Richard Henderson | 07f348d | 2023-07-10 15:38:28 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Carry-less multiply operations. |
| 3 | * SPDX-License-Identifier: GPL-2.0-or-later |
| 4 | * |
| 5 | * Copyright (C) 2023 Linaro, Ltd. |
| 6 | */ |
| 7 | |
| 8 | #include "qemu/osdep.h" |
| 9 | #include "crypto/clmul.h" |
| 10 | |
| 11 | uint64_t clmul_8x8_low(uint64_t n, uint64_t m) |
| 12 | { |
| 13 | uint64_t r = 0; |
| 14 | |
| 15 | for (int i = 0; i < 8; ++i) { |
| 16 | uint64_t mask = (n & 0x0101010101010101ull) * 0xff; |
| 17 | r ^= m & mask; |
| 18 | m = (m << 1) & 0xfefefefefefefefeull; |
| 19 | n >>= 1; |
| 20 | } |
| 21 | return r; |
| 22 | } |
| 23 | |
| 24 | static uint64_t clmul_8x4_even_int(uint64_t n, uint64_t m) |
| 25 | { |
| 26 | uint64_t r = 0; |
| 27 | |
| 28 | for (int i = 0; i < 8; ++i) { |
| 29 | uint64_t mask = (n & 0x0001000100010001ull) * 0xffff; |
| 30 | r ^= m & mask; |
| 31 | n >>= 1; |
| 32 | m <<= 1; |
| 33 | } |
| 34 | return r; |
| 35 | } |
| 36 | |
| 37 | uint64_t clmul_8x4_even(uint64_t n, uint64_t m) |
| 38 | { |
| 39 | n &= 0x00ff00ff00ff00ffull; |
| 40 | m &= 0x00ff00ff00ff00ffull; |
| 41 | return clmul_8x4_even_int(n, m); |
| 42 | } |
| 43 | |
| 44 | uint64_t clmul_8x4_odd(uint64_t n, uint64_t m) |
| 45 | { |
| 46 | return clmul_8x4_even(n >> 8, m >> 8); |
| 47 | } |
| 48 | |
| 49 | static uint64_t unpack_8_to_16(uint64_t x) |
| 50 | { |
| 51 | return (x & 0x000000ff) |
| 52 | | ((x & 0x0000ff00) << 8) |
| 53 | | ((x & 0x00ff0000) << 16) |
| 54 | | ((x & 0xff000000) << 24); |
| 55 | } |
| 56 | |
| 57 | uint64_t clmul_8x4_packed(uint32_t n, uint32_t m) |
| 58 | { |
| 59 | return clmul_8x4_even_int(unpack_8_to_16(n), unpack_8_to_16(m)); |
| 60 | } |
Richard Henderson | cf1b2ca | 2023-07-11 09:14:58 +0100 | [diff] [blame] | 61 | |
| 62 | uint64_t clmul_16x2_even(uint64_t n, uint64_t m) |
| 63 | { |
| 64 | uint64_t r = 0; |
| 65 | |
| 66 | n &= 0x0000ffff0000ffffull; |
| 67 | m &= 0x0000ffff0000ffffull; |
| 68 | |
| 69 | for (int i = 0; i < 16; ++i) { |
| 70 | uint64_t mask = (n & 0x0000000100000001ull) * 0xffffffffull; |
| 71 | r ^= m & mask; |
| 72 | n >>= 1; |
| 73 | m <<= 1; |
| 74 | } |
| 75 | return r; |
| 76 | } |
| 77 | |
| 78 | uint64_t clmul_16x2_odd(uint64_t n, uint64_t m) |
| 79 | { |
| 80 | return clmul_16x2_even(n >> 16, m >> 16); |
| 81 | } |
Richard Henderson | 9a65a57 | 2023-07-11 09:54:06 +0100 | [diff] [blame] | 82 | |
| 83 | uint64_t clmul_32(uint32_t n, uint32_t m32) |
| 84 | { |
| 85 | uint64_t r = 0; |
| 86 | uint64_t m = m32; |
| 87 | |
| 88 | for (int i = 0; i < 32; ++i) { |
| 89 | r ^= n & 1 ? m : 0; |
| 90 | n >>= 1; |
| 91 | m <<= 1; |
| 92 | } |
| 93 | return r; |
| 94 | } |
Richard Henderson | 00f463b | 2023-07-11 10:10:47 +0100 | [diff] [blame] | 95 | |
| 96 | Int128 clmul_64_gen(uint64_t n, uint64_t m) |
| 97 | { |
| 98 | uint64_t rl = 0, rh = 0; |
| 99 | |
| 100 | /* Bit 0 can only influence the low 64-bit result. */ |
| 101 | if (n & 1) { |
| 102 | rl = m; |
| 103 | } |
| 104 | |
| 105 | for (int i = 1; i < 64; ++i) { |
| 106 | uint64_t mask = -((n >> i) & 1); |
| 107 | rl ^= (m << i) & mask; |
| 108 | rh ^= (m >> (64 - i)) & mask; |
| 109 | } |
| 110 | return int128_make128(rl, rh); |
| 111 | } |