Split up aarch64's "crypto" feature?

[alexcrichton]

First brought up here, but we may not want to follow in LLVM's footsteps for this!

[gnzlbg]

I think this was already discussed somewhere else, e.g., rust-lang/rust#29717 (comment) .

That is, we offer crypto because ARM "specifies" this feature (and GCC and Clang also do so), but there is nothing standing in the way of exposing each of the features that crypto enables independently. What would need to be done is:

• white list the new features in rust-lang/rust
• update the #[target_feature] of intrinsics requiring crypto to only require exactly the "sub-features" they need

And that's it, everything should still work "as is" for those enabling crypto.

[valpackett]

hmm, are there any actual chips that only expose some of the crypto features but not others? I've only ever seen AES+PMULL,SHA1,SHA2,CRC32 together..

[makotokato]

hmm, are there any actual chips that only expose some of the crypto features but not others? I've only ever seen AES+PMULL,SHA1,SHA2,CRC32 together..

RasPi3 (and RasPi4?) doesn't support ARM crypto extension, so it only support CRC32.

[newpavlov]

The crypto feature looks like a small mess to me. The problem is that it means different features for different ARM versions. See here (click on the "cryptographic extensions" link). For ARMv8.4-A it includes SHA1, SHA256, SHA512, SHA3, AES, SM3, SM4, while for older versions only SHA1, SHA256, AES. Thus I think we should use finer-grained features to avoid confusion. Ideally it would be nice to introduce separate sha1, sha2, sha512 and sha3 target features, which would cover only relevant instructions, instead of using sha3 which can mean different things for different versions.

[briansmith]

hmm, are there any actual chips that only expose some of the crypto features but not others?

Linux removed aes but not pmull or other crypto features from being reported on getauxval() to work around a bug in some ARM64 processors (in 32-bit mode): torvalds/linux@44b3834.

Newer versions of ARMv8 do (and presumably all versions of ARMv9 will) specify that they are to be split; see https://developer.arm.com/downloads/-/exploration-tools/feature-names-for-a-profile, section "Features introduced prior to 2020," e.g. "Note that some names have been split into two; for example, ARMv8.0-AES is split into AES and PMULL."

Should this be closed now? I see that the macro is working for "pmull", "aes", and "sha2". Is there any more to be done?

[Amanieu]

The crypto feature has already been split on aarch64, but not on arm. However we can still fix this since the arm target features are still unstable.

[Amanieu]

The crypto feature has now been completely removed.