From patchwork Wed Feb 7 11:17:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 127160 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp369820ljc; Wed, 7 Feb 2018 03:21:03 -0800 (PST) X-Google-Smtp-Source: AH8x225MjGT2aojDWoTSUgQP0drCcdfSTh+tnBQlSvAidaNgBZZD7wqS+8tzlqOy152vUVmuKeoV X-Received: by 10.13.245.1 with SMTP id e1mr3542721ywf.91.1518002463637; Wed, 07 Feb 2018 03:21:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518002463; cv=none; d=google.com; s=arc-20160816; b=A6WuhCd2Uwr+2AIhCN6/KASqQfUQ1cvS5A67xZu+Dqzlxhw5ZylEpDEGNHNF789iK+ ha1YlkqsUTwC6flL20JhObYQP2sjCfghuFfHzogRo9D1Yc5cqmO45mX52UQMGyUzBHiK RvXc+wkcJFdjMe6IfDlfoXOxJK6nf07sefIvSYymQa8uGOOdmT8LYhb/oXvNS6cu4oT3 X8iboDP1LNPjnerw5CMSLkkVXdK00gvO9HVtfXtJo/L86XIcbikkP7hwdENxzitcTl46 9MOYEPDeViK/EFL2hnk/08SAbfiVa43OUazngevVuceSWB+GFuBBe3vCAqQMZVlPmyZ1 rCrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=Vvc46QhHvkWYFYoVqHEVwveei10RIvcta28aHDMwRLM=; b=qjxrJVRLfe47+BPJLvbmxz/JxzqVGUl/6d8Iy0gC+eNPGSu/qMkmfBcNjYWOGHTBAy nwVggeBmaSPJs/1uZzh6g026OQWd29J9i7+Xm8Lul5PgdSuDtjsT1L/Uw++HUMgxNjjf O3TwvLp83Cu7+/fK6d+e4TtE1LH/9FZGdG/K9uFKrFHFwJiw5E1aAyhjqf5vUrDQVhfM /EyOCDxI47La4YHPxnIfN8CKmiu42NmW9MS8jmCbcaPN5Ifuyx/uiJa9EE8bSFMn3Wk5 TTfm04uzNrkgncaP1noeFre6kdDCt9tqOeSDMppr9vzzxE+YfZIPvqsYyQKjbfywYoJo a9wQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=PsuDND4/; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id i3si230009ybm.626.2018.02.07.03.21.03 for (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 07 Feb 2018 03:21:03 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=PsuDND4/; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:51706 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejNmh-0006o3-0z for patch@linaro.org; Wed, 07 Feb 2018 06:21:03 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38752) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejNjU-0005DI-7q for qemu-devel@nongnu.org; Wed, 07 Feb 2018 06:17:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ejNjR-0005eN-ES for qemu-devel@nongnu.org; Wed, 07 Feb 2018 06:17:44 -0500 Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]:52068) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ejNjR-0005dn-5S for qemu-devel@nongnu.org; Wed, 07 Feb 2018 06:17:41 -0500 Received: by mail-wm0-x244.google.com with SMTP id r71so2460363wmd.1 for ; Wed, 07 Feb 2018 03:17:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Vvc46QhHvkWYFYoVqHEVwveei10RIvcta28aHDMwRLM=; b=PsuDND4/6alx9eLBxmEmrWHVewLlzWogRZtj8kVp9/odGVu3vTueJK56velMEmS/qh NeR/C9uSf/lmDXr5YMjbyWofz265PbhdT5L+IVC4m/KVt+4KF197G/K64phYtrg2+bAM aTwpu3wapxJYL/CMvRfM9wfGWYQvyHpiOrSeg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Vvc46QhHvkWYFYoVqHEVwveei10RIvcta28aHDMwRLM=; b=fN4wur4JjBvaknP9ZcjSFgiBHZrR4R78t6DeroINHcGxfJzmM1bFcdM0DIPpUFXH/Y wM2/Rdm+WGgclvQSFoldp6WaNUjYmzUKF+SRjKE7BCl8Jl8KkgoBluikZh6rzmHG2WSX wxpge3zGYhAUfZUjUFINBbf4VGxPsZRP+RB9RMtUWUI8E+3xPXNuayJ3K0Uq8kyt0bPl eVdEiCUQsddBOEvWMvWdIh49zRPMBekTTsd409rANPwasKLMobG0D9iaG8SgKglOMC0i eY3u4LOTip7SMAemUchNntgcRFzOwDJxOtuopt7FNaKU3QivuPDXry50e0+9NiLBV/Pi MByg== X-Gm-Message-State: APf1xPBqAIrxSwrzSVh1uGt5IrIWDz71QpCGHmVxtU7aaWGchwP01+8F bQ9uGpALW1qXCRtouFU+ISnsj/coI8M= X-Received: by 10.28.20.206 with SMTP id 197mr4097280wmu.19.1518002259753; Wed, 07 Feb 2018 03:17:39 -0800 (PST) Received: from localhost.localdomain ([196.85.252.149]) by smtp.gmail.com with ESMTPSA id h32sm627629wrf.65.2018.02.07.03.17.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Feb 2018 03:17:38 -0800 (PST) From: Ard Biesheuvel To: qemu-devel@nongnu.org Date: Wed, 7 Feb 2018 11:17:25 +0000 Message-Id: <20180207111729.15737-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180207111729.15737-1-ard.biesheuvel@linaro.org> References: <20180207111729.15737-1-ard.biesheuvel@linaro.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:400c:c09::244 Subject: [Qemu-devel] [PATCH v6 1/5] target/arm: implement SHA-512 instructions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: peter.maydell@linaro.org, Ard Biesheuvel Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" This implements emulation of the new SHA-512 instructions that have been added as an optional extensions to the ARMv8 Crypto Extensions in ARM v8.2. Signed-off-by: Ard Biesheuvel --- target/arm/cpu.h | 1 + target/arm/crypto_helper.c | 90 +++++++++++++++- target/arm/helper.h | 5 + target/arm/translate-a64.c | 110 ++++++++++++++++++++ 4 files changed, 205 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/target/arm/cpu.h b/target/arm/cpu.h index 0a923e42d8bf..32a18510e70b 100644 --- a/target/arm/cpu.h +++ b/target/arm/cpu.h @@ -1372,6 +1372,7 @@ enum arm_features { ARM_FEATURE_M_SECURITY, /* M profile Security Extension */ ARM_FEATURE_JAZELLE, /* has (trivial) Jazelle implementation */ ARM_FEATURE_SVE, /* has Scalable Vector Extension */ + ARM_FEATURE_V8_SHA512, /* implements SHA512 part of v8 Crypto Extensions */ }; static inline int arm_feature(CPUARMState *env, int feature) diff --git a/target/arm/crypto_helper.c b/target/arm/crypto_helper.c index 9ca0bdead7bb..3d8d1fb5e7cf 100644 --- a/target/arm/crypto_helper.c +++ b/target/arm/crypto_helper.c @@ -1,7 +1,7 @@ /* * crypto_helper.c - emulate v8 Crypto Extensions instructions * - * Copyright (C) 2013 - 2014 Linaro Ltd + * Copyright (C) 2013 - 2018 Linaro Ltd * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -419,3 +419,91 @@ void HELPER(crypto_sha256su1)(void *vd, void *vn, void *vm) rd[0] = d.l[0]; rd[1] = d.l[1]; } + +/* + * The SHA-512 logical functions (same as above but using 64-bit operands) + */ + +static uint64_t cho512(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & (y ^ z)) ^ z; +} + +static uint64_t maj512(uint64_t x, uint64_t y, uint64_t z) +{ + return (x & y) | ((x | y) & z); +} + +static uint64_t S0_512(uint64_t x) +{ + return ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39); +} + +static uint64_t S1_512(uint64_t x) +{ + return ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41); +} + +static uint64_t s0_512(uint64_t x) +{ + return ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7); +} + +static uint64_t s1_512(uint64_t x) +{ + return ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6); +} + +void HELPER(crypto_sha512h)(void *vd, void *vn, void *vm) +{ + uint64_t *rd = vd; + uint64_t *rn = vn; + uint64_t *rm = vm; + uint64_t d0 = rd[0]; + uint64_t d1 = rd[1]; + + d1 += S1_512(rm[1]) + cho512(rm[1], rn[0], rn[1]); + d0 += S1_512(d1 + rm[0]) + cho512(d1 + rm[0], rm[1], rn[0]); + + rd[0] = d0; + rd[1] = d1; +} + +void HELPER(crypto_sha512h2)(void *vd, void *vn, void *vm) +{ + uint64_t *rd = vd; + uint64_t *rn = vn; + uint64_t *rm = vm; + uint64_t d0 = rd[0]; + uint64_t d1 = rd[1]; + + d1 += S0_512(rm[0]) + maj512(rn[0], rm[1], rm[0]); + d0 += S0_512(d1) + maj512(d1, rm[0], rm[1]); + + rd[0] = d0; + rd[1] = d1; +} + +void HELPER(crypto_sha512su0)(void *vd, void *vn) +{ + uint64_t *rd = vd; + uint64_t *rn = vn; + uint64_t d0 = rd[0]; + uint64_t d1 = rd[1]; + + d0 += s0_512(rd[1]); + d1 += s0_512(rn[0]); + + rd[0] = d0; + rd[1] = d1; +} + +void HELPER(crypto_sha512su1)(void *vd, void *vn, void *vm) +{ + uint64_t *rd = vd; + uint64_t *rn = vn; + uint64_t *rm = vm; + + rd[0] += s1_512(rn[0]) + rm[0]; + rd[1] += s1_512(rn[1]) + rm[1]; +} diff --git a/target/arm/helper.h b/target/arm/helper.h index 5dec2e62626b..81d460702867 100644 --- a/target/arm/helper.h +++ b/target/arm/helper.h @@ -534,6 +534,11 @@ DEF_HELPER_FLAGS_3(crypto_sha256h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) DEF_HELPER_FLAGS_2(crypto_sha256su0, TCG_CALL_NO_RWG, void, ptr, ptr) DEF_HELPER_FLAGS_3(crypto_sha256su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) +DEF_HELPER_FLAGS_3(crypto_sha512h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) +DEF_HELPER_FLAGS_3(crypto_sha512h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) +DEF_HELPER_FLAGS_2(crypto_sha512su0, TCG_CALL_NO_RWG, void, ptr, ptr) +DEF_HELPER_FLAGS_3(crypto_sha512su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr) + DEF_HELPER_FLAGS_3(crc32, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32) DEF_HELPER_2(dc_zva, void, env, i64) diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c index 10eef870fee2..888f5a39a283 100644 --- a/target/arm/translate-a64.c +++ b/target/arm/translate-a64.c @@ -11132,6 +11132,114 @@ static void disas_crypto_two_reg_sha(DisasContext *s, uint32_t insn) tcg_temp_free_ptr(tcg_rn_ptr); } +/* Crypto three-reg SHA512 + * 31 21 20 16 15 14 13 12 11 10 9 5 4 0 + * +-----------------------+------+---+---+-----+--------+------+------+ + * | 1 1 0 0 1 1 1 0 0 1 1 | Rm | 1 | O | 0 0 | opcode | Rn | Rd | + * +-----------------------+------+---+---+-----+--------+------+------+ + */ +static void disas_crypto_three_reg_sha512(DisasContext *s, uint32_t insn) +{ + int opcode = extract32(insn, 10, 2); + int o = extract32(insn, 14, 1); + int rm = extract32(insn, 16, 5); + int rn = extract32(insn, 5, 5); + int rd = extract32(insn, 0, 5); + int feature; + CryptoThreeOpFn *genfn; + + if (o == 0) { + switch (opcode) { + case 0: /* SHA512H */ + feature = ARM_FEATURE_V8_SHA512; + genfn = gen_helper_crypto_sha512h; + break; + case 1: /* SHA512H2 */ + feature = ARM_FEATURE_V8_SHA512; + genfn = gen_helper_crypto_sha512h2; + break; + case 2: /* SHA512SU1 */ + feature = ARM_FEATURE_V8_SHA512; + genfn = gen_helper_crypto_sha512su1; + break; + default: + unallocated_encoding(s); + return; + } + } else { + unallocated_encoding(s); + return; + } + + if (!arm_dc_feature(s, feature)) { + unallocated_encoding(s); + return; + } + + if (!fp_access_check(s)) { + return; + } + + if (genfn) { + TCGv_ptr tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr; + + tcg_rd_ptr = vec_full_reg_ptr(s, rd); + tcg_rn_ptr = vec_full_reg_ptr(s, rn); + tcg_rm_ptr = vec_full_reg_ptr(s, rm); + + genfn(tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr); + + tcg_temp_free_ptr(tcg_rd_ptr); + tcg_temp_free_ptr(tcg_rn_ptr); + tcg_temp_free_ptr(tcg_rm_ptr); + } else { + g_assert_not_reached(); + } +} + +/* Crypto two-reg SHA512 + * 31 12 11 10 9 5 4 0 + * +-----------------------------------------+--------+------+------+ + * | 1 1 0 0 1 1 1 0 1 1 0 0 0 0 0 0 1 0 0 0 | opcode | Rn | Rd | + * +-----------------------------------------+--------+------+------+ + */ +static void disas_crypto_two_reg_sha512(DisasContext *s, uint32_t insn) +{ + int opcode = extract32(insn, 10, 2); + int rn = extract32(insn, 5, 5); + int rd = extract32(insn, 0, 5); + TCGv_ptr tcg_rd_ptr, tcg_rn_ptr; + int feature; + CryptoTwoOpFn *genfn; + + switch (opcode) { + case 0: /* SHA512SU0 */ + feature = ARM_FEATURE_V8_SHA512; + genfn = gen_helper_crypto_sha512su0; + break; + default: + unallocated_encoding(s); + return; + } + + if (!arm_dc_feature(s, feature)) { + unallocated_encoding(s); + return; + } + + if (!fp_access_check(s)) { + return; + } + + tcg_rd_ptr = vec_full_reg_ptr(s, rd); + tcg_rn_ptr = vec_full_reg_ptr(s, rn); + + genfn(tcg_rd_ptr, tcg_rn_ptr); + + tcg_temp_free_ptr(tcg_rd_ptr); + tcg_temp_free_ptr(tcg_rn_ptr); +} + /* C3.6 Data processing - SIMD, inc Crypto * * As the decode gets a little complex we are using a table based @@ -11161,6 +11269,8 @@ static const AArch64DecodeTable data_proc_simd[] = { { 0x4e280800, 0xff3e0c00, disas_crypto_aes }, { 0x5e000000, 0xff208c00, disas_crypto_three_reg_sha }, { 0x5e280800, 0xff3e0c00, disas_crypto_two_reg_sha }, + { 0xce608000, 0xffe0b000, disas_crypto_three_reg_sha512 }, + { 0xcec08000, 0xfffff000, disas_crypto_two_reg_sha512 }, { 0x00000000, 0x00000000, NULL } };