On Sun, Jul 30, 2017 at 4:47 PM, Jeffrey Walton noloader@gmail.com wrote:
The odd thing is, ARM's ACLE [1], Section 6.5.4 (p.24), states Crypto applies to AES{E, D} and SHA1{C, P, M}. It does not mention PMULL. Later it goes on to state PMULL gear is available on Aarch32 and Aarch64.
If you look at the ARMv8 Architecture Reference Manual, section A1.6 Cryptographic Extension, it says "Large polynomial multiplies are included as part of the Cryptographic Extension, see PMULL, PMULL2 on page C6-1096."
If you look at section C6.3.190 PMULL, PMULL2, it says "The '1Q' arrangement is only allocated in an implementation that includes the Crypto extensions, and is otherwise RESERVED."
So pmull.8b is always valid, but pmull.1q is only valid on targets that support the Crypto extensions.
Looking at the ACLE docs, section 6.5.7 says AES, SHA1, etc. The etc would include things like pmull and sha256.
I see in section 12.3.14 Crypto Intrinsics, it mentions vmull_p64 and vmull_high_p64, but this being part of the crypto intrinsics section, it seems clear that they are part of the crypto extension. It does also mention that they are available for AArch32 and AArch64; this part is odd. All of the crypto instructions appear to be available for both AArch32 and AArch64, so it isn't clear why this is explicitly mentioned for pmull. This statement appears unnecessary, and potentially confusing.
Jim