1. Patchew
  2. linux
  3. View series

[PATCH v2 0/2] lib/crypto: x86/sha: Add PHE Extensions support

AlanSong-oc posted 2 patches 1 month, 3 weeks ago
There is a newer version of this series
lib/crypto/Makefile             |  6 ++-
lib/crypto/x86/sha1-phe-asm.S   | 71 +++++++++++++++++++++++++++++++++
lib/crypto/x86/sha1.h           | 20 ++++++++++
lib/crypto/x86/sha256-phe-asm.S | 70 ++++++++++++++++++++++++++++++++
lib/crypto/x86/sha256.h         | 20 ++++++++++
5 files changed, 185 insertions(+), 2 deletions(-)
create mode 100644 lib/crypto/x86/sha1-phe-asm.S
create mode 100644 lib/crypto/x86/sha256-phe-asm.S
[PATCH v2 0/2] lib/crypto: x86/sha: Add PHE Extensions support
Posted by AlanSong-oc 1 month, 3 weeks ago 
For Zhaoxin processors, the XSHA1 instruction requires the total memory
allocated at %rdi register must be 32 bytes, while the XSHA1 and
XSHA256 instruction doesn't perform any operation when %ecx is zero.

Due to these requirements, the current padlock-sha driver does not work
correctly with Zhaoxin processors. It cannot pass the self-tests and
therefore does not activate the driver on Zhaoxin processors. This issue
has been reported in Debian [1]. The self-tests fail with the
following messages [2]:

alg: shash: sha1-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
alg: self-tests for sha1 using sha1-padlock-nano failed (rc=-22)
------------[ cut here ]------------

alg: shash: sha256-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
alg: self-tests for sha256 using sha256-padlock-nano failed (rc=-22)
------------[ cut here ]------------

To enable XSHA1 and XSHA256 instruction support on Zhaoxin processors,
this series adds PHE Extensions support to lib/crypto for SHA-1 and
SHA-256, following the suggestion in [3].

v1 link is below:
https://lore.kernel.org/linux-crypto/20250611101750.6839-1-AlanSong-oc@zhaoxin.com/

---
v1->v2: Add Zhaoxin support to lib/crypto instead of extending
        the existing padlock-sha driver

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103397
[2] https://linux-hardware.org/?probe=271fabb7a4&log=dmesg
[3] https://lore.kernel.org/linux-crypto/aUI4CGp6kK7mxgEr@gondor.apana.org.au/

AlanSong-oc (2):
  lib/crypto: x86/sha1: PHE Extensions optimized SHA1 transform function
  lib/crypto: x86/sha256: PHE Extensions optimized SHA256 transform
    function

 lib/crypto/Makefile             |  6 ++-
 lib/crypto/x86/sha1-phe-asm.S   | 71 +++++++++++++++++++++++++++++++++
 lib/crypto/x86/sha1.h           | 20 ++++++++++
 lib/crypto/x86/sha256-phe-asm.S | 70 ++++++++++++++++++++++++++++++++
 lib/crypto/x86/sha256.h         | 20 ++++++++++
 5 files changed, 185 insertions(+), 2 deletions(-)
 create mode 100644 lib/crypto/x86/sha1-phe-asm.S
 create mode 100644 lib/crypto/x86/sha256-phe-asm.S

-- 
2.34.1
Re: [PATCH v2 0/2] lib/crypto: x86/sha: Add PHE Extensions support
Posted by Eric Biggers 1 month, 2 weeks ago 
On Fri, Dec 19, 2025 at 04:03:04PM +0800, AlanSong-oc wrote:
> For Zhaoxin processors, the XSHA1 instruction requires the total memory
> allocated at %rdi register must be 32 bytes, while the XSHA1 and
> XSHA256 instruction doesn't perform any operation when %ecx is zero.
> 
> Due to these requirements, the current padlock-sha driver does not work
> correctly with Zhaoxin processors. It cannot pass the self-tests and
> therefore does not activate the driver on Zhaoxin processors. This issue
> has been reported in Debian [1]. The self-tests fail with the
> following messages [2]:
> 
> alg: shash: sha1-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
> alg: self-tests for sha1 using sha1-padlock-nano failed (rc=-22)
> ------------[ cut here ]------------
> 
> alg: shash: sha256-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
> alg: self-tests for sha256 using sha256-padlock-nano failed (rc=-22)
> ------------[ cut here ]------------

This cover letter is misleading, as those self-test failures will still
exist regardless of this patch series.

> To enable XSHA1 and XSHA256 instruction support on Zhaoxin processors,
> this series adds PHE Extensions support to lib/crypto for SHA-1 and
> SHA-256, following the suggestion in [3].
> 
> v1 link is below:
> https://lore.kernel.org/linux-crypto/20250611101750.6839-1-AlanSong-oc@zhaoxin.com/

Please run the sha1 and sha256 KUnit test suites
(CRYPTO_LIB_SHA1_KUNIT_TEST and CRYPTO_LIB_SHA256_KUNIT_TEST) before and
after this series, with the benchmark enabled (CRYPTO_LIB_BENCHMARK),
and show the results.  For this series to be considered, the tests need
to pass and there needs to be a significant performance improvement.

- Eric
Re: [PATCH v2 0/2] lib/crypto: x86/sha: Add PHE Extensions support
Posted by AlanSong-oc 3 weeks, 6 days ago 
On 12/20/2025 2:33 AM, Eric Biggers wrote:
> 
> On Fri, Dec 19, 2025 at 04:03:04PM +0800, AlanSong-oc wrote:
>> For Zhaoxin processors, the XSHA1 instruction requires the total memory
>> allocated at %rdi register must be 32 bytes, while the XSHA1 and
>> XSHA256 instruction doesn't perform any operation when %ecx is zero.
>>
>> Due to these requirements, the current padlock-sha driver does not work
>> correctly with Zhaoxin processors. It cannot pass the self-tests and
>> therefore does not activate the driver on Zhaoxin processors. This issue
>> has been reported in Debian [1]. The self-tests fail with the
>> following messages [2]:
>>
>> alg: shash: sha1-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
>> alg: self-tests for sha1 using sha1-padlock-nano failed (rc=-22)
>> ------------[ cut here ]------------
>>
>> alg: shash: sha256-padlock-nano test failed (wrong result) on test vector 0, cfg="init+update+final aligned buffer"
>> alg: self-tests for sha256 using sha256-padlock-nano failed (rc=-22)
>> ------------[ cut here ]------------
> 
> This cover letter is misleading, as those self-test failures will still
> exist regardless of this patch series.

Indeed, those self-test failures will still occur even with this patch
series. I will add a separate commit in this series to restrict probing
of the padlock-sha driver on Zhaoxin processors based on the CPU family,
and explain the reason for those failures in that commit.

>> To enable XSHA1 and XSHA256 instruction support on Zhaoxin processors,
>> this series adds PHE Extensions support to lib/crypto for SHA-1 and
>> SHA-256, following the suggestion in [3].
>>
>> v1 link is below:
>> https://lore.kernel.org/linux-crypto/20250611101750.6839-1-AlanSong-oc@zhaoxin.com/
> 
> Please run the sha1 and sha256 KUnit test suites
> (CRYPTO_LIB_SHA1_KUNIT_TEST and CRYPTO_LIB_SHA256_KUNIT_TEST) before and
> after this series, with the benchmark enabled (CRYPTO_LIB_BENCHMARK),
> and show the results.  For this series to be considered, the tests need
> to pass and there needs to be a significant performance improvement.

In the next revision of this patch, I will add the KUnit test suite
results as well as benchmark results for SHA1 and SHA256.

Please accept my apologies for the delayed response due to
administrative procedures. Thank you for your review and valuable
suggestions.

Best Regards
AlanSong-oc

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.