hashes icon indicating copy to clipboard operation
hashes copied to clipboard

Published 20 hours ago verified publisher icon RustCrypto

sha1: ARM acceleration using `stdarch` intrinsics

Open tarcieri opened this issue 3 years ago • 5 comments

There are a number of issues and comments floating around about this, so I thought I'd make a single tracking issue for this.

Right now we have a separate asm-hashes repo containing assembly implementations of various hash functions.

Longer-term, it would be nice to have ARM implementations of hash functions using stdarch intrinsics, particularly if they provide similar performance via use of e.g. ARMv8 Cryptography Extensions. I was almost able prototype a SHA-256 implementation this way:

https://gist.github.com/tarcieri/414a3300072160f372b5d93ccfce280b

There are a few notable blockers though:

  • [x] some of the intrinsics we'd need are missing, e.g. vst1q_u32 and ~~vreinterpretq_u8_u32~~ (added)
  • [x] ~~the stdarch intrinsics for ARM are unstable/nightly-only~~
  • [x] ~~there is presently no CI solution for e.g. Apple M1 (we can and already do use cross for more generic aarch64)~~
  • [x] some way of gating the use of these intrinsics, e.g. via target_feature/RUSTFLAGS and/or runtime detection. see also https://github.com/RustCrypto/utils/issues/378

I think we could move forward prototyping things like SHA-1 and SHA-256 using the stdarch intrinsics for the ARMv8 Cryptography Extensions, but we may just need to leave those as draft PRs for now, or if we do merge them potentially add something like a nightly feature to gate them under.

tarcieri avatar Apr 25 '21 15:04 tarcieri

Here is a public domain implementation of SHA-256 using the ARMv8 intrinsics:

https://github.com/noloader/SHA-Intrinsics/blob/master/sha256-arm.c

I translated it in the aforementioned gist:

https://gist.github.com/tarcieri/414a3300072160f372b5d93ccfce280b

tarcieri avatar Oct 29 '22 18:10 tarcieri

as a note: all of the intrinsics I've found used are stable for aarch64 as of 1.72, I went on a quest to figure that out, so I felt like sharing the results of that. (https://doc.rust-lang.org/stable/core/arch/aarch64/fn.vsha256hq_u32.html being 1 of them, the rest I checked are also there, note that it says 1.72.1, it was actually stabilized in 1.72.0 but the version tagging and changelogging got missed, and it currently just says whatever version stable is)

izik1 avatar Oct 03 '23 01:10 izik1

Yeah, we managed to make both aes and polyval support stable when using ARMv8 intrinsics.

~~It seems my little port of the SHA-256 intrinsics went by the wayside, but we should do something similar for that.~~

Oh nevermind, it's there, it's just using ASM "polyfills". We can bump to MSRV 1.72 in the next breaking release:

https://github.com/RustCrypto/hashes/blob/master/sha2/src/sha256/aarch64.rs

tarcieri avatar Oct 03 '23 12:10 tarcieri

I removed sha2 from the issue title as it's effectively complete aside from removing the ASM polyfills.

sha1 is still using an ASM backend rather than intrinsics: https://github.com/RustCrypto/hashes/blob/1b4a55c/sha1/src/compress/aarch64.rs#L14

tarcieri avatar Oct 09 '23 23:10 tarcieri

Dependency on asm-hashes was removed recently in preparation for v0.11 releases, so it's worth to port the assembly to asm!.

newpavlov avatar Jan 12 '24 10:01 newpavlov