crypto.hh revision 13169
1/* 2 * Copyright (c) 2018 ARM Limited 3 * All rights reserved 4 * 5 * The license below extends only to copyright in the software and shall 6 * not be construed as granting a license to any other intellectual 7 * property including but not limited to intellectual property relating 8 * to a hardware implementation of the functionality of the software 9 * licensed hereunder. You may use the software subject to the license 10 * terms below provided that you ensure that this notice is replicated 11 * unmodified and in its entirety in all distributions of the software, 12 * modified or unmodified, in source code or in binary form. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are 16 * met: redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer; 18 * redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution; 21 * neither the name of the copyright holders nor the names of its 22 * contributors may be used to endorse or promote products derived from 23 * this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 * 37 * Authors: Matt Horsnell 38 * Prakash Ramrakhyani 39 */ 40 41#ifndef __ARCH_ARM_INSTS_CRYPTO_HH__ 42#define __ARCH_ARM_INSTS_CRYPTO_HH__ 43 44namespace ArmISA { 45 46class Crypto 47{ 48 enum SHAOp : uint8_t 49 { 50 CHOOSE = 0, 51 PARITY, 52 MAJORITY 53 }; 54 55 /** Look up table for subByttes transformation */ 56 static const uint8_t aesSBOX[256]; 57 58 /** Look up table for inverse subBytes transformation */ 59 static const uint8_t aesInvSBOX[256]; 60 61 static const uint8_t aesSHIFT[16]; 62 static const uint8_t aesINVSHIFT[16]; 63 64 /** 65 * Look up table for Finite Field logarithm where the base 66 * is the element {03} in the field G(256) 67 */ 68 static const uint8_t aesFFLOG[256]; 69 70 /** 71 * Look up table for {03}^X where {03} and X are elements 72 * in the filed G(256) 73 */ 74 static const uint8_t aesFFEXP[256]; 75 76 /** Finite field multiplication of two elements in the field G(256) */ 77 uint8_t aesFFMul(uint8_t a, uint8_t b); 78 79 uint8_t aesFFMul2(uint8_t a) 80 { 81 return ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1)); 82 } 83 84 void aesSubBytes(uint8_t *output, uint8_t *input); 85 void aesInvSubBytes(uint8_t *output, uint8_t *input); 86 void aesShiftRows(uint8_t *output, uint8_t *input); 87 void aesInvShiftRows(uint8_t *output, uint8_t *input); 88 void aesAddRoundKey(uint8_t *output, uint8_t *input, uint8_t *key); 89 90 uint32_t ror(uint32_t x, uint8_t shift) 91 { 92 return (x >> shift) | (x << (32 - shift)); 93 } 94 95 uint32_t choose(uint32_t X, uint32_t Y, uint32_t Z) 96 { 97 return (((Y ^ Z) & X) ^ Z); 98 } 99 100 uint32_t parity(uint32_t X, uint32_t Y, uint32_t Z) 101 { 102 return (X ^ Y ^ Z); 103 } 104 105 uint32_t majority(uint32_t X, uint32_t Y, uint32_t Z) 106 { 107 return ((X & Y) | ((X | Y) & Z)); 108 } 109 110 uint32_t sigma0(uint32_t X) 111 { 112 return ror(X,2) ^ ror(X,13) ^ ror(X,22); 113 } 114 115 uint32_t sigma1(uint32_t X) 116 { 117 return ror(X,6) ^ ror(X,11) ^ ror(X,25); 118 } 119 120 void sha256Op(uint32_t *X, uint32_t *Y, uint32_t *Z); 121 void sha1Op(uint8_t *output, uint8_t *input, uint8_t *input2, SHAOp op); 122 void _sha1Op(uint32_t *X, uint32_t *Y, uint32_t *Z, SHAOp op); 123 124 void load2Reg(uint32_t *X, uint32_t *Y, uint8_t *output, uint8_t *input); 125 void load3Reg(uint32_t *X, uint32_t *Y, uint32_t *Z, 126 uint8_t *output, uint8_t *input, uint8_t *input2); 127 void store1Reg(uint8_t *output, uint32_t *X); 128 129 public: 130 void aesMixColumns(uint8_t *output, uint8_t *input); 131 void aesInvMixColumns(uint8_t *output, uint8_t *input); 132 void aesEncrypt(uint8_t *output, uint8_t *input, uint8_t *key); 133 void aesDecrypt(uint8_t *output, uint8_t *input, uint8_t *key); 134 void sha256H(uint8_t *output, uint8_t *input, uint8_t *input2); 135 void sha256H2(uint8_t *output, uint8_t *input, uint8_t *input2); 136 void sha256Su0(uint8_t *output, uint8_t *input); 137 void sha256Su1(uint8_t *output, uint8_t *input, uint8_t *input2); 138 139 void sha1C(uint8_t *output, uint8_t *input, uint8_t *input2); 140 void sha1P(uint8_t *output, uint8_t *input, uint8_t *input2); 141 void sha1M(uint8_t *output, uint8_t *input, uint8_t *input2); 142 void sha1H(uint8_t *output, uint8_t *input); 143 void sha1Su0(uint8_t *output, uint8_t *input, uint8_t *input2); 144 void sha1Su1(uint8_t *output, uint8_t *input); 145}; 146 147} // namespace ArmISA 148 149#endif //__ARCH_ARM_INSTS_CRYPTO_HH__ 150