Age | Commit message (Collapse) | Author |
|
This makes Gerrit recognize the rename of the field implementation and
facilitates the review. No code changes.
For #52182
Change-Id: I827004e175db1ae2fcdf17d0f586ff21503d27e3
Reviewed-on: https://go-review.googlesource.com/c/go/+/390754
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
Not quite golang.org/wiki/TargetSpecific compliant, but almost.
The only substantial code change is in randFieldElement: it used to use
Params().BitSize instead of Params().N.BitLen(), which is semantically
incorrect, even if the two values are the same for all named curves.
For #52182
Change-Id: Ibc47450552afe23ea74fcf55d1d799d5d7e5487c
Reviewed-on: https://go-review.googlesource.com/c/go/+/315273
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
When these packages are released as part of Go 1.18,
Go 1.16 will no longer be supported, so we can remove
the +build tags in these files.
Ran go fix -fix=buildtag std cmd and then reverted the bootstrapDirs
as defined in src/cmd/dist/buildtool.go, which need to continue
to build with Go 1.4 for now.
Also reverted src/vendor and src/cmd/vendor, which will need
to be updated in their own repos first.
Manual changes in runtime/pprof/mprof_test.go to adjust line numbers.
For #41184.
Change-Id: Ic0f93f7091295b6abc76ed5cd6e6746e1280861e
Reviewed-on: https://go-review.googlesource.com/c/go/+/344955
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
This change alters the CurveParam methods to upgrade from the generic
curve implementation to the specific P224 or P256 implementations when
called on the embedded CurveParams. This removes the trap of using
elliptic.P224().Params() instead of elliptic.P224(), for example, which
results in using the generic implementation instead of the optimized
constant time one. For P224 this is done for all of the CurveParams
methods, except Params, as the optimized implementation covers all
these methods. For P256 this is only done for ScalarMult and
ScalarBaseMult, as despite having implementations of addition and
doubling they aren't exposed and instead the generic implementation is
used. For P256 an additional check that there actually is a specific
implementation is added, as unlike the P224 implementation the P256 one
is only available on certain platforms.
This change takes the simple, fast approach to checking this, it simply
compares pointers. This removes the most obvious class of mistakes
people make, but still allows edge cases where the embedded CurveParams
pointer has been dereferenced (as seen in the unit tests) or when someone
has manually constructed their own CurveParams that matches one of the
standard curves. A more complex approach could be taken to also address
these cases, but it would require directly comparing all of the
CurveParam fields which would, in the worst case, require comparing
against two standard CurveParam sets in the ScalarMult and
ScalarBaseMult paths, which are likely to be the hottest already.
Updates #34648
Change-Id: I82d752f979260394632905c15ffe4f65f4ffa376
Reviewed-on: https://go-review.googlesource.com/c/go/+/233939
Trust: Roland Shoemaker <roland@golang.org>
Trust: Katie Hockman <katie@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
Make all our package sources use Go 1.17 gofmt format
(adding //go:build lines).
Part of //go:build change (#41184).
See https://golang.org/design/draft-gobuild
Change-Id: Ia0534360e4957e58cd9a18429c39d0e32a6addb4
Reviewed-on: https://go-review.googlesource.com/c/go/+/294430
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
This adds an asm implementation of the p256 functions used
in crypto/elliptic, utilizing VMX, VSX to improve performance.
On a power9 the improvement is:
elliptic benchmarks:
name old time/op new time/op delta
BaseMult 1.40ms ± 0% 1.44ms ± 0% +2.66% (p=0.029 n=4+4)
BaseMultP256 317µs ± 0% 50µs ± 0% -84.14% (p=0.029 n=4+4)
ScalarMultP256 854µs ± 2% 214µs ± 0% -74.91% (p=0.029 n=4+4)
ecdsa benchmarks:
name old time/op new time/op delta
SignP256 377µs ± 0% 111µs ± 0% -70.57% (p=0.029 n=4+4)
SignP384 6.55ms ± 0% 6.48ms ± 0% -1.03% (p=0.029 n=4+4)
VerifyP256 1.19ms ± 0% 0.26ms ± 0% -78.54% (p=0.029 n=4+4)
KeyGeneration 319µs ± 0% 52µs ± 0% -83.56% (p=0.029 n=4+4)
This implemenation is based on the s390x implementation, using
comparable instructions for most with some minor changes where the
instructions are not quite the same.
Some changes were also needed since s390x is big endian and ppc64le
is little endian.
This also enables the fuzz_test for ppc64le.
Change-Id: I59a69515703b82ad2929f68ba2f11208fa833181
Reviewed-on: https://go-review.googlesource.com/c/go/+/168478
Run-TryBot: Lynn Boger <laboger@linux.vnet.ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Michael Munday <mike.munday@ibm.com>
|
|
This patch ports the existing optimized P256 implementation to arm64.
name old time/op new time/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 539µs ±13% 43µs ± 2% -91.95% (p=0.000 n=20+20)
SignP384 13.2ms ± 1% 13.2ms ± 1% ~ (p=0.739 n=10+10)
VerifyP256 1.57ms ± 0% 0.12ms ± 0% -92.40% (p=0.000 n=18+20)
KeyGeneration 391µs ± 0% 25µs ± 0% -93.62% (p=0.000 n=9+9)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 1.66ms ± 0% 1.65ms ± 1% ~ (p=0.079 n=9+10)
BaseMultP256 389µs ± 0% 22µs ± 1% -94.28% (p=0.000 n=19+20)
ScalarMultP256 1.03ms ± 0% 0.09ms ± 0% -91.25% (p=0.000 n=19+20)
name old alloc/op new alloc/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 5.47kB ± 0% 3.20kB ± 0% -41.50% (p=0.000 n=20+20)
SignP384 2.32MB ± 0% 2.32MB ± 0% ~ (p=0.739 n=10+10)
VerifyP256 7.65kB ± 4% 0.98kB ± 0% -87.24% (p=0.000 n=20+20)
KeyGeneration 1.41kB ± 0% 0.69kB ± 0% -51.05% (p=0.000 n=9+10)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 224B ± 0% 224B ± 0% ~ (all equal)
BaseMultP256 1.12kB ± 0% 0.29kB ± 0% -74.29% (p=0.000 n=20+20)
ScalarMultP256 1.59kB ± 7% 0.26kB ± 0% -83.91% (p=0.000 n=20+20)
name old allocs/op new allocs/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 67.0 ± 0% 35.0 ± 0% -47.76% (p=0.000 n=20+20)
SignP384 17.5k ± 0% 17.5k ± 0% ~ (p=0.725 n=10+10)
VerifyP256 97.2 ± 3% 17.0 ± 0% -82.52% (p=0.000 n=20+20)
KeyGeneration 21.0 ± 0% 13.0 ± 0% -38.10% (p=0.000 n=10+10)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 5.00 ± 0% 5.00 ± 0% ~ (all equal)
BaseMultP256 16.0 ± 0% 6.0 ± 0% -62.50% (p=0.000 n=20+20)
ScalarMultP256 19.9 ± 6% 5.0 ± 0% -74.87% (p=0.000 n=20+20)
Fixes #22806
Change-Id: I12b343a27e6544189334f99c84242bb59db70a76
Reviewed-on: https://go-review.googlesource.com/121360
Run-TryBot: Vlad Krasnov <vlad@cloudflare.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Vlad Krasnov <vlad@cloudflare.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
This reverts commit 0246915fbfcc41870173b7f016dc7fa9437bbc13.
Reason for revert: Broke darwin/arm64 builds.
Change-Id: Iead935d345c4776c0f823f4c152e02bdda308401
Reviewed-on: https://go-review.googlesource.com/121375
Reviewed-by: Andrew Bonventre <andybons@golang.org>
|
|
This patch ports the existing optimized P256 implementation to arm64.
name old time/op new time/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 539µs ±13% 43µs ± 2% -91.95% (p=0.000 n=20+20)
SignP384 13.2ms ± 1% 13.2ms ± 1% ~ (p=0.739 n=10+10)
VerifyP256 1.57ms ± 0% 0.12ms ± 0% -92.40% (p=0.000 n=18+20)
KeyGeneration 391µs ± 0% 25µs ± 0% -93.62% (p=0.000 n=9+9)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 1.66ms ± 0% 1.65ms ± 1% ~ (p=0.079 n=9+10)
BaseMultP256 389µs ± 0% 22µs ± 1% -94.28% (p=0.000 n=19+20)
ScalarMultP256 1.03ms ± 0% 0.09ms ± 0% -91.25% (p=0.000 n=19+20)
name old alloc/op new alloc/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 5.47kB ± 0% 3.20kB ± 0% -41.50% (p=0.000 n=20+20)
SignP384 2.32MB ± 0% 2.32MB ± 0% ~ (p=0.739 n=10+10)
VerifyP256 7.65kB ± 4% 0.98kB ± 0% -87.24% (p=0.000 n=20+20)
KeyGeneration 1.41kB ± 0% 0.69kB ± 0% -51.05% (p=0.000 n=9+10)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 224B ± 0% 224B ± 0% ~ (all equal)
BaseMultP256 1.12kB ± 0% 0.29kB ± 0% -74.29% (p=0.000 n=20+20)
ScalarMultP256 1.59kB ± 7% 0.26kB ± 0% -83.91% (p=0.000 n=20+20)
name old allocs/op new allocs/op delta
pkg:crypto/ecdsa goos:linux goarch:arm64
SignP256 67.0 ± 0% 35.0 ± 0% -47.76% (p=0.000 n=20+20)
SignP384 17.5k ± 0% 17.5k ± 0% ~ (p=0.725 n=10+10)
VerifyP256 97.2 ± 3% 17.0 ± 0% -82.52% (p=0.000 n=20+20)
KeyGeneration 21.0 ± 0% 13.0 ± 0% -38.10% (p=0.000 n=10+10)
pkg:crypto/elliptic goos:linux goarch:arm64
BaseMult 5.00 ± 0% 5.00 ± 0% ~ (all equal)
BaseMultP256 16.0 ± 0% 6.0 ± 0% -62.50% (p=0.000 n=20+20)
ScalarMultP256 19.9 ± 6% 5.0 ± 0% -74.87% (p=0.000 n=20+20)
Fixes #22806
Change-Id: I0f187074f8c3069bf8692d59e2cf95bdc6061fe7
Reviewed-on: https://go-review.googlesource.com/99755
Run-TryBot: Vlad Krasnov <vlad@cloudflare.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brendan McMillion <brendan@cloudflare.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
A paranoid go at constant time implementation of P256 curve.
This code relies on z13 SIMD instruction set. For zEC12 and below,
the fallback is the existing P256 implementation. To facilitate this
fallback mode, I've refactored the code so that implementations can
be picked at run-time.
Its 'slightly' difficult to grok, but there is ASCII art..
name old time/op new time/op delta
BaseMultP256 419µs ± 3% 27µs ± 1% -93.65% (p=0.000 n=10+8)
ScalarMultP256 1.05ms ±10% 0.09ms ± 1% -90.94% (p=0.000 n=10+8)
Change-Id: Ic1ded898a2ceab055b1c69570c03179c4b85b177
Reviewed-on: https://go-review.googlesource.com/31231
Run-TryBot: Michael Munday <munday@ca.ibm.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Michael Munday <munday@ca.ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|