* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
[not found] <1479642121-17912-1-git-send-email-ard.biesheuvel@linaro.org>
@ 2016-11-20 11:43 ` Ard Biesheuvel
2016-11-28 9:50 ` Ard Biesheuvel
2016-11-28 12:05 ` Will Deacon
1 sibling, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2016-11-20 11:43 UTC (permalink / raw)
To: linux-arm-kernel
On 20 November 2016 at 11:42, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> This integrates both the accelerated scalar and the NEON implementations
> of SHA-224/256 as well as SHA-384/512 from the OpenSSL project.
>
> Relative performance compared to the respective generic C versions:
>
> | SHA256-scalar | SHA256-NEON* | SHA512 |
> ------------+-----------------+--------------+----------+
> Cortex-A53 | 1.63x | 1.63x | 2.34x |
> Cortex-A57 | 1.43x | 1.59x | 1.95x |
> Cortex-A73 | 1.26x | 1.56x | ? |
>
> The core crypto code was authored by Andy Polyakov of the OpenSSL
> project, in collaboration with whom the upstream code was adapted so
> that this module can be built from the same version of sha512-armv8.pl.
>
> The version in this patch was taken from OpenSSL commit 32bbb62ea634
> ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.")
>
> * The core SHA algorithm is fundamentally sequential, but there is a
> secondary transformation involved, called the schedule update, which
> can be performed independently. The NEON version of SHA-224/SHA-256
> only implements this part of the algorithm using NEON instructions,
> the sequential part is always done using scalar instructions.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
Missing changelog:
v4: fixed the big-endian build; this required an upstream change (even
though upstream was not actually broken, since it explicitly defines
__ARMEB__ on AArch64 big-endian builds), so this patch is now based
on a more recent upstream OpenSSL commit (the __ILP32__ #ifdefs are
still present but never active)
v3: at Will's request, the generated assembly files are now included
as .S_shipped files, for which generic build rules are defined
already.
Note that sizeable patches like this one have caused issues in the past with
patchwork, so for Herbert's convenience, the patch can be pulled from
http://git.kernel.org/cgit/linux/kernel/git/ardb/linux.git, branch
arm64-sha256 (based on today's cryptodev)
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
2016-11-20 11:43 ` [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512 Ard Biesheuvel
@ 2016-11-28 9:50 ` Ard Biesheuvel
2016-11-28 11:58 ` Herbert Xu
0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2016-11-28 9:50 UTC (permalink / raw)
To: linux-arm-kernel
On 20 November 2016 at 11:43, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> On 20 November 2016 at 11:42, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>> This integrates both the accelerated scalar and the NEON implementations
>> of SHA-224/256 as well as SHA-384/512 from the OpenSSL project.
>>
>> Relative performance compared to the respective generic C versions:
>>
>> | SHA256-scalar | SHA256-NEON* | SHA512 |
>> ------------+-----------------+--------------+----------+
>> Cortex-A53 | 1.63x | 1.63x | 2.34x |
>> Cortex-A57 | 1.43x | 1.59x | 1.95x |
>> Cortex-A73 | 1.26x | 1.56x | ? |
>>
>> The core crypto code was authored by Andy Polyakov of the OpenSSL
>> project, in collaboration with whom the upstream code was adapted so
>> that this module can be built from the same version of sha512-armv8.pl.
>>
>> The version in this patch was taken from OpenSSL commit 32bbb62ea634
>> ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.")
>>
>> * The core SHA algorithm is fundamentally sequential, but there is a
>> secondary transformation involved, called the schedule update, which
>> can be performed independently. The NEON version of SHA-224/SHA-256
>> only implements this part of the algorithm using NEON instructions,
>> the sequential part is always done using scalar instructions.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>
> Missing changelog:
>
> v4: fixed the big-endian build; this required an upstream change (even
> though upstream was not actually broken, since it explicitly defines
> __ARMEB__ on AArch64 big-endian builds), so this patch is now based
> on a more recent upstream OpenSSL commit (the __ILP32__ #ifdefs are
> still present but never active)
>
> v3: at Will's request, the generated assembly files are now included
> as .S_shipped files, for which generic build rules are defined
> already.
>
> Note that sizeable patches like this one have caused issues in the past with
> patchwork, so for Herbert's convenience, the patch can be pulled from
> http://git.kernel.org/cgit/linux/kernel/git/ardb/linux.git, branch
> arm64-sha256 (based on today's cryptodev)
Herbert,
Assuming that everyone is happy now (Will?), could we get this one
queued for v4.10? The CRC stuff I sent over the past week can wait for
v4.11 (and I should probably do a v2 roundup with everything
combined), but this patch is good to go IMO
Thanks,
Ard.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
2016-11-28 9:50 ` Ard Biesheuvel
@ 2016-11-28 11:58 ` Herbert Xu
0 siblings, 0 replies; 6+ messages in thread
From: Herbert Xu @ 2016-11-28 11:58 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Nov 28, 2016 at 09:50:33AM +0000, Ard Biesheuvel wrote:
>
> Assuming that everyone is happy now (Will?), could we get this one
> queued for v4.10? The CRC stuff I sent over the past week can wait for
> v4.11 (and I should probably do a v2 roundup with everything
> combined), but this patch is good to go IMO
Sorry, I overlooked it because it wasn't in patchwork. I have
applied it now and will push it out soon.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
[not found] <1479642121-17912-1-git-send-email-ard.biesheuvel@linaro.org>
2016-11-20 11:43 ` [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512 Ard Biesheuvel
@ 2016-11-28 12:05 ` Will Deacon
2016-11-28 13:17 ` Ard Biesheuvel
1 sibling, 1 reply; 6+ messages in thread
From: Will Deacon @ 2016-11-28 12:05 UTC (permalink / raw)
To: linux-arm-kernel
On Sun, Nov 20, 2016 at 11:42:01AM +0000, Ard Biesheuvel wrote:
> This integrates both the accelerated scalar and the NEON implementations
> of SHA-224/256 as well as SHA-384/512 from the OpenSSL project.
>
> Relative performance compared to the respective generic C versions:
>
> | SHA256-scalar | SHA256-NEON* | SHA512 |
> ------------+-----------------+--------------+----------+
> Cortex-A53 | 1.63x | 1.63x | 2.34x |
> Cortex-A57 | 1.43x | 1.59x | 1.95x |
> Cortex-A73 | 1.26x | 1.56x | ? |
>
> The core crypto code was authored by Andy Polyakov of the OpenSSL
> project, in collaboration with whom the upstream code was adapted so
> that this module can be built from the same version of sha512-armv8.pl.
>
> The version in this patch was taken from OpenSSL commit 32bbb62ea634
> ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.")
>
> * The core SHA algorithm is fundamentally sequential, but there is a
> secondary transformation involved, called the schedule update, which
> can be performed independently. The NEON version of SHA-224/SHA-256
> only implements this part of the algorithm using NEON instructions,
> the sequential part is always done using scalar instructions.
>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> ---
> arch/arm64/crypto/Kconfig | 8 +
> arch/arm64/crypto/Makefile | 17 +
> arch/arm64/crypto/sha256-core.S_shipped | 2061 ++++++++++++++++++++
> arch/arm64/crypto/sha256-glue.c | 185 ++
> arch/arm64/crypto/sha512-armv8.pl | 778 ++++++++
> arch/arm64/crypto/sha512-core.S_shipped | 1085 +++++++++++
> arch/arm64/crypto/sha512-glue.c | 94 +
> 7 files changed, 4228 insertions(+)
If I build a kernel with this applied and CRYPTO_SHA{256,512}_ARM64=y,
then I end up with untracked .S files according to git:
$ git status
Untracked files:
arch/arm64/crypto/sha256-core.S
arch/arm64/crypto/sha512-core.S
Will
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
2016-11-28 12:05 ` Will Deacon
@ 2016-11-28 13:17 ` Ard Biesheuvel
2016-11-28 13:32 ` Will Deacon
0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2016-11-28 13:17 UTC (permalink / raw)
To: linux-arm-kernel
On 28 November 2016 at 13:05, Will Deacon <will.deacon@arm.com> wrote:
> On Sun, Nov 20, 2016 at 11:42:01AM +0000, Ard Biesheuvel wrote:
>> This integrates both the accelerated scalar and the NEON implementations
>> of SHA-224/256 as well as SHA-384/512 from the OpenSSL project.
>>
>> Relative performance compared to the respective generic C versions:
>>
>> | SHA256-scalar | SHA256-NEON* | SHA512 |
>> ------------+-----------------+--------------+----------+
>> Cortex-A53 | 1.63x | 1.63x | 2.34x |
>> Cortex-A57 | 1.43x | 1.59x | 1.95x |
>> Cortex-A73 | 1.26x | 1.56x | ? |
>>
>> The core crypto code was authored by Andy Polyakov of the OpenSSL
>> project, in collaboration with whom the upstream code was adapted so
>> that this module can be built from the same version of sha512-armv8.pl.
>>
>> The version in this patch was taken from OpenSSL commit 32bbb62ea634
>> ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.")
>>
>> * The core SHA algorithm is fundamentally sequential, but there is a
>> secondary transformation involved, called the schedule update, which
>> can be performed independently. The NEON version of SHA-224/SHA-256
>> only implements this part of the algorithm using NEON instructions,
>> the sequential part is always done using scalar instructions.
>>
>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
>> ---
>> arch/arm64/crypto/Kconfig | 8 +
>> arch/arm64/crypto/Makefile | 17 +
>> arch/arm64/crypto/sha256-core.S_shipped | 2061 ++++++++++++++++++++
>> arch/arm64/crypto/sha256-glue.c | 185 ++
>> arch/arm64/crypto/sha512-armv8.pl | 778 ++++++++
>> arch/arm64/crypto/sha512-core.S_shipped | 1085 +++++++++++
>> arch/arm64/crypto/sha512-glue.c | 94 +
>> 7 files changed, 4228 insertions(+)
>
> If I build a kernel with this applied and CRYPTO_SHA{256,512}_ARM64=y,
> then I end up with untracked .S files according to git:
>
> $ git status
> Untracked files:
> arch/arm64/crypto/sha256-core.S
> arch/arm64/crypto/sha512-core.S
>
Ah right, I forgot to add a .gitignore for these: that is required
with .S_shipped files. I didn't spot this myself because I always
build out of tree
Would you mind taking a separate patch for that?
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512
2016-11-28 13:17 ` Ard Biesheuvel
@ 2016-11-28 13:32 ` Will Deacon
0 siblings, 0 replies; 6+ messages in thread
From: Will Deacon @ 2016-11-28 13:32 UTC (permalink / raw)
To: linux-arm-kernel
On Mon, Nov 28, 2016 at 02:17:34PM +0100, Ard Biesheuvel wrote:
> On 28 November 2016 at 13:05, Will Deacon <will.deacon@arm.com> wrote:
> > On Sun, Nov 20, 2016 at 11:42:01AM +0000, Ard Biesheuvel wrote:
> >> This integrates both the accelerated scalar and the NEON implementations
> >> of SHA-224/256 as well as SHA-384/512 from the OpenSSL project.
> >>
> >> Relative performance compared to the respective generic C versions:
> >>
> >> | SHA256-scalar | SHA256-NEON* | SHA512 |
> >> ------------+-----------------+--------------+----------+
> >> Cortex-A53 | 1.63x | 1.63x | 2.34x |
> >> Cortex-A57 | 1.43x | 1.59x | 1.95x |
> >> Cortex-A73 | 1.26x | 1.56x | ? |
> >>
> >> The core crypto code was authored by Andy Polyakov of the OpenSSL
> >> project, in collaboration with whom the upstream code was adapted so
> >> that this module can be built from the same version of sha512-armv8.pl.
> >>
> >> The version in this patch was taken from OpenSSL commit 32bbb62ea634
> >> ("sha/asm/sha512-armv8.pl: fix big-endian support in __KERNEL__ case.")
> >>
> >> * The core SHA algorithm is fundamentally sequential, but there is a
> >> secondary transformation involved, called the schedule update, which
> >> can be performed independently. The NEON version of SHA-224/SHA-256
> >> only implements this part of the algorithm using NEON instructions,
> >> the sequential part is always done using scalar instructions.
> >>
> >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> >> ---
> >> arch/arm64/crypto/Kconfig | 8 +
> >> arch/arm64/crypto/Makefile | 17 +
> >> arch/arm64/crypto/sha256-core.S_shipped | 2061 ++++++++++++++++++++
> >> arch/arm64/crypto/sha256-glue.c | 185 ++
> >> arch/arm64/crypto/sha512-armv8.pl | 778 ++++++++
> >> arch/arm64/crypto/sha512-core.S_shipped | 1085 +++++++++++
> >> arch/arm64/crypto/sha512-glue.c | 94 +
> >> 7 files changed, 4228 insertions(+)
> >
> > If I build a kernel with this applied and CRYPTO_SHA{256,512}_ARM64=y,
> > then I end up with untracked .S files according to git:
> >
> > $ git status
> > Untracked files:
> > arch/arm64/crypto/sha256-core.S
> > arch/arm64/crypto/sha512-core.S
> >
>
> Ah right, I forgot to add a .gitignore for these: that is required
> with .S_shipped files. I didn't spot this myself because I always
> build out of tree
>
> Would you mind taking a separate patch for that?
I think this should all go via herbert, so I guess just send him the extra
patch.
Will
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-11-28 13:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1479642121-17912-1-git-send-email-ard.biesheuvel@linaro.org>
2016-11-20 11:43 ` [PATCH v4] crypto: arm64/sha2: integrate OpenSSL implementations of SHA256/SHA512 Ard Biesheuvel
2016-11-28 9:50 ` Ard Biesheuvel
2016-11-28 11:58 ` Herbert Xu
2016-11-28 12:05 ` Will Deacon
2016-11-28 13:17 ` Ard Biesheuvel
2016-11-28 13:32 ` Will Deacon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).