master
1/*===----------------- keylockerintrin.h - KL Intrinsics -------------------===
2 *
3 * Permission is hereby granted, free of charge, to any person obtaining a copy
4 * of this software and associated documentation files (the "Software"), to deal
5 * in the Software without restriction, including without limitation the rights
6 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 * copies of the Software, and to permit persons to whom the Software is
8 * furnished to do so, subject to the following conditions:
9 *
10 * The above copyright notice and this permission notice shall be included in
11 * all copies or substantial portions of the Software.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19 * THE SOFTWARE.
20 *
21 *===-----------------------------------------------------------------------===
22 */
23
24#ifndef __IMMINTRIN_H
25#error "Never use <keylockerintrin.h> directly; include <immintrin.h> instead."
26#endif
27
28#ifndef _KEYLOCKERINTRIN_H
29#define _KEYLOCKERINTRIN_H
30
31/* Define the default attributes for the functions in this file. */
32#define __DEFAULT_FN_ATTRS \
33 __attribute__((__always_inline__, __nodebug__, __target__("kl"),\
34 __min_vector_width__(128)))
35
36/// Load internal wrapping key from __intkey, __enkey_lo and __enkey_hi. __ctl
37/// will assigned to EAX, whch specifies the KeySource and whether backing up
38/// the key is permitted. The 256-bit encryption key is loaded from the two
39/// explicit operands (__enkey_lo and __enkey_hi). The 128-bit integrity key is
40/// loaded from the implicit operand XMM0 which assigned by __intkey.
41///
42/// \headerfile <x86intrin.h>
43///
44/// This intrinsic corresponds to the <c> LOADIWKEY </c> instructions.
45///
46/// \code{.operation}
47/// IF CPL > 0 // LOADKWKEY only allowed at ring 0 (supervisor mode)
48/// GP (0)
49/// FI
50/// IF “LOADIWKEY exiting” VM execution control set
51/// VMexit
52/// FI
53/// IF __ctl[4:1] > 1 // Reserved KeySource encoding used
54/// GP (0)
55/// FI
56/// IF __ctl[31:5] != 0 // Reserved bit in __ctl is set
57/// GP (0)
58/// FI
59/// IF __ctl[0] AND (CPUID.19H.ECX[0] == 0) // NoBackup is not supported on this part
60/// GP (0)
61/// FI
62/// IF (__ctl[4:1] == 1) AND (CPUID.19H.ECX[1] == 0) // KeySource of 1 is not supported on this part
63/// GP (0)
64/// FI
65/// IF (__ctl[4:1] == 0) // KeySource of 0.
66/// IWKey.Encryption Key[127:0] := __enkey_hi[127:0]:
67/// IWKey.Encryption Key[255:128] := __enkey_lo[127:0]
68/// IWKey.IntegrityKey[127:0] := __intkey[127:0]
69/// IWKey.NoBackup := __ctl[0]
70/// IWKey.KeySource := __ctl[4:1]
71/// ZF := 0
72/// ELSE // KeySource of 1. See RDSEED definition for details of randomness
73/// IF HW_NRND_GEN.ready == 1 // Full-entropy random data from RDSEED was received
74/// IWKey.Encryption Key[127:0] := __enkey_hi[127:0] XOR HW_NRND_GEN.data[127:0]
75/// IWKey.Encryption Key[255:128] := __enkey_lo[127:0] XOR HW_NRND_GEN.data[255:128]
76/// IWKey.Encryption Key[255:0] := __enkey_hi[127:0]:__enkey_lo[127:0] XOR HW_NRND_GEN.data[255:0]
77/// IWKey.IntegrityKey[127:0] := __intkey[127:0] XOR HW_NRND_GEN.data[383:256]
78/// IWKey.NoBackup := __ctl[0]
79/// IWKey.KeySource := __ctl[4:1]
80/// ZF := 0
81/// ELSE // Random data was not returned from RDSEED. IWKey was not loaded
82/// ZF := 1
83/// FI
84/// FI
85/// dst := ZF
86/// OF := 0
87/// SF := 0
88/// AF := 0
89/// PF := 0
90/// CF := 0
91/// \endcode
92static __inline__ void __DEFAULT_FN_ATTRS
93_mm_loadiwkey (unsigned int __ctl, __m128i __intkey,
94 __m128i __enkey_lo, __m128i __enkey_hi) {
95 __builtin_ia32_loadiwkey (__intkey, __enkey_lo, __enkey_hi, __ctl);
96}
97
98/// Wrap a 128-bit AES key from __key into a key handle and output in
99/// ((__m128i*)__h) to ((__m128i*)__h) + 2 and a 32-bit value as return.
100/// The explicit source operand __htype specifies handle restrictions.
101///
102/// \headerfile <x86intrin.h>
103///
104/// This intrinsic corresponds to the <c> ENCODEKEY128 </c> instructions.
105///
106/// \code{.operation}
107/// InputKey[127:0] := __key[127:0]
108/// KeyMetadata[2:0] := __htype[2:0]
109/// KeyMetadata[23:3] := 0 // Reserved for future usage
110/// KeyMetadata[27:24] := 0 // KeyType is AES-128 (value of 0)
111/// KeyMetadata[127:28] := 0 // Reserved for future usage
112/// Handle[383:0] := WrapKey128(InputKey[127:0], KeyMetadata[127:0],
113/// IWKey.Integrity Key[127:0], IWKey.Encryption Key[255:0])
114/// dst[0] := IWKey.NoBackup
115/// dst[4:1] := IWKey.KeySource[3:0]
116/// dst[31:5] := 0
117/// MEM[__h+127:__h] := Handle[127:0] // AAD
118/// MEM[__h+255:__h+128] := Handle[255:128] // Integrity Tag
119/// MEM[__h+383:__h+256] := Handle[383:256] // CipherText
120/// OF := 0
121/// SF := 0
122/// ZF := 0
123/// AF := 0
124/// PF := 0
125/// CF := 0
126/// \endcode
127static __inline__ unsigned int __DEFAULT_FN_ATTRS
128_mm_encodekey128_u32(unsigned int __htype, __m128i __key, void *__h) {
129 return __builtin_ia32_encodekey128_u32(__htype, (__v2di)__key, __h);
130}
131
132/// Wrap a 256-bit AES key from __key_hi:__key_lo into a key handle, then
133/// output handle in ((__m128i*)__h) to ((__m128i*)__h) + 3 and
134/// a 32-bit value as return.
135/// The explicit source operand __htype specifies handle restrictions.
136///
137/// \headerfile <x86intrin.h>
138///
139/// This intrinsic corresponds to the <c> ENCODEKEY256 </c> instructions.
140///
141/// \code{.operation}
142/// InputKey[127:0] := __key_lo[127:0]
143/// InputKey[255:128] := __key_hi[255:128]
144/// KeyMetadata[2:0] := __htype[2:0]
145/// KeyMetadata[23:3] := 0 // Reserved for future usage
146/// KeyMetadata[27:24] := 1 // KeyType is AES-256 (value of 1)
147/// KeyMetadata[127:28] := 0 // Reserved for future usage
148/// Handle[511:0] := WrapKey256(InputKey[255:0], KeyMetadata[127:0],
149/// IWKey.Integrity Key[127:0], IWKey.Encryption Key[255:0])
150/// dst[0] := IWKey.NoBackup
151/// dst[4:1] := IWKey.KeySource[3:0]
152/// dst[31:5] := 0
153/// MEM[__h+127:__h] := Handle[127:0] // AAD
154/// MEM[__h+255:__h+128] := Handle[255:128] // Tag
155/// MEM[__h+383:__h+256] := Handle[383:256] // CipherText[127:0]
156/// MEM[__h+511:__h+384] := Handle[511:384] // CipherText[255:128]
157/// OF := 0
158/// SF := 0
159/// ZF := 0
160/// AF := 0
161/// PF := 0
162/// CF := 0
163/// \endcode
164static __inline__ unsigned int __DEFAULT_FN_ATTRS
165_mm_encodekey256_u32(unsigned int __htype, __m128i __key_lo, __m128i __key_hi,
166 void *__h) {
167 return __builtin_ia32_encodekey256_u32(__htype, (__v2di)__key_lo,
168 (__v2di)__key_hi, __h);
169}
170
171/// The AESENC128KL performs 10 rounds of AES to encrypt the __idata using
172/// the 128-bit key in the handle from the __h. It stores the result in the
173/// __odata. And return the affected ZF flag status.
174///
175/// \headerfile <x86intrin.h>
176///
177/// This intrinsic corresponds to the <c> AESENC128KL </c> instructions.
178///
179/// \code{.operation}
180/// Handle[383:0] := MEM[__h+383:__h] // Load is not guaranteed to be atomic.
181/// IllegalHandle := ( HandleReservedBitSet (Handle[383:0]) ||
182/// (Handle[127:0] AND (CPL > 0)) ||
183/// Handle[383:256] ||
184/// HandleKeyType (Handle[383:0]) != HANDLE_KEY_TYPE_AES128 )
185/// IF (IllegalHandle)
186/// ZF := 1
187/// ELSE
188/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey)
189/// IF (Authentic == 0)
190/// ZF := 1
191/// ELSE
192/// MEM[__odata+127:__odata] := AES128Encrypt (__idata[127:0], UnwrappedKey)
193/// ZF := 0
194/// FI
195/// FI
196/// dst := ZF
197/// OF := 0
198/// SF := 0
199/// AF := 0
200/// PF := 0
201/// CF := 0
202/// \endcode
203static __inline__ unsigned char __DEFAULT_FN_ATTRS
204_mm_aesenc128kl_u8(__m128i* __odata, __m128i __idata, const void *__h) {
205 return __builtin_ia32_aesenc128kl_u8((__v2di *)__odata, (__v2di)__idata, __h);
206}
207
208/// The AESENC256KL performs 14 rounds of AES to encrypt the __idata using
209/// the 256-bit key in the handle from the __h. It stores the result in the
210/// __odata. And return the affected ZF flag status.
211///
212/// \headerfile <x86intrin.h>
213///
214/// This intrinsic corresponds to the <c> AESENC256KL </c> instructions.
215///
216/// \code{.operation}
217/// Handle[511:0] := MEM[__h+511:__h] // Load is not guaranteed to be atomic.
218/// IllegalHandle := ( HandleReservedBitSet (Handle[511:0]) ||
219/// (Handle[127:0] AND (CPL > 0)) ||
220/// Handle[255:128] ||
221/// HandleKeyType (Handle[511:0]) != HANDLE_KEY_TYPE_AES256 )
222/// IF (IllegalHandle)
223/// ZF := 1
224/// MEM[__odata+127:__odata] := 0
225/// ELSE
226/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey)
227/// IF (Authentic == 0)
228/// ZF := 1
229/// MEM[__odata+127:__odata] := 0
230/// ELSE
231/// MEM[__odata+127:__odata] := AES256Encrypt (__idata[127:0], UnwrappedKey)
232/// ZF := 0
233/// FI
234/// FI
235/// dst := ZF
236/// OF := 0
237/// SF := 0
238/// AF := 0
239/// PF := 0
240/// CF := 0
241/// \endcode
242static __inline__ unsigned char __DEFAULT_FN_ATTRS
243_mm_aesenc256kl_u8(__m128i* __odata, __m128i __idata, const void *__h) {
244 return __builtin_ia32_aesenc256kl_u8((__v2di *)__odata, (__v2di)__idata, __h);
245}
246
247/// The AESDEC128KL performs 10 rounds of AES to decrypt the __idata using
248/// the 128-bit key in the handle from the __h. It stores the result in the
249/// __odata. And return the affected ZF flag status.
250///
251/// \headerfile <x86intrin.h>
252///
253/// This intrinsic corresponds to the <c> AESDEC128KL </c> instructions.
254///
255/// \code{.operation}
256/// Handle[383:0] := MEM[__h+383:__h] // Load is not guaranteed to be atomic.
257/// IllegalHandle := (HandleReservedBitSet (Handle[383:0]) ||
258/// (Handle[127:0] AND (CPL > 0)) ||
259/// Handle[383:256] ||
260/// HandleKeyType (Handle[383:0]) != HANDLE_KEY_TYPE_AES128)
261/// IF (IllegalHandle)
262/// ZF := 1
263/// MEM[__odata+127:__odata] := 0
264/// ELSE
265/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey)
266/// IF (Authentic == 0)
267/// ZF := 1
268/// MEM[__odata+127:__odata] := 0
269/// ELSE
270/// MEM[__odata+127:__odata] := AES128Decrypt (__idata[127:0], UnwrappedKey)
271/// ZF := 0
272/// FI
273/// FI
274/// dst := ZF
275/// OF := 0
276/// SF := 0
277/// AF := 0
278/// PF := 0
279/// CF := 0
280/// \endcode
281static __inline__ unsigned char __DEFAULT_FN_ATTRS
282_mm_aesdec128kl_u8(__m128i* __odata, __m128i __idata, const void *__h) {
283 return __builtin_ia32_aesdec128kl_u8((__v2di *)__odata, (__v2di)__idata, __h);
284}
285
286/// The AESDEC256KL performs 10 rounds of AES to decrypt the __idata using
287/// the 256-bit key in the handle from the __h. It stores the result in the
288/// __odata. And return the affected ZF flag status.
289///
290/// \headerfile <x86intrin.h>
291///
292/// This intrinsic corresponds to the <c> AESDEC256KL </c> instructions.
293///
294/// \code{.operation}
295/// Handle[511:0] := MEM[__h+511:__h]
296/// IllegalHandle := (HandleReservedBitSet (Handle[511:0]) ||
297/// (Handle[127:0] AND (CPL > 0)) ||
298/// Handle[383:256] ||
299/// HandleKeyType (Handle[511:0]) != HANDLE_KEY_TYPE_AES256)
300/// IF (IllegalHandle)
301/// ZF := 1
302/// MEM[__odata+127:__odata] := 0
303/// ELSE
304/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey)
305/// IF (Authentic == 0)
306/// ZF := 1
307/// MEM[__odata+127:__odata] := 0
308/// ELSE
309/// MEM[__odata+127:__odata] := AES256Decrypt (__idata[127:0], UnwrappedKey)
310/// ZF := 0
311/// FI
312/// FI
313/// dst := ZF
314/// OF := 0
315/// SF := 0
316/// AF := 0
317/// PF := 0
318/// CF := 0
319/// \endcode
320static __inline__ unsigned char __DEFAULT_FN_ATTRS
321_mm_aesdec256kl_u8(__m128i* __odata, __m128i __idata, const void *__h) {
322 return __builtin_ia32_aesdec256kl_u8((__v2di *)__odata, (__v2di)__idata, __h);
323}
324
325#undef __DEFAULT_FN_ATTRS
326
327/* Define the default attributes for the functions in this file. */
328#define __DEFAULT_FN_ATTRS \
329 __attribute__((__always_inline__, __nodebug__, __target__("kl,widekl"),\
330 __min_vector_width__(128)))
331
332/// Encrypt __idata[0] to __idata[7] using 128-bit AES key indicated by handle
333/// at __h and store each resultant block back from __odata to __odata+7. And
334/// return the affected ZF flag status.
335///
336/// \headerfile <x86intrin.h>
337///
338/// This intrinsic corresponds to the <c> AESENCWIDE128KL </c> instructions.
339///
340/// \code{.operation}
341/// Handle := MEM[__h+383:__h]
342/// IllegalHandle := ( HandleReservedBitSet (Handle[383:0]) ||
343/// (Handle[127:0] AND (CPL > 0)) ||
344/// Handle[255:128] ||
345/// HandleKeyType (Handle[383:0]) != HANDLE_KEY_TYPE_AES128 )
346/// IF (IllegalHandle)
347/// ZF := 1
348/// FOR i := 0 to 7
349/// __odata[i] := 0
350/// ENDFOR
351/// ELSE
352/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey)
353/// IF Authentic == 0
354/// ZF := 1
355/// FOR i := 0 to 7
356/// __odata[i] := 0
357/// ENDFOR
358/// ELSE
359/// FOR i := 0 to 7
360/// __odata[i] := AES128Encrypt (__idata[i], UnwrappedKey)
361/// ENDFOR
362/// ZF := 0
363/// FI
364/// FI
365/// dst := ZF
366/// OF := 0
367/// SF := 0
368/// AF := 0
369/// PF := 0
370/// CF := 0
371/// \endcode
372static __inline__ unsigned char __DEFAULT_FN_ATTRS
373_mm_aesencwide128kl_u8(__m128i __odata[8], const __m128i __idata[8], const void* __h) {
374 return __builtin_ia32_aesencwide128kl_u8((__v2di *)__odata,
375 (const __v2di *)__idata, __h);
376}
377
378/// Encrypt __idata[0] to __idata[7] using 256-bit AES key indicated by handle
379/// at __h and store each resultant block back from __odata to __odata+7. And
380/// return the affected ZF flag status.
381///
382/// \headerfile <x86intrin.h>
383///
384/// This intrinsic corresponds to the <c> AESENCWIDE256KL </c> instructions.
385///
386/// \code{.operation}
387/// Handle[511:0] := MEM[__h+511:__h]
388/// IllegalHandle := ( HandleReservedBitSet (Handle[511:0]) ||
389/// (Handle[127:0] AND (CPL > 0)) ||
390/// Handle[255:128] ||
391/// HandleKeyType (Handle[511:0]) != HANDLE_KEY_TYPE_AES512 )
392/// IF (IllegalHandle)
393/// ZF := 1
394/// FOR i := 0 to 7
395/// __odata[i] := 0
396/// ENDFOR
397/// ELSE
398/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey)
399/// IF Authentic == 0
400/// ZF := 1
401/// FOR i := 0 to 7
402/// __odata[i] := 0
403/// ENDFOR
404/// ELSE
405/// FOR i := 0 to 7
406/// __odata[i] := AES256Encrypt (__idata[i], UnwrappedKey)
407/// ENDFOR
408/// ZF := 0
409/// FI
410/// FI
411/// dst := ZF
412/// OF := 0
413/// SF := 0
414/// AF := 0
415/// PF := 0
416/// CF := 0
417/// \endcode
418static __inline__ unsigned char __DEFAULT_FN_ATTRS
419_mm_aesencwide256kl_u8(__m128i __odata[8], const __m128i __idata[8], const void* __h) {
420 return __builtin_ia32_aesencwide256kl_u8((__v2di *)__odata,
421 (const __v2di *)__idata, __h);
422}
423
424/// Decrypt __idata[0] to __idata[7] using 128-bit AES key indicated by handle
425/// at __h and store each resultant block back from __odata to __odata+7. And
426/// return the affected ZF flag status.
427///
428/// \headerfile <x86intrin.h>
429///
430/// This intrinsic corresponds to the <c> AESDECWIDE128KL </c> instructions.
431///
432/// \code{.operation}
433/// Handle[383:0] := MEM[__h+383:__h]
434/// IllegalHandle := ( HandleReservedBitSet (Handle[383:0]) ||
435/// (Handle[127:0] AND (CPL > 0)) ||
436/// Handle[255:128] ||
437/// HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES128 )
438/// IF (IllegalHandle)
439/// ZF := 1
440/// FOR i := 0 to 7
441/// __odata[i] := 0
442/// ENDFOR
443/// ELSE
444/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate384 (Handle[383:0], IWKey)
445/// IF Authentic == 0
446/// ZF := 1
447/// FOR i := 0 to 7
448/// __odata[i] := 0
449/// ENDFOR
450/// ELSE
451/// FOR i := 0 to 7
452/// __odata[i] := AES128Decrypt (__idata[i], UnwrappedKey)
453/// ENDFOR
454/// ZF := 0
455/// FI
456/// FI
457/// dst := ZF
458/// OF := 0
459/// SF := 0
460/// AF := 0
461/// PF := 0
462/// CF := 0
463/// \endcode
464static __inline__ unsigned char __DEFAULT_FN_ATTRS
465_mm_aesdecwide128kl_u8(__m128i __odata[8], const __m128i __idata[8], const void* __h) {
466 return __builtin_ia32_aesdecwide128kl_u8((__v2di *)__odata,
467 (const __v2di *)__idata, __h);
468}
469
470/// Decrypt __idata[0] to __idata[7] using 256-bit AES key indicated by handle
471/// at __h and store each resultant block back from __odata to __odata+7. And
472/// return the affected ZF flag status.
473///
474/// \headerfile <x86intrin.h>
475///
476/// This intrinsic corresponds to the <c> AESDECWIDE256KL </c> instructions.
477///
478/// \code{.operation}
479/// Handle[511:0] := MEM[__h+511:__h]
480/// IllegalHandle = ( HandleReservedBitSet (Handle[511:0]) ||
481/// (Handle[127:0] AND (CPL > 0)) ||
482/// Handle[255:128] ||
483/// HandleKeyType (Handle) != HANDLE_KEY_TYPE_AES512 )
484/// If (IllegalHandle)
485/// ZF := 1
486/// FOR i := 0 to 7
487/// __odata[i] := 0
488/// ENDFOR
489/// ELSE
490/// (UnwrappedKey, Authentic) := UnwrapKeyAndAuthenticate512 (Handle[511:0], IWKey)
491/// IF Authentic == 0
492/// ZF := 1
493/// FOR i := 0 to 7
494/// __odata[i] := 0
495/// ENDFOR
496/// ELSE
497/// FOR i := 0 to 7
498/// __odata[i] := AES256Decrypt (__idata[i], UnwrappedKey)
499/// ENDFOR
500/// ZF := 0
501/// FI
502/// FI
503/// dst := ZF
504/// OF := 0
505/// SF := 0
506/// AF := 0
507/// PF := 0
508/// CF := 0
509/// \endcode
510static __inline__ unsigned char __DEFAULT_FN_ATTRS
511_mm_aesdecwide256kl_u8(__m128i __odata[8], const __m128i __idata[8], const void* __h) {
512 return __builtin_ia32_aesdecwide256kl_u8((__v2di *)__odata,
513 (const __v2di *)__idata, __h);
514}
515
516#undef __DEFAULT_FN_ATTRS
517
518#endif /* _KEYLOCKERINTRIN_H */