From nobody Sun Oct 26 07:50:27 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1516642106308246.961029856074; Mon, 22 Jan 2018 09:28:26 -0800 (PST) Received: from localhost ([::1]:54741 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1edftR-0007qW-H5 for importer@patchew.org; Mon, 22 Jan 2018 12:28:25 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44729) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1edfs3-00070t-V0 for qemu-devel@nongnu.org; Mon, 22 Jan 2018 12:27:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1edfs2-0004f0-7g for qemu-devel@nongnu.org; Mon, 22 Jan 2018 12:26:59 -0500 Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]:43983) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1edfs1-0004eO-Ts for qemu-devel@nongnu.org; Mon, 22 Jan 2018 12:26:58 -0500 Received: by mail-wm0-x244.google.com with SMTP id g1so17768492wmg.2 for ; Mon, 22 Jan 2018 09:26:57 -0800 (PST) Received: from localhost.localdomain ([160.163.176.196]) by smtp.gmail.com with ESMTPSA id f76sm5510900wme.2.2018.01.22.09.26.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 22 Jan 2018 09:26:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=z85yE60DelRv9s/vBIYgHXpD/c+5O5wDERsZGson3Qc=; b=LeMbwY0gwazLDQyCIr7qES/OMG5+zBB5FOdDFt2FXQstkVPKUraYa3mXZ9HusS+sNr wlk5u7EYgxkuongxDeJA0R5NRYOq9/++Lit2XcH3gQvZ1vPZUov2xTToh9rviWZONoB+ 7wTtqCI+peI4oZnM9PFv253yzB89ZiEZdzv9I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=z85yE60DelRv9s/vBIYgHXpD/c+5O5wDERsZGson3Qc=; b=XP2259Hoc2PGp+wa2iIQIJ8+3jbMzs9UGLd6PLZtJAsYmLG1k/6FH/RyJwKErvCpAW c2SIzXLgrQsIspzk2udxuiWcbtaw9ynF3UYzOHTKKvQZFTfPFIVSnkJNFVXZB8nwK2m0 1jPEIGHng4AcGKSmREVijO23ksENJ+Ua40wvq/OlTj4Q8NhNwl5BSq4DC0NsjMP3hkpH A2SITyr55To3TRSTOZPn2je32iaYp1vWo2dYpUuQX1EUsuRxIHRNsIGSQ9oJhoCrhy+k KN2Vreqb5LsTDu4FGGM1mzrAAP4ABwBL6GughTNpQtLA5+cnj3g0IbH9Ue45NGEjWkgQ WzJA== X-Gm-Message-State: AKwxyteRGkpj4owWm47+x1eGMmJ06AZqojXCm/MHPce1yVvR6oAmdW7l C9alwX0Ax2OYD0UYiWyBRT/ftTe7mYM= X-Google-Smtp-Source: AH8x2240UU3K8iMtYJAnCasNMWltZO0T+XFrGEppnXOZdWvzkPagp4EgccK9CEmEPzYwm8RsIW2QRg== X-Received: by 10.28.63.16 with SMTP id m16mr6177363wma.102.1516642016628; Mon, 22 Jan 2018 09:26:56 -0800 (PST) From: Ard Biesheuvel To: qemu-devel@nongnu.org Date: Mon, 22 Jan 2018 17:26:42 +0000 Message-Id: <20180122172643.29742-4-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180122172643.29742-1-ard.biesheuvel@linaro.org> References: <20180122172643.29742-1-ard.biesheuvel@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::244 Subject: [Qemu-devel] [PATCH v5 3/4] target/arm: implement SM3 instructions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, Ard Biesheuvel Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This implements emulation of the new SM3 instructions that have been added as an optional extension to the ARMv8 Crypto Extensions in ARM v8.2. Signed-off-by: Ard Biesheuvel --- target/arm/cpu.h | 1 + target/arm/crypto_helper.c | 117 ++++++++++++++++++++ target/arm/helper.h | 5 + target/arm/translate-a64.c | 75 ++++++++++++- 4 files changed, 195 insertions(+), 3 deletions(-) diff --git a/target/arm/cpu.h b/target/arm/cpu.h index d0b19e0cbc88..18383666e02d 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1374,6 +1374,7 @@ enum arm_features { ARM_FEATURE_SVE, /* has Scalable Vector Extension */ ARM_FEATURE_V8_SHA512, /* implements SHA512 part of v8 Crypto Extensio= ns */ ARM_FEATURE_V8_SHA3, /* implements SHA3 part of v8 Crypto Extensions */ + ARM_FEATURE_V8_SM3, /* implements SM3 part of v8 Crypto Extensions */ }; =20 static inline int arm_feature(CPUARMState *env, int feature) diff --git a/target/arm/crypto_helper.c b/target/arm/crypto_helper.c index fb45948e9f13..c1d9f765cd40 100644 --- a/target/arm/crypto_helper.c +++ b/target/arm/crypto_helper.c @@ -492,3 +492,120 @@ void HELPER(crypto_sha512su1)(void *vd, void *vn, voi= d *vm) rd[0] +=3D s1_512(rn[0]) + rm[0]; rd[1] +=3D s1_512(rn[1]) + rm[1]; } + +void HELPER(crypto_sm3partw1)(void *vd, void *vn, void *vm) +{ + uint64_t *rd =3D vd; + uint64_t *rn =3D vn; + uint64_t *rm =3D vm; + union CRYPTO_STATE d =3D { .l =3D { rd[0], rd[1] } }; + union CRYPTO_STATE n =3D { .l =3D { rn[0], rn[1] } }; + union CRYPTO_STATE m =3D { .l =3D { rm[0], rm[1] } }; + uint32_t t; + + t =3D CR_ST_WORD(d, 0) ^ CR_ST_WORD(n, 0) ^ ror32(CR_ST_WORD(m, 1), 17= ); + CR_ST_WORD(d, 0) =3D t ^ ror32(t, 17) ^ ror32(t, 9); + + t =3D CR_ST_WORD(d, 1) ^ CR_ST_WORD(n, 1) ^ ror32(CR_ST_WORD(m, 2), 17= ); + CR_ST_WORD(d, 1) =3D t ^ ror32(t, 17) ^ ror32(t, 9); + + t =3D CR_ST_WORD(d, 2) ^ CR_ST_WORD(n, 2) ^ ror32(CR_ST_WORD(m, 3), 17= ); + CR_ST_WORD(d, 2) =3D t ^ ror32(t, 17) ^ ror32(t, 9); + + t =3D CR_ST_WORD(d, 3) ^ CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 0), 17= ); + CR_ST_WORD(d, 3) =3D t ^ ror32(t, 17) ^ ror32(t, 9); + + rd[0] =3D d.l[0]; + rd[1] =3D d.l[1]; +} + +void HELPER(crypto_sm3partw2)(void *vd, void *vn, void *vm) +{ + uint64_t *rd =3D vd; + uint64_t *rn =3D vn; + uint64_t *rm =3D vm; + union CRYPTO_STATE d =3D { .l =3D { rd[0], rd[1] } }; + union CRYPTO_STATE n =3D { .l =3D { rn[0], rn[1] } }; + union CRYPTO_STATE m =3D { .l =3D { rm[0], rm[1] } }; + uint32_t t =3D CR_ST_WORD(n, 0) ^ ror32(CR_ST_WORD(m, 0), 25); + + CR_ST_WORD(d, 0) ^=3D t; + CR_ST_WORD(d, 1) ^=3D CR_ST_WORD(n, 1) ^ ror32(CR_ST_WORD(m, 1), 25); + CR_ST_WORD(d, 2) ^=3D CR_ST_WORD(n, 2) ^ ror32(CR_ST_WORD(m, 2), 25); + CR_ST_WORD(d, 3) ^=3D CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(m, 3), 25) ^ + ror32(t, 17) ^ ror32(t, 2) ^ ror32(t, 26); + + rd[0] =3D d.l[0]; + rd[1] =3D d.l[1]; +} + +void HELPER(crypto_sm3ss1)(void *vd, void *vn, void *va, void *vm) +{ + uint64_t *rd =3D vd; + uint64_t *rn =3D vn; + uint64_t *ra =3D va; + uint64_t *rm =3D vm; + union CRYPTO_STATE d; + union CRYPTO_STATE n =3D { .l =3D { rn[0], rn[1] } }; + union CRYPTO_STATE a =3D { .l =3D { ra[0], ra[1] } }; + union CRYPTO_STATE m =3D { .l =3D { rm[0], rm[1] } }; + + CR_ST_WORD(d, 0) =3D 0; + CR_ST_WORD(d, 1) =3D 0; + CR_ST_WORD(d, 2) =3D 0; + CR_ST_WORD(d, 3) =3D ror32(ror32(CR_ST_WORD(n, 3), 20) + CR_ST_WORD(m,= 3) + + CR_ST_WORD(a, 3), 25); + + rd[0] =3D d.l[0]; + rd[1] =3D d.l[1]; +} + +void HELPER(crypto_sm3tt)(void *vd, void *vn, void *vm, uint32_t imm2, + uint32_t opcode) +{ + uint64_t *rd =3D vd; + uint64_t *rn =3D vn; + uint64_t *rm =3D vm; + union CRYPTO_STATE d =3D { .l =3D { rd[0], rd[1] } }; + union CRYPTO_STATE n =3D { .l =3D { rn[0], rn[1] } }; + union CRYPTO_STATE m =3D { .l =3D { rm[0], rm[1] } }; + uint32_t t; + + assert(imm2 < 4); + + if (opcode =3D=3D 0 || opcode =3D=3D 2) { + /* SM3TT1A, SM3TT2A */ + t =3D par(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); + } else if (opcode =3D=3D 1) { + /* SM3TT1B */ + t =3D maj(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); + } else if (opcode =3D=3D 3) { + /* SM3TT2B */ + t =3D cho(CR_ST_WORD(d, 3), CR_ST_WORD(d, 2), CR_ST_WORD(d, 1)); + } else { + g_assert_not_reached(); + } + + t +=3D CR_ST_WORD(d, 0) + CR_ST_WORD(m, imm2); + + CR_ST_WORD(d, 0) =3D CR_ST_WORD(d, 1); + + if (opcode < 2) { + /* SM3TT1A, SM3TT1B */ + t +=3D CR_ST_WORD(n, 3) ^ ror32(CR_ST_WORD(d, 3), 20); + + CR_ST_WORD(d, 1) =3D ror32(CR_ST_WORD(d, 2), 23); + } else { + /* SM3TT2A, SM3TT2B */ + t +=3D CR_ST_WORD(n, 3); + t ^=3D rol32(t, 9) ^ rol32(t, 17); + + CR_ST_WORD(d, 1) =3D ror32(CR_ST_WORD(d, 2), 13); + } + + CR_ST_WORD(d, 2) =3D CR_ST_WORD(d, 3); + CR_ST_WORD(d, 3) =3D t; + + rd[0] =3D d.l[0]; + rd[1] =3D d.l[1]; +} diff --git a/target/arm/helper.h b/target/arm/helper.h index 81d460702867..2d0bba10c006 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -539,6 +539,11 @@ DEF_HELPER_FLAGS_3(crypto_sha512h2, TCG_CALL_NO_RWG, v= oid, ptr, ptr, ptr) DEF_HELPER_FLAGS_2(crypto_sha512su0, TCG_CALL_NO_RWG, void, ptr, ptr) DEF_HELPER_FLAGS_3(crypto_sha512su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) =20 +DEF_HELPER_FLAGS_4(crypto_sm3ss1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, pt= r) +DEF_HELPER_FLAGS_5(crypto_sm3tt, TCG_CALL_NO_RWG, void, ptr, ptr, ptr, i32= , i32) +DEF_HELPER_FLAGS_3(crypto_sm3partw1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) +DEF_HELPER_FLAGS_3(crypto_sm3partw2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) + DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_2(dc_zva, void, env, i64) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 10f2e518f303..57cf1ded4db7 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -11168,8 +11168,19 @@ static void disas_crypto_three_reg_sha512(DisasCon= text *s, uint32_t insn) break; } } else { - unallocated_encoding(s); - return; + switch (opcode) { + case 0: /* SM3PARTW1 */ + feature =3D ARM_FEATURE_V8_SM3; + genfn =3D gen_helper_crypto_sm3partw1; + break; + case 1: /* SM3PARTW2 */ + feature =3D ARM_FEATURE_V8_SM3; + genfn =3D gen_helper_crypto_sm3partw2; + break; + default: + unallocated_encoding(s); + return; + } } =20 if (!arm_dc_feature(s, feature)) { @@ -11282,6 +11293,9 @@ static void disas_crypto_four_reg(DisasContext *s, = uint32_t insn) case 1: /* BCAX */ feature =3D ARM_FEATURE_V8_SHA3; break; + case 2: /* SM3SS1 */ + feature =3D ARM_FEATURE_V8_SM3; + break; default: unallocated_encoding(s); return; @@ -11329,7 +11343,20 @@ static void disas_crypto_four_reg(DisasContext *s,= uint32_t insn) tcg_temp_free(tcg_res[0]); tcg_temp_free(tcg_res[1]); } else { - g_assert_not_reached(); + TCGv_ptr tcg_rd_ptr, tcg_rn_ptr, tcg_ra_ptr, tcg_rm_ptr; + + tcg_rd_ptr =3D vec_full_reg_ptr(s, rd); + tcg_rn_ptr =3D vec_full_reg_ptr(s, rn); + tcg_ra_ptr =3D vec_full_reg_ptr(s, ra); + tcg_rm_ptr =3D vec_full_reg_ptr(s, rm); + + gen_helper_crypto_sm3ss1(tcg_rd_ptr, tcg_rn_ptr, tcg_ra_ptr, + tcg_rm_ptr); + + tcg_temp_free_ptr(tcg_rd_ptr); + tcg_temp_free_ptr(tcg_rn_ptr); + tcg_temp_free_ptr(tcg_ra_ptr); + tcg_temp_free_ptr(tcg_rm_ptr); } } =20 @@ -11378,6 +11405,47 @@ static void disas_crypto_xar(DisasContext *s, uint= 32_t insn) tcg_temp_free(tcg_res[1]); } =20 +/* Crypto three-reg imm2 + * 31 21 20 16 15 14 13 12 11 10 9 5 4 0 + * +-----------------------+------+-----+------+--------+------+------+ + * | 1 1 0 0 1 1 1 0 0 1 0 | Rm | 1 0 | imm2 | opcode | Rn | Rd | + * +-----------------------+------+-----+------+--------+------+------+ + */ +static void disas_crypto_three_reg_imm2(DisasContext *s, uint32_t insn) +{ + int opcode =3D extract32(insn, 10, 2); + int imm2 =3D extract32(insn, 12, 2); + int rm =3D extract32(insn, 16, 5); + int rn =3D extract32(insn, 5, 5); + int rd =3D extract32(insn, 0, 5); + TCGv_ptr tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr; + TCGv_i32 tcg_imm2, tcg_opcode; + + if (!arm_dc_feature(s, ARM_FEATURE_V8_SM3)) { + unallocated_encoding(s); + return; + } + + if (!fp_access_check(s)) { + return; + } + + tcg_rd_ptr =3D vec_full_reg_ptr(s, rd); + tcg_rn_ptr =3D vec_full_reg_ptr(s, rn); + tcg_rm_ptr =3D vec_full_reg_ptr(s, rm); + tcg_imm2 =3D tcg_const_i32(imm2); + tcg_opcode =3D tcg_const_i32(opcode); + + gen_helper_crypto_sm3tt(tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr, tcg_imm2, + tcg_opcode); + + tcg_temp_free_ptr(tcg_rd_ptr); + tcg_temp_free_ptr(tcg_rn_ptr); + tcg_temp_free_ptr(tcg_rm_ptr); + tcg_temp_free_i32(tcg_imm2); + tcg_temp_free_i32(tcg_opcode); +} + /* C3.6 Data processing - SIMD, inc Crypto * * As the decode gets a little complex we are using a table based @@ -11411,6 +11479,7 @@ static const AArch64DecodeTable data_proc_simd[] = =3D { { 0xcec08000, 0xfffff000, disas_crypto_two_reg_sha512 }, { 0xce000000, 0xff808000, disas_crypto_four_reg }, { 0xce800000, 0xffe00000, disas_crypto_xar }, + { 0xce408000, 0xffe0c000, disas_crypto_three_reg_imm2 }, { 0x00000000, 0x00000000, NULL } }; =20 --=20 2.11.0