From: Loic Poulain <loic.poulain@linaro.org>
To: trini@konsulko.com
Cc: u-boot@lists.denx.de, michal.simek@xilinx.com,
kettenis@openbsd.org, Loic Poulain <loic.poulain@linaro.org>
Subject: [PATCH v2 5/5] armv8 SHA-256 using ARMv8 Crypto Extensions
Date: Wed, 1 Jun 2022 20:26:31 +0200 [thread overview]
Message-ID: <1654107991-598-6-git-send-email-loic.poulain@linaro.org> (raw)
In-Reply-To: <1654107991-598-1-git-send-email-loic.poulain@linaro.org>
This patch adds support for the SHA-256 Secure Hash Algorithm for CPUs
that have support for the SHA-256 part of the ARM v8 Crypto Extensions.
It greatly improves sha-256 based operations, about 17x faster on iMX8M
evk board. ~12ms vs ~208ms for a 20MiB kernel sha-256 verification.
asm implementation is a simplified version of the Linux version (from
Ard Biesheuvel).
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
---
arch/arm/cpu/armv8/Kconfig | 4 ++
arch/arm/cpu/armv8/Makefile | 1 +
arch/arm/cpu/armv8/sha256_ce_core.S | 134 ++++++++++++++++++++++++++++++++++++
arch/arm/cpu/armv8/sha256_ce_glue.c | 21 ++++++
4 files changed, 160 insertions(+)
create mode 100644 arch/arm/cpu/armv8/sha256_ce_core.S
create mode 100644 arch/arm/cpu/armv8/sha256_ce_glue.c
diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
index 0b11ca8..0494a08 100644
--- a/arch/arm/cpu/armv8/Kconfig
+++ b/arch/arm/cpu/armv8/Kconfig
@@ -180,6 +180,10 @@ config ARMV8_CE_SHA1
bool "SHA-1 digest algorithm (ARMv8 Crypto Extensions)"
default y if SHA1
+config ARMV8_CE_SHA256
+ bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
+ default y if SHA256
+
endif
endif
diff --git a/arch/arm/cpu/armv8/Makefile b/arch/arm/cpu/armv8/Makefile
index ff2495c..2e4bf9e 100644
--- a/arch/arm/cpu/armv8/Makefile
+++ b/arch/arm/cpu/armv8/Makefile
@@ -45,3 +45,4 @@ obj-$(CONFIG_ARMV8_PSCI) += psci.o
obj-$(CONFIG_TARGET_BCMNS3) += bcmns3/
obj-$(CONFIG_XEN) += xen/
obj-$(CONFIG_ARMV8_CE_SHA1) += sha1_ce_glue.o sha1_ce_core.o
+obj-$(CONFIG_ARMV8_CE_SHA256) += sha256_ce_glue.o sha256_ce_core.o
diff --git a/arch/arm/cpu/armv8/sha256_ce_core.S b/arch/arm/cpu/armv8/sha256_ce_core.S
new file mode 100644
index 0000000..fbae3ca
--- /dev/null
+++ b/arch/arm/cpu/armv8/sha256_ce_core.S
@@ -0,0 +1,134 @@
+/* SPDX-License-Identifier: GPL-2.0-only */
+/*
+ * sha256-ce-core.S - core SHA-256 transform using v8 Crypto Extensions
+ *
+ * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
+ * Copyright (C) 2022 Linaro Ltd <loic.poulain@linaro.org>
+ */
+
+ #include <config.h>
+ #include <linux/linkage.h>
+ #include <asm/system.h>
+ #include <asm/macro.h>
+
+ .text
+ .arch armv8-a+crypto
+
+ dga .req q20
+ dgav .req v20
+ dgb .req q21
+ dgbv .req v21
+
+ t0 .req v22
+ t1 .req v23
+
+ dg0q .req q24
+ dg0v .req v24
+ dg1q .req q25
+ dg1v .req v25
+ dg2q .req q26
+ dg2v .req v26
+
+ .macro add_only, ev, rc, s0
+ mov dg2v.16b, dg0v.16b
+ .ifeq \ev
+ add t1.4s, v\s0\().4s, \rc\().4s
+ sha256h dg0q, dg1q, t0.4s
+ sha256h2 dg1q, dg2q, t0.4s
+ .else
+ .ifnb \s0
+ add t0.4s, v\s0\().4s, \rc\().4s
+ .endif
+ sha256h dg0q, dg1q, t1.4s
+ sha256h2 dg1q, dg2q, t1.4s
+ .endif
+ .endm
+
+ .macro add_update, ev, rc, s0, s1, s2, s3
+ sha256su0 v\s0\().4s, v\s1\().4s
+ add_only \ev, \rc, \s1
+ sha256su1 v\s0\().4s, v\s2\().4s, v\s3\().4s
+ .endm
+
+ /*
+ * The SHA-256 round constants
+ */
+ .align 4
+.Lsha2_rcon:
+ .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5
+ .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5
+ .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3
+ .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174
+ .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc
+ .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da
+ .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7
+ .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967
+ .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13
+ .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85
+ .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3
+ .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070
+ .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5
+ .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3
+ .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208
+ .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+
+ /*
+ * void sha256_armv8_ce_process(struct sha256_ce_state *sst,
+ * uint8_t const *src, uint32_t blocks)
+ */
+ENTRY(sha256_armv8_ce_process)
+ /* load round constants */
+ adr x8, .Lsha2_rcon
+ ld1 { v0.4s- v3.4s}, [x8], #64
+ ld1 { v4.4s- v7.4s}, [x8], #64
+ ld1 { v8.4s-v11.4s}, [x8], #64
+ ld1 {v12.4s-v15.4s}, [x8]
+
+ /* load state */
+ ldp dga, dgb, [x0]
+
+ /* load input */
+0: ld1 {v16.4s-v19.4s}, [x1], #64
+ sub w2, w2, #1
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ rev32 v16.16b, v16.16b
+ rev32 v17.16b, v17.16b
+ rev32 v18.16b, v18.16b
+ rev32 v19.16b, v19.16b
+#endif
+
+1: add t0.4s, v16.4s, v0.4s
+ mov dg0v.16b, dgav.16b
+ mov dg1v.16b, dgbv.16b
+
+ add_update 0, v1, 16, 17, 18, 19
+ add_update 1, v2, 17, 18, 19, 16
+ add_update 0, v3, 18, 19, 16, 17
+ add_update 1, v4, 19, 16, 17, 18
+
+ add_update 0, v5, 16, 17, 18, 19
+ add_update 1, v6, 17, 18, 19, 16
+ add_update 0, v7, 18, 19, 16, 17
+ add_update 1, v8, 19, 16, 17, 18
+
+ add_update 0, v9, 16, 17, 18, 19
+ add_update 1, v10, 17, 18, 19, 16
+ add_update 0, v11, 18, 19, 16, 17
+ add_update 1, v12, 19, 16, 17, 18
+
+ add_only 0, v13, 17
+ add_only 1, v14, 18
+ add_only 0, v15, 19
+ add_only 1
+
+ /* update state */
+ add dgav.4s, dgav.4s, dg0v.4s
+ add dgbv.4s, dgbv.4s, dg1v.4s
+
+ /* handled all input blocks? */
+ cbnz w2, 0b
+
+ /* store new state */
+3: stp dga, dgb, [x0]
+ ret
+ENDPROC(sha256_armv8_ce_process)
diff --git a/arch/arm/cpu/armv8/sha256_ce_glue.c b/arch/arm/cpu/armv8/sha256_ce_glue.c
new file mode 100644
index 0000000..67dd796
--- /dev/null
+++ b/arch/arm/cpu/armv8/sha256_ce_glue.c
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * sha256_ce_glue.c - SHA-256 secure hash using ARMv8 Crypto Extensions
+ *
+ * Copyright (C) 2022 Linaro Ltd <loic.poulain@linaro.org>
+ */
+
+#include <common.h>
+#include <u-boot/sha256.h>
+
+extern void sha256_armv8_ce_process(uint32_t state[8], uint8_t const *src,
+ uint32_t blocks);
+
+void sha256_process(sha256_context *ctx, const unsigned char *data,
+ unsigned int blocks)
+{
+ if (!blocks)
+ return;
+
+ sha256_armv8_ce_process(ctx->state, data, blocks);
+}
--
2.7.4
next prev parent reply other threads:[~2022-06-01 18:27 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-01 18:26 [PATCH v2 0/5] Add ARMv8 CE sha1/sha256 support Loic Poulain
2022-06-01 18:26 ` [PATCH v2 1/5] lib: sha1: Add support for hardware specific sha1_process Loic Poulain
2022-06-27 21:30 ` Tom Rini
2022-06-01 18:26 ` [PATCH v2 2/5] sha1: Fix digest state size/type Loic Poulain
2022-06-27 21:31 ` Tom Rini
2022-06-01 18:26 ` [PATCH v2 3/5] armv8 SHA-1 using ARMv8 Crypto Extensions: Loic Poulain
2022-06-27 21:31 ` Tom Rini
2022-06-01 18:26 ` [PATCH v2 4/5] lib: sha256: Add support for hardware specific sha256_process Loic Poulain
2022-06-27 21:31 ` Tom Rini
2023-02-06 17:12 ` Simon Glass
2023-02-06 22:12 ` Loic Poulain
2023-02-07 4:02 ` Simon Glass
2023-02-07 21:47 ` Loic Poulain
2023-02-07 22:25 ` Simon Glass
2023-02-08 0:10 ` Tom Rini
2023-02-08 18:28 ` Simon Glass
2023-02-08 18:38 ` Tom Rini
2022-06-01 18:26 ` Loic Poulain [this message]
2022-06-23 19:51 ` [PATCH] qemu_arm64: Enable CONFIG_ARMV8_CRYPTO support Tom Rini
2022-06-27 21:31 ` Tom Rini
2022-06-27 21:31 ` [PATCH v2 5/5] armv8 SHA-256 using ARMv8 Crypto Extensions Tom Rini
2022-06-15 23:04 ` [PATCH v2 0/5] Add ARMv8 CE sha1/sha256 support Loic Poulain
2022-06-16 14:39 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1654107991-598-6-git-send-email-loic.poulain@linaro.org \
--to=loic.poulain@linaro.org \
--cc=kettenis@openbsd.org \
--cc=michal.simek@xilinx.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.