From patchwork Sat Jun 3 02:33:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Henderson X-Patchwork-Id: 688762 Delivered-To: patch@linaro.org Received: by 2002:a5d:4d8a:0:0:0:0:0 with SMTP id b10csp1164246wru; Fri, 2 Jun 2023 19:35:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7dMqedNUwbGnVIqMuSR4ti9Bu7r4AJOwhKks3wISKyeeeKkbs53C/RrKD5E7Sde6al856E X-Received: by 2002:ac8:5947:0:b0:3f5:4da8:1a84 with SMTP id 7-20020ac85947000000b003f54da81a84mr293665qtz.57.1685759725599; Fri, 02 Jun 2023 19:35:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685759725; cv=none; d=google.com; s=arc-20160816; b=yqLelgBd2tUrhLQ/pPxC/sEiX7k7dgieZoI5fQwSom4f4CUveDj6WpNMpZCFGNHJfO W7HWXSIeI+XNL7bytULEWeFdvBPC4hZkiZAczF8641NSCigb+rH2O6dPTpokzeieNV8m vlRYIMfG2PQUqSLtGU1aN7BurOAe7OVnC98VZF6F7kqL1QtxuuytCgDXA4EskZxKW9t5 kEgVBZl9t1lLWlBNxii+/+SEeGW9zz5nPq9z1r26D2BgtIvppBuRkQh+MF0R/VXVMTUb mTyKltr0T7ZNBwcRNWwypJCO46xh9eA+YX9ZGj9WRKRqCZzQbekI3OVm4AP6BVz7+nwh 9ohw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=LNrixbLD1quRMNEgIizrIMayF2Yoe90LdRAg5aS0aAQ=; b=QGxA325BxsUFwN8HsEJ3H0OmTSEKOEdlsweQhr2NVGwy2ZAIpig62umUqUzD5ZRg1G /5K33EbGEHFjOS4GlkYWZc5UtmTJPRF92j/dMsRevYlklue8IqZfewYTIPdLX4fI9GGo 5+xjIPvh4azwFaf7ZRvwXT1yw6W8Zrbn/YtJuHl5/2uvyBvUaTXV7IXQur4NK5VU2I+R jI715odHSwhBGDHhzTo5Z4Z8yDA/FMPwJdViZ6gd5Kiwhcpv9R4n0UyNFbM2sPeiiwZ7 za7XMSrn/rLJ0q4kfsM0MWKKmapzB2in+hoej519iTO9uwdg5OOAhOUMWpVNKY38Yf7k YWGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C8JmZqCU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id f3-20020ac87f03000000b003e18051efdbsi1677700qtk.671.2023.06.02.19.35.25 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 02 Jun 2023 19:35:25 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=C8JmZqCU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q5H69-0000HY-O6; Fri, 02 Jun 2023 22:34:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q5H67-0000Fk-Jj for qemu-devel@nongnu.org; Fri, 02 Jun 2023 22:34:31 -0400 Received: from mail-pj1-x1029.google.com ([2607:f8b0:4864:20::1029]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q5H65-0004gf-L3 for qemu-devel@nongnu.org; Fri, 02 Jun 2023 22:34:31 -0400 Received: by mail-pj1-x1029.google.com with SMTP id 98e67ed59e1d1-25692ff86cdso2203732a91.2 for ; Fri, 02 Jun 2023 19:34:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1685759668; x=1688351668; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LNrixbLD1quRMNEgIizrIMayF2Yoe90LdRAg5aS0aAQ=; b=C8JmZqCU7VLXmCWp4P20R365pD9D7yw1h6kHYO5gltWYWLbftAotZNkbIwOcYYfxrH 4R/r0L8D0U7qDeprFiJ2R0Z4uooLhw3HYbLiwlV6e+zqEai2tgRoU4Wto/V1ZdCpcHb2 9KVCHwdVp5oG973LE7zCbV2EU4hiIofgaeMJfrxlSYrcS+CXGh0B5QQBRwcwCRAvjv4g unTqtME3Ir0jditOSvurhvb+DSHys3UTDRzdfJgiYUKN2f5rQJCKssaHF7GBd9G6auVq pB8+UJgqx/6Fm9jPeTJdcY2jMp4hgEUvvRP35tlL1uQA/bsnw3MBkJqxrnaIdBvqisqt paBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685759668; x=1688351668; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LNrixbLD1quRMNEgIizrIMayF2Yoe90LdRAg5aS0aAQ=; b=bZb5ItH6LlzKTW+pbG7cUgih+WZmV5Tnp2EIJn8OWUM6htc2z+cIFUQ+w6FL0xt8j5 YfxXCzDmtblfK1TWrrXVs2g/Cb15z2yKcPYy0hREFY19fEAjbVdY65M6c7vwFy0Mx91/ 5Gk9T+FP5v/gOO2BK4SbP9k6WQwF4RvqCFKd1sfunkRxTEd241qljWAL+yAXDg8zMzsb I+Uw4aXRWTrmOLJ6DoILGRDZs0/GaQlP62inLobAucSCttOx51QYqOeU5/+a9Iy5N0vS T6+tMyVhM8KXKJlCwyAJhxCpQpNE9dGHuKAgsMkuqBNKLEtYai8MvtNwRDQDVOmyGZeY 5A2Q== X-Gm-Message-State: AC+VfDwbcKZd6C4jUq1ZbTmRV8ciB5WnDgTAg1oIcewn+h3GrjfnpLhD j7NRFIMUs1qIUjtW++aBNZNfzKBsOVdg5HaDHNM= X-Received: by 2002:a17:90a:578a:b0:252:dd86:9c46 with SMTP id g10-20020a17090a578a00b00252dd869c46mr1690691pji.31.1685759667840; Fri, 02 Jun 2023 19:34:27 -0700 (PDT) Received: from stoup.. ([2602:ae:1598:4c01:66a6:82c2:d794:68f6]) by smtp.gmail.com with ESMTPSA id e91-20020a17090a6fe400b002508d73f4e8sm3914289pjk.57.2023.06.02.19.34.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jun 2023 19:34:27 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Cc: ardb@kernel.org, berrange@redhat.com, qemu-arm@nongnu.org, qemu-ppc@nongnu.org, qemu-riscv@nongnu.org, pbonzini@redhat.com Subject: [PATCH 00/35] crypto: Provide aes-round.h and host accel Date: Fri, 2 Jun 2023 19:33:51 -0700 Message-Id: <20230603023426.1064431-1-richard.henderson@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2607:f8b0:4864:20::1029; envelope-from=richard.henderson@linaro.org; helo=mail-pj1-x1029.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Inspired by Ard Biesheuvel's RFC patches for accelerating AES under emulation, provide a set of primitives that maps between the guest and host fragments. There is a small guest correctness test case. I think the end result is quite a bit cleaner, since the logic is now centralized, rather than spread across 4 different guests. Further work could clean up crypto/aes.c itself to use these instead of the tables directly. I'm sure that's just an ultimate fallback when an appropriate system library is not available, and so not terribly important, but it could still significantly reduce the amount of code we carry. I would imagine structuring a polynomial multiplication header in a similar way. There are 4 or 5 versions of those spread across the different guests. Anyway, please review. r~ Richard Henderson (35): tests/multiarch: Add test-aes target/arm: Move aesmc and aesimc tables to crypto/aes.c crypto/aes: Add constants for ShiftRows, InvShiftRows crypto: Add aesenc_SB_SR target/i386: Use aesenc_SB_SR target/arm: Demultiplex AESE and AESMC target/arm: Use aesenc_SB_SR target/ppc: Use aesenc_SB_SR target/riscv: Use aesenc_SB_SR crypto: Add aesdec_ISB_ISR target/i386: Use aesdec_ISB_ISR target/arm: Use aesdec_ISB_ISR target/ppc: Use aesdec_ISB_ISR target/riscv: Use aesdec_ISB_ISR crypto: Add aesenc_MC target/arm: Use aesenc_MC crypto: Add aesdec_IMC target/i386: Use aesdec_IMC target/arm: Use aesdec_IMC target/riscv: Use aesdec_IMC crypto: Add aesenc_SB_SR_MC_AK target/i386: Use aesenc_SB_SR_MC_AK target/ppc: Use aesenc_SB_SR_MC_AK target/riscv: Use aesenc_SB_SR_MC_AK crypto: Add aesdec_ISB_ISR_IMC_AK target/i386: Use aesdec_ISB_ISR_IMC_AK target/riscv: Use aesdec_ISB_ISR_IMC_AK crypto: Add aesdec_ISB_ISR_AK_IMC target/ppc: Use aesdec_ISB_ISR_AK_IMC host/include/i386: Implement aes-round.h host/include/aarch64: Implement aes-round.h crypto: Remove AES_shifts, AES_ishifts crypto: Implement aesdec_IMC with AES_imc_rot crypto: Remove AES_imc crypto: Unexport AES_*_rot, AES_TeN, AES_TdN host/include/aarch64/host/aes-round.h | 204 ++++++ host/include/aarch64/host/cpuinfo.h | 1 + host/include/generic/host/aes-round.h | 36 ++ host/include/i386/host/aes-round.h | 148 +++++ host/include/i386/host/cpuinfo.h | 1 + host/include/x86_64/host/aes-round.h | 1 + include/crypto/aes-round.h | 158 +++++ include/crypto/aes.h | 30 - target/arm/helper.h | 2 + target/i386/ops_sse.h | 64 +- target/arm/tcg/sve.decode | 4 +- crypto/aes.c | 808 ++++++++++++++++-------- target/arm/tcg/crypto_helper.c | 245 +++---- target/arm/tcg/translate-a64.c | 13 +- target/arm/tcg/translate-neon.c | 4 +- target/arm/tcg/translate-sve.c | 8 +- target/ppc/int_helper.c | 58 +- target/riscv/crypto_helper.c | 142 ++--- tests/tcg/aarch64/test-aes.c | 58 ++ tests/tcg/i386/test-aes.c | 68 ++ tests/tcg/ppc64/test-aes.c | 116 ++++ tests/tcg/riscv64/test-aes.c | 76 +++ util/cpuinfo-aarch64.c | 2 + util/cpuinfo-i386.c | 3 + tests/tcg/multiarch/test-aes-main.c.inc | 183 ++++++ tests/tcg/aarch64/Makefile.target | 4 + tests/tcg/i386/Makefile.target | 4 + tests/tcg/ppc64/Makefile.target | 1 + tests/tcg/riscv64/Makefile.target | 4 + 29 files changed, 1776 insertions(+), 670 deletions(-) create mode 100644 host/include/aarch64/host/aes-round.h create mode 100644 host/include/generic/host/aes-round.h create mode 100644 host/include/i386/host/aes-round.h create mode 100644 host/include/x86_64/host/aes-round.h create mode 100644 include/crypto/aes-round.h create mode 100644 tests/tcg/aarch64/test-aes.c create mode 100644 tests/tcg/i386/test-aes.c create mode 100644 tests/tcg/ppc64/test-aes.c create mode 100644 tests/tcg/riscv64/test-aes.c create mode 100644 tests/tcg/multiarch/test-aes-main.c.inc