Co-authored-by: Ruibo Lu <luruibo2000@163.com>
Co-authored-by: Zewen Ye <lustrew@foxmail.com>
Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
---
target/riscv/crypto_helper.c | 446 ++++++++++++++++++++++
target/riscv/helper.h | 37 ++
target/riscv/insn32.decode | 42 +++
target/riscv/insn_trans/trans_rvk.c.inc | 467 ++++++++++++++++++++++++
target/riscv/meson.build | 3 +-
target/riscv/translate.c | 1 +
6 files changed, 995 insertions(+), 1 deletion(-)
create mode 100644 target/riscv/crypto_helper.c
create mode 100644 target/riscv/insn_trans/trans_rvk.c.inc
diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c
new file mode 100644
index 0000000000..344eea4287
--- /dev/null
+++ b/target/riscv/crypto_helper.c
@@ -0,0 +1,446 @@
+/*
+ * RISC-V Crypto Emulation Helpers for QEMU.
+ *
+ * Copyright (c) 2021 Ruibo Lu, luruibo2000@163.com
+ * Copyright (c) 2021 Zewen Ye, lustrew@foxmail.com
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "cpu.h"
+#include "exec/exec-all.h"
+#include "exec/helper-proto.h"
+#include "crypto/aes.h"
+#include "crypto/sm4.h"
+
+#define AES_XTIME(a) \
+ ((a << 1) ^ ((a & 0x80) ? 0x1b : 0))
+
+#define AES_GFMUL(a, b) (( \
+ (((b) & 0x1) ? (a) : 0) ^ \
+ (((b) & 0x2) ? AES_XTIME(a) : 0) ^ \
+ (((b) & 0x4) ? AES_XTIME(AES_XTIME(a)) : 0) ^ \
+ (((b) & 0x8) ? AES_XTIME(AES_XTIME(AES_XTIME(a))) : 0)) & 0xFF)
+
+#define BY(X, I) ((X >> (8 * I)) & 0xFF)
+
+#define AES_SHIFROWS_LO(RS1, RS2) ( \
+ (((RS1 >> 24) & 0xFF) << 56) | \
+ (((RS2 >> 48) & 0xFF) << 48) | \
+ (((RS2 >> 8) & 0xFF) << 40) | \
+ (((RS1 >> 32) & 0xFF) << 32) | \
+ (((RS2 >> 56) & 0xFF) << 24) | \
+ (((RS2 >> 16) & 0xFF) << 16) | \
+ (((RS1 >> 40) & 0xFF) << 8) | \
+ (((RS1 >> 0) & 0xFF) << 0))
+
+#define AES_INVSHIFROWS_LO(RS1, RS2) ( \
+ (((RS2 >> 24) & 0xFF) << 56) | \
+ (((RS2 >> 48) & 0xFF) << 48) | \
+ (((RS1 >> 8) & 0xFF) << 40) | \
+ (((RS1 >> 32) & 0xFF) << 32) | \
+ (((RS1 >> 56) & 0xFF) << 24) | \
+ (((RS2 >> 16) & 0xFF) << 16) | \
+ (((RS2 >> 40) & 0xFF) << 8) | \
+ (((RS1 >> 0) & 0xFF) << 0))
+
+#define AES_MIXBYTE(COL, B0, B1, B2, B3) ( \
+ BY(COL, B3) ^ \
+ BY(COL, B2) ^ \
+ AES_GFMUL(BY(COL, B1), 3) ^ \
+ AES_GFMUL(BY(COL, B0), 2) \
+)
+
+#define AES_MIXCOLUMN(COL) ( \
+ AES_MIXBYTE(COL, 3, 0, 1, 2) << 24 | \
+ AES_MIXBYTE(COL, 2, 3, 0, 1) << 16 | \
+ AES_MIXBYTE(COL, 1, 2, 3, 0) << 8 | \
+ AES_MIXBYTE(COL, 0, 1, 2, 3) << 0 \
+)
+
+#define AES_INVMIXBYTE(COL, B0, B1, B2, B3) ( \
+ AES_GFMUL(BY(COL, B3), 0x9) ^ \
+ AES_GFMUL(BY(COL, B2), 0xd) ^ \
+ AES_GFMUL(BY(COL, B1), 0xb) ^ \
+ AES_GFMUL(BY(COL, B0), 0xe) \
+)
+
+#define AES_INVMIXCOLUMN(COL) ( \
+ AES_INVMIXBYTE(COL, 3, 0, 1, 2) << 24 | \
+ AES_INVMIXBYTE(COL, 2, 3, 0, 1) << 16 | \
+ AES_INVMIXBYTE(COL, 1, 2, 3, 0) << 8 | \
+ AES_INVMIXBYTE(COL, 0, 1, 2, 3) << 0 \
+)
+
+static inline uint32_t aes_mixcolumn_byte(uint8_t x, bool fwd)
+{
+ uint32_t u;
+ if (fwd) {
+ u = (AES_GFMUL(x, 3) << 24) |
+ (x << 16) |
+ (x << 8) |
+ (AES_GFMUL(x, 2) << 0);
+ } else {
+ u = (AES_GFMUL(x, 0xb) << 24) |
+ (AES_GFMUL(x, 0xd) << 16) |
+ (AES_GFMUL(x, 0x9) << 8) |
+ (AES_GFMUL(x, 0xe) << 0);
+ }
+ return u;
+}
+
+#define XLEN (8 * sizeof(target_ulong))