gem5  v20.1.0.0
crypto.cc
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 ARM Limited
3  * All rights reserved
4  *
5  * The license below extends only to copyright in the software and shall
6  * not be construed as granting a license to any other intellectual
7  * property including but not limited to intellectual property relating
8  * to a hardware implementation of the functionality of the software
9  * licensed hereunder. You may use the software subject to the license
10  * terms below provided that you ensure that this notice is replicated
11  * unmodified and in its entirety in all distributions of the software,
12  * modified or unmodified, in source code or in binary form.
13  *
14  * Redistribution and use in source and binary forms, with or without
15  * modification, are permitted provided that the following conditions are
16  * met: redistributions of source code must retain the above copyright
17  * notice, this list of conditions and the following disclaimer;
18  * redistributions in binary form must reproduce the above copyright
19  * notice, this list of conditions and the following disclaimer in the
20  * documentation and/or other materials provided with the distribution;
21  * neither the name of the copyright holders nor the names of its
22  * contributors may be used to endorse or promote products derived from
23  * this software without specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
27  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
28  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
29  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
30  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
31  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
35  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36  */
37 
38 #include <cstdio>
39 #include <iostream>
40 #include <string>
41 
42 #include "crypto.hh"
43 
44 namespace ArmISA {
45 
46 const uint8_t
47 Crypto::aesSBOX[256] = {
48  0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b,
49  0xfe, 0xd7, 0xab, 0x76, 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
50  0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, 0xb7, 0xfd, 0x93, 0x26,
51  0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
52  0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2,
53  0xeb, 0x27, 0xb2, 0x75, 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
54  0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, 0x53, 0xd1, 0x00, 0xed,
55  0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
56  0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f,
57  0x50, 0x3c, 0x9f, 0xa8, 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
58  0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, 0xcd, 0x0c, 0x13, 0xec,
59  0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
60  0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14,
61  0xde, 0x5e, 0x0b, 0xdb, 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
62  0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, 0xe7, 0xc8, 0x37, 0x6d,
63  0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
64  0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f,
65  0x4b, 0xbd, 0x8b, 0x8a, 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
66  0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, 0xe1, 0xf8, 0x98, 0x11,
67  0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
68  0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f,
69  0xb0, 0x54, 0xbb, 0x16
70 };
71 
72 const uint8_t
73 Crypto::aesInvSBOX[256] = {
74  0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e,
75  0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
76  0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, 0x54, 0x7b, 0x94, 0x32,
77  0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
78  0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49,
79  0x6d, 0x8b, 0xd1, 0x25, 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
80  0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, 0x6c, 0x70, 0x48, 0x50,
81  0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
82  0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05,
83  0xb8, 0xb3, 0x45, 0x06, 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
84  0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, 0x3a, 0x91, 0x11, 0x41,
85  0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
86  0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8,
87  0x1c, 0x75, 0xdf, 0x6e, 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
88  0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, 0xfc, 0x56, 0x3e, 0x4b,
89  0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
90  0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59,
91  0x27, 0x80, 0xec, 0x5f, 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
92  0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, 0xa0, 0xe0, 0x3b, 0x4d,
93  0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
94  0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63,
95  0x55, 0x21, 0x0c, 0x7d
96 };
97 
98 const uint8_t
99 Crypto::aesFFLOG[256] = {
100  0x00, 0x00, 0x19, 0x01, 0x32, 0x02, 0x1a, 0xc6, 0x4b, 0xc7, 0x1b, 0x68,
101  0x33, 0xee, 0xdf, 0x03, 0x64, 0x04, 0xe0, 0x0e, 0x34, 0x8d, 0x81, 0xef,
102  0x4c, 0x71, 0x08, 0xc8, 0xf8, 0x69, 0x1c, 0xc1, 0x7d, 0xc2, 0x1d, 0xb5,
103  0xf9, 0xb9, 0x27, 0x6a, 0x4d, 0xe4, 0xa6, 0x72, 0x9a, 0xc9, 0x09, 0x78,
104  0x65, 0x2f, 0x8a, 0x05, 0x21, 0x0f, 0xe1, 0x24, 0x12, 0xf0, 0x82, 0x45,
105  0x35, 0x93, 0xda, 0x8e, 0x96, 0x8f, 0xdb, 0xbd, 0x36, 0xd0, 0xce, 0x94,
106  0x13, 0x5c, 0xd2, 0xf1, 0x40, 0x46, 0x83, 0x38, 0x66, 0xdd, 0xfd, 0x30,
107  0xbf, 0x06, 0x8b, 0x62, 0xb3, 0x25, 0xe2, 0x98, 0x22, 0x88, 0x91, 0x10,
108  0x7e, 0x6e, 0x48, 0xc3, 0xa3, 0xb6, 0x1e, 0x42, 0x3a, 0x6b, 0x28, 0x54,
109  0xfa, 0x85, 0x3d, 0xba, 0x2b, 0x79, 0x0a, 0x15, 0x9b, 0x9f, 0x5e, 0xca,
110  0x4e, 0xd4, 0xac, 0xe5, 0xf3, 0x73, 0xa7, 0x57, 0xaf, 0x58, 0xa8, 0x50,
111  0xf4, 0xea, 0xd6, 0x74, 0x4f, 0xae, 0xe9, 0xd5, 0xe7, 0xe6, 0xad, 0xe8,
112  0x2c, 0xd7, 0x75, 0x7a, 0xeb, 0x16, 0x0b, 0xf5, 0x59, 0xcb, 0x5f, 0xb0,
113  0x9c, 0xa9, 0x51, 0xa0, 0x7f, 0x0c, 0xf6, 0x6f, 0x17, 0xc4, 0x49, 0xec,
114  0xd8, 0x43, 0x1f, 0x2d, 0xa4, 0x76, 0x7b, 0xb7, 0xcc, 0xbb, 0x3e, 0x5a,
115  0xfb, 0x60, 0xb1, 0x86, 0x3b, 0x52, 0xa1, 0x6c, 0xaa, 0x55, 0x29, 0x9d,
116  0x97, 0xb2, 0x87, 0x90, 0x61, 0xbe, 0xdc, 0xfc, 0xbc, 0x95, 0xcf, 0xcd,
117  0x37, 0x3f, 0x5b, 0xd1, 0x53, 0x39, 0x84, 0x3c, 0x41, 0xa2, 0x6d, 0x47,
118  0x14, 0x2a, 0x9e, 0x5d, 0x56, 0xf2, 0xd3, 0xab, 0x44, 0x11, 0x92, 0xd9,
119  0x23, 0x20, 0x2e, 0x89, 0xb4, 0x7c, 0xb8, 0x26, 0x77, 0x99, 0xe3, 0xa5,
120  0x67, 0x4a, 0xed, 0xde, 0xc5, 0x31, 0xfe, 0x18, 0x0d, 0x63, 0x8c, 0x80,
121  0xc0, 0xf7, 0x70, 0x07
122 };
123 
124 const uint8_t
125 Crypto::aesFFEXP[256] = {
126  0x01, 0x03, 0x05, 0x0f, 0x11, 0x33, 0x55, 0xff, 0x1a, 0x2e, 0x72, 0x96,
127  0xa1, 0xf8, 0x13, 0x35, 0x5f, 0xe1, 0x38, 0x48, 0xd8, 0x73, 0x95, 0xa4,
128  0xf7, 0x02, 0x06, 0x0a, 0x1e, 0x22, 0x66, 0xaa, 0xe5, 0x34, 0x5c, 0xe4,
129  0x37, 0x59, 0xeb, 0x26, 0x6a, 0xbe, 0xd9, 0x70, 0x90, 0xab, 0xe6, 0x31,
130  0x53, 0xf5, 0x04, 0x0c, 0x14, 0x3c, 0x44, 0xcc, 0x4f, 0xd1, 0x68, 0xb8,
131  0xd3, 0x6e, 0xb2, 0xcd, 0x4c, 0xd4, 0x67, 0xa9, 0xe0, 0x3b, 0x4d, 0xd7,
132  0x62, 0xa6, 0xf1, 0x08, 0x18, 0x28, 0x78, 0x88, 0x83, 0x9e, 0xb9, 0xd0,
133  0x6b, 0xbd, 0xdc, 0x7f, 0x81, 0x98, 0xb3, 0xce, 0x49, 0xdb, 0x76, 0x9a,
134  0xb5, 0xc4, 0x57, 0xf9, 0x10, 0x30, 0x50, 0xf0, 0x0b, 0x1d, 0x27, 0x69,
135  0xbb, 0xd6, 0x61, 0xa3, 0xfe, 0x19, 0x2b, 0x7d, 0x87, 0x92, 0xad, 0xec,
136  0x2f, 0x71, 0x93, 0xae, 0xe9, 0x20, 0x60, 0xa0, 0xfb, 0x16, 0x3a, 0x4e,
137  0xd2, 0x6d, 0xb7, 0xc2, 0x5d, 0xe7, 0x32, 0x56, 0xfa, 0x15, 0x3f, 0x41,
138  0xc3, 0x5e, 0xe2, 0x3d, 0x47, 0xc9, 0x40, 0xc0, 0x5b, 0xed, 0x2c, 0x74,
139  0x9c, 0xbf, 0xda, 0x75, 0x9f, 0xba, 0xd5, 0x64, 0xac, 0xef, 0x2a, 0x7e,
140  0x82, 0x9d, 0xbc, 0xdf, 0x7a, 0x8e, 0x89, 0x80, 0x9b, 0xb6, 0xc1, 0x58,
141  0xe8, 0x23, 0x65, 0xaf, 0xea, 0x25, 0x6f, 0xb1, 0xc8, 0x43, 0xc5, 0x54,
142  0xfc, 0x1f, 0x21, 0x63, 0xa5, 0xf4, 0x07, 0x09, 0x1b, 0x2d, 0x77, 0x99,
143  0xb0, 0xcb, 0x46, 0xca, 0x45, 0xcf, 0x4a, 0xde, 0x79, 0x8b, 0x86, 0x91,
144  0xa8, 0xe3, 0x3e, 0x42, 0xc6, 0x51, 0xf3, 0x0e, 0x12, 0x36, 0x5a, 0xee,
145  0x29, 0x7b, 0x8d, 0x8c, 0x8f, 0x8a, 0x85, 0x94, 0xa7, 0xf2, 0x0d, 0x17,
146  0x39, 0x4b, 0xdd, 0x7c, 0x84, 0x97, 0xa2, 0xfd, 0x1c, 0x24, 0x6c, 0xb4,
147  0xc7, 0x52, 0xf6, 0x01
148 };
149 
150 const uint8_t
151 Crypto::aesSHIFT[16] = {
152  0, 5, 10, 15, 4, 9, 14, 3,
153  8, 13, 2, 7, 12, 1, 6, 11
154 };
155 
156 const uint8_t
157 Crypto::aesINVSHIFT[16] = {
158  0, 13, 10, 7, 4, 1, 14, 11,
159  8, 5, 2, 15, 12, 9, 6, 3
160 };
161 
162 uint8_t
163 Crypto::aesFFMul(uint8_t a, uint8_t b)
164 {
165  unsigned int log_prod;
166 
167  if ((a ==0)|| (b == 0)) return 0;
168 
169  log_prod = (aesFFLOG[a] + aesFFLOG[b]);
170 
171  if(log_prod > 0xff)
172  log_prod = log_prod - 0xff;
173 
174  return aesFFEXP[log_prod];
175 }
176 
177 void
178 Crypto::aesSubBytes(uint8_t *output, uint8_t *input)
179 {
180  for (int i = 0; i < 16; ++i) {
181  output[i] = aesSBOX[input[i]];
182  }
183 }
184 
185 void
186 Crypto::aesInvSubBytes(uint8_t *output, uint8_t *input)
187 {
188  for (int i = 0; i < 16; ++i) {
189  output[i] = aesInvSBOX[input[i]];
190  }
191 }
192 
193 void
194 Crypto::aesShiftRows(uint8_t *output, uint8_t *input)
195 {
196  for (int i = 0; i < 16; ++i) {
197  output[i] = input[aesSHIFT[i]];
198  }
199 }
200 
201 void
202 Crypto::aesInvShiftRows(uint8_t *output, uint8_t *input)
203 {
204  for (int i = 0; i < 16; ++i) {
205  output[i] = input[aesINVSHIFT[i]];
206  }
207 }
208 
209 void
210 Crypto::aesAddRoundKey(uint8_t *output, uint8_t *input,
211  uint8_t *key)
212 {
213  for (int i = 0; i < 16; ++i) {
214  output[i] = input[i] ^ key[i];
215  }
216 }
217 
218 void
219 Crypto::aesMixColumns(uint8_t *output, uint8_t *input)
220 {
221  for (int j = 0; j < 4; ++j) {
222  int row0 = (j * 4);
223  int row1 = row0 + 1;
224  int row2 = row0 + 2;
225  int row3 = row0 + 3;
226  uint8_t t1 = input[row0] ^ input[row1] ^
227  input[row2] ^ input[row3];
228 
229  output[row1] = input[row1] ^ t1 ^ aesFFMul2(input[row1] ^ input[row2]);
230  output[row2] = input[row2] ^ t1 ^ aesFFMul2(input[row2] ^ input[row3]);
231  output[row3] = input[row3] ^ t1 ^ aesFFMul2(input[row3] ^ input[row0]);
232  output[row0] = input[row0] ^ t1 ^ aesFFMul2(input[row0] ^ input[row1]);
233  }
234 }
235 
236 void
237 Crypto::aesInvMixColumns(uint8_t *output, uint8_t *input)
238 {
239  for (int j = 0; j < 4; ++j) {
240  for (int i = 0; i < 4; ++i) {
241  int index0 = (j * 4) + i;
242  int index1 = (j * 4) + ((i + 1) % 4);
243  int index2 = (j * 4) + ((i + 2) % 4);
244  int index3 = (j * 4) + ((i + 3) % 4);
245  output [index0] =
246  aesFFMul(0x0e, input[index0]) ^ aesFFMul(0x0b, input[index1]) ^
247  aesFFMul(0x0d, input[index2]) ^ aesFFMul(0x09, input[index3]);
248  }
249  }
250 }
251 
252 void
253 Crypto::aesEncrypt(uint8_t *output, uint8_t *input,
254  uint8_t *key)
255 {
256  uint8_t temp1[16];
257  uint8_t temp2[16];
258  aesAddRoundKey(&temp1[0], input, key);
259  aesShiftRows(&temp2[0], &temp1[0]);
260  aesSubBytes(output, &temp2[0]);
261 }
262 
263 void
264 Crypto::aesDecrypt(uint8_t *output, uint8_t *input,
265  uint8_t *key)
266 {
267  uint8_t temp1[16];
268  uint8_t temp2[16];
269  aesAddRoundKey(&temp1[0], input, key);
270  aesInvShiftRows(&temp2[0], &temp1[0]);
271  aesInvSubBytes(output, &temp2[0]);
272 }
273 
274 void
276  uint32_t *X,
277  uint32_t *Y,
278  uint32_t *Z)
279 {
280  uint32_t T0, T1, T2, T3;
281  for (int i = 0; i < 4; ++i) {
282  T0 = choose(Y[0], Y[1], Y[2]);
283  T1 = majority(X[0], X[1], X[2]);
284  T2 = Y[3] + sigma1(Y[0]) + T0 + Z[i];
285  X[3] = T2 + X[3];
286  Y[3] = T2 + sigma0(X[0]) + T1;
287  // Rotate
288  T3 = Y[3];
289  Y[3] = Y[2]; Y[2] = Y[1]; Y[1] = Y[0]; Y[0] = X[3];
290  X[3] = X[2]; X[2] = X[1]; X[1] = X[0]; X[0] = T3;
291  }
292 }
293 
294 void
296  uint32_t *X,
297  uint32_t *Y,
298  uint32_t *Z,
299  SHAOp op)
300 {
301  uint32_t T1, T2;
302 
303  for (int i = 0; i < 4; ++i) {
304  switch (op) {
305  case CHOOSE: T1 = choose(X[1], X[2], X[3]); break;
306  case PARITY: T1 = parity(X[1], X[2], X[3]); break;
307  case MAJORITY: T1 = majority(X[1], X[2], X[3]); break;
308  default: return;
309  }
310  Y[0] += ror(X[0], 27) + T1 + Z[i];
311  X[1] = ror(X[1], 2);
312  T2 = Y[0];
313  Y[0] = X[3];
314  X[3] = X[2]; X[2] = X[1]; X[1] = X[0]; X[0] = T2;
315  }
316 }
317 
318 void
320  uint8_t *output,
321  uint8_t *input,
322  uint8_t *input2)
323 {
324  uint32_t X[4], Y[4], Z[4];
325  load3Reg(&X[0], &Y[0], &Z[0], output, input, input2);
326  sha256Op(&X[0], &Y[0], &Z[0]);
327  store1Reg(output, &X[0]);
328 }
329 
330 void
332  uint8_t *output,
333  uint8_t *input,
334  uint8_t *input2)
335 {
336  uint32_t X[4], Y[4], Z[4];
337  load3Reg(&X[0], &Y[0], &Z[0], output, input, input2);
338  sha256Op(&Y[0], &X[0], &Z[0]);
339  store1Reg(output, &X[0]);
340 }
341 
342 void
343 Crypto::sha256Su0(uint8_t *output, uint8_t *input)
344 {
345  uint32_t X[4], Y[4];
346  uint32_t T[4];
347 
348  load2Reg(&X[0], &Y[0], output, input);
349 
350  T[3] = Y[0]; T[2] = X[3]; T[1] = X[2]; T[0] = X[1];
351 
352  T[3] = ror(T[3], 7) ^ ror(T[3], 18) ^ (T[3] >> 3);
353  T[2] = ror(T[2], 7) ^ ror(T[2], 18) ^ (T[2] >> 3);
354  T[1] = ror(T[1], 7) ^ ror(T[1], 18) ^ (T[1] >> 3);
355  T[0] = ror(T[0], 7) ^ ror(T[0], 18) ^ (T[0] >> 3);
356 
357  X[3] += T[3];
358  X[2] += T[2];
359  X[1] += T[1];
360  X[0] += T[0];
361 
362  store1Reg(output, &X[0]);
363 }
364 
365 void
367  uint8_t *output,
368  uint8_t *input,
369  uint8_t *input2)
370 {
371  uint32_t X[4], Y[4], Z[4];
372  uint32_t T0[4], T1[4], T2[4], T3[4];
373 
374  load3Reg(&X[0], &Y[0], &Z[0], output, input, input2);
375 
376  T0[3] = Z[0]; T0[2] = Y[3]; T0[1] = Y[2]; T0[0] = Y[1];
377  T1[1] = Z[3]; T1[0] = Z[2];
378  T1[1] = ror(T1[1], 17) ^ ror(T1[1], 19) ^ (T1[1] >> 10);
379  T1[0] = ror(T1[0], 17) ^ ror(T1[0], 19) ^ (T1[0] >> 10);
380  T3[1] = X[1] + T0[1]; T3[0] = X[0] + T0[0];
381  T1[1] = T3[1] + T1[1]; T1[0] = T3[0] + T1[0];
382  T2[1] = ror(T1[1], 17) ^ ror(T1[1], 19) ^ (T1[1] >> 10);
383  T2[0] = ror(T1[0], 17) ^ ror(T1[0], 19) ^ (T1[0] >> 10);
384  T3[1] = X[3] + T0[3]; T3[0] = X[2] + T0[2];
385  X[3] = T3[1] + T2[1];
386  X[2] = T3[0] + T2[0];
387  X[1] = T1[1]; X[0] = T1[0];
388 
389  store1Reg(output, &X[0]);
390 }
391 
392 void
394  uint8_t *output,
395  uint8_t *input,
396  uint8_t *input2,
397  SHAOp op)
398 {
399  uint32_t X[4], Y[4], Z[4];
400  load3Reg(&X[0], &Y[0], &Z[0], output, input, input2);
401  _sha1Op(&X[0], &Y[0], &Z[0], op);
402  store1Reg(output, &X[0]);
403 }
404 
405 void
407  uint8_t *output,
408  uint8_t *input,
409  uint8_t *input2)
410 {
411  sha1Op(output, input, input2, CHOOSE);
412 }
413 
414 void
416  uint8_t *output,
417  uint8_t *input,
418  uint8_t *input2)
419 {
420  sha1Op(output, input, input2, PARITY);
421 }
422 
423 void
425  uint8_t *output,
426  uint8_t *input,
427  uint8_t *input2)
428 {
429  sha1Op(output, input, input2, MAJORITY);
430 }
431 
432 void
433 Crypto::sha1H(uint8_t *output, uint8_t *input)
434 {
435  uint32_t X[4], Y[4];
436  load2Reg(&X[0], &Y[0], output, input);
437  X[0] = ror(Y[0], 2);
438  store1Reg(output, &X[0]);
439 }
440 
441 void
443  uint8_t *output,
444  uint8_t *input,
445  uint8_t *input2)
446 {
447  uint32_t X[4], Y[4], Z[4], T[4];
448  load3Reg(&X[0], &Y[0], &Z[0], output, input, input2);
449 
450  T[3] = Y[1]; T[2] = Y[0]; T[1] = X[3]; T[0] = X[2];
451  X[3] = T[3] ^ X[3] ^ Z[3];
452  X[2] = T[2] ^ X[2] ^ Z[2];
453  X[1] = T[1] ^ X[1] ^ Z[1];
454  X[0] = T[0] ^ X[0] ^ Z[0];
455 
456  store1Reg(output, &X[0]);
457 }
458 
459 void
460 Crypto::sha1Su1(uint8_t *output, uint8_t *input)
461 {
462  uint32_t X[4], Y[4], T[4];
463  load2Reg(&X[0], &Y[0], output, input);
464 
465  T[3] = X[3] ^ 0x0;
466  T[2] = X[2] ^ Y[3];
467  T[1] = X[1] ^ Y[2];
468  T[0] = X[0] ^ Y[1];
469  X[2] = ror(T[2], 31); X[1] = ror(T[1], 31); X[0] = ror(T[0], 31);
470  X[3] = ror(T[3], 31) ^ ror(T[0], 30);
471 
472  store1Reg(output, &X[0]);
473 }
474 
475 void
477  uint32_t *X,
478  uint32_t *Y,
479  uint8_t *output,
480  uint8_t *input)
481 {
482  for (int i = 0; i < 4; ++i) {
483  X[i] = *((uint32_t *)&output[i*4]);
484  Y[i] = *((uint32_t *)&input[i*4]);
485  }
486 }
487 
488 void
490  uint32_t *X,
491  uint32_t *Y,
492  uint32_t *Z,
493  uint8_t *output,
494  uint8_t *input,
495  uint8_t *input2)
496 {
497  for (int i = 0; i < 4; ++i) {
498  X[i] = *((uint32_t *)&output[i*4]);
499  Y[i] = *((uint32_t *)&input[i*4]);
500  Z[i] = *((uint32_t *)&input2[i*4]);
501  }
502 }
503 
504 void
505 Crypto::store1Reg(uint8_t *output, uint32_t *X)
506 {
507  for (int i = 0; i < 4; ++i) {
508  output[i*4] = (uint8_t)(X[i]);
509  output[i*4+1] = (uint8_t)(X[i] >> 8);
510  output[i*4+2] = (uint8_t)(X[i] >> 16);
511  output[i*4+3] = (uint8_t)(X[i] >> 24);
512  }
513 }
514 
515 } // namespace ArmISA
ArmISA::Crypto::aesFFEXP
static const uint8_t aesFFEXP[256]
Look up table for {03}^X where {03} and X are elements in the filed G(256)
Definition: crypto.hh:71
ArmISA::Crypto::sha256H2
void sha256H2(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:331
output
static void output(const char *filename)
Definition: debug.cc:60
ArmISA::Crypto::sigma0
uint32_t sigma0(uint32_t X)
Definition: crypto.hh:107
ArmISA::Crypto::aesAddRoundKey
void aesAddRoundKey(uint8_t *output, uint8_t *input, uint8_t *key)
Definition: crypto.cc:210
ArmISA::Crypto::aesSubBytes
void aesSubBytes(uint8_t *output, uint8_t *input)
Definition: crypto.cc:178
ArmISA::Crypto::store1Reg
void store1Reg(uint8_t *output, uint32_t *X)
Definition: crypto.cc:505
ArmISA::Crypto::CHOOSE
@ CHOOSE
Definition: crypto.hh:47
ArmISA::Crypto::load2Reg
void load2Reg(uint32_t *X, uint32_t *Y, uint8_t *output, uint8_t *input)
Definition: crypto.cc:476
ArmISA::Crypto::aesSBOX
static const uint8_t aesSBOX[256]
Look up table for subByttes transformation.
Definition: crypto.hh:53
ArmISA::i
Bitfield< 7 > i
Definition: miscregs_types.hh:63
ArmISA::Crypto::parity
uint32_t parity(uint32_t X, uint32_t Y, uint32_t Z)
Definition: crypto.hh:97
ArmISA::Crypto::aesSHIFT
static const uint8_t aesSHIFT[16]
Definition: crypto.hh:58
ArmISA::Crypto::sha256H
void sha256H(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:319
ArmISA::Crypto::_sha1Op
void _sha1Op(uint32_t *X, uint32_t *Y, uint32_t *Z, SHAOp op)
Definition: crypto.cc:295
X86ISA::op
Bitfield< 4 > op
Definition: types.hh:78
ArmISA::Crypto::aesMixColumns
void aesMixColumns(uint8_t *output, uint8_t *input)
Definition: crypto.cc:219
ArmISA::Crypto::sha1H
void sha1H(uint8_t *output, uint8_t *input)
Definition: crypto.cc:433
X86ISA::X
Bitfield< 15, 0 > X
Definition: int.hh:53
crypto.hh
ArmISA
Definition: ccregs.hh:41
ArmISA::Crypto::sha1Su0
void sha1Su0(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:442
ArmISA::Crypto::load3Reg
void load3Reg(uint32_t *X, uint32_t *Y, uint32_t *Z, uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:489
ArmISA::Crypto::majority
uint32_t majority(uint32_t X, uint32_t Y, uint32_t Z)
Definition: crypto.hh:102
ArmISA::Crypto::aesInvSubBytes
void aesInvSubBytes(uint8_t *output, uint8_t *input)
Definition: crypto.cc:186
ArmISA::j
Bitfield< 24 > j
Definition: miscregs_types.hh:54
ArmISA::Crypto::sha256Op
void sha256Op(uint32_t *X, uint32_t *Y, uint32_t *Z)
Definition: crypto.cc:275
ArmISA::a
Bitfield< 8 > a
Definition: miscregs_types.hh:62
ArmISA::Crypto::sha256Su0
void sha256Su0(uint8_t *output, uint8_t *input)
Definition: crypto.cc:343
ArmISA::Crypto::aesFFLOG
static const uint8_t aesFFLOG[256]
Look up table for Finite Field logarithm where the base is the element {03} in the field G(256)
Definition: crypto.hh:65
ArmISA::Crypto::MAJORITY
@ MAJORITY
Definition: crypto.hh:49
ArmISA::Crypto::ror
uint32_t ror(uint32_t x, uint8_t shift)
Definition: crypto.hh:87
ArmISA::Crypto::choose
uint32_t choose(uint32_t X, uint32_t Y, uint32_t Z)
Definition: crypto.hh:92
ArmISA::Crypto::PARITY
@ PARITY
Definition: crypto.hh:48
ArmISA::Crypto::sha1M
void sha1M(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:424
ArmISA::Crypto::sha256Su1
void sha256Su1(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:366
ArmISA::Crypto::aesFFMul2
uint8_t aesFFMul2(uint8_t a)
Definition: crypto.hh:76
ArmISA::Crypto::aesInvSBOX
static const uint8_t aesInvSBOX[256]
Look up table for inverse subBytes transformation.
Definition: crypto.hh:56
ArmISA::Crypto::aesInvShiftRows
void aesInvShiftRows(uint8_t *output, uint8_t *input)
Definition: crypto.cc:202
ArmISA::Crypto::aesDecrypt
void aesDecrypt(uint8_t *output, uint8_t *input, uint8_t *key)
Definition: crypto.cc:264
ArmISA::b
Bitfield< 7 > b
Definition: miscregs_types.hh:376
ArmISA::Crypto::aesEncrypt
void aesEncrypt(uint8_t *output, uint8_t *input, uint8_t *key)
Definition: crypto.cc:253
ArmISA::Crypto::sha1C
void sha1C(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:406
ArmISA::Crypto::aesFFMul
uint8_t aesFFMul(uint8_t a, uint8_t b)
Finite field multiplication of two elements in the field G(256)
Definition: crypto.cc:163
ArmISA::Crypto::aesInvMixColumns
void aesInvMixColumns(uint8_t *output, uint8_t *input)
Definition: crypto.cc:237
ArmISA::t1
Bitfield< 1 > t1
Definition: miscregs_types.hh:229
ArmISA::Crypto::aesShiftRows
void aesShiftRows(uint8_t *output, uint8_t *input)
Definition: crypto.cc:194
ArmISA::Crypto::sigma1
uint32_t sigma1(uint32_t X)
Definition: crypto.hh:112
ArmISA::Crypto::SHAOp
SHAOp
Definition: crypto.hh:45
ArmISA::Crypto::sha1P
void sha1P(uint8_t *output, uint8_t *input, uint8_t *input2)
Definition: crypto.cc:415
ArmISA::Crypto::sha1Op
void sha1Op(uint8_t *output, uint8_t *input, uint8_t *input2, SHAOp op)
Definition: crypto.cc:393
ArmISA::Crypto::aesINVSHIFT
static const uint8_t aesINVSHIFT[16]
Definition: crypto.hh:59
ArmISA::Crypto::sha1Su1
void sha1Su1(uint8_t *output, uint8_t *input)
Definition: crypto.cc:460

Generated on Wed Sep 30 2020 14:02:00 for gem5 by doxygen 1.8.17