23dcf88e18
5 Commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
David Benjamin
|
32e59d2d32 |
Switch to new fiat pipeline.
This new version makes it much easier to tell which code is handwritten and which is verified. For some reason, it also is *dramatically* faster for 32-bit x86 GCC. Clang x86_64, however, does take a small hit. Benchmarks below. x86, GCC 7.3.0, OPENSSL_SMALL (For some reason, GCC used to be really bad at compiling the 32-bit curve25519 code. The new one fixes this. I'm not sure what changed.) Before: Did 17135 Ed25519 key generation operations in 10026402us (1709.0 ops/sec) Did 17170 Ed25519 signing operations in 10074192us (1704.4 ops/sec) Did 9180 Ed25519 verify operations in 10034025us (914.9 ops/sec) Did 17271 Curve25519 base-point multiplication operations in 10050837us (1718.4 ops/sec) Did 10605 Curve25519 arbitrary point multiplication operations in 10047714us (1055.5 ops/sec) Did 7800 ECDH P-256 operations in 10018331us (778.6 ops/sec) Did 24308 ECDSA P-256 signing operations in 10019241us (2426.1 ops/sec) Did 9191 ECDSA P-256 verify operations in 10081639us (911.7 ops/sec) After: Did 99873 Ed25519 key generation operations in 10021810us (9965.6 ops/sec) [+483.1%] Did 99960 Ed25519 signing operations in 10052236us (9944.1 ops/sec) [+483.4%] Did 53676 Ed25519 verify operations in 10009078us (5362.7 ops/sec) [+486.2%] Did 102000 Curve25519 base-point multiplication operations in 10039764us (10159.6 ops/sec) [+491.2%] Did 60802 Curve25519 arbitrary point multiplication operations in 10056897us (6045.8 ops/sec) [+472.8%] Did 7900 ECDH P-256 operations in 10054509us (785.7 ops/sec) [+0.9%] Did 24926 ECDSA P-256 signing operations in 10050919us (2480.0 ops/sec) [+2.2%] Did 9494 ECDSA P-256 verify operations in 10064659us (943.3 ops/sec) [+3.5%] x86, Clang 8.0.0 trunk 349417, OPENSSL_SMALL Before: Did 82750 Ed25519 key generation operations in 10051177us (8232.9 ops/sec) Did 82400 Ed25519 signing operations in 10035806us (8210.6 ops/sec) Did 41511 Ed25519 verify operations in 10048919us (4130.9 ops/sec) Did 83300 Curve25519 base-point multiplication operations in 10044283us (8293.3 ops/sec) Did 49700 Curve25519 arbitrary point multiplication operations in 10007005us (4966.5 ops/sec) Did 14039 ECDH P-256 operations in 10093929us (1390.8 ops/sec) Did 40950 ECDSA P-256 signing operations in 10006757us (4092.2 ops/sec) Did 16068 ECDSA P-256 verify operations in 10095996us (1591.5 ops/sec) After: Did 80476 Ed25519 key generation operations in 10048648us (8008.6 ops/sec) [-2.7%] Did 79050 Ed25519 signing operations in 10049180us (7866.3 ops/sec) [-4.2%] Did 40501 Ed25519 verify operations in 10048347us (4030.6 ops/sec) [-2.4%] Did 81300 Curve25519 base-point multiplication operations in 10017480us (8115.8 ops/sec) [-2.1%] Did 48278 Curve25519 arbitrary point multiplication operations in 10092500us (4783.6 ops/sec) [-3.7%] Did 15402 ECDH P-256 operations in 10096705us (1525.4 ops/sec) [+9.7%] Did 44200 ECDSA P-256 signing operations in 10037715us (4403.4 ops/sec) [+7.6%] Did 17000 ECDSA P-256 verify operations in 10008813us (1698.5 ops/sec) [+6.7%] x86_64, GCC 7.3.0 (Note these P-256 numbers are not affected by this change. Included to get a sense of noise.) Before: Did 557000 Ed25519 key generation operations in 10011721us (55634.8 ops/sec) Did 550000 Ed25519 signing operations in 10016449us (54909.7 ops/sec) Did 190000 Ed25519 verify operations in 10014565us (18972.4 ops/sec) Did 587000 Curve25519 base-point multiplication operations in 10015402us (58609.7 ops/sec) Did 230000 Curve25519 arbitrary point multiplication operations in 10023827us (22945.3 ops/sec) Did 179000 ECDH P-256 operations in 10016294us (17870.9 ops/sec) Did 557000 ECDSA P-256 signing operations in 10014158us (55621.3 ops/sec) Did 198000 ECDSA P-256 verify operations in 10036694us (19727.6 ops/sec) After: Did 569000 Ed25519 key generation operations in 10004965us (56871.8 ops/sec) [+2.2%] Did 563000 Ed25519 signing operations in 10000064us (56299.6 ops/sec) [+2.5%] Did 196000 Ed25519 verify operations in 10025650us (19549.9 ops/sec) [+3.0%] Did 596000 Curve25519 base-point multiplication operations in 10008666us (59548.4 ops/sec) [+1.6%] Did 229000 Curve25519 arbitrary point multiplication operations in 10028921us (22834.0 ops/sec) [-0.5%] Did 182910 ECDH P-256 operations in 10014905us (18263.8 ops/sec) [+2.2%] Did 562000 ECDSA P-256 signing operations in 10011944us (56133.0 ops/sec) [+0.9%] Did 202000 ECDSA P-256 verify operations in 10046901us (20105.7 ops/sec) [+1.9%] x86_64, GCC 7.3.0, OPENSSL_SMALL Before: Did 350000 Ed25519 key generation operations in 10002540us (34991.1 ops/sec) Did 344000 Ed25519 signing operations in 10010420us (34364.2 ops/sec) Did 197000 Ed25519 verify operations in 10030593us (19639.9 ops/sec) Did 362000 Curve25519 base-point multiplication operations in 10004615us (36183.3 ops/sec) Did 235000 Curve25519 arbitrary point multiplication operations in 10025951us (23439.2 ops/sec) Did 32032 ECDH P-256 operations in 10056486us (3185.2 ops/sec) Did 96354 ECDSA P-256 signing operations in 10007297us (9628.4 ops/sec) Did 37774 ECDSA P-256 verify operations in 10044892us (3760.5 ops/sec) After: Did 343000 Ed25519 key generation operations in 10025108us (34214.1 ops/sec) [-2.2%] Did 340000 Ed25519 signing operations in 10014870us (33949.5 ops/sec) [-1.2%] Did 192000 Ed25519 verify operations in 10025082us (19152.0 ops/sec) [-2.5%] Did 355000 Curve25519 base-point multiplication operations in 10013220us (35453.1 ops/sec) [-2.0%] Did 231000 Curve25519 arbitrary point multiplication operations in 10010775us (23075.1 ops/sec) [-1.6%] Did 31540 ECDH P-256 operations in 10009664us (3151.0 ops/sec) [-1.1%] Did 99012 ECDSA P-256 signing operations in 10090296us (9812.6 ops/sec) [+1.9%] Did 37695 ECDSA P-256 verify operations in 10092859us (3734.8 ops/sec) [-0.7%] x86_64, Clang 8.0.0 trunk 349417 (Note these P-256 numbers are not affected by this change. Included to get a sense of noise.) Before: Did 600000 Ed25519 key generation operations in 10000278us (59998.3 ops/sec) Did 595000 Ed25519 signing operations in 10010375us (59438.3 ops/sec) Did 184000 Ed25519 verify operations in 10013984us (18374.3 ops/sec) Did 636000 Curve25519 base-point multiplication operations in 10005250us (63566.6 ops/sec) Did 229000 Curve25519 arbitrary point multiplication operations in 10006059us (22886.1 ops/sec) Did 179250 ECDH P-256 operations in 10026354us (17877.9 ops/sec) Did 547000 ECDSA P-256 signing operations in 10017585us (54604.0 ops/sec) Did 197000 ECDSA P-256 verify operations in 10013020us (19674.4 ops/sec) After: Did 560000 Ed25519 key generation operations in 10009295us (55948.0 ops/sec) [-6.8%] Did 548000 Ed25519 signing operations in 10007912us (54756.7 ops/sec) [-7.9%] Did 170000 Ed25519 verify operations in 10056948us (16903.7 ops/sec) [-8.0%] Did 592000 Curve25519 base-point multiplication operations in 10016818us (59100.6 ops/sec) [-7.0%] Did 214000 Curve25519 arbitrary point multiplication operations in 10043918us (21306.4 ops/sec) [-6.9%] Did 180000 ECDH P-256 operations in 10026019us (17953.3 ops/sec) [+0.4%] Did 550000 ECDSA P-256 signing operations in 10004943us (54972.8 ops/sec) [+0.7%] Did 198000 ECDSA P-256 verify operations in 10021714us (19757.1 ops/sec) [+0.4%] x86_64, Clang 8.0.0 trunk 349417, OPENSSL_SMALL Before: Did 326000 Ed25519 key generation operations in 10003266us (32589.4 ops/sec) Did 322000 Ed25519 signing operations in 10026783us (32114.0 ops/sec) Did 181000 Ed25519 verify operations in 10015635us (18071.7 ops/sec) Did 335000 Curve25519 base-point multiplication operations in 10000359us (33498.8 ops/sec) Did 224000 Curve25519 arbitrary point multiplication operations in 10027245us (22339.1 ops/sec) Did 68552 ECDH P-256 operations in 10018900us (6842.3 ops/sec) Did 184000 ECDSA P-256 signing operations in 10014516us (18373.3 ops/sec) Did 76020 ECDSA P-256 verify operations in 10016891us (7589.2 ops/sec) After: Did 310000 Ed25519 key generation operations in 10022086us (30931.7 ops/sec) [-5.1%] Did 308000 Ed25519 signing operations in 10007543us (30776.8 ops/sec) [-4.2%] Did 173000 Ed25519 verify operations in 10005829us (17289.9 ops/sec) [-4.3%] Did 321000 Curve25519 base-point multiplication operations in 10027058us (32013.4 ops/sec) [-4.4%] Did 212000 Curve25519 arbitrary point multiplication operations in 10015203us (21167.8 ops/sec) [-5.2%] Did 64059 ECDH P-256 operations in 10042781us (6378.6 ops/sec) [-6.8%] Did 170000 ECDSA P-256 signing operations in 10030896us (16947.6 ops/sec) [-7.8%] Did 72176 ECDSA P-256 verify operations in 10075369us (7163.6 ops/sec) [-5.6%] Bug: 254 Change-Id: Ib04c773f01b542bcb8611cceb582466bfa6f6d52 Reviewed-on: https://boringssl-review.googlesource.com/c/34306 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com> |
||
Martin Kreichgauer
|
8041d8c40e |
third_party: re-format METATADA files
Change-Id: Ic2e9f54f5ced053c1463d5c09a74db5b2a3ea098 Reviewed-on: https://boringssl-review.googlesource.com/26224 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |
||
Martin Kreichgauer
|
40e8c921ca |
change URL type in third_party METADATA files to GIT
Change-Id: Ibaf1b4d64a651c39b073f3c4a7aa861d9c728f8b Reviewed-on: https://boringssl-review.googlesource.com/22704 Reviewed-by: David Benjamin <davidben@google.com> |
||
Martin Kreichgauer
|
aa4c3f218e |
fix a typo in third_party/fiat/METADATA
Change-Id: I91626b4e84f4a6b53be94d5e4823c634b6e7a5a1 Reviewed-on: https://boringssl-review.googlesource.com/22684 Reviewed-by: David Benjamin <davidben@google.com> |
||
Adam Langley
|
b2c312d670 |
curve25519: fiat-crypto field arithmetic.
Each operation was translated from fiat-crypto output using fiat-crypto prettyprint.py. For example fe_mul is synthesized in https://github.com/mit-plv/fiat-crypto/blob/master/src/Specific/X25519/C32/femul.v, and shown in the last Coq-compatible form at https://github.com/mit-plv/fiat-crypto/blob/master/src/Specific/X25519/C32/femulDisplay.log. Benchmarks on Google Cloud's unidentified Intel Xeon with AVX2: git checkout $VARIANT && ( cd build && rm -rf * && CC=clang CXX=clang++ cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -DCMAKE_BUILD_TYPE=Release .. && ninja && ./tool/bssl speed -filter 25519 ) this branch: Did 11382 Ed25519 key generation operations in 1053046us (10808.6 ops/sec) Did 11169 Ed25519 signing operations in 1038080us (10759.3 ops/sec) Did 2925 Ed25519 verify operations in 1001346us (2921.1 ops/sec) Did 12000 Curve25519 base-point multiplication operations in 1084851us (11061.4 ops/sec) Did 3850 Curve25519 arbitrary point multiplication operations in 1085565us (3546.5 ops/sec) Did 11466 Ed25519 key generation operations in 1049821us (10921.9 ops/sec) Did 11000 Ed25519 signing operations in 1013317us (10855.4 ops/sec) Did 3047 Ed25519 verify operations in 1043846us (2919.0 ops/sec) Did 12000 Curve25519 base-point multiplication operations in 1068924us (11226.2 ops/sec) Did 3850 Curve25519 arbitrary point multiplication operations in 1090598us (3530.2 ops/sec) Did 10309 Ed25519 key generation operations in 1003320us (10274.9 ops/sec) Did 11000 Ed25519 signing operations in 1017862us (10807.0 ops/sec) Did 3135 Ed25519 verify operations in 1098624us (2853.6 ops/sec) Did 9000 Curve25519 base-point multiplication operations in 1046608us (8599.2 ops/sec) Did 3132 Curve25519 arbitrary point multiplication operations in 1038963us (3014.5 ops/sec) master: Did 11564 Ed25519 key generation operations in 1068762us (10820.0 ops/sec) Did 11104 Ed25519 signing operations in 1024278us (10840.8 ops/sec) Did 3206 Ed25519 verify operations in 1049179us (3055.7 ops/sec) Did 12000 Curve25519 base-point multiplication operations in 1073619us (11177.1 ops/sec) Did 3550 Curve25519 arbitrary point multiplication operations in 1000279us (3549.0 ops/sec) andreser@linux-andreser:~/boringssl$ build/tool/bssl speed -filter 25519 Did 11760 Ed25519 key generation operations in 1072495us (10965.1 ops/sec) Did 10800 Ed25519 signing operations in 1003486us (10762.5 ops/sec) Did 3245 Ed25519 verify operations in 1080399us (3003.5 ops/sec) Did 12000 Curve25519 base-point multiplication operations in 1076021us (11152.2 ops/sec) Did 3570 Curve25519 arbitrary point multiplication operations in 1005087us (3551.9 ops/sec) andreser@linux-andreser:~/boringssl$ build/tool/bssl speed -filter 25519 Did 11438 Ed25519 key generation operations in 1041115us (10986.3 ops/sec) Did 11000 Ed25519 signing operations in 1012589us (10863.2 ops/sec) Did 3312 Ed25519 verify operations in 1082834us (3058.6 ops/sec) Did 12000 Curve25519 base-point multiplication operations in 1061318us (11306.7 ops/sec) Did 3580 Curve25519 arbitrary point multiplication operations in 1004923us (3562.5 ops/sec) squashed: curve25519: convert field constants to unsigned. import re, sys, math def weight(i): return 2**int(math.ceil(25.5*i)) def convert(t): limbs = [x for x in t.groups() if x.replace('-','').isdigit()] v = sum(weight(i)*x for (i,x) in enumerate(map(int, limbs))) % (2**255-19) limbs = [(v % weight(i+1)) // weight(i) for i in range(10)] assert v == sum(weight(i)*x for (i,x) in enumerate(limbs)) i = 0 ret = '' for s in t.groups(): if s.replace('-','').isdigit(): ret += str(limbs[i]) i += 1 else: ret += s return ret fe_re = re.compile(r'(\s*,\s*)'.join(r'(-?\d+)' for i in range(10))) print (re.sub(fe_re, convert, sys.stdin.read())) Change-Id: Ibd4f7f5c38e5c4d61c9826afb406baebe2be5168 Reviewed-on: https://boringssl-review.googlesource.com/22385 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> |