search

ascon / ascon-c

Ascon - Lightweight Authenticated Encryption & Hashing
https://ascon.iaik.tugraz.at/
Creative Commons Zero v1.0 Universal
189 stars 30 forks source link

ARM Neon: SIGILL #15

Closed smuellerDD closed 7 months ago

smuellerDD commented 7 months ago

The code line https://github.com/ascon/ascon-c/blob/f1601cb5ff52e65baa475fcc6959e7d6e0be8d77/crypto_aead/ascon128v12/neon/permutations.h#L54 causes a SIGILL when executing it on an ARMv7 - specifically I use an Cortex-A7 r0p5 with Neon extensions.

Without the code line (and when removing it also from the other 2 permutation implementations), the code runs successfully.

PS: Why is this code only found in the AEAD implementation and not for hashing? I use the code successfully for hashing in [1].

[1] https://github.com/smuellerDD/leancrypto/blob/master/hash/src/ascon_arm_neon.c#L48

mschlaeffer commented 7 months ago

What compiler and which options do you use? I compile using arm-linux-gnueabi-gcc with many different -march options and run in qemu but cannot observe this behavior.

smuellerDD commented 7 months ago

Am Dienstag, 9. April 2024, 20:57:56 CEST schrieb Martin Schläffer:

Hi Martin,

What compiler and which options do you use? I compile using arm-linux-gnueabi-gcc with many different -march options and run in qemu but cannot observe this behavior.

I am compiling the code natively on my ARM system:

$ lscpu Architecture: armv7l Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Vendor ID: ARM Model name: Cortex-A7 Model: 5 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 Stepping: r0p5 CPU(s) scaling MHz: 44% CPU max MHz: 900.0000 CPU min MHz: 198.0000 BogoMIPS: 48.00 Flags: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae Vulnerabilities: Itlb multihit: Not affected L1tf: Not affected Mds: Not affected Meltdown: Not affected Mmio stale data: Not affected Retbleed: Not affected Spec store bypass: Not affected Spectre v1: Mitigation; __user pointer sanitization Spectre v2: Not affected Srbds: Not affected Tsx async abort: Not affected

$ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/arm-linux-gnueabihf/12/lto-wrapper Target: arm-linux-gnueabihf Configured with: ../src/configure -v --with-pkgversion='Debian 12.2.0-14' -- with-bugurl=file:///usr/share/doc/gcc-12/README.Bugs --enable- languages=c,ada,c++,go,d,fortran,objc,obj-c++,m2 --prefix=/usr --with-gcc- major-version-only --program-suffix=-12 --program-prefix=arm-linux-gnueabihf- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without- included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls -- enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes -- with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-libitm -- disable-libquadmath --disable-libquadmath-support --enable-plugin --enable- default-pie --with-system-zlib --enable-libphobos-checking=release --with- target-system-zlib=auto --enable-objc-gc=auto --enable-multiarch --disable- sjlj-exceptions --with-arch=armv7-a+fp --with-float=hard --with-mode=thumb -- disable-werror --enable-checking=release --build=arm-linux-gnueabihf -- host=arm-linux-gnueabihf --target=arm-linux-gnueabihf Thread model: posix Supported LTO compression algorithms: zlib zstd gcc version 12.2.0 (Debian 12.2.0-14)

Ciao Stephan