kris
/
boringssl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
3598 Commits
12 Branches
38 MiB
Tag: 97db926cf7
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 97db926cf7
${ noResults }
boringssl/crypto/rand/asm/rdrand-x86_64.pl

rdrand-x86_64.pl 2.3 KiB
Original Visão normal Histórico

rand: new-style locking and support rdrand. Pure /dev/urandom, no buffering (previous behaviour): Did 2320000 RNG (16 bytes) operations in 3000082us (773312.2 ops/sec): 12.4 MB/s Did 209000 RNG (256 bytes) operations in 3011984us (69389.5 ops/sec): 17.8 MB/s Did 6851 RNG (8192 bytes) operations in 3052027us (2244.7 ops/sec): 18.4 MB/s Pure rdrand speed: Did 34930500 RNG (16 bytes) operations in 3000021us (11643418.5 ops/sec): 186.3 MB/s Did 2444000 RNG (256 bytes) operations in 3000164us (814622.1 ops/sec): 208.5 MB/s Did 80000 RNG (8192 bytes) operations in 3020968us (26481.6 ops/sec): 216.9 MB/s rdrand + ChaCha (as in this change): Did 19498000 RNG (16 bytes) operations in 3000086us (6499147.0 ops/sec): 104.0 MB/s Did 1964000 RNG (256 bytes) operations in 3000566us (654543.2 ops/sec): 167.6 MB/s Did 62000 RNG (8192 bytes) operations in 3034090us (20434.5 ops/sec): 167.4 MB/s Change-Id: Ie17045650cfe75858e4498ac28dbc4dcf8338376 Reviewed-on: https://boringssl-review.googlesource.com/4328 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
Handle RDRAND failures. I mistakenly believed that only RDSEED could fail. However, the Intel manuals state that RDRAND can fail too. I can't actually observe it failing, even with all cores running RDRAND in a tight loop. In any case, the ChaCha20 masking means that it wouldn't be a big deal anyway. Still, this change tests the carry flag after RDRAND and the code falls back to |CRYPTO_sysrand| if RDRAND has a hiccup. (The Intel manuals suggest[1] calling RDRAND in a loop, ten times, before considering it to have failed. But a single failure appears to be such a rare event that the complexity in the asm code doesn't seem worth it.) This change also adds an asm function to fill a buffer with random data. Otherwise the overhead of calling |CRYPTO_rdrand|, and bouncing the data in and out of memory starts to add up. Thanks to W. Mark Kubacki, who may have reported this. (There's some confusion in the bug report.) Before: Did 6148000 RNG (16 bytes) operations in 1000080us: 98.4 MB/s Did 649000 RNG (256 bytes) operations in 1000281us: 166.1 MB/s Did 22000 RNG (8192 bytes) operations in 1033538us: 174.4 MB/s After: Did 6573000 RNG (16 bytes) operations in 1000002us: 105.2 MB/s Did 693000 RNG (256 bytes) operations in 1000127us: 177.4 MB/s Did 24000 RNG (8192 bytes) operations in 1028466us: 191.2 MB/s [1] Intel Reference Manual, section 7.3.17.1. Change-Id: Iba7f82e844ebacef535472a31f2dd749aad1190a Reviewed-on: https://boringssl-review.googlesource.com/5180 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
rand: new-style locking and support rdrand. Pure /dev/urandom, no buffering (previous behaviour): Did 2320000 RNG (16 bytes) operations in 3000082us (773312.2 ops/sec): 12.4 MB/s Did 209000 RNG (256 bytes) operations in 3011984us (69389.5 ops/sec): 17.8 MB/s Did 6851 RNG (8192 bytes) operations in 3052027us (2244.7 ops/sec): 18.4 MB/s Pure rdrand speed: Did 34930500 RNG (16 bytes) operations in 3000021us (11643418.5 ops/sec): 186.3 MB/s Did 2444000 RNG (256 bytes) operations in 3000164us (814622.1 ops/sec): 208.5 MB/s Did 80000 RNG (8192 bytes) operations in 3020968us (26481.6 ops/sec): 216.9 MB/s rdrand + ChaCha (as in this change): Did 19498000 RNG (16 bytes) operations in 3000086us (6499147.0 ops/sec): 104.0 MB/s Did 1964000 RNG (256 bytes) operations in 3000566us (654543.2 ops/sec): 167.6 MB/s Did 62000 RNG (8192 bytes) operations in 3034090us (20434.5 ops/sec): 167.4 MB/s Change-Id: Ie17045650cfe75858e4498ac28dbc4dcf8338376 Reviewed-on: https://boringssl-review.googlesource.com/4328 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
Handle RDRAND failures. I mistakenly believed that only RDSEED could fail. However, the Intel manuals state that RDRAND can fail too. I can't actually observe it failing, even with all cores running RDRAND in a tight loop. In any case, the ChaCha20 masking means that it wouldn't be a big deal anyway. Still, this change tests the carry flag after RDRAND and the code falls back to |CRYPTO_sysrand| if RDRAND has a hiccup. (The Intel manuals suggest[1] calling RDRAND in a loop, ten times, before considering it to have failed. But a single failure appears to be such a rare event that the complexity in the asm code doesn't seem worth it.) This change also adds an asm function to fill a buffer with random data. Otherwise the overhead of calling |CRYPTO_rdrand|, and bouncing the data in and out of memory starts to add up. Thanks to W. Mark Kubacki, who may have reported this. (There's some confusion in the bug report.) Before: Did 6148000 RNG (16 bytes) operations in 1000080us: 98.4 MB/s Did 649000 RNG (256 bytes) operations in 1000281us: 166.1 MB/s Did 22000 RNG (8192 bytes) operations in 1033538us: 174.4 MB/s After: Did 6573000 RNG (16 bytes) operations in 1000002us: 105.2 MB/s Did 693000 RNG (256 bytes) operations in 1000127us: 177.4 MB/s Did 24000 RNG (8192 bytes) operations in 1028466us: 191.2 MB/s [1] Intel Reference Manual, section 7.3.17.1. Change-Id: Iba7f82e844ebacef535472a31f2dd749aad1190a Reviewed-on: https://boringssl-review.googlesource.com/5180 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
rand: new-style locking and support rdrand. Pure /dev/urandom, no buffering (previous behaviour): Did 2320000 RNG (16 bytes) operations in 3000082us (773312.2 ops/sec): 12.4 MB/s Did 209000 RNG (256 bytes) operations in 3011984us (69389.5 ops/sec): 17.8 MB/s Did 6851 RNG (8192 bytes) operations in 3052027us (2244.7 ops/sec): 18.4 MB/s Pure rdrand speed: Did 34930500 RNG (16 bytes) operations in 3000021us (11643418.5 ops/sec): 186.3 MB/s Did 2444000 RNG (256 bytes) operations in 3000164us (814622.1 ops/sec): 208.5 MB/s Did 80000 RNG (8192 bytes) operations in 3020968us (26481.6 ops/sec): 216.9 MB/s rdrand + ChaCha (as in this change): Did 19498000 RNG (16 bytes) operations in 3000086us (6499147.0 ops/sec): 104.0 MB/s Did 1964000 RNG (256 bytes) operations in 3000566us (654543.2 ops/sec): 167.6 MB/s Did 62000 RNG (8192 bytes) operations in 3034090us (20434.5 ops/sec): 167.4 MB/s Change-Id: Ie17045650cfe75858e4498ac28dbc4dcf8338376 Reviewed-on: https://boringssl-review.googlesource.com/4328 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
Handle RDRAND failures. I mistakenly believed that only RDSEED could fail. However, the Intel manuals state that RDRAND can fail too. I can't actually observe it failing, even with all cores running RDRAND in a tight loop. In any case, the ChaCha20 masking means that it wouldn't be a big deal anyway. Still, this change tests the carry flag after RDRAND and the code falls back to |CRYPTO_sysrand| if RDRAND has a hiccup. (The Intel manuals suggest[1] calling RDRAND in a loop, ten times, before considering it to have failed. But a single failure appears to be such a rare event that the complexity in the asm code doesn't seem worth it.) This change also adds an asm function to fill a buffer with random data. Otherwise the overhead of calling |CRYPTO_rdrand|, and bouncing the data in and out of memory starts to add up. Thanks to W. Mark Kubacki, who may have reported this. (There's some confusion in the bug report.) Before: Did 6148000 RNG (16 bytes) operations in 1000080us: 98.4 MB/s Did 649000 RNG (256 bytes) operations in 1000281us: 166.1 MB/s Did 22000 RNG (8192 bytes) operations in 1033538us: 174.4 MB/s After: Did 6573000 RNG (16 bytes) operations in 1000002us: 105.2 MB/s Did 693000 RNG (256 bytes) operations in 1000127us: 177.4 MB/s Did 24000 RNG (8192 bytes) operations in 1028466us: 191.2 MB/s [1] Intel Reference Manual, section 7.3.17.1. Change-Id: Iba7f82e844ebacef535472a31f2dd749aad1190a Reviewed-on: https://boringssl-review.googlesource.com/5180 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
Add missing comma in .type pragma for rdrand code. This tripped up some version of GCC or Clang. Change-Id: I925423558f188ce39b65b2e2ecd01bf009fab071
9 anos atrás
Handle RDRAND failures. I mistakenly believed that only RDSEED could fail. However, the Intel manuals state that RDRAND can fail too. I can't actually observe it failing, even with all cores running RDRAND in a tight loop. In any case, the ChaCha20 masking means that it wouldn't be a big deal anyway. Still, this change tests the carry flag after RDRAND and the code falls back to |CRYPTO_sysrand| if RDRAND has a hiccup. (The Intel manuals suggest[1] calling RDRAND in a loop, ten times, before considering it to have failed. But a single failure appears to be such a rare event that the complexity in the asm code doesn't seem worth it.) This change also adds an asm function to fill a buffer with random data. Otherwise the overhead of calling |CRYPTO_rdrand|, and bouncing the data in and out of memory starts to add up. Thanks to W. Mark Kubacki, who may have reported this. (There's some confusion in the bug report.) Before: Did 6148000 RNG (16 bytes) operations in 1000080us: 98.4 MB/s Did 649000 RNG (256 bytes) operations in 1000281us: 166.1 MB/s Did 22000 RNG (8192 bytes) operations in 1033538us: 174.4 MB/s After: Did 6573000 RNG (16 bytes) operations in 1000002us: 105.2 MB/s Did 693000 RNG (256 bytes) operations in 1000127us: 177.4 MB/s Did 24000 RNG (8192 bytes) operations in 1028466us: 191.2 MB/s [1] Intel Reference Manual, section 7.3.17.1. Change-Id: Iba7f82e844ebacef535472a31f2dd749aad1190a Reviewed-on: https://boringssl-review.googlesource.com/5180 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
rand: new-style locking and support rdrand. Pure /dev/urandom, no buffering (previous behaviour): Did 2320000 RNG (16 bytes) operations in 3000082us (773312.2 ops/sec): 12.4 MB/s Did 209000 RNG (256 bytes) operations in 3011984us (69389.5 ops/sec): 17.8 MB/s Did 6851 RNG (8192 bytes) operations in 3052027us (2244.7 ops/sec): 18.4 MB/s Pure rdrand speed: Did 34930500 RNG (16 bytes) operations in 3000021us (11643418.5 ops/sec): 186.3 MB/s Did 2444000 RNG (256 bytes) operations in 3000164us (814622.1 ops/sec): 208.5 MB/s Did 80000 RNG (8192 bytes) operations in 3020968us (26481.6 ops/sec): 216.9 MB/s rdrand + ChaCha (as in this change): Did 19498000 RNG (16 bytes) operations in 3000086us (6499147.0 ops/sec): 104.0 MB/s Did 1964000 RNG (256 bytes) operations in 3000566us (654543.2 ops/sec): 167.6 MB/s Did 62000 RNG (8192 bytes) operations in 3034090us (20434.5 ops/sec): 167.4 MB/s Change-Id: Ie17045650cfe75858e4498ac28dbc4dcf8338376 Reviewed-on: https://boringssl-review.googlesource.com/4328 Reviewed-by: Adam Langley <agl@google.com>
9 anos atrás
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. #!/usr/bin/env perl

  2. 

  3. # Copyright (c) 2015, Google Inc.

  4. #

  5. # Permission to use, copy, modify, and/or distribute this software for any

  6. # purpose with or without fee is hereby granted, provided that the above

  7. # copyright notice and this permission notice appear in all copies.

  8. #

  9. # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  10. # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  11. # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  12. # SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  13. # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  14. # OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  15. # CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  16. 

  17. $flavour = shift;

  18. $output  = shift;

  19. if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }

  20. 

  21. $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;

  22. ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or

  23. die "can't locate x86_64-xlate.pl";

  24. 

  25. open OUT,"| \"$^X\" $xlate $flavour $output";

  26. *STDOUT=*OUT;

  27. 

  28. print<<___;

  29. .text

  30. 

  31. # CRYPTO_rdrand writes eight bytes of random data from the hardware RNG to

  32. # |out|. It returns one on success or zero on hardware failure.

  33. # int CRYPTO_rdrand(uint8_t out[8]);

  34. .globl	CRYPTO_rdrand

  35. .type	CRYPTO_rdrand,\@function,1

  36. .align	16

  37. CRYPTO_rdrand:

  38. 	xorq %rax, %rax

  39. 	# This is rdrand %rcx. It sets rcx to a random value and sets the carry

  40. 	# flag on success.

  41. 	.byte 0x48, 0x0f, 0xc7, 0xf1

  42. 	# An add-with-carry of zero effectively sets %rax to the carry flag.

  43. 	adcq %rax, %rax

  44. 	movq %rcx, 0(%rdi)

  45. 	retq

  46. 

  47. # CRYPTO_rdrand_multiple8_buf fills |len| bytes at |buf| with random data from

  48. # the hardware RNG. The |len| argument must be a multiple of eight. It returns

  49. # one on success and zero on hardware failure.

  50. # int CRYPTO_rdrand_multiple8_buf(uint8_t *buf, size_t len);

  51. .globl CRYPTO_rdrand_multiple8_buf

  52. .type CRYPTO_rdrand_multiple8_buf,\@function,2

  53. .align 16

  54. CRYPTO_rdrand_multiple8_buf:

  55. 	test %rsi, %rsi

  56. 	jz .Lout

  57. 	movq \$8, %rdx

  58. .Lloop:

  59. 	# This is rdrand %rcx. It sets rcx to a random value and sets the carry

  60. 	# flag on success.

  61. 	.byte 0x48, 0x0f, 0xc7, 0xf1

  62. 	jnc .Lerr

  63. 	movq %rcx, 0(%rdi)

  64. 	addq %rdx, %rdi

  65. 	subq %rdx, %rsi

  66. 	jnz .Lloop

  67. .Lout:

  68. 	movq \$1, %rax

  69. 	retq

  70. .Lerr:

  71. 	xorq %rax, %rax

  72. 	retq

  73. ___

  74. 

  75. close STDOUT;	# flush