_consts[enc_rnum]; + rc.w[0] = rc.w[1] = rc.w[2] = rc.w[3] = round_consts[enc_rnum]; } - temp = ((uint32_t)AES_sbox[(temp >> 24) & 0xFF] << 24) | - ((uint32_t)AES_sbox[(temp >> 16) & 0xFF] << 16) | - ((uint32_t)AES_sbox[(temp >> 8) & 0xFF] << 8) | - ((uint32_t)AES_sbox[(temp >> 0) & 0xFF] << 0); + t.w[0] = t.w[1] = t.w[2] = t.w[3] = temp; + aesenc_SB_SR_AK(&t, &t, &rc, false); - temp ^= rcon_; - - result = ((uint64_t)temp << 32) | temp; - - return result; + return t.d[0]; } target_ulong HELPER(aes64im)(target_ulong rs1)