Skip to content

Commit

Permalink
spec,spike,sail,toolchain: Update SM4/RV32 AES encodings.
Browse files Browse the repository at this point in the history 
After feedback (see #65)  and discussion within the TG at the Dec 17'th 2020
meeting, the SM4 and RV32 AES instruction encodings have been changed to source
rd from rs1, and re-use the rd field as encoding space. This was deemed
preferable to reclaiming the opcode space with the former rd==rs1 scheme.

The change updates the encodings in the specificaiton, and brings the
other components of the repository in line with this:

- Spike
- Binutils
- SAIL
- Benchmarks
- Intrinsics

 On branch dev/next-release
 Your branch is up-to-date with 'origin/dev/next-release'.

 Changes to be committed:
	modified:   benchmarks/aes/zscrypto_rv32/aes_128_ks.S
	modified:   benchmarks/aes/zscrypto_rv32/aes_192_ks.S
	modified:   benchmarks/aes/zscrypto_rv32/aes_256_ks.S
	modified:   benchmarks/aes/zscrypto_rv32/aes_dec.S
	modified:   benchmarks/aes/zscrypto_rv32/aes_enc.S
	modified:   benchmarks/share/riscv-crypto-intrinsics.h
	modified:   bin/better_parse_opcodes.py
	modified:   doc/Makefile
	modified:   doc/riscv-crypto-spec-scalar.tex
	modified:   doc/tex/appx-scalar-encodings.tex
	modified:   doc/tex/sec-scalar-aes.tex
	modified:   doc/tex/sec-scalar-sha2.tex
	modified:   doc/tex/sec-scalar-sm4.tex
	modified:   sail/riscv_insts_crypto.sail
	modified:   sail/riscv_insts_crypto_rv32.sail
	modified:   sail/riscv_insts_crypto_rv64.sail
	modified:   tools/opcodes-crypto-scalar-both
	modified:   tools/opcodes-crypto-scalar-rv32
	modified:   tools/patch-binutils.patch
	modified:   tools/patch-spike.patch

 Changes not staged for commit:
	modified:   extern/riscv-compliance (modified content)
	modified:   extern/riscv-gnu-toolchain (modified content)
	modified:   extern/riscv-isa-sim (modified content)
	modified:   extern/sail-riscv (modified content, untracked content)
  • Loading branch information
@ben-marshall
ben-marshall committed Dec 18, 2020
1 parent 54566fe commit bffeed3
Show file tree
Hide file tree
Showing 20 changed files with 400 additions and 390 deletions.
28 changes: 15 additions & 13 deletions benchmarks/aes/zscrypto_rv32/aes_128_ks.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,10 @@ aes_128_enc_key_schedule: // a0 - uint32_t rk [AES_128_RK_WORDS]
xor C0, C0, RCT // c0 ^= rcp

ROR32I T1, T2, C3, 8 // tr = ROR32(c3, 8)
aes32esi C0, C0, T1, 0 // tr = sbox(tr)
aes32esi C0, C0, T1, 1 //
aes32esi C0, C0, T1, 2 //
aes32esi C0, C0, T1, 3 //
aes32esi C0, T1, 0 // tr = sbox(tr)
aes32esi C0, T1, 1 //
aes32esi C0, T1, 2 //
aes32esi C0, T1, 3 //

xor C1, C1, C0 // C1 ^= C0
xor C2, C2, C1 // C1 ^= C0
Expand Down Expand Up @@ -110,15 +110,17 @@ aes_128_dec_key_schedule: // a0 - uint32_t rk [AES_128_RK_WORDS]

lw T0, 0(RKP) // Load key word

aes32esi T1, zero, T0, 0 // Sub Word Forward
aes32esi T1, T1 , T0, 1
aes32esi T1, T1 , T0, 2
aes32esi T1, T1 , T0, 3

aes32dsmi T0, zero, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T0 , T1, 1
aes32dsmi T0, T0 , T1, 2
aes32dsmi T0, T0 , T1, 3
li T1, 0
aes32esi T1, T0, 0 // Sub Word Forward
aes32esi T1, T0, 1
aes32esi T1, T0, 2
aes32esi T1, T0, 3

li T0, 0
aes32dsmi T0, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T1, 1
aes32dsmi T0, T1, 2
aes32dsmi T0, T1, 3

sw T0, 0(RKP) // Store key word.

Expand Down
28 changes: 15 additions & 13 deletions benchmarks/aes/zscrypto_rv32/aes_192_ks.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,10 @@ aes_192_enc_key_schedule: // a0 - uint32_t rk [AES_192_RK_WORDS]
xor C0, C0, RCT // c0 ^= rcp

ROR32I T1, T2, C5, 8 // tr = ROR32(c3, 8)
aes32esi C0, C0, T1, 0 // tr = sbox(tr)
aes32esi C0, C0, T1, 1 //
aes32esi C0, C0, T1, 2 //
aes32esi C0, C0, T1, 3 //
aes32esi C0, T1, 0 // tr = sbox(tr)
aes32esi C0, T1, 1 //
aes32esi C0, T1, 2 //
aes32esi C0, T1, 3 //

xor C1, C1, C0 // C1 ^= C0
xor C2, C2, C1 // C2 ^= C1
Expand Down Expand Up @@ -122,15 +122,17 @@ aes_192_dec_key_schedule: // a0 - uint32_t rk [AES_192_RK_WORDS]

lw T0, 0(RKP) // Load key word

aes32esi T1, zero, T0, 0 // Sub Word Forward
aes32esi T1, T1 , T0, 1
aes32esi T1, T1 , T0, 2
aes32esi T1, T1 , T0, 3

aes32dsmi T0, zero, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T0 , T1, 1
aes32dsmi T0, T0 , T1, 2
aes32dsmi T0, T0 , T1, 3
li T1, 0
aes32esi T1, T0, 0 // Sub Word Forward
aes32esi T1, T0, 1
aes32esi T1, T0, 2
aes32esi T1, T0, 3

li T0, 0
aes32dsmi T0, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T1, 1
aes32dsmi T0, T1, 2
aes32dsmi T0, T1, 3

sw T0, 0(RKP) // Store key word.

Expand Down
36 changes: 19 additions & 17 deletions benchmarks/aes/zscrypto_rv32/aes_256_ks.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,10 @@ aes_256_enc_key_schedule: // a0 - uint32_t rk [AES_256_RK_WORDS]
xor C0, C0, RCT // c0 ^= rcp

ROR32I T1, T2, C7, 8 // tr = ROR32(c3, 8)
aes32esi C0, C0, T1, 0 // tr = sbox(tr)
aes32esi C0, C0, T1, 1 //
aes32esi C0, C0, T1, 2 //
aes32esi C0, C0, T1, 3 //
aes32esi C0, T1, 0 // tr = sbox(tr)
aes32esi C0, T1, 1 //
aes32esi C0, T1, 2 //
aes32esi C0, T1, 3 //

xor C1, C1, C0 // C1 ^= C0
xor C2, C2, C1 // C2 ^= C1
Expand All @@ -87,10 +87,10 @@ aes_256_enc_key_schedule: // a0 - uint32_t rk [AES_256_RK_WORDS]

beq RKE, RKP, .aes_256_enc_ks_finish

aes32esi C4, C4, C3, 0 // tr = sbox(tr)
aes32esi C4, C4, C3, 1 //
aes32esi C4, C4, C3, 2 //
aes32esi C4, C4, C3, 3 //
aes32esi C4, C3, 0 // tr = sbox(tr)
aes32esi C4, C3, 1 //
aes32esi C4, C3, 2 //
aes32esi C4, C3, 3 //

xor C5, C5, C4 // C5 ^= C4
xor C6, C6, C5 // C6 ^= C5
Expand Down Expand Up @@ -140,15 +140,17 @@ aes_256_dec_key_schedule: // a0 - uint32_t rk [AES_256_RK_WORDS]

lw T0, 0(RKP) // Load key word

aes32esi T1, zero, T0, 0 // Sub Word Forward
aes32esi T1, T1 , T0, 1
aes32esi T1, T1 , T0, 2
aes32esi T1, T1 , T0, 3

aes32dsmi T0, zero, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T0 , T1, 1
aes32dsmi T0, T0 , T1, 2
aes32dsmi T0, T0 , T1, 3
li T1, 0
aes32esi T1, T0, 0 // Sub Word Forward
aes32esi T1, T0, 1
aes32esi T1, T0, 2
aes32esi T1, T0, 3

li T0, 0
aes32dsmi T0, T1, 0 // Sub Word Inverse & Inverse MixColumns
aes32dsmi T0, T1, 1
aes32dsmi T0, T1, 2
aes32dsmi T0, T1, 3

sw T0, 0(RKP) // Store key word.

Expand Down
114 changes: 57 additions & 57 deletions benchmarks/aes/zscrypto_rv32/aes_dec.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,25 +61,25 @@ aes_ecb_decrypt: // a2 - uint32_t * rk,
lw U2, 24(KP)
lw U3, 28(KP)

aes32dsmi U0, U0, T0, 0 // Even Round
aes32dsmi U0, U0, T3, 1
aes32dsmi U0, U0, T2, 2
aes32dsmi U0, U0, T1, 3

aes32dsmi U1, U1, T1, 0
aes32dsmi U1, U1, T0, 1
aes32dsmi U1, U1, T3, 2
aes32dsmi U1, U1, T2, 3

aes32dsmi U2, U2, T2, 0
aes32dsmi U2, U2, T1, 1
aes32dsmi U2, U2, T0, 2
aes32dsmi U2, U2, T3, 3

aes32dsmi U3, U3, T3, 0
aes32dsmi U3, U3, T2, 1
aes32dsmi U3, U3, T1, 2
aes32dsmi U3, U3, T0, 3 // U* contains new state
aes32dsmi U0, T0, 0 // Even Round
aes32dsmi U0, T3, 1
aes32dsmi U0, T2, 2
aes32dsmi U0, T1, 3

aes32dsmi U1, T1, 0
aes32dsmi U1, T0, 1
aes32dsmi U1, T3, 2
aes32dsmi U1, T2, 3

aes32dsmi U2, T2, 0
aes32dsmi U2, T1, 1
aes32dsmi U2, T0, 2
aes32dsmi U2, T3, 3

aes32dsmi U3, T3, 0
aes32dsmi U3, T2, 1
aes32dsmi U3, T1, 2
aes32dsmi U3, T0, 3 // U* contains new state

lw T0, 0(KP) // Load Round Key
lw T1, 4(KP)
Expand All @@ -89,49 +89,49 @@ aes_ecb_decrypt: // a2 - uint32_t * rk,
beq RK, KP, .aes_dec_block_l_finish // Break from loop
addi KP, KP, -32 // Step Key pointer

aes32dsmi T0, T0, U0, 0 // Odd Round
aes32dsmi T0, T0, U3, 1
aes32dsmi T0, T0, U2, 2
aes32dsmi T0, T0, U1, 3

aes32dsmi T1, T1, U1, 0
aes32dsmi T1, T1, U0, 1
aes32dsmi T1, T1, U3, 2
aes32dsmi T1, T1, U2, 3

aes32dsmi T2, T2, U2, 0
aes32dsmi T2, T2, U1, 1
aes32dsmi T2, T2, U0, 2
aes32dsmi T2, T2, U3, 3

aes32dsmi T3, T3, U3, 0
aes32dsmi T3, T3, U2, 1
aes32dsmi T3, T3, U1, 2
aes32dsmi T3, T3, U0, 3 // T* contains new state
aes32dsmi T0, U0, 0 // Odd Round
aes32dsmi T0, U3, 1
aes32dsmi T0, U2, 2
aes32dsmi T0, U1, 3

aes32dsmi T1, U1, 0
aes32dsmi T1, U0, 1
aes32dsmi T1, U3, 2
aes32dsmi T1, U2, 3

aes32dsmi T2, U2, 0
aes32dsmi T2, U1, 1
aes32dsmi T2, U0, 2
aes32dsmi T2, U3, 3

aes32dsmi T3, U3, 0
aes32dsmi T3, U2, 1
aes32dsmi T3, U1, 2
aes32dsmi T3, U0, 3 // T* contains new state

j .aes_dec_block_l0 // repeat loop

.aes_dec_block_l_finish:

aes32dsi T0, T0, U0, 0 // Final round, no MixColumns
aes32dsi T0, T0, U3, 1
aes32dsi T0, T0, U2, 2
aes32dsi T0, T0, U1, 3

aes32dsi T1, T1, U1, 0
aes32dsi T1, T1, U0, 1
aes32dsi T1, T1, U3, 2
aes32dsi T1, T1, U2, 3

aes32dsi T2, T2, U2, 0
aes32dsi T2, T2, U1, 1
aes32dsi T2, T2, U0, 2
aes32dsi T2, T2, U3, 3

aes32dsi T3, T3, U3, 0
aes32dsi T3, T3, U2, 1
aes32dsi T3, T3, U1, 2
aes32dsi T3, T3, U0, 3 // T* contains new state
aes32dsi T0, U0, 0 // Final round, no MixColumns
aes32dsi T0, U3, 1
aes32dsi T0, U2, 2
aes32dsi T0, U1, 3

aes32dsi T1, U1, 0
aes32dsi T1, U0, 1
aes32dsi T1, U3, 2
aes32dsi T1, U2, 3

aes32dsi T2, U2, 0
aes32dsi T2, U1, 1
aes32dsi T2, U0, 2
aes32dsi T2, U3, 3

aes32dsi T3, U3, 0
aes32dsi T3, U2, 1
aes32dsi T3, U1, 2
aes32dsi T3, U0, 3 // T* contains new state

AES_DUMP_STATE T0, T1, T2, T3, PT

Expand Down
Loading

0 comments on commit bffeed3

Please sign in to comment.