[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5 1/4] target/arm: implement SHA-512 instructio
Re: [Qemu-devel] [PATCH v5 1/4] target/arm: implement SHA-512 instructions
Tue, 6 Feb 2018 19:06:41 +0000
On 6 February 2018 at 18:57, Ard Biesheuvel <address@hidden> wrote:
> On 6 February 2018 at 18:56, Ard Biesheuvel <address@hidden> wrote:
>> On 6 February 2018 at 18:45, Peter Maydell <address@hidden> wrote:
>>> On 22 January 2018 at 17:26, Ard Biesheuvel <address@hidden> wrote:
>>>> This implements emulation of the new SHA-512 instructions that have
>>>> been added as an optional extensions to the ARMv8 Crypto Extensions
>>>> in ARM v8.2.
>>>> Signed-off-by: Ard Biesheuvel <address@hidden>
>>>> +void HELPER(crypto_sha512h)(void *vd, void *vn, void *vm)
>>>> + uint64_t *rd = vd;
>>>> + uint64_t *rn = vn;
>>>> + uint64_t *rm = vm;
>>>> + rd += S1_512(rm) + cho512(rm, rn, rn);
>>>> + rd += S1_512(rd + rm) + cho512(rd + rm, rm, rn);
>>> This gives the wrong answer if the destination register
>>> happens to be the same as one of the inputs, because the
>>> assignment to rd will overwrite the input before the
>>> calculation of rd uses it.
>> It is supposed to use the new value of rd, so this is expected.
> Ah hold on, I hit send too quickly, apologies.
> Yes, if rd == rm, then it will assume the wrong value. I missed this
> when doing the rewrite to use the new interface.
OK. It sounds like the fix is more complicated than I thought it
was, though, so I'll leave this up to you.
My tests show that these insns seem OK:
SM3PARTW1, SM3PARTW2, SM3SS1, SM3TT1A, SM3TT1B, SM3TT2A, SM3TT2B
EOR3, BCAX, XAR
These ones fail:
SHA512H, SHA512H2, SHA512SU0
You also forgot to enable the SM4 CPU feature in the 'any' CPU
and set it in the guest elf hwcaps.