[PATCHv2] arm: crypto: Add optimized SHA-256/224

Tue Mar 24 10:40:29 PDT 2015

On 24 March 2015 at 18:05, Jean-Christophe PLAGNIOL-VILLARD
<plagnioj at jcrosoft.com> wrote:
> On 15:46 Tue 24 Mar     , Ard Biesheuvel wrote:
>> On 24 March 2015 at 14:06, Ard Biesheuvel <ard.biesheuvel at linaro.org> wrote:
>> > On 24 March 2015 at 14:05, Jean-Christophe PLAGNIOL-VILLARD
>> > <plagnioj at jcrosoft.com> wrote:
>> >>  >> +     '&eor   ($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))',   # Sigma0(a)
>> >>> >> +     '&add   ($h,$h,$t1)',                   # h+=Ch(e,f,g)
>> >>> >> +     '&ldr   ($t1,sprintf "[sp,#%d]",4*(($j+1)&15))  if (($j&15)!=15);'.
>> >>> >> +     '&ldr   ($t1,"[$Ktbl]")                         if ($j==15);'.
>> >>> >> +     '&ldr   ($t1,"[sp,#64]")                        if ($j==31)',
>> >>> >> +     '&and   ($t3,$t3,$t2)',                 # (b^c)&=(a^b)
>> >>> >> +     '&add   ($d,$d,$h)',                    # d+=h
>> >>> >> +     '&add   ($h,$h,$t0,"ror#$Sigma0[0]");'. # h+=Sigma0(a)
>> >>> >> +     '&eor   ($t3,$t3,$b)',                  # Maj(a,b,c)
>> >>> >> +     '$j++;  unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);'
>> >>> >> +     )
>> >>> >> +}
>> >>> >> +
>> >>> >> +$code.=<<___;
>> >>> >> +#if __ARM_MAX_ARCH__>=7
>> >>> > this will be compile on armv4 but gcc will not allow it
>> >>> >
>> >>> > we need to drop the neon code for older non v7 build
>> >>> >
>> >>>
>> >>> The .arch and .fpu declarations ensure that it can be built regardless
>> >>> of the platform you are compiling for, unless you have a really old
>> >>> toolchain.
>> >> I known but does not work for me
>> >>> The glue code ensures that the module can only be loaded if HWCAP_NEON is set.
>> >>>
>> >>> Did you get errors trying to build it?
>> >>
>> >> yes I do
>> >>
>> >> I use
>> >>
>> >> arm-none-linux-gnueabi-gcc (Sourcery CodeBench Lite 2014.05-29) 4.8.3 20140320
>> >> (prerelease)
>> >> Copyright (C) 2013 Free Software Foundation, Inc.
>> >> This is free software; see the source for copying conditions.  There is NO
>> >> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>> >>
>> >> so it's not that old
>> >>
>> >
>> > Could you share the error log please?
>>
>> OK, I spotted one issue with this code:
>>
>> arch/arm/crypto/sha256-core.S: Assembler messages:
>> arch/arm/crypto/sha256-core.S:1847: Error: invalid constant (ffffefb0)
>> after fixup
>
> yes exactly
>>
>> This is caused by the fact that, when building the integer-only code
>> for an older architecture, the conditional compilation produces a
>> slightly bigger preceding function, and the symbol K256 is out of
>> range for the adr instruction.
>
> Yeap I see that too when debuging
>>
>> @Jean-Christophe: is that the same problem that you hit?
>>
>> @Andy: I propose we do something similar as in the bsaes code:
>>
>> #ifdef __thumb__
>> #define adrl adr
>> #endif
>>
>> and replace the offending line with
>>
>> adrl r14,K256
>
> Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
> Tested-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj at jcrosoft.com>
>

Thanks!

@Sami, Andy: we need to respin the whole patch, including updated
OpenSSL upstream commit id :-(

Regards,
Ard.