All of lore.kernel.org
 help / color / mirror / Atom feed
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: ardb@kernel.org, berrange@redhat.com, qemu-arm@nongnu.org,
	qemu-ppc@nongnu.org, qemu-riscv@nongnu.org, pbonzini@redhat.com
Subject: [PATCH 04/35] crypto: Add aesenc_SB_SR
Date: Fri,  2 Jun 2023 19:33:55 -0700	[thread overview]
Message-ID: <20230603023426.1064431-5-richard.henderson@linaro.org> (raw)
In-Reply-To: <20230603023426.1064431-1-richard.henderson@linaro.org>

Start adding infrastructure for accelerating guest AES.
Begin with a SubBytes + ShiftRows primitive.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 host/include/generic/host/aes-round.h | 15 +++++++++
 include/crypto/aes-round.h            | 41 +++++++++++++++++++++++
 crypto/aes.c                          | 47 +++++++++++++++++++++++++++
 3 files changed, 103 insertions(+)
 create mode 100644 host/include/generic/host/aes-round.h
 create mode 100644 include/crypto/aes-round.h

diff --git a/host/include/generic/host/aes-round.h b/host/include/generic/host/aes-round.h
new file mode 100644
index 0000000000..598242c603
--- /dev/null
+++ b/host/include/generic/host/aes-round.h
@@ -0,0 +1,15 @@
+/*
+ * No host specific aes acceleration.
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef HOST_AES_ROUND_H
+#define HOST_AES_ROUND_H
+
+#define HAVE_AES_ACCEL  false
+#define ATTR_AES_ACCEL
+
+void aesenc_SB_SR_accel(AESState *, const AESState *, bool)
+    QEMU_ERROR("unsupported accel");
+
+#endif
diff --git a/include/crypto/aes-round.h b/include/crypto/aes-round.h
new file mode 100644
index 0000000000..784e1daee6
--- /dev/null
+++ b/include/crypto/aes-round.h
@@ -0,0 +1,41 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ * AES round fragments, generic version
+ *
+ * Copyright (C) 2023 Linaro, Ltd.
+ */
+
+#ifndef CRYPTO_AES_ROUND_H
+#define CRYPTO_AES_ROUND_H
+
+/* Hosts with acceleration will usually need a 16-byte vector type. */
+typedef uint8_t AESStateVec __attribute__((vector_size(16)));
+
+typedef union {
+    uint8_t b[16];
+    uint32_t w[4];
+    uint64_t d[4];
+    AESStateVec v;
+} AESState;
+
+#include "host/aes-round.h"
+
+/*
+ * Perform SubBytes + ShiftRows.
+ */
+
+void aesenc_SB_SR_gen(AESState *ret, const AESState *st);
+void aesenc_SB_SR_genrev(AESState *ret, const AESState *st);
+
+static inline void aesenc_SB_SR(AESState *r, const AESState *st, bool be)
+{
+    if (HAVE_AES_ACCEL) {
+        aesenc_SB_SR_accel(r, st, be);
+    } else if (HOST_BIG_ENDIAN == be) {
+        aesenc_SB_SR_gen(r, st);
+    } else {
+        aesenc_SB_SR_genrev(r, st);
+    }
+}
+
+#endif /* CRYPTO_AES_ROUND_H */
diff --git a/crypto/aes.c b/crypto/aes.c
index 1309a13e91..708838315a 100644
--- a/crypto/aes.c
+++ b/crypto/aes.c
@@ -29,6 +29,7 @@
  */
 #include "qemu/osdep.h"
 #include "crypto/aes.h"
+#include "crypto/aes-round.h"
 
 typedef uint32_t u32;
 typedef uint8_t u8;
@@ -1251,6 +1252,52 @@ static const u32 rcon[] = {
         0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
 
+/* Perform SubBytes + ShiftRows. */
+static inline void
+aesenc_SB_SR_swap(AESState *r, const AESState *st, bool swap)
+{
+    const int swap_b = swap ? 15 : 0;
+    uint8_t t;
+
+    /* These four indexes are not swizzled. */
+    r->b[swap_b ^ 0x0] = AES_sbox[st->b[swap_b ^ AES_SH_0]];
+    r->b[swap_b ^ 0x4] = AES_sbox[st->b[swap_b ^ AES_SH_4]];
+    r->b[swap_b ^ 0x8] = AES_sbox[st->b[swap_b ^ AES_SH_8]];
+    r->b[swap_b ^ 0xc] = AES_sbox[st->b[swap_b ^ AES_SH_C]];
+
+    /* Otherwise, break cycles. */
+
+    t = AES_sbox[st->b[swap_b ^ AES_SH_D]];
+    r->b[swap_b ^ 0x1] = AES_sbox[st->b[swap_b ^ AES_SH_1]];
+    r->b[swap_b ^ 0x5] = AES_sbox[st->b[swap_b ^ AES_SH_5]];
+    r->b[swap_b ^ 0x9] = AES_sbox[st->b[swap_b ^ AES_SH_9]];
+    r->b[swap_b ^ 0xd] = t;
+
+    t = AES_sbox[st->b[swap_b ^ AES_SH_A]];
+    r->b[swap_b ^ 0x2] = AES_sbox[st->b[swap_b ^ AES_SH_2]];
+    r->b[swap_b ^ 0xa] = t;
+
+    t = AES_sbox[st->b[swap_b ^ AES_SH_E]];
+    r->b[swap_b ^ 0x6] = AES_sbox[st->b[swap_b ^ AES_SH_6]];
+    r->b[swap_b ^ 0xe] = t;
+
+    t = AES_sbox[st->b[swap_b ^ AES_SH_7]];
+    r->b[swap_b ^ 0x3] = AES_sbox[st->b[swap_b ^ AES_SH_3]];
+    r->b[swap_b ^ 0xf] = AES_sbox[st->b[swap_b ^ AES_SH_F]];
+    r->b[swap_b ^ 0xb] = AES_sbox[st->b[swap_b ^ AES_SH_B]];
+    r->b[swap_b ^ 0x7] = t;
+}
+
+void aesenc_SB_SR_gen(AESState *r, const AESState *st)
+{
+    aesenc_SB_SR_swap(r, st, false);
+}
+
+void aesenc_SB_SR_genrev(AESState *r, const AESState *st)
+{
+    aesenc_SB_SR_swap(r, st, true);
+}
+
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-- 
2.34.1



  parent reply	other threads:[~2023-06-03  2:39 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-03  2:33 [PATCH 00/35] crypto: Provide aes-round.h and host accel Richard Henderson
2023-06-03  2:33 ` [PATCH 01/35] tests/multiarch: Add test-aes Richard Henderson
2023-06-03  2:33 ` [PATCH 02/35] target/arm: Move aesmc and aesimc tables to crypto/aes.c Richard Henderson
2023-06-03 12:45   ` Ard Biesheuvel
2023-06-03 15:21     ` Richard Henderson
2023-06-05 10:45   ` Philippe Mathieu-Daudé
2023-06-05 11:01     ` Philippe Mathieu-Daudé
2023-06-03  2:33 ` [PATCH 03/35] crypto/aes: Add constants for ShiftRows, InvShiftRows Richard Henderson
2023-06-05 10:46   ` Philippe Mathieu-Daudé
2023-06-03  2:33 ` Richard Henderson [this message]
2023-06-03 13:15   ` [PATCH 04/35] crypto: Add aesenc_SB_SR Ard Biesheuvel
2023-06-03 15:24     ` Richard Henderson
2023-06-03  2:33 ` [PATCH 05/35] target/i386: Use aesenc_SB_SR Richard Henderson
2023-06-03  2:33 ` [PATCH 06/35] target/arm: Demultiplex AESE and AESMC Richard Henderson
2023-06-05 10:56   ` Philippe Mathieu-Daudé
2023-06-03  2:33 ` [PATCH 07/35] target/arm: Use aesenc_SB_SR Richard Henderson
2023-06-03  2:33 ` [PATCH 08/35] target/ppc: " Richard Henderson
2023-06-03  2:34 ` [PATCH 09/35] target/riscv: " Richard Henderson
2023-06-03  2:34 ` [PATCH 10/35] crypto: Add aesdec_ISB_ISR Richard Henderson
2023-06-03  2:34 ` [PATCH 11/35] target/i386: Use aesdec_ISB_ISR Richard Henderson
2023-06-03  2:34 ` [PATCH 12/35] target/arm: " Richard Henderson
2023-06-03  2:34 ` [PATCH 13/35] target/ppc: " Richard Henderson
2023-06-03  2:34 ` [PATCH 14/35] target/riscv: " Richard Henderson
2023-06-03  2:34 ` [PATCH 15/35] crypto: Add aesenc_MC Richard Henderson
2023-06-03  2:34 ` [PATCH 16/35] target/arm: Use aesenc_MC Richard Henderson
2023-06-03  2:34 ` [PATCH 17/35] crypto: Add aesdec_IMC Richard Henderson
2023-06-03  2:34 ` [PATCH 18/35] target/i386: Use aesdec_IMC Richard Henderson
2023-06-03  2:34 ` [PATCH 19/35] target/arm: " Richard Henderson
2023-06-03  2:34 ` [PATCH 20/35] target/riscv: " Richard Henderson
2023-06-03  2:34 ` [PATCH 21/35] crypto: Add aesenc_SB_SR_MC_AK Richard Henderson
2023-06-03  2:34 ` [PATCH 22/35] target/i386: Use aesenc_SB_SR_MC_AK Richard Henderson
2023-06-03  2:34 ` [PATCH 23/35] target/ppc: " Richard Henderson
2023-06-03  2:34 ` [PATCH 24/35] target/riscv: " Richard Henderson
2023-06-03  2:34 ` [PATCH 25/35] crypto: Add aesdec_ISB_ISR_IMC_AK Richard Henderson
2023-06-03  2:34 ` [PATCH 26/35] target/i386: Use aesdec_ISB_ISR_IMC_AK Richard Henderson
2023-06-03  2:34 ` [PATCH 27/35] target/riscv: " Richard Henderson
2023-06-03  2:34 ` [PATCH 28/35] crypto: Add aesdec_ISB_ISR_AK_IMC Richard Henderson
2023-06-03  2:34 ` [PATCH 29/35] target/ppc: Use aesdec_ISB_ISR_AK_IMC Richard Henderson
2023-06-03  2:34 ` [PATCH 30/35] host/include/i386: Implement aes-round.h Richard Henderson
2023-06-03  2:34 ` [PATCH 31/35] host/include/aarch64: " Richard Henderson
2023-06-03 12:50   ` Ard Biesheuvel
2023-06-03 16:01     ` Richard Henderson
2023-06-03  2:34 ` [PATCH 32/35] crypto: Remove AES_shifts, AES_ishifts Richard Henderson
2023-06-03  2:34 ` [PATCH 33/35] crypto: Implement aesdec_IMC with AES_imc_rot Richard Henderson
2023-06-03  2:34 ` [PATCH 34/35] crypto: Remove AES_imc Richard Henderson
2023-06-03  2:34 ` [PATCH 35/35] crypto: Unexport AES_*_rot, AES_TeN, AES_TdN Richard Henderson
2023-06-03 13:23 ` [PATCH 00/35] crypto: Provide aes-round.h and host accel Ard Biesheuvel
2023-06-04 10:47   ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230603023426.1064431-5-richard.henderson@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=ardb@kernel.org \
    --cc=berrange@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-arm@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    --cc=qemu-riscv@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.