9ea17007c4
The AES MixColumns and InvMixColumns operations are relatively expensive 4x4 matrix multiplications in GF(2^8), which is why C implementations usually rely on precomputed lookup tables rather than performing the calculations on demand. Given that we already carry those tables in QEMU, we can just grab the right value in the implementation of the RISC-V AES32 instructions. Note that the tables in question are permuted according to the respective Sbox, so we can omit the Sbox lookup as well in this case. Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Philippe Mathieu-Daudé <philmd@linaro.org> Cc: Zewen Ye <lustrew@foxmail.com> Cc: Weiwei Li <liweiwei@iscas.ac.cn> Cc: Junqiang Wang <wangjunqiang@iscas.ac.cn> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-ID: <20230731084043.1791984-1-ardb@kernel.org> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
41 lines
1.1 KiB
C
41 lines
1.1 KiB
C
#ifndef QEMU_AES_H
|
|
#define QEMU_AES_H
|
|
|
|
#define AES_MAXNR 14
|
|
#define AES_BLOCK_SIZE 16
|
|
|
|
struct aes_key_st {
|
|
uint32_t rd_key[4 *(AES_MAXNR + 1)];
|
|
int rounds;
|
|
};
|
|
typedef struct aes_key_st AES_KEY;
|
|
|
|
/* FreeBSD/OpenSSL have their own AES functions with the same names in -lcrypto
|
|
* (which might be pulled in via curl), so redefine to avoid conflicts. */
|
|
#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
|
|
#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
|
|
#define AES_encrypt QEMU_AES_encrypt
|
|
#define AES_decrypt QEMU_AES_decrypt
|
|
|
|
int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
|
|
AES_KEY *key);
|
|
int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
|
|
AES_KEY *key);
|
|
|
|
void AES_encrypt(const unsigned char *in, unsigned char *out,
|
|
const AES_KEY *key);
|
|
void AES_decrypt(const unsigned char *in, unsigned char *out,
|
|
const AES_KEY *key);
|
|
|
|
extern const uint8_t AES_sbox[256];
|
|
extern const uint8_t AES_isbox[256];
|
|
|
|
/*
|
|
AES_Te0[x] = S [x].[02, 01, 01, 03];
|
|
AES_Td0[x] = Si[x].[0e, 09, 0d, 0b];
|
|
*/
|
|
|
|
extern const uint32_t AES_Te0[256], AES_Td0[256];
|
|
|
|
#endif
|