From nobody Thu Nov 28 09:55:16 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1694153176; cv=none; d=zohomail.com; s=zohoarc; b=hVH06XOzo5LCUuTv98Z7vF4RaVET+X173xE0uVKkQaRz0Wo5TeOGMid5alvDScl0grjkpf4uy6zstbt83kXlkFBIugWB0640R4elNLbDQwXfPLXxgs+NNhFdbb96a7bti7Gf/FGFTZT/F/EFziMV9KSB4A+h+k+ekHxTY81NuNY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1694153176; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Uzpy+y6xrg4iHp+mbMOAUvxFawE2a4d7du1HjRHTWNg=; b=d0PCeN08euf3ayZyJKtjXCe9Bl4XNClVKvVq816PgfYVz0lfGKUwO/B0CddqL7wpa2j59jaxE79k7/7LNRnhs7k1vk1qylYWpZZMFmyXwnKK6gwdUdaO0GOVnb8F4YmXFvrwv+WwCoMEGQVT6j9MWgTIchlLyq6EaDSAEtZJ7fc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1694153176065933.5447964971006; Thu, 7 Sep 2023 23:06:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qeUcU-00006U-WA; Fri, 08 Sep 2023 02:05:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qeUcP-00005i-M0 for qemu-devel@nongnu.org; Fri, 08 Sep 2023 02:05:27 -0400 Received: from mail-pl1-x62c.google.com ([2607:f8b0:4864:20::62c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qeUcN-0005Hm-8D for qemu-devel@nongnu.org; Fri, 08 Sep 2023 02:05:25 -0400 Received: by mail-pl1-x62c.google.com with SMTP id d9443c01a7336-1bf7423ef3eso13572655ad.3 for ; Thu, 07 Sep 2023 23:05:22 -0700 (PDT) Received: from toolbox.alistair23.me (2403-580b-97e8-0-321-6fb2-58f1-a1b1.ip6.aussiebb.net. [2403:580b:97e8:0:321:6fb2:58f1:a1b1]) by smtp.gmail.com with ESMTPSA id q1-20020a170902dac100b001c3267ae31bsm715231plx.301.2023.09.07.23.05.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Sep 2023 23:05:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694153121; x=1694757921; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Uzpy+y6xrg4iHp+mbMOAUvxFawE2a4d7du1HjRHTWNg=; b=Xruglzsp9cahdsfRBb2pAi09ybD3cm4Em5r+UPRaE/fd/bZTFA8TUt1SK2InjyhZGD A1AJLMW/RusUp/FGyYkM+R1UOiA+0l+lxonbcwSDc8nEA8Rmv/9kZXHRefkzsiRrQuTv kXKztVR9+t2lnltZeGF6z25V4Bj3f65MZ3pS89NSTmtHoVUS8aduQeY58w2R8QhxZDsx iH0d5EBoiS6J0Y5dMbidPB22XR/H4LA4Z3IiKjx/IB3Vg77DGQJ7gDwWm5kbUSosP4d2 GrxbTN5CUq1tdPE/O3M4gnqBMMS/WKom+d0LZS+WteNEMUyv8ZsIBisA7yQ35l3TJYt3 DI2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694153121; x=1694757921; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Uzpy+y6xrg4iHp+mbMOAUvxFawE2a4d7du1HjRHTWNg=; b=GTWADRv0Ubha4l+hWD9tn6++7Kqjs38dKC56SfWL7T3yp5GQ+fm9orllIQkVoiHydn Kmq7r/rSEM+016fUu1qA/akaoTGXWThxT5/gLA7CyXK9/Acg7cgZJX3iibI/IuIaheYn rjIZfOtF7WQgN94+UMK5tAHU0uPHYbTTCrzY7EcW7h3GsPuHyCeMPsI3H8fxXd0FJxiE 1udHGx8TYSdbluJ9sODq1nJ8xufea5r6gjVUiHpf8ltTPwcI2Foc1JVMYZEFxTTDCXd1 +XvvSviIYG12jTH+Cdqxvi+lddPIfNyM35qjwvtL9tH4sUazjnPRhrOO/NYti0J1PeFu BRig== X-Gm-Message-State: AOJu0YxHOXAnUHcUYH4aaBKQYTL6uYlOoMz5vW5MmmPt7hraxgdOTFbJ rLqKkm6UZoIUx8t4Pf/gHzxlI8061dnxnJ76 X-Google-Smtp-Source: AGHT+IF8IgjvONVUa08Zl2PBg63WLOypm6LU7zvoQvwITkD3BCGo4ISnjg0kEk6vP2a1oclz5PNBzg== X-Received: by 2002:a17:902:d489:b0:1c0:aa07:1792 with SMTP id c9-20020a170902d48900b001c0aa071792mr1950933plg.36.1694153121561; Thu, 07 Sep 2023 23:05:21 -0700 (PDT) From: Alistair Francis X-Google-Original-From: Alistair Francis To: qemu-devel@nongnu.org Cc: alistair23@gmail.com, Ard Biesheuvel , Richard Henderson , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Zewen Ye , Weiwei Li , Junqiang Wang , Alistair Francis Subject: [PULL 07/65] target/riscv: Use existing lookup tables for MixColumns Date: Fri, 8 Sep 2023 16:03:33 +1000 Message-ID: <20230908060431.1903919-8-alistair.francis@wdc.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230908060431.1903919-1-alistair.francis@wdc.com> References: <20230908060431.1903919-1-alistair.francis@wdc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::62c; envelope-from=alistair23@gmail.com; helo=mail-pl1-x62c.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @gmail.com) X-ZM-MESSAGEID: 1694153179122100005 From: Ard Biesheuvel The AES MixColumns and InvMixColumns operations are relatively expensive 4x4 matrix multiplications in GF(2^8), which is why C implementations usually rely on precomputed lookup tables rather than performing the calculations on demand. Given that we already carry those tables in QEMU, we can just grab the right value in the implementation of the RISC-V AES32 instructions. Note that the tables in question are permuted according to the respective Sbox, so we can omit the Sbox lookup as well in this case. Cc: Richard Henderson Cc: Philippe Mathieu-Daud=C3=A9 Cc: Zewen Ye Cc: Weiwei Li Cc: Junqiang Wang Signed-off-by: Ard Biesheuvel Reviewed-by: Richard Henderson Message-ID: <20230731084043.1791984-1-ardb@kernel.org> Signed-off-by: Alistair Francis --- include/crypto/aes.h | 7 +++++++ crypto/aes.c | 4 ++-- target/riscv/crypto_helper.c | 34 ++++------------------------------ 3 files changed, 13 insertions(+), 32 deletions(-) diff --git a/include/crypto/aes.h b/include/crypto/aes.h index 709d4d226b..381f24c902 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -30,4 +30,11 @@ void AES_decrypt(const unsigned char *in, unsigned char = *out, extern const uint8_t AES_sbox[256]; extern const uint8_t AES_isbox[256]; =20 +/* +AES_Te0[x] =3D S [x].[02, 01, 01, 03]; +AES_Td0[x] =3D Si[x].[0e, 09, 0d, 0b]; +*/ + +extern const uint32_t AES_Te0[256], AES_Td0[256]; + #endif diff --git a/crypto/aes.c b/crypto/aes.c index 836d7d5c0b..df4362ac60 100644 --- a/crypto/aes.c +++ b/crypto/aes.c @@ -272,7 +272,7 @@ AES_Td3[x] =3D Si[x].[09, 0d, 0b, 0e]; AES_Td4[x] =3D Si[x].[01, 01, 01, 01]; */ =20 -static const uint32_t AES_Te0[256] =3D { +const uint32_t AES_Te0[256] =3D { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, @@ -607,7 +607,7 @@ static const uint32_t AES_Te4[256] =3D { 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, }; =20 -static const uint32_t AES_Td0[256] =3D { +const uint32_t AES_Td0[256] =3D { 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, diff --git a/target/riscv/crypto_helper.c b/target/riscv/crypto_helper.c index 99d85a6188..4d65945429 100644 --- a/target/riscv/crypto_helper.c +++ b/target/riscv/crypto_helper.c @@ -25,29 +25,6 @@ #include "crypto/aes-round.h" #include "crypto/sm4.h" =20 -#define AES_XTIME(a) \ - ((a << 1) ^ ((a & 0x80) ? 0x1b : 0)) - -#define AES_GFMUL(a, b) (( \ - (((b) & 0x1) ? (a) : 0) ^ \ - (((b) & 0x2) ? AES_XTIME(a) : 0) ^ \ - (((b) & 0x4) ? AES_XTIME(AES_XTIME(a)) : 0) ^ \ - (((b) & 0x8) ? AES_XTIME(AES_XTIME(AES_XTIME(a))) : 0)) & 0xFF) - -static inline uint32_t aes_mixcolumn_byte(uint8_t x, bool fwd) -{ - uint32_t u; - - if (fwd) { - u =3D (AES_GFMUL(x, 3) << 24) | (x << 16) | (x << 8) | - (AES_GFMUL(x, 2) << 0); - } else { - u =3D (AES_GFMUL(x, 0xb) << 24) | (AES_GFMUL(x, 0xd) << 16) | - (AES_GFMUL(x, 0x9) << 8) | (AES_GFMUL(x, 0xe) << 0); - } - return u; -} - #define sext32_xlen(x) (target_ulong)(int32_t)(x) =20 static inline target_ulong aes32_operation(target_ulong shamt, @@ -55,23 +32,20 @@ static inline target_ulong aes32_operation(target_ulong= shamt, bool enc, bool mix) { uint8_t si =3D rs2 >> shamt; - uint8_t so; uint32_t mixed; target_ulong res; =20 if (enc) { - so =3D AES_sbox[si]; if (mix) { - mixed =3D aes_mixcolumn_byte(so, true); + mixed =3D be32_to_cpu(AES_Te0[si]); } else { - mixed =3D so; + mixed =3D AES_sbox[si]; } } else { - so =3D AES_isbox[si]; if (mix) { - mixed =3D aes_mixcolumn_byte(so, false); + mixed =3D be32_to_cpu(AES_Td0[si]); } else { - mixed =3D so; + mixed =3D AES_isbox[si]; } } mixed =3D rol32(mixed, shamt); --=20 2.41.0