1/*
2 * Copyright (c) 2018 ARM Limited
3 * All rights reserved
4 *
5 * The license below extends only to copyright in the software and shall
6 * not be construed as granting a license to any other intellectual
7 * property including but not limited to intellectual property relating
8 * to a hardware implementation of the functionality of the software
9 * licensed hereunder.  You may use the software subject to the license
10 * terms below provided that you ensure that this notice is replicated
11 * unmodified and in its entirety in all distributions of the software,
12 * modified or unmodified, in source code or in binary form.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions are
16 * met: redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer;
18 * redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution;
21 * neither the name of the copyright holders nor the names of its
22 * contributors may be used to endorse or promote products derived from
23 * this software without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 * Authors: Matt Horsnell
38 *          Prakash Ramrakhyani
39 */
40
41#ifndef __ARCH_ARM_INSTS_CRYPTO_HH__
42#define __ARCH_ARM_INSTS_CRYPTO_HH__
43
44namespace ArmISA {
45
46class Crypto
47{
48    enum SHAOp : uint8_t
49    {
50        CHOOSE = 0,
51        PARITY,
52        MAJORITY
53    };
54
55    /** Look up table for subByttes transformation */
56    static const uint8_t aesSBOX[256];
57
58    /** Look up table for inverse subBytes transformation */
59    static const uint8_t aesInvSBOX[256];
60
61    static const uint8_t aesSHIFT[16];
62    static const uint8_t aesINVSHIFT[16];
63
64    /**
65     * Look up table for Finite Field logarithm where the base
66     * is the element {03} in the field G(256)
67     */
68    static const uint8_t aesFFLOG[256];
69
70    /**
71     * Look up table for {03}^X where {03} and X are elements
72     * in the filed G(256)
73     */
74    static const uint8_t aesFFEXP[256];
75
76    /** Finite field multiplication of two elements in the field G(256) */
77    uint8_t aesFFMul(uint8_t a, uint8_t b);
78
79    uint8_t aesFFMul2(uint8_t a)
80    {
81        return ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1));
82    }
83
84    void aesSubBytes(uint8_t *output, uint8_t *input);
85    void aesInvSubBytes(uint8_t *output, uint8_t *input);
86    void aesShiftRows(uint8_t *output, uint8_t *input);
87    void aesInvShiftRows(uint8_t *output, uint8_t *input);
88    void aesAddRoundKey(uint8_t *output, uint8_t *input, uint8_t *key);
89
90    uint32_t ror(uint32_t x, uint8_t shift)
91    {
92        return (x >> shift) | (x << (32 - shift));
93    }
94
95    uint32_t choose(uint32_t X, uint32_t Y, uint32_t Z)
96    {
97        return (((Y ^ Z) & X) ^ Z);
98    }
99
100    uint32_t parity(uint32_t X, uint32_t Y, uint32_t Z)
101    {
102        return (X ^ Y ^ Z);
103    }
104
105    uint32_t majority(uint32_t X, uint32_t Y, uint32_t Z)
106    {
107        return ((X & Y) | ((X | Y) & Z));
108    }
109
110    uint32_t sigma0(uint32_t X)
111    {
112        return ror(X,2) ^ ror(X,13) ^ ror(X,22);
113    }
114
115    uint32_t sigma1(uint32_t X)
116    {
117        return ror(X,6) ^ ror(X,11) ^ ror(X,25);
118    }
119
120    void sha256Op(uint32_t *X, uint32_t *Y, uint32_t *Z);
121    void sha1Op(uint8_t *output, uint8_t *input, uint8_t *input2, SHAOp op);
122    void _sha1Op(uint32_t *X, uint32_t *Y, uint32_t *Z, SHAOp op);
123
124    void load2Reg(uint32_t *X, uint32_t *Y, uint8_t *output, uint8_t *input);
125    void load3Reg(uint32_t *X, uint32_t *Y, uint32_t *Z,
126                  uint8_t *output, uint8_t *input, uint8_t *input2);
127    void store1Reg(uint8_t *output, uint32_t *X);
128
129  public:
130    void aesMixColumns(uint8_t *output, uint8_t *input);
131    void aesInvMixColumns(uint8_t *output, uint8_t *input);
132    void aesEncrypt(uint8_t *output, uint8_t *input, uint8_t *key);
133    void aesDecrypt(uint8_t *output, uint8_t *input, uint8_t *key);
134    void sha256H(uint8_t *output, uint8_t *input, uint8_t *input2);
135    void sha256H2(uint8_t *output, uint8_t *input, uint8_t *input2);
136    void sha256Su0(uint8_t *output, uint8_t *input);
137    void sha256Su1(uint8_t *output, uint8_t *input, uint8_t *input2);
138
139    void sha1C(uint8_t *output, uint8_t *input, uint8_t *input2);
140    void sha1P(uint8_t *output, uint8_t *input, uint8_t *input2);
141    void sha1M(uint8_t *output, uint8_t *input, uint8_t *input2);
142    void sha1H(uint8_t *output, uint8_t *input);
143    void sha1Su0(uint8_t *output, uint8_t *input, uint8_t *input2);
144    void sha1Su1(uint8_t *output, uint8_t *input);
145};
146
147} // namespace ArmISA
148
149#endif //__ARCH_ARM_INSTS_CRYPTO_HH__
150