target/arm: implement SHA-512 instructions

This implements emulation of the new SHA-512 instructions that have
been added as an optional extensions to the ARMv8 Crypto Extensions
in ARM v8.2.

Backports commit 90b827d131812d7f0a8abb13dba1942a2bcee821 from qemu
This commit is contained in:
Ard Biesheuvel 2018-03-07 08:35:52 -05:00 committed by Lioncash
parent c1f778a438
commit 0ef74f6d6d
No known key found for this signature in database
GPG key ID: 4E3C3CC1031BA9C7
18 changed files with 263 additions and 1 deletions

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_aarch64
#define helper_crypto_sha256su0 helper_crypto_sha256su0_aarch64
#define helper_crypto_sha256su1 helper_crypto_sha256su1_aarch64
#define helper_crypto_sha512h helper_crypto_sha512h_aarch64
#define helper_crypto_sha512h2 helper_crypto_sha512h2_aarch64
#define helper_crypto_sha512su0 helper_crypto_sha512su0_aarch64
#define helper_crypto_sha512su1 helper_crypto_sha512su1_aarch64
#define helper_dc_zva helper_dc_zva_aarch64
#define helper_div_i32 helper_div_i32_aarch64
#define helper_div_i64 helper_div_i64_aarch64

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_aarch64eb
#define helper_crypto_sha256su0 helper_crypto_sha256su0_aarch64eb
#define helper_crypto_sha256su1 helper_crypto_sha256su1_aarch64eb
#define helper_crypto_sha512h helper_crypto_sha512h_aarch64eb
#define helper_crypto_sha512h2 helper_crypto_sha512h2_aarch64eb
#define helper_crypto_sha512su0 helper_crypto_sha512su0_aarch64eb
#define helper_crypto_sha512su1 helper_crypto_sha512su1_aarch64eb
#define helper_dc_zva helper_dc_zva_aarch64eb
#define helper_div_i32 helper_div_i32_aarch64eb
#define helper_div_i64 helper_div_i64_aarch64eb

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_arm
#define helper_crypto_sha256su0 helper_crypto_sha256su0_arm
#define helper_crypto_sha256su1 helper_crypto_sha256su1_arm
#define helper_crypto_sha512h helper_crypto_sha512h_arm
#define helper_crypto_sha512h2 helper_crypto_sha512h2_arm
#define helper_crypto_sha512su0 helper_crypto_sha512su0_arm
#define helper_crypto_sha512su1 helper_crypto_sha512su1_arm
#define helper_dc_zva helper_dc_zva_arm
#define helper_div_i32 helper_div_i32_arm
#define helper_div_i64 helper_div_i64_arm

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_armeb
#define helper_crypto_sha256su0 helper_crypto_sha256su0_armeb
#define helper_crypto_sha256su1 helper_crypto_sha256su1_armeb
#define helper_crypto_sha512h helper_crypto_sha512h_armeb
#define helper_crypto_sha512h2 helper_crypto_sha512h2_armeb
#define helper_crypto_sha512su0 helper_crypto_sha512su0_armeb
#define helper_crypto_sha512su1 helper_crypto_sha512su1_armeb
#define helper_dc_zva helper_dc_zva_armeb
#define helper_div_i32 helper_div_i32_armeb
#define helper_div_i64 helper_div_i64_armeb

View file

@ -1603,6 +1603,10 @@ symbols = (
'helper_crypto_sha256h2',
'helper_crypto_sha256su0',
'helper_crypto_sha256su1',
'helper_crypto_sha512h',
'helper_crypto_sha512h2',
'helper_crypto_sha512su0',
'helper_crypto_sha512su1',
'helper_dc_zva',
'helper_div_i32',
'helper_div_i64',

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_m68k
#define helper_crypto_sha256su0 helper_crypto_sha256su0_m68k
#define helper_crypto_sha256su1 helper_crypto_sha256su1_m68k
#define helper_crypto_sha512h helper_crypto_sha512h_m68k
#define helper_crypto_sha512h2 helper_crypto_sha512h2_m68k
#define helper_crypto_sha512su0 helper_crypto_sha512su0_m68k
#define helper_crypto_sha512su1 helper_crypto_sha512su1_m68k
#define helper_dc_zva helper_dc_zva_m68k
#define helper_div_i32 helper_div_i32_m68k
#define helper_div_i64 helper_div_i64_m68k

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_mips
#define helper_crypto_sha256su0 helper_crypto_sha256su0_mips
#define helper_crypto_sha256su1 helper_crypto_sha256su1_mips
#define helper_crypto_sha512h helper_crypto_sha512h_mips
#define helper_crypto_sha512h2 helper_crypto_sha512h2_mips
#define helper_crypto_sha512su0 helper_crypto_sha512su0_mips
#define helper_crypto_sha512su1 helper_crypto_sha512su1_mips
#define helper_dc_zva helper_dc_zva_mips
#define helper_div_i32 helper_div_i32_mips
#define helper_div_i64 helper_div_i64_mips

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_mips64
#define helper_crypto_sha256su0 helper_crypto_sha256su0_mips64
#define helper_crypto_sha256su1 helper_crypto_sha256su1_mips64
#define helper_crypto_sha512h helper_crypto_sha512h_mips64
#define helper_crypto_sha512h2 helper_crypto_sha512h2_mips64
#define helper_crypto_sha512su0 helper_crypto_sha512su0_mips64
#define helper_crypto_sha512su1 helper_crypto_sha512su1_mips64
#define helper_dc_zva helper_dc_zva_mips64
#define helper_div_i32 helper_div_i32_mips64
#define helper_div_i64 helper_div_i64_mips64

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_mips64el
#define helper_crypto_sha256su0 helper_crypto_sha256su0_mips64el
#define helper_crypto_sha256su1 helper_crypto_sha256su1_mips64el
#define helper_crypto_sha512h helper_crypto_sha512h_mips64el
#define helper_crypto_sha512h2 helper_crypto_sha512h2_mips64el
#define helper_crypto_sha512su0 helper_crypto_sha512su0_mips64el
#define helper_crypto_sha512su1 helper_crypto_sha512su1_mips64el
#define helper_dc_zva helper_dc_zva_mips64el
#define helper_div_i32 helper_div_i32_mips64el
#define helper_div_i64 helper_div_i64_mips64el

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_mipsel
#define helper_crypto_sha256su0 helper_crypto_sha256su0_mipsel
#define helper_crypto_sha256su1 helper_crypto_sha256su1_mipsel
#define helper_crypto_sha512h helper_crypto_sha512h_mipsel
#define helper_crypto_sha512h2 helper_crypto_sha512h2_mipsel
#define helper_crypto_sha512su0 helper_crypto_sha512su0_mipsel
#define helper_crypto_sha512su1 helper_crypto_sha512su1_mipsel
#define helper_dc_zva helper_dc_zva_mipsel
#define helper_div_i32 helper_div_i32_mipsel
#define helper_div_i64 helper_div_i64_mipsel

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_powerpc
#define helper_crypto_sha256su0 helper_crypto_sha256su0_powerpc
#define helper_crypto_sha256su1 helper_crypto_sha256su1_powerpc
#define helper_crypto_sha512h helper_crypto_sha512h_powerpc
#define helper_crypto_sha512h2 helper_crypto_sha512h2_powerpc
#define helper_crypto_sha512su0 helper_crypto_sha512su0_powerpc
#define helper_crypto_sha512su1 helper_crypto_sha512su1_powerpc
#define helper_dc_zva helper_dc_zva_powerpc
#define helper_div_i32 helper_div_i32_powerpc
#define helper_div_i64 helper_div_i64_powerpc

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_sparc
#define helper_crypto_sha256su0 helper_crypto_sha256su0_sparc
#define helper_crypto_sha256su1 helper_crypto_sha256su1_sparc
#define helper_crypto_sha512h helper_crypto_sha512h_sparc
#define helper_crypto_sha512h2 helper_crypto_sha512h2_sparc
#define helper_crypto_sha512su0 helper_crypto_sha512su0_sparc
#define helper_crypto_sha512su1 helper_crypto_sha512su1_sparc
#define helper_dc_zva helper_dc_zva_sparc
#define helper_div_i32 helper_div_i32_sparc
#define helper_div_i64 helper_div_i64_sparc

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_sparc64
#define helper_crypto_sha256su0 helper_crypto_sha256su0_sparc64
#define helper_crypto_sha256su1 helper_crypto_sha256su1_sparc64
#define helper_crypto_sha512h helper_crypto_sha512h_sparc64
#define helper_crypto_sha512h2 helper_crypto_sha512h2_sparc64
#define helper_crypto_sha512su0 helper_crypto_sha512su0_sparc64
#define helper_crypto_sha512su1 helper_crypto_sha512su1_sparc64
#define helper_dc_zva helper_dc_zva_sparc64
#define helper_div_i32 helper_div_i32_sparc64
#define helper_div_i64 helper_div_i64_sparc64

View file

@ -1317,6 +1317,7 @@ enum arm_features {
ARM_FEATURE_M_SECURITY, /* M profile Security Extension */
ARM_FEATURE_JAZELLE, /* has (trivial) Jazelle implementation */
ARM_FEATURE_SVE, /* has Scalable Vector Extension */
ARM_FEATURE_V8_SHA512, /* implements SHA512 part of v8 Crypto Extensions */
ARM_FEATURE_V8_SHA3, /* implements SHA3 part of v8 Crypto Extensions */
};

View file

@ -1,7 +1,7 @@
/*
* crypto_helper.c - emulate v8 Crypto Extensions instructions
*
* Copyright (C) 2013 - 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
* Copyright (C) 2013 - 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -462,3 +462,91 @@ void HELPER(crypto_sha256su1)(void *vd, void *vn, void *vm)
rd[0] = d.l[0];
rd[1] = d.l[1];
}
/*
* The SHA-512 logical functions (same as above but using 64-bit operands)
*/
static uint64_t cho512(uint64_t x, uint64_t y, uint64_t z)
{
return (x & (y ^ z)) ^ z;
}
static uint64_t maj512(uint64_t x, uint64_t y, uint64_t z)
{
return (x & y) | ((x | y) & z);
}
static uint64_t S0_512(uint64_t x)
{
return ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39);
}
static uint64_t S1_512(uint64_t x)
{
return ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41);
}
static uint64_t s0_512(uint64_t x)
{
return ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7);
}
static uint64_t s1_512(uint64_t x)
{
return ror64(x, 19) ^ ror64(x, 61) ^ (x >> 6);
}
void HELPER(crypto_sha512h)(void *vd, void *vn, void *vm)
{
uint64_t *rd = vd;
uint64_t *rn = vn;
uint64_t *rm = vm;
uint64_t d0 = rd[0];
uint64_t d1 = rd[1];
d1 += S1_512(rm[1]) + cho512(rm[1], rn[0], rn[1]);
d0 += S1_512(d1 + rm[0]) + cho512(d1 + rm[0], rm[1], rn[0]);
rd[0] = d0;
rd[1] = d1;
}
void HELPER(crypto_sha512h2)(void *vd, void *vn, void *vm)
{
uint64_t *rd = vd;
uint64_t *rn = vn;
uint64_t *rm = vm;
uint64_t d0 = rd[0];
uint64_t d1 = rd[1];
d1 += S0_512(rm[0]) + maj512(rn[0], rm[1], rm[0]);
d0 += S0_512(d1) + maj512(d1, rm[0], rm[1]);
rd[0] = d0;
rd[1] = d1;
}
void HELPER(crypto_sha512su0)(void *vd, void *vn)
{
uint64_t *rd = vd;
uint64_t *rn = vn;
uint64_t d0 = rd[0];
uint64_t d1 = rd[1];
d0 += s0_512(rd[1]);
d1 += s0_512(rn[0]);
rd[0] = d0;
rd[1] = d1;
}
void HELPER(crypto_sha512su1)(void *vd, void *vn, void *vm)
{
uint64_t *rd = vd;
uint64_t *rn = vn;
uint64_t *rm = vm;
rd[0] += s1_512(rn[0]) + rm[0];
rd[1] += s1_512(rn[1]) + rm[1];
}

View file

@ -536,6 +536,11 @@ DEF_HELPER_FLAGS_3(crypto_sha256h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr)
DEF_HELPER_FLAGS_2(crypto_sha256su0, TCG_CALL_NO_RWG, void, ptr, ptr)
DEF_HELPER_FLAGS_3(crypto_sha256su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr)
DEF_HELPER_FLAGS_3(crypto_sha512h, TCG_CALL_NO_RWG, void, ptr, ptr, ptr)
DEF_HELPER_FLAGS_3(crypto_sha512h2, TCG_CALL_NO_RWG, void, ptr, ptr, ptr)
DEF_HELPER_FLAGS_2(crypto_sha512su0, TCG_CALL_NO_RWG, void, ptr, ptr)
DEF_HELPER_FLAGS_3(crypto_sha512su1, TCG_CALL_NO_RWG, void, ptr, ptr, ptr)
DEF_HELPER_FLAGS_3(crc32_arm, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
DEF_HELPER_FLAGS_3(crc32c, TCG_CALL_NO_RWG_SE, i32, i32, i32, i32)
DEF_HELPER_2(dc_zva, void, env, i64)

View file

@ -11798,6 +11798,116 @@ static void disas_crypto_four_reg(DisasContext *s, uint32_t insn)
tcg_temp_free(tcg_ctx, tcg_res[1]);
}
/* Crypto three-reg SHA512
* 31 21 20 16 15 14 13 12 11 10 9 5 4 0
* +-----------------------+------+---+---+-----+--------+------+------+
* | 1 1 0 0 1 1 1 0 0 1 1 | Rm | 1 | O | 0 0 | opcode | Rn | Rd |
* +-----------------------+------+---+---+-----+--------+------+------+
*/
static void disas_crypto_three_reg_sha512(DisasContext *s, uint32_t insn)
{
TCGContext *tcg_ctx = s->uc->tcg_ctx;
int opcode = extract32(insn, 10, 2);
int o = extract32(insn, 14, 1);
int rm = extract32(insn, 16, 5);
int rn = extract32(insn, 5, 5);
int rd = extract32(insn, 0, 5);
int feature;
CryptoThreeOpFn *genfn;
if (o == 0) {
switch (opcode) {
case 0: /* SHA512H */
feature = ARM_FEATURE_V8_SHA512;
genfn = gen_helper_crypto_sha512h;
break;
case 1: /* SHA512H2 */
feature = ARM_FEATURE_V8_SHA512;
genfn = gen_helper_crypto_sha512h2;
break;
case 2: /* SHA512SU1 */
feature = ARM_FEATURE_V8_SHA512;
genfn = gen_helper_crypto_sha512su1;
break;
default:
unallocated_encoding(s);
return;
}
} else {
unallocated_encoding(s);
return;
}
if (!arm_dc_feature(s, feature)) {
unallocated_encoding(s);
return;
}
if (!fp_access_check(s)) {
return;
}
if (genfn) {
TCGv_ptr tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr;
tcg_rd_ptr = vec_full_reg_ptr(s, rd);
tcg_rn_ptr = vec_full_reg_ptr(s, rn);
tcg_rm_ptr = vec_full_reg_ptr(s, rm);
genfn(tcg_ctx, tcg_rd_ptr, tcg_rn_ptr, tcg_rm_ptr);
tcg_temp_free_ptr(tcg_ctx, tcg_rd_ptr);
tcg_temp_free_ptr(tcg_ctx, tcg_rn_ptr);
tcg_temp_free_ptr(tcg_ctx, tcg_rm_ptr);
} else {
g_assert_not_reached();
}
}
/* Crypto two-reg SHA512
* 31 12 11 10 9 5 4 0
* +-----------------------------------------+--------+------+------+
* | 1 1 0 0 1 1 1 0 1 1 0 0 0 0 0 0 1 0 0 0 | opcode | Rn | Rd |
* +-----------------------------------------+--------+------+------+
*/
static void disas_crypto_two_reg_sha512(DisasContext *s, uint32_t insn)
{
TCGContext *tcg_ctx = s->uc->tcg_ctx;
int opcode = extract32(insn, 10, 2);
int rn = extract32(insn, 5, 5);
int rd = extract32(insn, 0, 5);
TCGv_ptr tcg_rd_ptr, tcg_rn_ptr;
int feature;
CryptoTwoOpFn *genfn;
switch (opcode) {
case 0: /* SHA512SU0 */
feature = ARM_FEATURE_V8_SHA512;
genfn = gen_helper_crypto_sha512su0;
break;
default:
unallocated_encoding(s);
return;
}
if (!arm_dc_feature(s, feature)) {
unallocated_encoding(s);
return;
}
if (!fp_access_check(s)) {
return;
}
tcg_rd_ptr = vec_full_reg_ptr(s, rd);
tcg_rn_ptr = vec_full_reg_ptr(s, rn);
genfn(tcg_ctx, tcg_rd_ptr, tcg_rn_ptr);
tcg_temp_free_ptr(tcg_ctx, tcg_rd_ptr);
tcg_temp_free_ptr(tcg_ctx, tcg_rn_ptr);
}
/* C3.6 Data processing - SIMD, inc Crypto
*
* As the decode gets a little complex we are using a table based
@ -11827,6 +11937,8 @@ static const AArch64DecodeTable data_proc_simd[] = {
{ 0x4e280800, 0xff3e0c00, disas_crypto_aes },
{ 0x5e000000, 0xff208c00, disas_crypto_three_reg_sha },
{ 0x5e280800, 0xff3e0c00, disas_crypto_two_reg_sha },
{ 0xce608000, 0xffe0b000, disas_crypto_three_reg_sha512 },
{ 0xcec08000, 0xfffff000, disas_crypto_two_reg_sha512 },
{ 0xce000000, 0xff808000, disas_crypto_four_reg },
{ 0x00000000, 0x00000000, NULL }
};

View file

@ -1597,6 +1597,10 @@
#define helper_crypto_sha256h2 helper_crypto_sha256h2_x86_64
#define helper_crypto_sha256su0 helper_crypto_sha256su0_x86_64
#define helper_crypto_sha256su1 helper_crypto_sha256su1_x86_64
#define helper_crypto_sha512h helper_crypto_sha512h_x86_64
#define helper_crypto_sha512h2 helper_crypto_sha512h2_x86_64
#define helper_crypto_sha512su0 helper_crypto_sha512su0_x86_64
#define helper_crypto_sha512su1 helper_crypto_sha512su1_x86_64
#define helper_dc_zva helper_dc_zva_x86_64
#define helper_div_i32 helper_div_i32_x86_64
#define helper_div_i64 helper_div_i64_x86_64