From afdd68b162103820edb72ad170f8ee26f206b396 Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Sun, 4 Aug 2024 18:51:34 +0300
Subject: [PATCH] Add PAC/BTI support for AArch64 assembly

* cipher/asm-common-aarch64.h (AARCH64_BTI_PROPERTY_FLAG)
(AARCH64_HINT_BTI_C, AARCH64_PAC_PROPERTY_FLAG)
(note.gnu.property): New.
(CFI_STARTPROC): Add AARCH64_HINT_BTI_C.
--

GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
 cipher/asm-common-aarch64.h | 50 +++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/cipher/asm-common-aarch64.h b/cipher/asm-common-aarch64.h
index 3a72d7c4..ff65ea6a 100644
--- a/cipher/asm-common-aarch64.h
+++ b/cipher/asm-common-aarch64.h
@@ -45,9 +45,25 @@
 	add     reg, reg, #:lo12:name ;
 #endif
 
+#if defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+# define AARCH64_BTI_PROPERTY_FLAG (1 << 0)
+# define AARCH64_HINT_BTI_C \
+	hint #34
+#else
+# define AARCH64_BTI_PROPERTY_FLAG 0 /* No BTI */
+# define AARCH64_HINT_BTI_C /*_*/
+#endif
+
+#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT & 3) != 0
+/* PAC enabled, signed with either A or B key. */
+# define AARCH64_PAC_PROPERTY_FLAG (1 << 1)
+#else
+# define AARCH64_PAC_PROPERTY_FLAG 0 /* No PAC */
+#endif
+
 #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
 /* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC()            .cfi_startproc
+# define CFI_STARTPROC()            .cfi_startproc; AARCH64_HINT_BTI_C
 # define CFI_ENDPROC()              .cfi_endproc
 # define CFI_REMEMBER_STATE()       .cfi_remember_state
 # define CFI_RESTORE_STATE()        .cfi_restore_state
@@ -89,7 +105,7 @@
 	    DW_SLEB128_28BIT(rsp_offs)
 
 #else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() AARCH64_HINT_BTI_C
 # define CFI_ENDPROC()
 # define CFI_REMEMBER_STATE()
 # define CFI_RESTORE_STATE()
@@ -129,4 +145,34 @@
 	ldp d8, d9, [sp], #16; \
 	CFI_ADJUST_CFA_OFFSET(-16);
 
+#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG)
+/* Generate PAC/BTI property for all assembly files including this header.
+ *
+ * libgcrypt support these extensions:
+ *  - Armv8.3-A Pointer Authentication (PAC):
+ *    As currently all AArch64 assembly functions are leaf functions and do
+ *    not store/load link register LR, we just mark PAC as supported.
+ *
+ *  - Armv8.5-A Branch Target Identification (BTI):
+ *    All AArch64 assembly functions get branch target instruction through
+ *    CFI_STARTPROC macro.
+ */
+ELF(.section .note.gnu.property,"a")
+ELF(.balign 8)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.balign 8)
+ELF(.long 0xc0000000)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG))
+ELF(3:)
+ELF(.balign 8)
+ELF(4:)
+#endif
+
 #endif /* GCRY_ASM_COMMON_AARCH64_H */
-- 
2.43.0

From 07706d69f238f6a3bfc3f74145686a02decbee9c Mon Sep 17 00:00:00 2001
From: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Date: Mon, 5 Aug 2024 20:18:05 +0300
Subject: [PATCH] Do not build 32-bit ARM assembly on Aarch64

* configure.ac: Build "serpent-armv7-neon", "salsa20-armv7-neon",
"chacha20-armv7-neon", "sha512-armv7-neon" and "keccak-armv7-neon"
only on 32-bit ARM.
--

GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
---
 configure.ac | 54 ++++++++++++++++++++++++++++------------------------
 1 file changed, 29 insertions(+), 25 deletions(-)

diff --git a/configure.ac b/configure.ac
index 191aa38d..2b6ddb7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3139,17 +3139,18 @@ if test "$found" = "1" ; then
             GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx2-amd64.lo"
          fi
       ;;
+      arm*-*-*)
+         if test x"$neonsupport" = xyes ; then
+           # Build with the NEON implementation
+           GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
+         fi
+      ;;
    esac
 
    if test x"$avx512support" = xyes ; then
       # Build with the AVX512 implementation
       GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-avx512-x86.lo"
    fi
-
-   if test x"$neonsupport" = xyes ; then
-      # Build with the NEON implementation
-      GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS serpent-armv7-neon.lo"
-   fi
 fi
 
 LIST_MEMBER(rfc2268, $enabled_ciphers)
@@ -3230,12 +3231,13 @@ if test "$found" = "1" ; then
          # Build with the assembly implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-amd64.lo"
       ;;
+      arm*-*-*)
+         if test x"$neonsupport" = xyes ; then
+            # Build with the NEON implementation
+            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
+         fi
+      ;;
    esac
-
-   if test x"$neonsupport" = xyes ; then
-     # Build with the NEON implementation
-     GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS salsa20-armv7-neon.lo"
-   fi
 fi
 
 LIST_MEMBER(gost28147, $enabled_ciphers)
@@ -3256,6 +3258,12 @@ if test "$found" = "1" ; then
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx2.lo"
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-amd64-avx512.lo"
       ;;
+      arm*-*-*)
+         if test x"$neonsupport" = xyes ; then
+            # Build with the NEON implementation
+            GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
+         fi
+      ;;
       aarch64-*-*)
          # Build with the assembly implementation
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-aarch64.lo"
@@ -3282,11 +3290,6 @@ if test "$found" = "1" ; then
          GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-s390x.lo"
       ;;
    esac
-
-   if test x"$neonsupport" = xyes ; then
-     # Build with the NEON implementation
-     GCRYPT_ASM_CIPHERS="$GCRYPT_ASM_CIPHERS chacha20-armv7-neon.lo"
-   fi
 fi
 
 LIST_MEMBER(sm4, $enabled_ciphers)
@@ -3491,6 +3494,11 @@ if test "$found" = "1" ; then
       arm*-*-*)
          # Build with the assembly implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-arm.lo"
+
+         if test x"$neonsupport" = xyes ; then
+            # Build with the NEON implementation
+            GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
+         fi
       ;;
       aarch64-*-*)
          # Build with the assembly implementation
@@ -3510,11 +3518,6 @@ if test "$found" = "1" ; then
          # Build with the crypto extension implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-ppc.lo"
    esac
-
-   if test x"$neonsupport" = xyes ; then
-     # Build with the NEON implementation
-     GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS sha512-armv7-neon.lo"
-   fi
 fi
 
 LIST_MEMBER(sha3, $enabled_digests)
@@ -3527,12 +3530,13 @@ if test "$found" = "1" ; then
          # Build with the assembly implementation
          GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-amd64-avx512.lo"
       ;;
+      arm*-*-*)
+         if test x"$neonsupport" = xyes ; then
+           # Build with the NEON implementation
+           GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
+         fi
+      ;;
    esac
-
-   if test x"$neonsupport" = xyes ; then
-     # Build with the NEON implementation
-     GCRYPT_ASM_DIGESTS="$GCRYPT_ASM_DIGESTS keccak-armv7-neon.lo"
-   fi
 fi
 
 LIST_MEMBER(tiger, $enabled_digests)
-- 
2.43.0