Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce

Add CPU modifier for AESCE

.travis.yml

@@ -89,16 +89,14 @@ jobs:
           packages:
           - gcc
       script:
-        # Do a manual build+test sequence rather than using all.sh, because
+        # Do a manual build+test sequence rather than using all.sh.
-        # there's no all.sh component that does what we want. We should set
+        #
-        # CFLAGS for arm64 host CC.
+        # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
+        # limitation of Travis CI. Base on `test_full_cmake_*`, we removed
+        # `ssl-opt.sh` and GnuTLS compat.sh here to meet the time limitation.
         - scripts/config.py full
-        - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
-        - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
-        - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-        - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
         - make generated_files
-        - make CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+        - make CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
         - make test
         - programs/test/selftest
         - tests/scripts/test_psa_constant_names.py
@@ -117,16 +115,14 @@ jobs:
           - clang
           - gnutls-bin
       script:
-        # Do a manual build+test sequence rather than using all.sh, because
+        # Do a manual build+test sequence rather than using all.sh.
-        # there's no all.sh component that does what we want. We should set
+        #
-        # CFLAGS for arm64 host CC.
+        # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds
+        # limitation of Travis CI. Base on `test_full_cmake_*`, we removed
+        # `ssl-opt.sh` and OpenSSl compat.sh here to meet the time limitation.
         - scripts/config.py full
-        - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
-        - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
-        - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-        - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
         - make generated_files
-        - make CC=clang CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+        - make CC=clang CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
         # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
         - tests/compat.sh -p GnuTLS -e 'CAMELLIA'
         - tests/scripts/travis-log-failure.sh

include/mbedtls/mbedtls_config.h

@@ -2039,17 +2039,6 @@
  *
  * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C
  *
- * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum
- * of \c -march=armv8-a+crypto .
- *
- * \warning If the target architecture is set to something that includes the
- *          SHA3 feature (e.g. `-march=armv8.2-a+sha3`), for example because
- *          `MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT` is desired, compilers
- *          generate code for `MBEDTLS_AESCE_C` that includes instructions
- *          only present with the (optional) SHA3 feature. This will lead to an
- *          undefined instruction exception if the code is run on a CPU without
- *          that feature.
- *
  * \warning Runtime detection only works on linux. For non-linux operation
  *          system, crypto extension MUST be supported by CPU.
  *

library/aesce.c

@@ -17,6 +17,28 @@
  *  limitations under the License.
  */
 
+#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \
+    defined(__clang__) && __clang_major__ >= 4
+/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
+ *
+ * The intrinsic declaration are guarded by predefined ACLE macros in clang:
+ * these are normally only enabled by the -march option on the command line.
+ * By defining the macros ourselves we gain access to those declarations without
+ * requiring -march on the command line.
+ *
+ * `arm_neon.h` could be included by any header file, so we put these defines
+ * at the top of this file, before any includes.
+ */
+#define __ARM_FEATURE_CRYPTO 1
+/* See: https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions
+ *
+ * `__ARM_FEATURE_CRYPTO` is deprecated, but we need to continue to specify it
+ * for older compilers.
+ */
+#define __ARM_FEATURE_AES    1
+#define MBEDTLS_NEED_TARGET_OPTIONS
+#endif
+
 #include <string.h>
 #include "common.h"
 
@@ -26,22 +48,24 @@
 
 #if defined(MBEDTLS_HAVE_ARM64)
 
-#if defined(__clang__)
+#if !defined(__ARM_FEATURE_AES) || defined(MBEDTLS_NEED_TARGET_OPTIONS)
+#   if defined(__clang__)
 #       if __clang_major__ < 4
 #           error "A more recent Clang is required for MBEDTLS_AESCE_C"
 #       endif
-#elif defined(__GNUC__)
+#       pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function)
+#       define MBEDTLS_POP_TARGET_PRAGMA
+#   elif defined(__GNUC__)
 #       if __GNUC__ < 6
 #           error "A more recent GCC is required for MBEDTLS_AESCE_C"
 #       endif
-#else
+#       pragma GCC push_options
+#       pragma GCC target ("arch=armv8-a+crypto")
+#       define MBEDTLS_POP_TARGET_PRAGMA
+#   else
 #       error "Only GCC and Clang supported for MBEDTLS_AESCE_C"
-#endif
+#   endif
-
+#endif /* !__ARM_FEATURE_AES || MBEDTLS_NEED_TARGET_OPTIONS */
-#if !defined(__ARM_FEATURE_CRYPTO)
-#   error "`crypto` feature modifier MUST be enabled for MBEDTLS_AESCE_C."
-#   error "Typical option for GCC and Clang is `-march=armv8-a+crypto`."
-#endif /* !__ARM_FEATURE_CRYPTO */
 
 #include <arm_neon.h>
 
@@ -252,6 +276,16 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk,
     return 0;
 }
 
+
+#if defined(MBEDTLS_POP_TARGET_PRAGMA)
+#if defined(__clang__)
+#pragma clang attribute pop
+#elif defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+#undef MBEDTLS_POP_TARGET_PRAGMA
+#endif
+
 #endif /* MBEDTLS_HAVE_ARM64 */
 
 #endif /* MBEDTLS_AESCE_C */

library/sha256.c

@@ -23,7 +23,7 @@
  */
 
 #if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \
-    defined(__clang__) &&  __clang_major__ < 18 && __clang_major__ > 3
+    defined(__clang__) && __clang_major__ >= 4
 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
  *
  * The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -35,9 +35,14 @@
  * at the top of this file, before any includes.
  */
 #define __ARM_FEATURE_CRYPTO 1
-#define NEED_TARGET_OPTIONS
+/* See: https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions
-#endif /* __aarch64__ && __clang__ &&
+ *
-          !__ARM_FEATURE_CRYPTO && __clang_major__ < 18 && __clang_major__ > 3 */
+ * `__ARM_FEATURE_CRYPTO` is deprecated, but we need to continue to specify it
+ * for older compilers.
+ */
+#define __ARM_FEATURE_SHA2   1
+#define MBEDTLS_NEED_TARGET_OPTIONS
+#endif
 
 #include "common.h"
 
@@ -55,7 +60,7 @@
 #  if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \
     defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
 /* *INDENT-OFF* */
-#    if !defined(__ARM_FEATURE_CRYPTO) || defined(NEED_TARGET_OPTIONS)
+#    if !defined(__ARM_FEATURE_CRYPTO) || defined(MBEDTLS_NEED_TARGET_OPTIONS)
 #      if defined(__clang__)
 #        if __clang_major__ < 4
 #          error "A more recent Clang is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*"

library/sha512.c

@@ -23,8 +23,7 @@
  */
 
 #if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512) && \
-    defined(__clang__) &&  __clang_major__ < 18 && \
+    defined(__clang__) && __clang_major__ >= 7
-    __clang_major__ >= 13 && __clang_minor__ > 0 && __clang_patchlevel__ > 0
 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged.
  *
  * The intrinsic declaration are guarded by predefined ACLE macros in clang:
@@ -36,11 +35,8 @@
  * at the top of this file, before any includes.
  */
 #define __ARM_FEATURE_SHA512 1
-#define NEED_TARGET_OPTIONS
+#define MBEDTLS_NEED_TARGET_OPTIONS
-#endif /* __aarch64__ && __clang__ &&
+#endif
-          !__ARM_FEATURE_SHA512 && __clang_major__ < 18 &&
-          __clang_major__ >= 13 && __clang_minor__ > 0 &&
-          __clang_patchlevel__ > 0 */
 
 #include "common.h"
 
@@ -78,15 +74,11 @@
  * Clang == 13.0.0 same as clang 12 (only seen on macOS)
  * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics
  */
-#    if !defined(__ARM_FEATURE_SHA512) || defined(NEED_TARGET_OPTIONS)
+#    if !defined(__ARM_FEATURE_SHA512) || defined(MBEDTLS_NEED_TARGET_OPTIONS)
        /* Test Clang first, as it defines __GNUC__ */
 #      if defined(__clang__)
 #        if __clang_major__ < 7
 #          error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*"
-#        elif __clang_major__ < 13 || \
-              (__clang_major__ == 13 && __clang_minor__ == 0 && \
-               __clang_patchlevel__ == 0)
-           /* We implement the intrinsics with inline assembler, so don't error */
 #        else
 #          pragma clang attribute push (__attribute__((target("sha3"))), apply_to=function)
 #          define MBEDTLS_POP_TARGET_PRAGMA