crypto.hh revision 13169
12810Srdreslin@umich.edu/* 211375Sandreas.hansson@arm.com * Copyright (c) 2018 ARM Limited 311051Sandreas.hansson@arm.com * All rights reserved 411051Sandreas.hansson@arm.com * 511051Sandreas.hansson@arm.com * The license below extends only to copyright in the software and shall 611051Sandreas.hansson@arm.com * not be construed as granting a license to any other intellectual 711051Sandreas.hansson@arm.com * property including but not limited to intellectual property relating 811051Sandreas.hansson@arm.com * to a hardware implementation of the functionality of the software 911051Sandreas.hansson@arm.com * licensed hereunder. You may use the software subject to the license 1011051Sandreas.hansson@arm.com * terms below provided that you ensure that this notice is replicated 1111051Sandreas.hansson@arm.com * unmodified and in its entirety in all distributions of the software, 1211051Sandreas.hansson@arm.com * modified or unmodified, in source code or in binary form. 1311051Sandreas.hansson@arm.com * 1411051Sandreas.hansson@arm.com * Redistribution and use in source and binary forms, with or without 1511051Sandreas.hansson@arm.com * modification, are permitted provided that the following conditions are 162810Srdreslin@umich.edu * met: redistributions of source code must retain the above copyright 172810Srdreslin@umich.edu * notice, this list of conditions and the following disclaimer; 182810Srdreslin@umich.edu * redistributions in binary form must reproduce the above copyright 192810Srdreslin@umich.edu * notice, this list of conditions and the following disclaimer in the 202810Srdreslin@umich.edu * documentation and/or other materials provided with the distribution; 212810Srdreslin@umich.edu * neither the name of the copyright holders nor the names of its 222810Srdreslin@umich.edu * contributors may be used to endorse or promote products derived from 232810Srdreslin@umich.edu * this software without specific prior written permission. 242810Srdreslin@umich.edu * 252810Srdreslin@umich.edu * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 262810Srdreslin@umich.edu * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 272810Srdreslin@umich.edu * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 282810Srdreslin@umich.edu * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 292810Srdreslin@umich.edu * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 302810Srdreslin@umich.edu * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 312810Srdreslin@umich.edu * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 322810Srdreslin@umich.edu * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 332810Srdreslin@umich.edu * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 342810Srdreslin@umich.edu * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 352810Srdreslin@umich.edu * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 362810Srdreslin@umich.edu * 372810Srdreslin@umich.edu * Authors: Matt Horsnell 382810Srdreslin@umich.edu * Prakash Ramrakhyani 392810Srdreslin@umich.edu */ 402810Srdreslin@umich.edu 412810Srdreslin@umich.edu#ifndef __ARCH_ARM_INSTS_CRYPTO_HH__ 4211051Sandreas.hansson@arm.com#define __ARCH_ARM_INSTS_CRYPTO_HH__ 4311051Sandreas.hansson@arm.com 442810Srdreslin@umich.edunamespace ArmISA { 4511051Sandreas.hansson@arm.com 4611051Sandreas.hansson@arm.comclass Crypto 472810Srdreslin@umich.edu{ 482810Srdreslin@umich.edu enum SHAOp : uint8_t 492810Srdreslin@umich.edu { 502810Srdreslin@umich.edu CHOOSE = 0, 5111051Sandreas.hansson@arm.com PARITY, 522810Srdreslin@umich.edu MAJORITY 532810Srdreslin@umich.edu }; 5411051Sandreas.hansson@arm.com 552810Srdreslin@umich.edu /** Look up table for subByttes transformation */ 5611051Sandreas.hansson@arm.com static const uint8_t aesSBOX[256]; 5711051Sandreas.hansson@arm.com 5811051Sandreas.hansson@arm.com /** Look up table for inverse subBytes transformation */ 5911051Sandreas.hansson@arm.com static const uint8_t aesInvSBOX[256]; 6011051Sandreas.hansson@arm.com 6111288Ssteve.reinhardt@amd.com static const uint8_t aesSHIFT[16]; 6211051Sandreas.hansson@arm.com static const uint8_t aesINVSHIFT[16]; 6311051Sandreas.hansson@arm.com 6411051Sandreas.hansson@arm.com /** 6511051Sandreas.hansson@arm.com * Look up table for Finite Field logarithm where the base 6611051Sandreas.hansson@arm.com * is the element {03} in the field G(256) 6711053Sandreas.hansson@arm.com */ 6811053Sandreas.hansson@arm.com static const uint8_t aesFFLOG[256]; 6911051Sandreas.hansson@arm.com 7011051Sandreas.hansson@arm.com /** 7111051Sandreas.hansson@arm.com * Look up table for {03}^X where {03} and X are elements 7211197Sandreas.hansson@arm.com * in the filed G(256) 7311197Sandreas.hansson@arm.com */ 7411199Sandreas.hansson@arm.com static const uint8_t aesFFEXP[256]; 7511197Sandreas.hansson@arm.com 7611197Sandreas.hansson@arm.com /** Finite field multiplication of two elements in the field G(256) */ 7711197Sandreas.hansson@arm.com uint8_t aesFFMul(uint8_t a, uint8_t b); 7811051Sandreas.hansson@arm.com 7911051Sandreas.hansson@arm.com uint8_t aesFFMul2(uint8_t a) 8011051Sandreas.hansson@arm.com { 8111051Sandreas.hansson@arm.com return ((a & 0x80) ? ((a << 1) ^ 0x1b) : (a << 1)); 8211051Sandreas.hansson@arm.com } 8311051Sandreas.hansson@arm.com 8411051Sandreas.hansson@arm.com void aesSubBytes(uint8_t *output, uint8_t *input); 8511051Sandreas.hansson@arm.com void aesInvSubBytes(uint8_t *output, uint8_t *input); 8611051Sandreas.hansson@arm.com void aesShiftRows(uint8_t *output, uint8_t *input); 8711051Sandreas.hansson@arm.com void aesInvShiftRows(uint8_t *output, uint8_t *input); 8811051Sandreas.hansson@arm.com void aesAddRoundKey(uint8_t *output, uint8_t *input, uint8_t *key); 8911051Sandreas.hansson@arm.com 9011051Sandreas.hansson@arm.com uint32_t ror(uint32_t x, uint8_t shift) 9111051Sandreas.hansson@arm.com { 9211051Sandreas.hansson@arm.com return (x >> shift) | (x << (32 - shift)); 9311051Sandreas.hansson@arm.com } 9411051Sandreas.hansson@arm.com 9511051Sandreas.hansson@arm.com uint32_t choose(uint32_t X, uint32_t Y, uint32_t Z) 9611051Sandreas.hansson@arm.com { 9711051Sandreas.hansson@arm.com return (((Y ^ Z) & X) ^ Z); 9811051Sandreas.hansson@arm.com } 9911051Sandreas.hansson@arm.com 10011051Sandreas.hansson@arm.com uint32_t parity(uint32_t X, uint32_t Y, uint32_t Z) 10111051Sandreas.hansson@arm.com { 10211051Sandreas.hansson@arm.com return (X ^ Y ^ Z); 10311051Sandreas.hansson@arm.com } 10411051Sandreas.hansson@arm.com 10511051Sandreas.hansson@arm.com uint32_t majority(uint32_t X, uint32_t Y, uint32_t Z) 10611051Sandreas.hansson@arm.com { 10711051Sandreas.hansson@arm.com return ((X & Y) | ((X | Y) & Z)); 10811051Sandreas.hansson@arm.com } 10911051Sandreas.hansson@arm.com 11011051Sandreas.hansson@arm.com uint32_t sigma0(uint32_t X) 11111051Sandreas.hansson@arm.com { 11211051Sandreas.hansson@arm.com return ror(X,2) ^ ror(X,13) ^ ror(X,22); 11311051Sandreas.hansson@arm.com } 11411051Sandreas.hansson@arm.com 11511051Sandreas.hansson@arm.com uint32_t sigma1(uint32_t X) 11611051Sandreas.hansson@arm.com { 11711051Sandreas.hansson@arm.com return ror(X,6) ^ ror(X,11) ^ ror(X,25); 11811051Sandreas.hansson@arm.com } 11911051Sandreas.hansson@arm.com 12011051Sandreas.hansson@arm.com void sha256Op(uint32_t *X, uint32_t *Y, uint32_t *Z); 12111051Sandreas.hansson@arm.com void sha1Op(uint8_t *output, uint8_t *input, uint8_t *input2, SHAOp op); 12211051Sandreas.hansson@arm.com void _sha1Op(uint32_t *X, uint32_t *Y, uint32_t *Z, SHAOp op); 12311051Sandreas.hansson@arm.com 12411051Sandreas.hansson@arm.com void load2Reg(uint32_t *X, uint32_t *Y, uint8_t *output, uint8_t *input); 12511051Sandreas.hansson@arm.com void load3Reg(uint32_t *X, uint32_t *Y, uint32_t *Z, 12611051Sandreas.hansson@arm.com uint8_t *output, uint8_t *input, uint8_t *input2); 12711051Sandreas.hansson@arm.com void store1Reg(uint8_t *output, uint32_t *X); 12811051Sandreas.hansson@arm.com 12911051Sandreas.hansson@arm.com public: 13011051Sandreas.hansson@arm.com void aesMixColumns(uint8_t *output, uint8_t *input); 13111051Sandreas.hansson@arm.com void aesInvMixColumns(uint8_t *output, uint8_t *input); 13211051Sandreas.hansson@arm.com void aesEncrypt(uint8_t *output, uint8_t *input, uint8_t *key); 13311051Sandreas.hansson@arm.com void aesDecrypt(uint8_t *output, uint8_t *input, uint8_t *key); 13411051Sandreas.hansson@arm.com void sha256H(uint8_t *output, uint8_t *input, uint8_t *input2); 13511051Sandreas.hansson@arm.com void sha256H2(uint8_t *output, uint8_t *input, uint8_t *input2); 13611051Sandreas.hansson@arm.com void sha256Su0(uint8_t *output, uint8_t *input); 13711051Sandreas.hansson@arm.com void sha256Su1(uint8_t *output, uint8_t *input, uint8_t *input2); 13811051Sandreas.hansson@arm.com 13911051Sandreas.hansson@arm.com void sha1C(uint8_t *output, uint8_t *input, uint8_t *input2); 14011051Sandreas.hansson@arm.com void sha1P(uint8_t *output, uint8_t *input, uint8_t *input2); 14111051Sandreas.hansson@arm.com void sha1M(uint8_t *output, uint8_t *input, uint8_t *input2); 14211051Sandreas.hansson@arm.com void sha1H(uint8_t *output, uint8_t *input); 14311051Sandreas.hansson@arm.com void sha1Su0(uint8_t *output, uint8_t *input, uint8_t *input2); 14411051Sandreas.hansson@arm.com void sha1Su1(uint8_t *output, uint8_t *input); 14511051Sandreas.hansson@arm.com}; 14611051Sandreas.hansson@arm.com 14711051Sandreas.hansson@arm.com} // namespace ArmISA 14811051Sandreas.hansson@arm.com 14911051Sandreas.hansson@arm.com#endif //__ARCH_ARM_INSTS_CRYPTO_HH__ 15011051Sandreas.hansson@arm.com