kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Remove RSAZ-512. 

This gives a 15-16% perf boost for 1024-bit RSA keys, but 1024-bit RSA
keys are no longer important enough for this code to carry its weight.

Change-Id: Ia9f0e7fec512c28e90754ababade394c1f11984d
Reviewed-on: https://boringssl-review.googlesource.com/12841
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
David Benjamin 7 years ago
committed by CQ bot account: commit-bot@chromium.org
parent
d9d36b2771
commit
593b6a44fe
6 changed files with 4 additions and 2418 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -1
      crypto/bn/CMakeLists.txt
  2. +0
    -2338
      crypto/bn/asm/rsaz-x86_64.pl
  3. +4
    -1
      crypto/bn/bn_tests.txt
  4. +0
    -10
      crypto/bn/exponentiation.c
  5. +0
    -65
      crypto/bn/rsaz_exp.c
  6. +0
    -3
      crypto/bn/rsaz_exp.h

+ 0
- 1
crypto/bn/CMakeLists.txt View File

@@ -6,7 +6,6 @@ if (${ARCH} STREQUAL "x86_64")

x86_64-mont.${ASM_EXT}
x86_64-mont5.${ASM_EXT}
rsaz-x86_64.${ASM_EXT}
rsaz-avx2.${ASM_EXT}

rsaz_exp.c


+ 0
- 2338
crypto/bn/asm/rsaz-x86_64.pl
File diff suppressed because it is too large
View File


+ 4
- 1
crypto/bn/bn_tests.txt View File

@@ -10388,7 +10388,10 @@ M = e4e784aa1fa88625a43ba0185a153a929663920be7fe674a4d33c943d3b898cff051482e7050


# RSAZ 512-bit.
# Note that the lengths of the inputs, especially the *bit* length of |M|, matter a lot.
#
# These are regression tests for code which historically reached the RSAZ-512
# code. That has since been removed, but the test vectors remain. Note that the
# lengths of the inputs, especially the *bit* length of |M|, matter a lot.

# Control: No relationship between A and M except that A < M and they're the same number of limbs.
ModExp = 7f34c1cd63377bc3abf2bb5b2d1bf5f06454e1e8040fe19a72245ce9731cbee1bf9e84532300776c8021ed4f3a8de508d85b4cf320bd82065a013754857b50c4


+ 0
- 10
crypto/bn/exponentiation.c View File

@@ -928,16 +928,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
bn_correct_top(rr);
ret = 1;
goto err;
} else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
if (NULL == bn_wexpand(rr, 8)) {
goto err;
}
RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
rr->top = 8;
rr->neg = 0;
bn_correct_top(rr);
ret = 1;
goto err;
}
#endif



+ 0
- 65
crypto/bn/rsaz_exp.c View File

@@ -251,69 +251,4 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
OPENSSL_cleanse(storage,sizeof(storage));
}

/*
* See crypto/bn/rsaz-x86_64.pl for further details.
*/
void rsaz_512_mul(void *ret,const void *a,const void *b,const void *n,BN_ULONG k);
void rsaz_512_mul_scatter4(void *ret,const void *a,const void *n,BN_ULONG k,const void *tbl,unsigned int power);
void rsaz_512_mul_gather4(void *ret,const void *a,const void *tbl,const void *n,BN_ULONG k,unsigned int power);
void rsaz_512_mul_by_one(void *ret,const void *a,const void *n,BN_ULONG k);
void rsaz_512_sqr(void *ret,const void *a,const void *n,BN_ULONG k,int cnt);
void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power);
void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power);

void RSAZ_512_mod_exp(BN_ULONG result[8],
const BN_ULONG base[8], const BN_ULONG exponent[8],
const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8])
{
alignas(64) uint8_t storage[(16*8*8) + (64 * 2)]; /* 1.2KB */
unsigned char *table = storage;
BN_ULONG *a_inv = (BN_ULONG *)(table+16*8*8),
*temp = (BN_ULONG *)(table+16*8*8+8*8);
int index;
unsigned int wvalue;

/* table[0] = 1_inv */
temp[0] = 0-m[0]; temp[1] = ~m[1];
temp[2] = ~m[2]; temp[3] = ~m[3];
temp[4] = ~m[4]; temp[5] = ~m[5];
temp[6] = ~m[6]; temp[7] = ~m[7];
rsaz_512_scatter4(table, temp, 0);

/* table [1] = a_inv^1 */
rsaz_512_mul(a_inv, base, RR, m, k0);
rsaz_512_scatter4(table, a_inv, 1);

/* table [2] = a_inv^2 */
rsaz_512_sqr(temp, a_inv, m, k0, 1);
rsaz_512_scatter4(table, temp, 2);

for (index=3; index<16; index++)
rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index);

const uint8_t *p_str = (const uint8_t *)exponent;

/* load first window */
wvalue = p_str[63];

rsaz_512_gather4(temp, table, wvalue>>4);
rsaz_512_sqr(temp, temp, m, k0, 4);
rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue&0xf);

for (index=62; index>=0; index--) {
wvalue = p_str[index];

rsaz_512_sqr(temp, temp, m, k0, 4);
rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue>>4);

rsaz_512_sqr(temp, temp, m, k0, 4);
rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue&0x0f);
}

/* from Montgomery */
rsaz_512_mul_by_one(result, temp, m, k0);

OPENSSL_cleanse(storage,sizeof(storage));
}

#endif /* OPENSSL_X86_64 */

+ 0
- 3
crypto/bn/rsaz_exp.h View File

@@ -50,7 +50,4 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
const BN_ULONG m_norm[16], const BN_ULONG RR[16], BN_ULONG k0);
int rsaz_avx2_eligible(void);

void RSAZ_512_mod_exp(BN_ULONG result[8],
const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
const BN_ULONG m_norm[8], BN_ULONG k0, const BN_ULONG RR[8]);
#endif

Write Preview
Loading…
Cancel
Save