VIA PadLock

Last updated November 25, 2022

VIA PadLock is a central processing unit (CPU) instruction set extension to the x86 microprocessor instruction set architecture (ISA) found on processors produced by VIA Technologies and Zhaoxin. Introduced in 2003 with the VIA Centaur CPUs, the additional instructions provide hardware-accelerated random number generation (RNG), Advanced Encryption Standard (AES), SHA-1, SHA256, and Montgomery modular multiplication.^[1]^[2]

Instructions

The PadLock instruction set can be divided into four subsets:^[1]

Random number generation (RNG)
- XSTORE: Store Available Random Bytes (aka XSTORERNG)
- REP XSTORE: Store ECX Random Bytes
Advanced cryptography engine (ACE) - for AES crypto; two versions
- REP XCRYPTECB: Electronic code book
- REP XCRYPTCBC: Cipher Block Chaining
- REP XCRYPTCTR: Counter Mode (ACE2)
- REP XCRYPTCFB: Cipher Feedback Mode
- REP XCRYPTOFB: Output Feedback Mode
SHA hash engine (PHE)
- REP XSHA1: Hash Function SHA-1
- REP XSHA256: Hash Function SHA-256
Montgomery multiplier (PMM)
- REP MONTMUL

The padlock capability is indicated via a CPUID instruction with EAX = 0xC0000000. If the resultant EAX >= 0xC0000001, the CPU is aware of Centaur features. An additional request with EAX = 0xC0000001 then returns PadLock support in EDX. The padlock capability can be toggled on or off with MSR 0X1107.^[1]

VIA PadLock found on some Zhaoxin CPUs have SM3 hashing and SM4 block cipher added.^[3]

CPUs with PadLock

All VIA Nano CPUs support SHA, AES, and RNG.
All VIA Eden CPUs since 2003 (C3 Nehemiah) support AES and RNG. All these released since 2006 support AES, RNG, SHA, and PMM.
All VIA C7 CPUs support AES, RNG, SHA, and PMM.

Supporting software

Linux kernel since 2.6.11 has PadLock AES. PadLock SHA was introduced in 2.6.19. These are handled as "hardware crypto devices".^[4]
OpenBSD and FreeBSD support PadLock.^[5]
OpenSSL supports PadLock AES and SHA since 2004 (0.9.7f/0.9.8a).^[6]
GNU assembler supports PadLock since 2004.^[7]

Related Research Articles

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

In software engineering, a spinlock is a lock that causes a thread trying to acquire it to simply wait in a loop ("spin") while repeatedly checking whether the lock is available. Since the thread remains active but is not performing a useful task, the use of such a lock is a kind of busy waiting. Once acquired, spinlocks will usually be held until they are explicitly released, although in some implementations they may be automatically released if the thread being waited on blocks or "goes to sleep".

A cryptographic hash function (CHF) is a mathematical algorithm that maps data of an arbitrary size to a bit array of a fixed size. It is a one-way function, that is, a function for which it is practically infeasible to invert or reverse the computation. Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Cryptographic hash functions are a basic tool of modern cryptography.

The x86 instruction set refers to the set of instructions that x86-compatible microprocessors support. The instructions are usually part of an executable program, often stored as a computer file and executed on the processor.

In Unix-like operating systems, /dev/random and /dev/urandom are special files that serve as cryptographically secure pseudorandom number generators. They allow access to environmental noise collected from device drivers and other sources. /dev/random typically blocked if there was less entropy available than requested; more recently it usually blocks at startup until sufficient entropy has been gathered, then unblocks permanently. The /dev/urandom device typically was never a blocking device, even if the pseudorandom number generator seed was not fully initialized with entropy since boot. Not all operating systems implement the same methods for /dev/random and /dev/urandom.

Fortuna is a cryptographically secure pseudorandom number generator (PRNG) devised by Bruce Schneier and Niels Ferguson and published in 2003. It is named after Fortuna, the Roman goddess of chance. FreeBSD uses Fortuna for /dev/random and /dev/urandom is symbolically linked to it since FreeBSD 11. Apple OSes have switched to Fortuna since 2020 Q1.

Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data.

Centaur Technology is an x86 CPU design company started in 1995 and subsequently a wholly owned subsidiary of VIA Technologies. In 2015, the documentary Rise of the Centaur covered the early history of the company.

The VIA Nano is a 64-bit CPU for personal computers. The VIA Nano was released by VIA Technologies in 2008 after five years of development by its CPU division, Centaur Technology. This new Isaiah 64-bit architecture was designed from scratch, unveiled on 24 January 2008, and launched on 29 May, including low-voltage variants and the Nano brand name. The processor supports a number of VIA-specific x86 extensions designed to boost efficiency in low-power appliances.

Advanced Vector Extensions (AVX) are extensions to the x86 instruction set architecture for microprocessors from Intel and Advanced Micro Devices (AMD). They were proposed by Intel in March 2008 and first supported by Intel with the Sandy Bridge processor shipping in Q1 2011 and later by AMD with the Bulldozer processor shipping in Q3 2011. AVX provides new features, new instructions and a new coding scheme.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

geli is a block device-layer disk encryption system written for FreeBSD, introduced in version 6.0. It uses the GEOM disk framework. It was designed and implemented by Paweł Jakub Dawidek.

An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard (AES).

The Transport Layer Security (TLS) protocol provides the ability to secure communications across networks. This comparison of TLS implementations compares several of the most notable libraries. There are several TLS implementations which are free software and open source.

RDRAND is an instruction for returning random numbers from an Intel on-chip hardware random number generator which has been seeded by an on-chip entropy source. Intel introduced the feature around 2012, and AMD added support for the instruction in June 2015.

References

1 2 3 "VIA PadLock Programming Guide". August 4, 2005. Archived from the original on May 26, 2010.
↑ "VIA PadLock - Wicked Fast Encryption". www.logix.cz.
↑ "Kaixian ZX-C+ Series 4-core CPU". Shanghai Zhaoxin Semiconductor Co., Ltd.
↑ "VIA PadLock support for Linux". www.logix.cz.
↑ padlock(4) – FreeBSD Kernel Interfaces Manual
↑ "openssl/engines/e_padlock.c". GitHub.
↑ "Added new instructions for next version of VIA PadLock core. · bminor/binutils-gdb@30d1c83". GitHub.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[doc-1] 1 2 3 "VIA PadLock Programming Guide". August 4, 2005. Archived from the original on May 26, 2010.

[2] "VIA PadLock - Wicked Fast Encryption". www.logix.cz.

[3] "Kaixian ZX-C+ Series 4-core CPU". Shanghai Zhaoxin Semiconductor Co., Ltd.

[4] "VIA PadLock support for Linux". www.logix.cz.

[5] padlock(4) – FreeBSD Kernel Interfaces Manual

[6] "openssl/engines/e_padlock.c". GitHub.

[7] "Added new instructions for next version of VIA PadLock core. · bminor/binutils-gdb@30d1c83". GitHub.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

v t e VIA Technologies x86 processors
Lists	Microprocessors Chipsets Nano Eden C7 C3
Products	VIA Nano VIA Eden VIA CoreFusion VIA C7 VIA C3 Cyrix III
See also	VIA PadLock Centaur Technology WonderMedia Zhaoxin JV

v t e Instruction set extensions
SIMD (RISC)	Alpha MVI ARM NEON SVE MIPS MDMX MIPS-3D MXU MIPS SIMD PA-RISC MAX Power ISA VMX SPARC VIS
SIMD (x86)	MMX (1996) 3DNow! (1998) SSE (1999) SSE2 (2001) SSE3 (2004) SSSE3 (2006) SSE4 (2006) SSE5 ~~(2007)~~ AVX (2008) F16C (2009) XOP (2009) FMA (FMA4: 2011, FMA3: 2012) AVX2 (2013) AVX-512 (2015) AMX (2022)
Bit manipulation	BMI (ABM: 2007, BMI1: 2012, BMI2: 2013, TBM: 2012) ADX (2014)
Compressed instructions	SuperH ^{[ citation needed ]} Thumb MIPS16e ASE RVC
Security and cryptography	PadLock (2003) AES-NI (2008); ARMv8 also has AES instructions CLMUL (2010) RDRAND (2012) SHA (2013) MPX (2015) SGX (2015)
Transactional memory	TSX (2013) ASF
Virtualization	VT-x (2005) AMD-V (2006) VT-d (AMD-Vi)
Suspended extensions' dates are ~~struck through~~.

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC2 RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE
Utilization	Initialization vector Mode of operation Padding