[v2] crypto: Provide aes-round.h and host accel

[PATCH v2 07/38] target/i386: Use aesenc_SB_SR_AK

Posted by Richard Henderson 2 years, 8 months ago

This implements the AESENCLAST instruction.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/i386/ops_sse.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/target/i386/ops_sse.h b/target/i386/ops_sse.h
index fb63af7afa..63fdecbe03 100644
--- a/target/i386/ops_sse.h
+++ b/target/i386/ops_sse.h
@@ -19,6 +19,7 @@
  */
 
 #include "crypto/aes.h"
+#include "crypto/aes-round.h"
 
 #if SHIFT == 0
 #define Reg MMXReg
@@ -2202,12 +2203,12 @@ void glue(helper_aesenc, SUFFIX)(CPUX86State *env, Reg *d, Reg *v, Reg *s)
 
 void glue(helper_aesenclast, SUFFIX)(CPUX86State *env, Reg *d, Reg *v, Reg *s)
 {
-    int i;
-    Reg st = *v;
-    Reg rk = *s;
+    for (int i = 0; i < SHIFT; i++) {
+        AESState *ad = (AESState *)&d->ZMM_X(i);
+        AESState *st = (AESState *)&v->ZMM_X(i);
+        AESState *rk = (AESState *)&s->ZMM_X(i);
 
-    for (i = 0; i < 8 << SHIFT; i++) {
-        d->B(i) = rk.B(i) ^ (AES_sbox[st.B(AES_shifts[i & 15] + (i & ~15))]);
+        aesenc_SB_SR_AK(ad, st, rk, false);
     }
 }
 
-- 
2.34.1

Re: [PATCH v2 07/38] target/i386: Use aesenc_SB_SR_AK

Posted by Philippe Mathieu-Daudé 2 years, 7 months ago

On 9/6/23 04:23, Richard Henderson wrote:
> This implements the AESENCLAST instruction.
> 
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/i386/ops_sse.h | 11 ++++++-----
>   1 file changed, 6 insertions(+), 5 deletions(-)


>   void glue(helper_aesenclast, SUFFIX)(CPUX86State *env, Reg *d, Reg *v, Reg *s)
>   {
> -    int i;
> -    Reg st = *v;
> -    Reg rk = *s;
> +    for (int i = 0; i < SHIFT; i++) {
> +        AESState *ad = (AESState *)&d->ZMM_X(i);
> +        AESState *st = (AESState *)&v->ZMM_X(i);
> +        AESState *rk = (AESState *)&s->ZMM_X(i);
>   
> -    for (i = 0; i < 8 << SHIFT; i++) {
> -        d->B(i) = rk.B(i) ^ (AES_sbox[st.B(AES_shifts[i & 15] + (i & ~15))]);
> +        aesenc_SB_SR_AK(ad, st, rk, false);

Why not use aesenc_SB_SR_AK_gen(ad, st, rk)?

Regardless:
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

>       }
>   }
>

Re: [PATCH v2 07/38] target/i386: Use aesenc_SB_SR_AK

Posted by Philippe Mathieu-Daudé 2 years, 7 months ago

On 19/6/23 12:43, Philippe Mathieu-Daudé wrote:
> On 9/6/23 04:23, Richard Henderson wrote:
>> This implements the AESENCLAST instruction.
>>
>> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
>> ---
>>   target/i386/ops_sse.h | 11 ++++++-----
>>   1 file changed, 6 insertions(+), 5 deletions(-)
> 
> 
>>   void glue(helper_aesenclast, SUFFIX)(CPUX86State *env, Reg *d, Reg 
>> *v, Reg *s)
>>   {
>> -    int i;
>> -    Reg st = *v;
>> -    Reg rk = *s;
>> +    for (int i = 0; i < SHIFT; i++) {
>> +        AESState *ad = (AESState *)&d->ZMM_X(i);
>> +        AESState *st = (AESState *)&v->ZMM_X(i);
>> +        AESState *rk = (AESState *)&s->ZMM_X(i);
>> -    for (i = 0; i < 8 << SHIFT; i++) {
>> -        d->B(i) = rk.B(i) ^ (AES_sbox[st.B(AES_shifts[i & 15] + (i & 
>> ~15))]);
>> +        aesenc_SB_SR_AK(ad, st, rk, false);
> 
> Why not use aesenc_SB_SR_AK_gen(ad, st, rk)?

Whatever, I misread the last 'be' boolean as 'swap', so this is perfect.

> Regardless:
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> 
>>       }
>>   }
>