Re: [PATCH v1] armv8: crypto: SHA-512 using ARMv8 Crypto Extensions

Sat, 10 Feb 2024 16:37:34 -0800 

On Sat, Feb 10, 2024 at 01:07:09PM +0100, Igor Opaniuk wrote:

> From: Igor Opaniuk <igor.opan...@gmail.com>
> 
> Add support for the SHA-512 Secure Hash Algorithm which uses ARMv8 Crypto
> Extensions. The CPU should support ARMv8.2 instruction set and implement
> SHA512H, SHA512H2, SHA512SU0, and SHA512SU1 instructions.
> 
> This information can be obtained from ID_AA64ISAR0_EL1 (AArch64 Instruction
> Set Attribute Register 0), bits [15:12] should be 0b0010 [1], that
> indicates support for SHA512* instructions in AArch64 state. As not all
> ARMv8-base SoCs support that, ARMV8_CE_SHA512 is left disabled by
> default for now.
> 
> Tested in QEMU for ARMv8 with compiled-in SHA-2 support.
> Even on emulated cpu the hashing speed increase was visible:
> 
> With CE usage:
> => time hash sha512 0x40200000 0x2000000
> Calculate hash
> Calculate hash
> sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
> 
> time: 0.215 seconds
> 
> Without CE usage:
> => time hash sha512 0x40200000 0x2000000
> sha512 for 40200000 ... 421fffff ==> 1aeae269f4eb7c37...
> 
> time: 0.356 seconds
> 
> Real HW tests should provide much more improvement and objective results
> with 10x speed increase at least.
> 
> The implementation is based on original implementation from Ard Biesheuvel in
> Linux kernel [2]
> 
> [1] 
> https://developer.arm.com/documentation/ddi0601/2023-12/AArch64-Registers/ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0
> [2] 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/arm/crypto/sha2-ce-core.S
> 
> CC: Ard Biesheuvel <ard.biesheu...@linaro.org>
> CC: Loic Poulain <loic.poul...@linaro.org>
> Signed-off-by: Igor Opaniuk <igor.opan...@gmail.com>
[snip]
> diff --git a/arch/arm/cpu/armv8/Kconfig b/arch/arm/cpu/armv8/Kconfig
> index 9f0fb369f7..fd5c26421b 100644
> --- a/arch/arm/cpu/armv8/Kconfig
> +++ b/arch/arm/cpu/armv8/Kconfig
> @@ -204,6 +204,11 @@ config ARMV8_CE_SHA256
>       bool "SHA-256 digest algorithm (ARMv8 Crypto Extensions)"
>       default y if SHA256
>  
> +config ARMV8_CE_SHA512
> +     bool "SHA-512 digest algorithm (ARMv8 Crypto Extensions)"
> +     depends on SHA512
> +     default n

Like the sha256 one, this should be default y I think, the performance
improvement is likely worth the size increase.

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to