wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5152 from SparkiDev/armv7a_neon_asm

Browse Source 
ARM ASM: ARMv7a with NEON instructions
This commit is contained in:
David Garske
2022-09-23 08:46:03 -07:00
committed by GitHub
parent 62670d9263 1b9656f72d
commit 7970d5d794
15 changed files with 8702 additions and 2900 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
configure.ac
View File

@ -2163,6 +2163,7 @@ then
esac
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=yes
# Check for and set -mstrict-align compiler flag
# Used to set assumption that Aarch64 systems will not handle
@ -2179,12 +2180,22 @@ then
AM_CPPFLAGS="$AM_CPPFLAGS -mstrict-align"
AC_MSG_NOTICE([64bit ARMv8, setting -mstrict-align]);;
esac
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto]);;
AC_MSG_NOTICE([64bit ARMv8 found, setting mcpu to generic+crypto])
;;
armv7a)
AM_CPPFLAGS="$AM_CPPFLAGS -march=armv7-a -mfpu=neon -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARM_ARCH=7"
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
ENABLED_ARMASM_CRYPTO=no
AC_MSG_NOTICE([32bit ARMv7-a found, setting mfpu to neon])
;;
*)
AM_CPPFLAGS="$AM_CPPFLAGS -mfpu=crypto-neon-fp-armv8"
# Include options.h
AM_CCASFLAGS="$AM_CCASFLAGS -DEXTERNAL_OPTS_OPENVPN"
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8]);;
ENABLED_ARMASM_CRYPTO=yes
AC_MSG_NOTICE([32bit ARMv8 found, setting mfpu to crypto-neon-fp-armv8])
;;
esac
esac
fi
@ -8071,6 +8082,7 @@ AM_CONDITIONAL([BUILD_AESGCM],[test "x$ENABLED_AESGCM" = "xyes" || test "x$ENABL
AM_CONDITIONAL([BUILD_AESCCM],[test "x$ENABLED_AESCCM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_ARMASM],[test "x$ENABLED_ARMASM" = "xyes"])
AM_CONDITIONAL([BUILD_ARMASM_INLINE],[test "x$ENABLED_ARMASM_INLINE" = "xyes"])
AM_CONDITIONAL([BUILD_ARMASM_CRYPTO],[test "x$ENABLED_ARMASM_CRYPTO" = "xyes"])
AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"])
AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"])
AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"])

16
src/include.am
View File

@ -203,7 +203,7 @@ endif
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
if BUILD_ARMASM
if BUILD_ARMASM_CRYPTO
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
endif
endif
@ -219,6 +219,11 @@ endif
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
if BUILD_ARMASM_INLINE
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
endif
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
if BUILD_INTELASM
@ -316,10 +321,15 @@ endif
endif !BUILD_FIPS_CURRENT
if !BUILD_FIPS_CURRENT
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
if BUILD_ARMASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha256.c
if BUILD_ARMASM_INLINE
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
endif
else
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256.c
if BUILD_INTELASM
src_libwolfssl_la_SOURCES += wolfcrypt/src/sha256_asm.S
endif
@ -399,7 +409,7 @@ endif
if !BUILD_FIPS_CURRENT
if BUILD_AES
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
if BUILD_ARMASM
if BUILD_ARMASM_CRYPTO
src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-aes.c
endif
if BUILD_AFALG

6
wolfcrypt/src/aes.c
View File

@ -306,7 +306,7 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#include <wolfcrypt/src/misc.c>
#endif
#if !defined(WOLFSSL_ARMASM)
#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
#ifdef WOLFSSL_IMX6_CAAM_BLOB
/* case of possibly not using hardware acceleration for AES but using key
@ -4601,7 +4601,7 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
#endif
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
/* implementation is located in wolfcrypt/src/port/arm/armv8-aes.c */
#elif defined(WOLFSSL_AFALG)
@ -9933,7 +9933,7 @@ int wc_AesCcmCheckTagSize(int sz)
return 0;
}
#ifdef WOLFSSL_ARMASM
#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
/* implementation located in wolfcrypt/src/port/arm/armv8-aes.c */
#elif defined(HAVE_COLDFIRE_SEC)

2258
wolfcrypt/src/port/arm/armv8-32-curve25519.S
View File

File diff suppressed because it is too large Load Diff

2175
wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
View File

File diff suppressed because it is too large Load Diff

2517
wolfcrypt/src/port/arm/armv8-32-sha256-asm.S Normal file
View File

File diff suppressed because it is too large Load Diff

2519
wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c Normal file
View File

File diff suppressed because it is too large Load Diff

388
wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
View File

@ -225,7 +225,7 @@ Transform_Sha512_Len:
strd r6, r7, [sp, #176]
strd r8, r9, [sp, #184]
# Start of loop processing a block
L_sha512_len_neon_begin:
L_SHA512_transform_len_begin:
# Load, Reverse and Store W
ldr r12, [r1]
ldr lr, [r1, #4]
@ -319,7 +319,7 @@ L_sha512_len_neon_begin:
eor r9, r9, lr
mov r10, #4
# Start of 16 rounds
L_sha512_len_neon_start:
L_SHA512_transform_len_start:
# Round 0
ldr r12, [r0, #32]
ldr lr, [r0, #36]
@ -2546,7 +2546,7 @@ L_sha512_len_neon_start:
str lr, [sp, #124]
add r3, r3, #0x80
subs r10, r10, #1
bne L_sha512_len_neon_start
bne L_SHA512_transform_len_start
# Round 0
ldr r12, [r0, #32]
ldr lr, [r0, #36]
@ -4035,7 +4035,7 @@ L_sha512_len_neon_start:
subs r2, r2, #0x80
sub r3, r3, #0x200
add r1, r1, #0x80
bne L_sha512_len_neon_begin
bne L_SHA512_transform_len_begin
eor r0, r0, r0
add sp, sp, #0xc0
pop {r4, r5, r6, r7, r8, r9, r10, pc}
@ -4209,6 +4209,7 @@ L_SHA512_transform_neon_len_k:
.word 0x6c44198c
.text
.align 2
.fpu neon
.globl Transform_Sha512_Len
.type Transform_Sha512_Len, %function
Transform_Sha512_Len:
@ -4216,9 +4217,13 @@ Transform_Sha512_Len:
# Load digest into working vars
vldm.64 r0, {d0-d7}
# Start of loop processing a block
L_sha512_len_neon_begin:
L_SHA512_transform_neon_len_begin:
# Load W
vldm.64 r1!, {d16-d31}
vld1.8 {q8, q9}, [r1]!
vld1.8 {q10, q11}, [r1]!
vld1.8 {q12, q13}, [r1]!
vld1.8 {q14, q15}, [r1]!
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
vrev64.8 q8, q8
vrev64.8 q9, q9
vrev64.8 q10, q10
@ -4227,10 +4232,28 @@ L_sha512_len_neon_begin:
vrev64.8 q13, q13
vrev64.8 q14, q14
vrev64.8 q15, q15
#else
vrev64.8 d16, d16
vrev64.8 d17, d17
vrev64.8 d18, d18
vrev64.8 d19, d19
vrev64.8 d20, d20
vrev64.8 d21, d21
vrev64.8 d22, d22
vrev64.8 d23, d23
vrev64.8 d24, d24
vrev64.8 d25, d25
vrev64.8 d26, d26
vrev64.8 d27, d27
vrev64.8 d28, d28
vrev64.8 d29, d29
vrev64.8 d30, d30
vrev64.8 d31, d31
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
adr r3, L_SHA512_transform_neon_len_k
mov r12, #4
# Start of 16 rounds
L_sha512_len_neon_start:
L_SHA512_transform_neon_len_start:
# Round 0
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d4, #50
@ -4289,6 +4312,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d2, d6
vadd.i64 d6, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[0]-W[1]
vext.8 q6, q8, q9, #8
vshl.u64 q4, q15, #45
@ -4309,6 +4333,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q8, q5
#else
# Calc new W[0]-W[1]
vmov d12, d17
vmov d13, d18
vshl.u64 d8, d30, #45
vshl.u64 d9, d31, #45
vsri.u64 d8, d30, #19
vsri.u64 d9, d31, #19
vshl.u64 d10, d30, #3
vshl.u64 d11, d31, #3
vsri.u64 d10, d30, #61
vsri.u64 d11, d31, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d30, #6
vshr.u64 d9, d31, #6
veor d10, d8
veor d11, d9
vadd.i64 d16, d10
vadd.i64 d17, d11
vmov d14, d25
vmov d15, d26
vadd.i64 d16, d14
vadd.i64 d17, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d16, d10
vadd.i64 d17, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 2
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d2, #50
@ -4367,6 +4432,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d0, d4
vadd.i64 d4, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[2]-W[3]
vext.8 q6, q9, q10, #8
vshl.u64 q4, q8, #45
@ -4387,6 +4453,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q9, q5
#else
# Calc new W[2]-W[3]
vmov d12, d19
vmov d13, d20
vshl.u64 d8, d16, #45
vshl.u64 d9, d17, #45
vsri.u64 d8, d16, #19
vsri.u64 d9, d17, #19
vshl.u64 d10, d16, #3
vshl.u64 d11, d17, #3
vsri.u64 d10, d16, #61
vsri.u64 d11, d17, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d16, #6
vshr.u64 d9, d17, #6
veor d10, d8
veor d11, d9
vadd.i64 d18, d10
vadd.i64 d19, d11
vmov d14, d27
vmov d15, d28
vadd.i64 d18, d14
vadd.i64 d19, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d18, d10
vadd.i64 d19, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 4
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d0, #50
@ -4445,6 +4552,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d6, d2
vadd.i64 d2, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[4]-W[5]
vext.8 q6, q10, q11, #8
vshl.u64 q4, q9, #45
@ -4465,6 +4573,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q10, q5
#else
# Calc new W[4]-W[5]
vmov d12, d21
vmov d13, d22
vshl.u64 d8, d18, #45
vshl.u64 d9, d19, #45
vsri.u64 d8, d18, #19
vsri.u64 d9, d19, #19
vshl.u64 d10, d18, #3
vshl.u64 d11, d19, #3
vsri.u64 d10, d18, #61
vsri.u64 d11, d19, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d18, #6
vshr.u64 d9, d19, #6
veor d10, d8
veor d11, d9
vadd.i64 d20, d10
vadd.i64 d21, d11
vmov d14, d29
vmov d15, d30
vadd.i64 d20, d14
vadd.i64 d21, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d20, d10
vadd.i64 d21, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 6
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d6, #50
@ -4523,6 +4672,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d4, d0
vadd.i64 d0, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[6]-W[7]
vext.8 q6, q11, q12, #8
vshl.u64 q4, q10, #45
@ -4543,6 +4693,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q11, q5
#else
# Calc new W[6]-W[7]
vmov d12, d23
vmov d13, d24
vshl.u64 d8, d20, #45
vshl.u64 d9, d21, #45
vsri.u64 d8, d20, #19
vsri.u64 d9, d21, #19
vshl.u64 d10, d20, #3
vshl.u64 d11, d21, #3
vsri.u64 d10, d20, #61
vsri.u64 d11, d21, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d20, #6
vshr.u64 d9, d21, #6
veor d10, d8
veor d11, d9
vadd.i64 d22, d10
vadd.i64 d23, d11
vmov d14, d31
vmov d15, d16
vadd.i64 d22, d14
vadd.i64 d23, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d22, d10
vadd.i64 d23, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 8
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d4, #50
@ -4601,6 +4792,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d2, d6
vadd.i64 d6, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[8]-W[9]
vext.8 q6, q12, q13, #8
vshl.u64 q4, q11, #45
@ -4621,6 +4813,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q12, q5
#else
# Calc new W[8]-W[9]
vmov d12, d25
vmov d13, d26
vshl.u64 d8, d22, #45
vshl.u64 d9, d23, #45
vsri.u64 d8, d22, #19
vsri.u64 d9, d23, #19
vshl.u64 d10, d22, #3
vshl.u64 d11, d23, #3
vsri.u64 d10, d22, #61
vsri.u64 d11, d23, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d22, #6
vshr.u64 d9, d23, #6
veor d10, d8
veor d11, d9
vadd.i64 d24, d10
vadd.i64 d25, d11
vmov d14, d17
vmov d15, d18
vadd.i64 d24, d14
vadd.i64 d25, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d24, d10
vadd.i64 d25, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 10
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d2, #50
@ -4679,6 +4912,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d0, d4
vadd.i64 d4, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[10]-W[11]
vext.8 q6, q13, q14, #8
vshl.u64 q4, q12, #45
@ -4699,6 +4933,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q13, q5
#else
# Calc new W[10]-W[11]
vmov d12, d27
vmov d13, d28
vshl.u64 d8, d24, #45
vshl.u64 d9, d25, #45
vsri.u64 d8, d24, #19
vsri.u64 d9, d25, #19
vshl.u64 d10, d24, #3
vshl.u64 d11, d25, #3
vsri.u64 d10, d24, #61
vsri.u64 d11, d25, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d24, #6
vshr.u64 d9, d25, #6
veor d10, d8
veor d11, d9
vadd.i64 d26, d10
vadd.i64 d27, d11
vmov d14, d19
vmov d15, d20
vadd.i64 d26, d14
vadd.i64 d27, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d26, d10
vadd.i64 d27, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 12
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d0, #50
@ -4757,6 +5032,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d6, d2
vadd.i64 d2, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[12]-W[13]
vext.8 q6, q14, q15, #8
vshl.u64 q4, q13, #45
@ -4777,6 +5053,47 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q14, q5
#else
# Calc new W[12]-W[13]
vmov d12, d29
vmov d13, d30
vshl.u64 d8, d26, #45
vshl.u64 d9, d27, #45
vsri.u64 d8, d26, #19
vsri.u64 d9, d27, #19
vshl.u64 d10, d26, #3
vshl.u64 d11, d27, #3
vsri.u64 d10, d26, #61
vsri.u64 d11, d27, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d26, #6
vshr.u64 d9, d27, #6
veor d10, d8
veor d11, d9
vadd.i64 d28, d10
vadd.i64 d29, d11
vmov d14, d21
vmov d15, d22
vadd.i64 d28, d14
vadd.i64 d29, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d28, d10
vadd.i64 d29, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
# Round 14
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d6, #50
@ -4835,6 +5152,7 @@ L_sha512_len_neon_start:
vadd.i64 d10, d9
vadd.i64 d4, d0
vadd.i64 d0, d10
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
# Calc new W[14]-W[15]
vext.8 q6, q15, q8, #8
vshl.u64 q4, q14, #45
@ -4855,8 +5173,49 @@ L_sha512_len_neon_start:
vshr.u64 q6, #7
veor q5, q6
vadd.i64 q15, q5
#else
# Calc new W[14]-W[15]
vmov d12, d31
vmov d13, d16
vshl.u64 d8, d28, #45
vshl.u64 d9, d29, #45
vsri.u64 d8, d28, #19
vsri.u64 d9, d29, #19
vshl.u64 d10, d28, #3
vshl.u64 d11, d29, #3
vsri.u64 d10, d28, #61
vsri.u64 d11, d29, #61
veor d10, d8
veor d11, d9
vshr.u64 d8, d28, #6
vshr.u64 d9, d29, #6
veor d10, d8
veor d11, d9
vadd.i64 d30, d10
vadd.i64 d31, d11
vmov d14, d23
vmov d15, d24
vadd.i64 d30, d14
vadd.i64 d31, d15
vshl.u64 d8, d12, #63
vshl.u64 d9, d13, #63
vsri.u64 d8, d12, #1
vsri.u64 d9, d13, #1
vshl.u64 d10, d12, #56
vshl.u64 d11, d13, #56
vsri.u64 d10, d12, #8
vsri.u64 d11, d13, #8
veor d10, d8
veor d11, d9
vshr.u64 d12, #7
vshr.u64 d13, #7
veor d10, d12
veor d11, d13
vadd.i64 d30, d10
vadd.i64 d31, d11
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
subs r12, r12, #1
bne L_sha512_len_neon_start
bne L_SHA512_transform_neon_len_start
# Round 0
vld1.64 {d12}, [r3:64]!
vshl.u64 d8, d4, #50
@ -5323,13 +5682,24 @@ L_sha512_len_neon_start:
vadd.i64 d0, d10
# Add in digest from start
vldm.64 r0, {d8-d15}
#ifndef WOLFSSL_ARM_ARCH_NEON_64BIT
vadd.i64 q0, q0, q4
vadd.i64 q1, q1, q5
vadd.i64 q2, q2, q6
vadd.i64 q3, q3, q7
#else
vadd.i64 d0, d0, d8
vadd.i64 d1, d1, d9
vadd.i64 d2, d2, d10
vadd.i64 d3, d3, d11
vadd.i64 d4, d4, d12
vadd.i64 d5, d5, d13
vadd.i64 d6, d6, d14
vadd.i64 d7, d7, d15
#endif /* WOLFSSL_ARM_ARCH_NEON_64BIT */
vstm.64 r0, {d0-d7}
subs r2, r2, #0x80
bne L_sha512_len_neon_begin
bne L_SHA512_transform_neon_len_begin
vpop {d8-d15}
bx lr
.size Transform_Sha512_Len,.-Transform_Sha512_Len

1491
wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c
View File

File diff suppressed because it is too large Load Diff

3
wolfcrypt/src/port/arm/armv8-aes.c
View File

@ -32,7 +32,8 @@
#include <wolfssl/wolfcrypt/settings.h>
#if !defined(NO_AES) && defined(WOLFSSL_ARMASM)
#if !defined(NO_AES) && defined(WOLFSSL_ARMASM) && \
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
#ifdef HAVE_FIPS
#undef HAVE_FIPS

86
wolfcrypt/src/port/arm/armv8-chacha.c
View File

@ -968,14 +968,16 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"v21", "v22", "v23"
);
#else
word32 x[CHACHA_CHUNK_WORDS];
word32* x_addr = x;
__asm__ __volatile__ (
// The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to optimize for ARM
// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
".align 2 \n\t"
"LDR r14, %[input] \n\t" // load input address
#ifndef NDEBUG
"PUSH { r7 } \n\t"
#endif
"SUB sp, sp, #16*4 \n\t"
"LDM r14, { r0-r12 } \n\t"
// r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12
@ -985,9 +987,14 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"VMOV d2, r4, r5 \n\t"
"VMOV d3, r6, r7 \n\t"
"VMOV d4, r8, r9 \n\t"
"STRD r10, r11, %[x_10] \n\t"
"STRD r10, r11, [sp, #4*10] \n\t"
"VMOV d5, r10, r11 \n\t"
#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 8)
"LDR r11, [r14, #4*14] \n\t"
"LDR r10, [r14, #4*15] \n\t"
#else
"LDRD r11, r10, [r14, #4*14] \n\t"
#endif
"VMOV q4, q0 \n\t"
"VMOV q5, q1 \n\t"
"VMOV q6, q2 \n\t"
@ -997,7 +1004,7 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
// r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12
// 0 1 2 3 4 5 6 7 8 9 15 14 12
"VMOV d7, r11, r10 \n\t"
"STR r10, %[x_15] \n\t"
"STR r10, [sp, #4*15] \n\t"
"VMOV d15, r11, r10 \n\t"
"VMOV d23, r11, r10 \n\t"
"MOV r10, r12 \n\t"
@ -1065,22 +1072,22 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"VSRI.I32 q1, q12, #20 \n\t"
"ADD r9, r9, r11 \n\t" // 9 9 13
"VSRI.I32 q5, q13, #20 \n\t"
"STR r11, %[x_13] \n\t"
"STR r11, [sp, #4*13] \n\t"
"VSRI.I32 q9, q14, #20 \n\t"
"LDR r11, %[x_15] \n\t"
"LDR r11, [sp, #4*15] \n\t"
"VADD.I32 q0, q0, q1 \n\t"
"EOR r4, r4, r8 \n\t" // 4 4 8
"VADD.I32 q4, q4, q5 \n\t"
"STR r8, %[x_8] \n\t"
"STR r8, [sp, #4*8] \n\t"
"VADD.I32 q8, q8, q9 \n\t"
"LDR r8, %[x_10] \n\t"
"LDR r8, [sp, #4*10] \n\t"
"VEOR q12, q3, q0 \n\t"
"EOR r5, r5, r9 \n\t" // 5 5 9
"VEOR q13, q7, q4 \n\t"
"STR r9, %[x_9] \n\t"
"STR r9, [sp, #4*9] \n\t"
"VEOR q14, q11, q8 \n\t"
"LDR r9, %[x_11] \n\t"
"LDR r9, [sp, #4*11] \n\t"
// SIMD instructions don't support rotation so we have to cheat using shifts and a help register
"VSHL.I32 q3, q12, #8 \n\t"
"ROR r4, r4, #25 \n\t" // 4 4
@ -1194,24 +1201,24 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"VSHL.I32 q9, q14, #12 \n\t"
"ADD r8, r8, r11 \n\t" // 10 10 15
"VSRI.I32 q1, q12, #20 \n\t"
"STR r11, %[x_15] \n\t"
"STR r11, [sp, #4*15] \n\t"
"VSRI.I32 q5, q13, #20 \n\t"
"LDR r11, %[x_13] \n\t"
"LDR r11, [sp, #4*13] \n\t"
"VSRI.I32 q9, q14, #20 \n\t"
"ADD r9, r9, r10 \n\t" // 11 11 12
"VADD.I32 q0, q0, q1 \n\t"
"EOR r5, r5, r8 \n\t" // 5 5 10
"VADD.I32 q4, q4, q5 \n\t"
"STR r8, %[x_10] \n\t"
"STR r8, [sp, #4*10] \n\t"
"VADD.I32 q8, q8, q9 \n\t"
"LDR r8, %[x_8] \n\t"
"LDR r8, [sp, #4*8] \n\t"
"VEOR q12, q3, q0 \n\t"
"EOR r6, r6, r9 \n\t" // 6 6 11
"VEOR q13, q7, q4 \n\t"
"STR r9, %[x_11] \n\t"
"STR r9, [sp, #4*11] \n\t"
"VEOR q14, q11, q8 \n\t"
"LDR r9, %[x_9] \n\t"
"LDR r9, [sp, #4*9] \n\t"
// SIMD instructions don't support rotation so we have to cheat using shifts and a help register
"VSHL.I32 q3, q12, #8 \n\t"
"ROR r5, r5, #25 \n\t" // 5 5
@ -1281,18 +1288,26 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"BNE L_chacha20_arm32_256_loop_%= \n\t"
"LDR r14, %[x_addr] \n\t" // load address of x to r14
// r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12
// 0 1 2 3 4 5 6 7 8 9 12 13 14
"ADD r10, r10, #3 \n\t" // add three here to make later NEON easier
"STM r14, { r0-r9 } \n\t"
"STRD r10, r11, [r14, #4*12] \n\t"
"STM sp, { r0-r9 } \n\t"
"STRD r10, r11, [sp, #4*12] \n\t"
"STR r12, [sp, #4*14] \n\t"
"ADD sp, sp, #16*4 \n\t"
#ifndef NDEBUG
"POP { r7 } \n\t"
#endif
"LDR r9, %[input] \n\t" // load input address
"STR r12, [r14, #4*14] \n\t"
"LDR r10, %[c] \n\t" // load c address
"VLDM r9, { q12-q15 } \n\t"
"LDR r12, %[m] \n\t" // load m address
#ifndef NDEBUG
"SUB sp, sp, #17*4 \n\t"
#else
"SUB sp, sp, #16*4 \n\t"
#endif
"VADD.I32 q0, q0, q12 \n\t"
"VADD.I32 q1, q1, q13 \n\t"
@ -1324,7 +1339,7 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"VEOR q3, q3, q15 \n\t"
"VSTM r10!, { q0-q3 } \n\t" // store to c
"VLDM r14, { q0-q3 } \n\t " // load final block from x
"VLDM sp, { q0-q3 } \n\t " // load final block from x
"VLDM r12!, { q12-q15 } \n\t" // load m
"VEOR q4, q4, q12 \n\t"
@ -1353,20 +1368,21 @@ static WC_INLINE int wc_Chacha_encrypt_256(const word32 input[CHACHA_CHUNK_WORDS
"VEOR q3, q3, q15 \n\t"
"VSTM r10!, { q0-q3 } \n\t" // store to c
: [c] "+m" (c),
[x_0] "=m" (x),
[x_8] "=m" (x[8]),
[x_9] "=m" (x[9]),
[x_10] "=m" (x[10]),
[x_11] "=m" (x[11]),
[x_13] "=m" (x[13]),
[x_15] "=m" (x[15])
#ifndef NDEBUG
"ADD sp, sp, #17*4 \n\t"
#else
"ADD sp, sp, #16*4 \n\t"
#endif
: [c] "+m" (c)
: [rounds] "I" (ROUNDS/2), [input] "m" (input),
[chacha_chunk_bytes] "I" (CHACHA_CHUNK_BYTES),
[m] "m" (m), [x_addr] "m" (x_addr)
[m] "m" (m)
: "memory", "cc",
"r0", "r1", "r2", "r3",
"r4", "r5", "r6", "r7",
"r4", "r5", "r6",
#ifdef NDEBUG
"r7",
#endif
"r8", "r9", "r10", "r11", "r12", "r14",
"q0", "q1", "q2", "q3", "q4",
"q5", "q6", "q7", "q8", "q9",
@ -2754,11 +2770,9 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
/* XOR 8 bytes */
"CMP %[bytes], #8 \n\t"
"BLT L_chacha20_arm32_64_lt_8_%= \n\t"
"VLDR d8, [%[m], #0] \n\t"
"ADD %[m], %[m], #8 \n\t"
"VLD1.64 { d8 }, [%[m]]! \n\t"
"VEOR d8, d8, d0 \n\t"
"VSTR d8, [%[c], #0] \n\t"
"ADD %[c], %[c], #8 \n\t"
"VST1.64 { d8 }, [%[c]]! \n\t"
"SUBS %[bytes], %[bytes], #8 \n\t"
"VMOV d0, d1 \n\t"
"BEQ L_chacha20_arm32_64_done_%= \n\t"
@ -2772,7 +2786,7 @@ static WC_INLINE void wc_Chacha_encrypt_64(const word32* input, const byte* m,
"EOR r12, r12, r14 \n\t"
"STR r12, [%[c]], #4 \n\t"
"SUBS %[bytes], %[bytes], #4 \n\t"
"VTRN.32 d0, d0 \n\t"
"VSHR.U64 d0, d0, #32 \n\t"
"BEQ L_chacha20_arm32_64_done_%= \n\t"
"\n"
"L_chacha20_arm32_64_lt_4_%=: \n\t"

1
wolfcrypt/src/port/arm/armv8-poly1305.c
View File

@ -29,6 +29,7 @@
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
#ifdef WOLFSSL_ARMASM
#ifdef __aarch64__

111
wolfcrypt/src/port/arm/armv8-sha256.c
View File

@ -45,6 +45,7 @@
#endif
#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
static const ALIGN32 word32 K[64] = {
0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL,
0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L,
@ -60,6 +61,7 @@ static const ALIGN32 word32 K[64] = {
0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L,
0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L
};
#endif
static int InitSha256(wc_Sha256* sha256)
@ -94,6 +96,8 @@ static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len)
}
#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
#ifdef __aarch64__
/* First block is in sha256->buffer and rest in data. */
@ -1309,6 +1313,109 @@ static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
#endif /* __aarch64__ */
#else
extern void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
word32 len);
/* ARMv8 hardware acceleration Aarch32 */
static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, word32 len)
{
int ret = 0;
/* do block size increments */
byte* local = (byte*)sha256->buffer;
word32 blocksLen;
/* check that internal buffLen is valid */
if (sha256->buffLen >= WC_SHA256_BLOCK_SIZE)
return BUFFER_E;
AddLength(sha256, len);
if (sha256->buffLen > 0) {
word32 add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen);
if (add > 0) {
XMEMCPY(&local[sha256->buffLen], data, add);
sha256->buffLen += add;
data += add;
len -= add;
}
if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) {
Transform_Sha256_Len(sha256, (const byte*)sha256->buffer,
WC_SHA256_BLOCK_SIZE);
sha256->buffLen = 0;
}
}
blocksLen = len & ~(WC_SHA256_BLOCK_SIZE-1);
if (blocksLen > 0) {
/* Byte reversal performed in function if required. */
Transform_Sha256_Len(sha256, data, blocksLen);
data += blocksLen;
len -= blocksLen;
}
if (len > 0) {
XMEMCPY(local, data, len);
sha256->buffLen = len;
}
return ret;
}
static WC_INLINE int Sha256Final(wc_Sha256* sha256, byte* hash)
{
byte* local = (byte*)sha256->buffer;
if (sha256 == NULL) {
return BAD_FUNC_ARG;
}
local[sha256->buffLen++] = 0x80; /* add 1 */
/* pad with zeros */
if (sha256->buffLen > WC_SHA256_PAD_SIZE) {
XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_BLOCK_SIZE -
sha256->buffLen);
sha256->buffLen += WC_SHA256_BLOCK_SIZE - sha256->buffLen;
Transform_Sha256_Len(sha256, (const byte*)sha256->buffer,
WC_SHA256_BLOCK_SIZE);
sha256->buffLen = 0;
}
XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_PAD_SIZE - sha256->buffLen);
/* put lengths in bits */
sha256->hiLen = (sha256->loLen >> (8 * sizeof(sha256->loLen) - 3)) +
(sha256->hiLen << 3);
sha256->loLen = sha256->loLen << 3;
/* store lengths */
/* ! length ordering dependent on digest endian type ! */
sha256->buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32) - 2] = sha256->hiLen;
sha256->buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32) - 1] = sha256->loLen;
ByteReverseWords(
&(sha256->buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32) - 2]),
&(sha256->buffer[WC_SHA256_BLOCK_SIZE / sizeof(word32) - 2]),
WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE);
Transform_Sha256_Len(sha256, (const byte*)sha256->buffer,
WC_SHA256_BLOCK_SIZE);
#ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords((word32*)hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
#else
XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE);
#endif
return 0;
}
#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
#ifndef NO_SHA256
@ -1433,7 +1540,11 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
#else
XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE);
#endif
#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
Sha256Transform(sha256, data, 1);
#else
Transform_Sha256_Len(sha256, data, WC_SHA256_BLOCK_SIZE);
#endif
return 0;
}
#endif

1
wolfcrypt/src/sha256.c
View File

@ -43,6 +43,7 @@ on the specific device platform.
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/types.h>
/*
* SHA256 Build Options:

14
wolfcrypt/test/test.c
View File

@ -5959,8 +5959,10 @@ WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
return -4722;
for (i = 0; i < 18; ++i) {
/* this will test all paths */
/* block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512 */
/* this will test all paths
* block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8)
* 2 4 8 16 32 64 128 256 512 (i = 9-17)
*/
block_size = (2 << (i%9)) - (i<9?1:0);
keySz = 32;
@ -5974,16 +5976,16 @@ WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
if (ret != 0)
return ret;
ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size);
ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size);
ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , block_size);
ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, block_size);
if (ret != 0)
return ret;
if (XMEMCMP(plain_big, input_big, block_size))
return -4723-i;
return -4740-i*2;
if (XMEMCMP(cipher_big, cipher_big_result, block_size))
return -4724-i;
return -4741-i*2;
}
/* Streaming test */