-
Notifications
You must be signed in to change notification settings - Fork 854
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1303 from rivosinc/zvk-vector-crypto
Zvk vector crypto support (v5)
- Loading branch information
Showing
56 changed files
with
3,171 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// vaesdf.vs vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vs_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
// This statement will be executed before the first execution | ||
// of the loop, and only if the loop is going to be entered. | ||
// We cannot use a block ( { ... } ) since we want the variables declared | ||
// here to be visible in the loop block. | ||
// We capture the "scalar", vs2's first element, by copy, even though | ||
// the "no overlap" constraint means that vs2 should remain constant | ||
// during the loop. | ||
const EGU8x16_t scalar_key = P.VU.elt_group<EGU8x16_t>(vs2_num, 0);, | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd does receive the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
|
||
// InvShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_INV_SHIFT_ROWS(aes_state); | ||
// InvSubBytes - Apply S-box to every byte in the state | ||
VAES_INV_SUB_BYTES(aes_state); | ||
// AddRoundKey (which is also InvAddRoundKey as it's xor) | ||
EGU8x16_XOREQ(aes_state, scalar_key); | ||
// InvMixColumns is not performed in the final round. | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// vaesdf.vv vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vv_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
{}, // No PRELOOP. | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd in contains the input state, | ||
// - vs2 contains the input round key, | ||
// - vd out receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
const EGU8x16_t round_key = P.VU.elt_group<EGU8x16_t>(vs2_num, idx_eg); | ||
|
||
// InvShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_INV_SHIFT_ROWS(aes_state); | ||
// InvSubBytes - Apply S-box to every byte in the state | ||
VAES_INV_SUB_BYTES(aes_state); | ||
// AddRoundKey (which is also InvAddRoundKey as it's xor) | ||
EGU8x16_XOREQ(aes_state, round_key); | ||
// InvMixColumns is not performed in the final round. | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
// vaesdm.vs vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vs_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
// This statement will be executed before the first execution | ||
// of the loop, and only if the loop is going to be entered. | ||
// We cannot use a block ( { ... } ) since we want the variables declared | ||
// here to be visible in the loop block. | ||
// We capture the "scalar", vs2's first element, by copy, even though | ||
// the "no overlap" constraint means that vs2 should remain constant | ||
// during the loop. | ||
const EGU8x16_t scalar_key = P.VU.elt_group<EGU8x16_t>(vs2_num, 0);, | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd in contains the input state, | ||
// - vs2 contains the input round key, | ||
// - vd out receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
|
||
// InvShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_INV_SHIFT_ROWS(aes_state); | ||
// InvSubBytes - Apply S-box to every byte in the state | ||
VAES_INV_SUB_BYTES(aes_state); | ||
// AddRoundKey (which is also InvAddRoundKey as it's xor) | ||
EGU8x16_XOREQ(aes_state, scalar_key); | ||
// InvMixColumns | ||
VAES_INV_MIX_COLUMNS(aes_state); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// vaesdm.vv vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vv_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
{}, // No PRELOOP. | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd does receive the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
const EGU8x16_t round_key = P.VU.elt_group<EGU8x16_t>(vs2_num, idx_eg); | ||
|
||
// InvShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_INV_SHIFT_ROWS(aes_state); | ||
// InvSubBytes - Apply S-box to every byte in the state | ||
VAES_INV_SUB_BYTES(aes_state); | ||
// AddRoundKey (which is also InvAddRoundKey as it's xor) | ||
EGU8x16_XOREQ(aes_state, round_key); | ||
// InvMixColumns | ||
VAES_INV_MIX_COLUMNS(aes_state); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// vaesef.vs vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vs_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
// This statement will be executed before the first execution | ||
// of the loop, and only if the loop is going to be entered. | ||
// We cannot use a block ( { ... } ) since we want the variables declared | ||
// here to be visible in the loop block. | ||
// We capture the "scalar", vs2's first element, by copy, even though | ||
// the "no overlap" constraint means that vs2 should remain constant | ||
// during the loop. | ||
const EGU8x16_t scalar_key = P.VU.elt_group<EGU8x16_t>(vs2_num, 0);, | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
|
||
// SubBytes - Apply S-box to every byte in the state | ||
VAES_SUB_BYTES(aes_state); | ||
// ShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_SHIFT_ROWS(aes_state); | ||
// MixColumns is not performed for the final round. | ||
// AddRoundKey | ||
EGU8x16_XOREQ(aes_state, scalar_key); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// vaesef.vv vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vv_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
{}, // No PRELOOP. | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
const EGU8x16_t round_key = P.VU.elt_group<EGU8x16_t>(vs2_num, idx_eg); | ||
|
||
// SubBytes - Apply S-box to every byte in the state | ||
VAES_SUB_BYTES(aes_state); | ||
// ShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_SHIFT_ROWS(aes_state); | ||
// MixColumns is not performed for the final round. | ||
// AddRoundKey | ||
EGU8x16_XOREQ(aes_state, round_key); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
// vaesem.vs vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vs_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
// This statement will be executed before the first execution | ||
// of the loop, and only if the loop is going to be entered. | ||
// We cannot use a block ( { ... } ) since we want the variables declared | ||
// here to be visible in the loop block. | ||
// We capture the "scalar", vs2's first element, by copy, even though | ||
// the "no overlap" constraint means that vs2 should remain constant | ||
// during the loop. | ||
const EGU8x16_t scalar_key = P.VU.elt_group<EGU8x16_t>(vs2_num, 0);, | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
|
||
// SubBytes - Apply S-box to every byte in the state | ||
VAES_SUB_BYTES(aes_state); | ||
// ShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_SHIFT_ROWS(aes_state); | ||
// MixColumns | ||
VAES_MIX_COLUMNS(aes_state); | ||
// AddRoundKey | ||
EGU8x16_XOREQ(aes_state, scalar_key); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
// vaesem.vv vd, vs2 | ||
|
||
#include "zvkned_ext_macros.h" | ||
#include "zvk_ext_macros.h" | ||
|
||
require_vaes_vv_constraints; | ||
|
||
VI_ZVK_VD_VS2_NOOPERANDS_PRELOOP_EGU32x4_NOVM_LOOP( | ||
{}, | ||
{}, // No PRELOOP. | ||
{ | ||
// For AES128, AES192, or AES256, state and key are 128b/16B values: | ||
// - vd contains the input state, | ||
// - vs2 contains the round key, | ||
// - vd receives the output state. | ||
// | ||
// While the spec calls for handling the vector as made of EGU32x4 | ||
// element groups (i.e., 4 uint32_t), it is convenient to treat | ||
// AES state and key as EGU8x16 (i.e., 16 uint8_t). This is why | ||
// we extract the operands here instead of using the existing LOOP | ||
// macro that defines/extracts the operand variables as EGU32x4. | ||
EGU8x16_t aes_state = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg); | ||
const EGU8x16_t round_key = P.VU.elt_group<EGU8x16_t>(vs2_num, idx_eg); | ||
|
||
// SubBytes - Apply S-box to every byte in the state | ||
VAES_SUB_BYTES(aes_state); | ||
// ShiftRows - Rotate each row bytes by 0, 1, 2, 3 positions. | ||
VAES_SHIFT_ROWS(aes_state); | ||
// MixColumns | ||
VAES_MIX_COLUMNS(aes_state); | ||
// AddRoundKey | ||
EGU8x16_XOREQ(aes_state, round_key); | ||
|
||
// Update the destination register. | ||
EGU8x16_t &vd = P.VU.elt_group<EGU8x16_t>(vd_num, idx_eg, true); | ||
EGU8x16_COPY(vd, aes_state); | ||
} | ||
); |
Oops, something went wrong.