Armv8.1-M: Add clean x4 Keccak code and SLOTHY Makefile

.github/workflows/ci_ec2_reusable.yml

@@ -207,7 +207,7 @@ jobs:
           nix-cache: true
           nix-shell: slothy
           script: |
-            autogen --slothy
+            autogen --slothy aarch64
             tests all --opt opt
             # Force testing of SLOTHY-optimized Keccak variants
             # We can't run the examples here because some of them also specify the backend

dev/fips202/armv81m/src/Makefile

@@ -0,0 +1,47 @@
+# Copyright (c) The mlkem-native project authors
+# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT
+
+.PHONY: all purge
+.DEFAULT_GOAL := all
+
+# ISA to optimize for
+TARGET_ISA=Arm_v81M
+
+# MicroArch target to optimize for
+TARGET_MICROARCH=Arm_Cortex_M55
+
+keccak_f1600_x4_mve.S: ../../armv81m_symbolic/keccak_f1600_x4_mve_clean.S
+	$(eval TMP := $(shell mktemp))
+	slothy-cli $(TARGET_ISA) $(TARGET_MICROARCH) $< -o $(TMP) \
+		-s keccak_f1600_x4_mve_asm_roundstart \
+		-e keccak_f1600_x4_mve_asm_roundend_pre \
+		-c unsafe_address_offset_fixup=False \
+		-c inputs_are_outputs=True \
+		-c constraints.functional_only=True \
+		-c constraints.allow_reordering=True \
+		-c constraints.max_displacement=0.1
+	slothy-cli $(TARGET_ISA) $(TARGET_MICROARCH) $(TMP) -o $@ \
+		-s keccak_f1600_x4_mve_asm_roundstart \
+		-e keccak_f1600_x4_mve_asm_roundend_pre \
+		-c constraints.functional_only=False \
+		-c constraints.allow_reordering=True \
+		-c variable_size=True \
+        -c inputs_are_outputs=True \
+		-c constraints.stalls_first_attempt=64 \
+		-c constraints.max_displacement=1.0 \
+		-c constraints.stalls_maximum_attempt=4096 \
+        -c unsafe_address_offset_fixup=False \
+		-c split_heuristic=True \
+		-c split_heuristic_stepsize=0.05 \
+		-c split_heuristic_factor=26 \
+		-c split_heuristic_repeat=2 \
+		-c split_heuristic_estimate_performance=False \
+		-c split_heuristic_optimize_seam=2
+	rm -f $(TMP)
+
+ALL=keccak_f1600_x4_mve.S
+
+all: $(ALL)
+
+purge:
+	rm -rf $(ALL)

dev/fips202/armv81m/src/keccak_f1600_x4_mve.S

@@ -28,8 +28,8 @@
       c_parameter: const uint32_t *rc
       description: Keccak round constants in bit-interleaved form (24 pairs of 32-bit words)
   Stack:
-    bytes: 236
-    description: register preservation (44) + SIMD registers (64) + temporary storage (128)
+    bytes: 228
+    description: register preservation (36) + SIMD registers (64) + temporary storage (128)
 */
 
 // ---------------------------------------------------------------------------
@@ -460,7 +460,7 @@ qA20_l .req q2
 .global MLK_ASM_NAMESPACE(keccak_f1600_x4_mve_asm)
 MLK_ASM_FN_SYMBOL(keccak_f1600_x4_mve_asm)
 
-    push {r3,r4,r5,r6,r7,r8,r9,r10,r11,r12,lr}
+    push {r4,r5,r6,r7,r8,r9,r10,r11,lr}
     vpush {d8-d15}
     sub sp, #8*16
 
@@ -1626,7 +1626,7 @@ keccak_f1600_x4_mve_asm_roundend:
     add sp, #8*16
 
     vpop {d8-d15}
-    ldmia.w sp!, {r3,r4,r5,r6,r7,r8,r9,r10,r11,r12, pc}
+    ldmia.w sp!, {r4,r5,r6,r7,r8,r9,r10,r11, pc}
 
 /****************** REGISTER DEALLOCATIONS *******************/
     .unreq qA00_h