-
Notifications
You must be signed in to change notification settings - Fork 147
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
4 changed files
with
119 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
etc/ci/boringssl-bedrock2-patches/2023-10-05-p256-adx.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
diff --git a/third_party/fiat/p256_64.h b/third_party/fiat/p256_64.h | ||
index 81a90013d..17bb23f0b 100644 | ||
--- a/third_party/fiat/p256_64.h | ||
+++ b/third_party/fiat/p256_64.h | ||
@@ -1,3 +1,9 @@ | ||
+#include "../../crypto/internal.h" | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*); | ||
+void fiat_p256_adx_sqr(uint64_t*, const uint64_t*); | ||
+#endif | ||
+ | ||
/* Autogenerated: 'src/ExtractionOCaml/bedrock2_word_by_word_montgomery' --lang bedrock2 --static --no-wide-int --widen-carry --widen-bytes --split-multiret --no-select --no-field-element-typedefs p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ | ||
/* curve description: p256 */ | ||
/* machine_wordsize = 64 (from "64") */ | ||
@@ -426,6 +432,13 @@ void internal_fiat_p256_mul(uintptr_t out0, uintptr_t in0, uintptr_t in1) { | ||
|
||
/* NOTE: The following wrapper function is not covered by Coq proofs */ | ||
static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && | ||
+ CRYPTO_is_ADX_capable()) { | ||
+ fiat_p256_adx_mul(out1, arg1, arg2); | ||
+ return; | ||
+ } | ||
+#endif | ||
internal_fiat_p256_mul((uintptr_t)out1, (uintptr_t)arg1, (uintptr_t)arg2); | ||
} | ||
|
||
@@ -769,6 +782,13 @@ void internal_fiat_p256_square(uintptr_t out0, uintptr_t in0) { | ||
|
||
/* NOTE: The following wrapper function is not covered by Coq proofs */ | ||
static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && | ||
+ CRYPTO_is_ADX_capable()) { | ||
+ fiat_p256_adx_sqr(out1, arg1); | ||
+ return; | ||
+ } | ||
+#endif | ||
internal_fiat_p256_square((uintptr_t)out1, (uintptr_t)arg1); | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
commit 20c9406971b39d214d4d6997f3a6e3ec772c440a | ||
Author: Andres Erbsen <andreser@google.com> | ||
Date: Mon Sep 25 19:28:44 2023 +0000 | ||
|
||
Add table-independent x86+adx asm for P-256 | ||
|
||
With -march=haswell -DOPENSSL_SMALL=1 on cascadelake: | ||
Did 9999 ECDH P-256 operations in 1062469us (9411.1 ops/sec) [+63.5%] | ||
Did 25000 ECDSA P-256 signing operations in 1028302us (24311.9 ops/sec) [+48.9%] | ||
Did 11004 ECDSA P-256 verify operations in 1072646us (10258.7 ops/sec) [+58.8%] | ||
|
||
Same configuration measured no performance difference on haswell. | ||
|
||
The added assembly code occupies 1352 bytes. | ||
|
||
Change-Id: I42635b7a9bf24d942817976a5d4ce269f642251c | ||
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63185 | ||
Reviewed-by: David Benjamin <davidben@google.com> | ||
Commit-Queue: David Benjamin <davidben@google.com> | ||
|
||
diff --git a/third_party/fiat/p256_64.h b/third_party/fiat/p256_64.h | ||
index c77263843..a691407b6 100644 | ||
--- a/third_party/fiat/p256_64.h | ||
+++ b/third_party/fiat/p256_64.h | ||
@@ -1,3 +1,9 @@ | ||
+#include "../../crypto/internal.h" | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*); | ||
+void fiat_p256_adx_sqr(uint64_t*, const uint64_t*); | ||
+#endif | ||
+ | ||
/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ | ||
/* curve description: p256 */ | ||
/* machine_wordsize = 64 (from "64") */ | ||
@@ -165,6 +171,13 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p25 | ||
* | ||
*/ | ||
static FIAT_P256_FIAT_INLINE void fiat_p256_mul(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1, const fiat_p256_montgomery_domain_field_element arg2) { | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && | ||
+ CRYPTO_is_ADX_capable()) { | ||
+ fiat_p256_adx_mul(out1, arg1, arg2); | ||
+ return; | ||
+ } | ||
+#endif | ||
uint64_t x1; | ||
uint64_t x2; | ||
uint64_t x3; | ||
@@ -472,6 +485,13 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_mul(fiat_p256_montgomery_domain_fiel | ||
* | ||
*/ | ||
static FIAT_P256_FIAT_INLINE void fiat_p256_square(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1) { | ||
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) | ||
+ if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && | ||
+ CRYPTO_is_ADX_capable()) { | ||
+ fiat_p256_adx_sqr(out1, arg1); | ||
+ return; | ||
+ } | ||
+#endif | ||
uint64_t x1; | ||
uint64_t x2; | ||
uint64_t x3; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters