Enable ARMv8.2 accelerated SHA3 on compatible Apple CPUs

The hardware-assisted ARMv8.2 implementation is already in keccak1600-armv8.pl.
It is not called because the author mentioned that it's not actually obvious
that it will provide performance improvements. The test on Apple M1 Firestorm
shows that the ARMv8.2 implementation could improve about 36% for large blocks.
So let's enable ARMv8.2 accelerated SHA3 on Apple CPU family.

Fixes #21380

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21398)

diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index cc5cc5ba491ca5881031d34a725156c6a09a41e7..b1bb65c7dc3d2cc20b5e5baeed18fbba27b43da9 100644 (file)
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -98,6 +98,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
 
 # define ARM_CPU_IMP_ARM           0x41
 # define HISI_CPU_IMP              0x48
+# define ARM_CPU_IMP_APPLE         0x61
 
 # define ARM_CPU_PART_CORTEX_A72   0xD08
 # define ARM_CPU_PART_N1           0xD0C
@@ -106,6 +107,19 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
 # define HISI_CPU_PART_KP920       0xD01
 # define ARM_CPU_PART_V2           0xD4F
 
+# define APPLE_CPU_PART_M1_ICESTORM         0x022
+# define APPLE_CPU_PART_M1_FIRESTORM        0x023
+# define APPLE_CPU_PART_M1_ICESTORM_PRO     0x024
+# define APPLE_CPU_PART_M1_FIRESTORM_PRO    0x025
+# define APPLE_CPU_PART_M1_ICESTORM_MAX     0x028
+# define APPLE_CPU_PART_M1_FIRESTORM_MAX    0x029
+# define APPLE_CPU_PART_M2_BLIZZARD         0x032
+# define APPLE_CPU_PART_M2_AVALANCHE        0x033
+# define APPLE_CPU_PART_M2_BLIZZARD_PRO     0x034
+# define APPLE_CPU_PART_M2_AVALANCHE_PRO    0x035
+# define APPLE_CPU_PART_M2_BLIZZARD_MAX     0x038
+# define APPLE_CPU_PART_M2_AVALANCHE_MAX    0x039
+
 # define MIDR_PARTNUM_SHIFT       4
 # define MIDR_PARTNUM_MASK        (0xfffU << MIDR_PARTNUM_SHIFT)
 # define MIDR_PARTNUM(midr)       \

diff --git a/providers/implementations/digests/sha3_prov.c b/providers/implementations/digests/sha3_prov.c
index 825d3249fabd0228d651e5fe7e68faf1419dd21b..1348d0e06acccc380ff973c3da4b75708bd53668 100644 (file)
--- a/providers/implementations/digests/sha3_prov.c
+++ b/providers/implementations/digests/sha3_prov.c
@@ -249,6 +249,65 @@ static PROV_SHA3_METHOD kmac_s390x_md =
     } else {                                                                   \
         ctx->meth = sha3_generic_md;                                           \
     }
+#elif defined(__aarch64__)
+# include "arm_arch.h"
+
+static sha3_absorb_fn armsha3_sha3_absorb;
+
+size_t SHA3_absorb_cext(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                    size_t r);
+/*-
+ * Hardware-assisted ARMv8.2 SHA3 extension version of the absorb()
+ */
+static size_t armsha3_sha3_absorb(void *vctx, const void *inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = vctx;
+
+    return SHA3_absorb_cext(ctx->A, inp, len, ctx->block_size);
+}
+
+static PROV_SHA3_METHOD sha3_ARMSHA3_md =
+{
+    armsha3_sha3_absorb,
+    generic_sha3_final
+};
+/* Detection on Apple operating systems */
+# if defined(__APPLE__)
+#  define ARM_SHA3_CAPABLE (OPENSSL_armcap_P & ARMV8_SHA3)
+#  define SHA3_SET_MD(uname, typ)                                              \
+    if (ARM_SHA3_CAPABLE) {                                                    \
+        ctx->meth = sha3_ARMSHA3_md;                                           \
+    } else {                                                                   \
+        ctx->meth = sha3_generic_md;                                           \
+    }
+#  define KMAC_SET_MD(bitlen)                                                  \
+    if (ARM_SHA3_CAPABLE) {                                                    \
+        ctx->meth = sha3_ARMSHA3_md;                                           \
+    } else {                                                                   \
+        ctx->meth = sha3_generic_md;                                           \
+    }
+/* Detection on other operating systems */
+# else
+#  define ARM_HAS_FASTER_SHA3                                                                  \
+    (MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM)     ||\
+     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_PRO) ||\
+     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M1_FIRESTORM_MAX) ||\
+     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE)     ||\
+     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_PRO) ||\
+     MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX))
+#  define SHA3_SET_MD(uname, typ)                                              \
+    if (ARM_HAS_FASTER_SHA3) {                                                 \
+        ctx->meth = sha3_ARMSHA3_md;                                           \
+    } else {                                                                   \
+        ctx->meth = sha3_generic_md;                                           \
+    }
+#  define KMAC_SET_MD(bitlen)                                                  \
+    if (ARM_HAS_FASTER_SHA3) {                                                 \
+        ctx->meth = sha3_ARMSHA3_md;                                           \
+    } else {                                                                   \
+        ctx->meth = sha3_generic_md;                                           \
+    }
+# endif /* APPLE */
 #else
 # define SHA3_SET_MD(uname, typ) ctx->meth = sha3_generic_md;
 # define KMAC_SET_MD(bitlen) ctx->meth = sha3_generic_md;