From 1bf41f99439ef924d2016fcb4dcd9762b5a0add8 Mon Sep 17 00:00:00 2001 From: Jens Wiklander Date: Mon, 30 Mar 2020 14:36:16 +0200 Subject: core: ltc: remove Arm SHA-256 CE routines Removes the Arm CE routines accelerating SHA-256 in the LTC library. This will later be added in common code to be shared with other crypto libraries etc. Acked-by: Etienne Carriere Signed-off-by: Jens Wiklander --- .../libtomcrypt/src/hashes/sha2/sha256_armv8a_ce.c | 218 --------------------- .../src/hashes/sha2/sha256_armv8a_ce_a32.S | 111 ----------- .../src/hashes/sha2/sha256_armv8a_ce_a64.S | 144 -------------- core/lib/libtomcrypt/src/hashes/sha2/sub.mk | 12 +- core/lib/libtomcrypt/src/headers/tomcrypt_hash.h | 6 +- core/lib/libtomcrypt/sub.mk | 6 - 6 files changed, 4 insertions(+), 493 deletions(-) delete mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce.c delete mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a32.S delete mode 100644 core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a64.S (limited to 'core/lib') diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce.c b/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce.c deleted file mode 100644 index 1ecd7b4a..00000000 --- a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce.c +++ /dev/null @@ -1,218 +0,0 @@ -// SPDX-License-Identifier: BSD-2-Clause -/* - * Copyright (c) 2015, Linaro Limited - * All rights reserved. - * Copyright (c) 2001-2007, Tom St Denis - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * 1. Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org - */ -#include -#include "tomcrypt_arm_neon.h" - -/** - @file sha256_arm32_ce.c - LTC_SHA256_ARM32_CE -*/ - -#if defined(LTC_SHA256_ARM32_CE) || defined(LTC_SHA256_ARM64_CE) - -const struct ltc_hash_descriptor sha256_desc = -{ - "sha256", - 0, - 32, - 64, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 1, }, - 9, - - &sha256_init, - &sha256_process, - &sha256_done, - &sha256_test, - NULL -}; - - -/* Implemented in assembly */ -int sha256_ce_transform(ulong32 *state, const unsigned char *buf, int blocks); - -static int sha256_compress_nblocks(hash_state *md, const unsigned char *buf, - int blocks) -{ - struct tomcrypt_arm_neon_state state; - - tomcrypt_arm_neon_enable(&state); - sha256_ce_transform(md->sha256.state, buf, blocks); - tomcrypt_arm_neon_disable(&state); - return CRYPT_OK; -} - -static int sha256_compress(hash_state *md, const unsigned char *buf) -{ - return sha256_compress_nblocks(md, buf, 1); -} - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha256_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha256.curlen = 0; - md->sha256.length = 0; - md->sha256.state[0] = 0x6A09E667UL; - md->sha256.state[1] = 0xBB67AE85UL; - md->sha256.state[2] = 0x3C6EF372UL; - md->sha256.state[3] = 0xA54FF53AUL; - md->sha256.state[4] = 0x510E527FUL; - md->sha256.state[5] = 0x9B05688CUL; - md->sha256.state[6] = 0x1F83D9ABUL; - md->sha256.state[7] = 0x5BE0CD19UL; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS_NBLOCKS(sha256_process, sha256_compress_nblocks, sha256, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (32 bytes) - @return CRYPT_OK if successful -*/ -int sha256_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha256.curlen >= sizeof(md->sha256.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->sha256.length += md->sha256.curlen * 8; - - /* append the '1' bit */ - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->sha256.curlen > 56) { - while (md->sha256.curlen < 64) { - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; - } - sha256_compress(md, md->sha256.buf); - md->sha256.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->sha256.curlen < 56) { - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64H(md->sha256.length, md->sha256.buf+56); - sha256_compress(md, md->sha256.buf); - - /* copy output */ - for (i = 0; i < 8; i++) { - STORE32H(md->sha256.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha256_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[32]; - } tests[] = { - { "abc", - { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } - }, - }; - - int i; - unsigned char tmp[32]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha256_init(&md); - sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha256_done(&md, tmp); - if (XMEMCMP(tmp, tests[i].hash, 32) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a32.S b/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a32.S deleted file mode 100644 index bd3b73d6..00000000 --- a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a32.S +++ /dev/null @@ -1,111 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2014-2015, Linaro Limited - */ - -/* SHA-256 secure hash using ARMv8 Crypto Extensions */ - - .text - .fpu crypto-neon-fp-armv8 - - k0 .req q7 - k1 .req q8 - - ta0 .req q9 - ta1 .req q10 - tb0 .req q10 - tb1 .req q9 - - dga .req q11 - dgb .req q12 - - dg0 .req q13 - dg1 .req q14 - dg2 .req q15 - - .macro add_only, ev, s0 - vmov dg2, dg0 - .ifnb \s0 - vld1.32 {k\ev}, [r3]! - .endif - sha256h.32 dg0, dg1, tb\ev - sha256h2.32 dg1, dg2, tb\ev - .ifnb \s0 - vadd.u32 ta\ev, q\s0, k\ev - .endif - .endm - - .macro add_update, ev, s0, s1, s2, s3 - sha256su0.32 q\s0, q\s1 - add_only \ev, \s1 - sha256su1.32 q\s0, q\s2, q\s3 - .endm - - .align 6 -.Lsha256_rcon: - .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 - .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 - .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 - .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 - .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc - .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da - .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 - .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 - .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 - .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 - .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 - .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 - .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 - .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 - .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 - .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - - .global sha256_ce_transform - .type sha256_ce_transform, %function -sha256_ce_transform: - /* load state */ - vld1.8 {dga-dgb}, [r0] - - /* load input */ -0: vld1.8 {q0-q1}, [r1]! - vrev32.8 q0, q0 - vrev32.8 q1, q1 - vld1.8 {q2-q3}, [r1]! - vrev32.8 q2, q2 - vrev32.8 q3, q3 - subs r2, r2, #1 - - /* load round constants */ - adr r3, .Lsha256_rcon - vld1.32 {k0}, [r3]! - - vadd.u32 ta0, q0, k0 - vmov dg0, dga - vmov dg1, dgb - - add_update 1, 0, 1, 2, 3 - add_update 0, 1, 2, 3, 0 - add_update 1, 2, 3, 0, 1 - add_update 0, 3, 0, 1, 2 - add_update 1, 0, 1, 2, 3 - add_update 0, 1, 2, 3, 0 - add_update 1, 2, 3, 0, 1 - add_update 0, 3, 0, 1, 2 - add_update 1, 0, 1, 2, 3 - add_update 0, 1, 2, 3, 0 - add_update 1, 2, 3, 0, 1 - add_update 0, 3, 0, 1, 2 - - add_only 1, 1 - add_only 0, 2 - add_only 1, 3 - add_only 0 - - /* update state */ - vadd.u32 dga, dga, dg0 - vadd.u32 dgb, dgb, dg1 - bne 0b - - /* store new state */ - vst1.8 {dga-dgb}, [r0] - bx lr diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a64.S b/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a64.S deleted file mode 100644 index 21bcadcb..00000000 --- a/core/lib/libtomcrypt/src/hashes/sha2/sha256_armv8a_ce_a64.S +++ /dev/null @@ -1,144 +0,0 @@ -/* SPDX-License-Identifier: BSD-2-Clause */ -/* - * Copyright (c) 2015, Linaro Limited - */ - -/* - * Core SHA-224/SHA-256 transform using v8 Crypto Extensions - * - * Copyright (C) 2014 Linaro Ltd - */ - - -#define ENTRY(func) \ - .global func ; \ - .type func , %function ; \ - func : - -#define ENDPROC(func) \ - .size func , .-func - - .text - .arch armv8-a+crypto - - dga .req q20 - dgav .req v20 - dgb .req q21 - dgbv .req v21 - - t0 .req v22 - t1 .req v23 - - dg0q .req q24 - dg0v .req v24 - dg1q .req q25 - dg1v .req v25 - dg2q .req q26 - dg2v .req v26 - - .macro add_only, ev, rc, s0 - mov dg2v.16b, dg0v.16b - .ifeq \ev - add t1.4s, v\s0\().4s, \rc\().4s - sha256h dg0q, dg1q, t0.4s - sha256h2 dg1q, dg2q, t0.4s - .else - .ifnb \s0 - add t0.4s, v\s0\().4s, \rc\().4s - .endif - sha256h dg0q, dg1q, t1.4s - sha256h2 dg1q, dg2q, t1.4s - .endif - .endm - - .macro add_update, ev, rc, s0, s1, s2, s3 - sha256su0 v\s0\().4s, v\s1\().4s - add_only \ev, \rc, \s1 - sha256su1 v\s0\().4s, v\s2\().4s, v\s3\().4s - .endm - - /* - * The SHA-256 round constants - */ - .align 4 -.Lsha2_rcon: - .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 - .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 - .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 - .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 - .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc - .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da - .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 - .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 - .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 - .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 - .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 - .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 - .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 - .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 - .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 - .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - - /* - * void sha2_ce_transform(struct sha256_ce_state *sst, u8 const *src, - * int blocks) - */ -ENTRY(sha256_ce_transform) - /* load round constants */ - adr x8, .Lsha2_rcon - ld1 { v0.4s- v3.4s}, [x8], #64 - ld1 { v4.4s- v7.4s}, [x8], #64 - ld1 { v8.4s-v11.4s}, [x8], #64 - ld1 {v12.4s-v15.4s}, [x8] - - /* load state */ - mov x9, x0 - ld1 {dgav.4s}, [x9], #16 - ld1 {dgbv.4s}, [x9] - - /* load input */ -0: ld1 {v16.16b-v19.16b}, [x1], #64 - sub w2, w2, #1 - - rev32 v16.16b, v16.16b - rev32 v17.16b, v17.16b - rev32 v18.16b, v18.16b - rev32 v19.16b, v19.16b - -1: add t0.4s, v16.4s, v0.4s - mov dg0v.16b, dgav.16b - mov dg1v.16b, dgbv.16b - - add_update 0, v1, 16, 17, 18, 19 - add_update 1, v2, 17, 18, 19, 16 - add_update 0, v3, 18, 19, 16, 17 - add_update 1, v4, 19, 16, 17, 18 - - add_update 0, v5, 16, 17, 18, 19 - add_update 1, v6, 17, 18, 19, 16 - add_update 0, v7, 18, 19, 16, 17 - add_update 1, v8, 19, 16, 17, 18 - - add_update 0, v9, 16, 17, 18, 19 - add_update 1, v10, 17, 18, 19, 16 - add_update 0, v11, 18, 19, 16, 17 - add_update 1, v12, 19, 16, 17, 18 - - add_only 0, v13, 17 - add_only 1, v14, 18 - add_only 0, v15, 19 - add_only 1 - - /* update state */ - add dgav.4s, dgav.4s, dg0v.4s - add dgbv.4s, dgbv.4s, dg1v.4s - - /* handled all input blocks? */ - cbnz w2, 0b - - /* store new state */ -3: mov x9, x0 - st1 {dgav.16b}, [x9], #16 - st1 {dgbv.16b}, [x9] - ret -ENDPROC(sha256_ce_transform) diff --git a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk index 2a69a9db..cf76b89f 100644 --- a/core/lib/libtomcrypt/src/hashes/sha2/sub.mk +++ b/core/lib/libtomcrypt/src/hashes/sha2/sub.mk @@ -1,16 +1,6 @@ srcs-$(_CFG_CORE_LTC_SHA224) += sha224.c -ifeq ($(_CFG_CORE_LTC_SHA256_DESC),y) -SHA256_CE := $(call cfg-one-enabled, _CFG_CORE_LTC_SHA256_ARM32_CE \ - _CFG_CORE_LTC_SHA256_ARM64_CE) -ifeq ($(SHA256_CE),y) -srcs-y += sha256_armv8a_ce.c -srcs-$(_CFG_CORE_LTC_SHA256_ARM32_CE) += sha256_armv8a_ce_a32.S -srcs-$(_CFG_CORE_LTC_SHA256_ARM64_CE) += sha256_armv8a_ce_a64.S -else -srcs-y += sha256.c -endif -endif +srcs-$(_CFG_CORE_LTC_SHA256_DESC) += sha256.c srcs-$(_CFG_CORE_LTC_SHA384_DESC) += sha384.c srcs-$(_CFG_CORE_LTC_SHA512_DESC) += sha512.c diff --git a/core/lib/libtomcrypt/src/headers/tomcrypt_hash.h b/core/lib/libtomcrypt/src/headers/tomcrypt_hash.h index 8347bcad..3a9fcee6 100644 --- a/core/lib/libtomcrypt/src/headers/tomcrypt_hash.h +++ b/core/lib/libtomcrypt/src/headers/tomcrypt_hash.h @@ -29,7 +29,7 @@ struct sha512_state { }; #endif -#if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) +#if defined(LTC_SHA256) struct sha256_state { ulong64 length; ulong32 state[8], curlen; @@ -162,7 +162,7 @@ typedef union Hash_state { #ifdef LTC_SHA512 struct sha512_state sha512; #endif -#if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) +#if defined(LTC_SHA256) struct sha256_state sha256; #endif #if defined(LTC_SHA1) @@ -350,7 +350,7 @@ int sha512_224_test(void); extern const struct ltc_hash_descriptor sha512_224_desc; #endif -#if defined(LTC_SHA256) || defined(LTC_SHA256_ARM32_CE) +#if defined(LTC_SHA256) int sha256_init(hash_state * md); int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); int sha256_done(hash_state * md, unsigned char *out); diff --git a/core/lib/libtomcrypt/sub.mk b/core/lib/libtomcrypt/sub.mk index a6e184f5..c8aef122 100644 --- a/core/lib/libtomcrypt/sub.mk +++ b/core/lib/libtomcrypt/sub.mk @@ -44,12 +44,6 @@ endif ifeq ($(_CFG_CORE_LTC_SHA256_DESC),y) cppflags-lib-y += -DLTC_SHA256 endif -ifeq ($(_CFG_CORE_LTC_SHA256_ARM32_CE),y) - cppflags-lib-y += -DLTC_SHA256_ARM32_CE -endif -ifeq ($(_CFG_CORE_LTC_SHA256_ARM64_CE),y) - cppflags-lib-y += -DLTC_SHA256_ARM64_CE -endif ifeq ($(_CFG_CORE_LTC_SHA384_DESC),y) cppflags-lib-y += -DLTC_SHA384 endif -- cgit v1.2.3