Tag:
Branch:
Tree:
b7d6320be9
2214
2272
2311
2357
2490
2564
2623
2661
2704
2785
2883
2924
2987
3029
3071
3112
3202
3239
3282
3359
3538
3945
chromium-2214
chromium-2272
chromium-2311
chromium-2357
chromium-2490
chromium-2564
chromium-2623
chromium-2661
chromium-2704
chromium-2883
chromium-2924
chromium-2987
chromium-3029
chromium-3071
chromium-3112
chromium-3202
chromium-3239
chromium-3282
chromium-3359
chromium-3538
chromium-3945
chromium-5359
chromium-5414
chromium-stable
chromium-stable-with-bazel
dependabot/go_modules/golang.org/x/net-0.23.0
esni
fips-20180730
fips-20220613
fips-20230428
fips-20240407
fips-android-20191008
grpc-202302
infra/config
main-with-bazel
master
master-with-bazel
fips-20170615
fips-20180730
fips-20190808
fips-20210429
fips-20220613
fips-android-20191020
version_for_cocoapods_1.0
version_for_cocoapods_10.0
version_for_cocoapods_2.0
version_for_cocoapods_3.0
version_for_cocoapods_4.0
version_for_cocoapods_5.0
version_for_cocoapods_6.0
version_for_cocoapods_7.0
version_for_cocoapods_8.0
version_for_cocoapods_9.0
${ noResults }
2 Commits (b7d6320be91bdf132349e8384bd779ffcff3f030)
| Author | SHA1 | Message | Date |
|---|---|---|---|
David Benjamin
|
a8b1633d1c |
Use // instead of # for comments inside armv8 asm.
Using # has slightly ambiguous with the preprocessor. Fixed: 496 Change-Id: Ib718dde957ee541d580096128405a7edde3b1bd4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52785 Reviewed-by: Adam Langley <agl@google.com> |
2 years ago |
Nevine Ebeid
|
53a87b7c59 |
ChaCha20-Poly1305 for Armv8 (AArch64)
This work continues on top of the CL opened by Vlad Krasnov (https://boringssl-review.googlesource.com/c/boringssl/+/44364). The CL was thoroughly reviewed by David Benjamin but not merged due to some outstanding comments which this work addresses: - The flag check when doing the final reduction in poly1305 was changed from `eq` to `cs` - The CFI prologues and epilogues of open/seal were modified as recommended by David. - Added Pointer Authentication instruction to the functions that are exported from the assembly code as pointed out by David. Testing: - The current tests against ChaCha20-Poly1305 continue to pass. - More test vectors were produced using a Python script to try and prove that having `eq` instead of `cs` was a bug. They passed as well, but didn't result in the most significant word being non-zero after the reduction, which would have highlighted the bug. An argument about why it's unlikely to find the vector is detailed below. - `objdump -W|Wf|WF` was used to confirm the value of the CFA and the locations of the registers relative to the CFA were as expected. See https://www.imperialviolet.org/2017/01/18/cfi.html. Performance: | Size | Before (MB/s) | After (MB/s) | Improvement | | 16 bytes | 30.5 | 43.3 | 1.42x | | 256 bytes | 220.7 | 361.5 | 1.64x | | 1350 bytes | 285.9 | 639.4 | 2.24x | | 8192 bytes | 329.6 | 798.3 | 2.42x | | 16384 bytes | 331.9 | 814.9 | 2.46x | Explanation of the unlikelihood of finding a test vector: * the modulus is in t2:t1:t0 = 3 : FF..FF : FF..FB, each being a 64 bit word; i.e. t2 = 3, t1 = all 1s. * acc2 <= 4 after the previous reduction. * It is highly likely to have borrow = 1 from acc1 - t1 since t1 is all FFs. * So for almost all test vectors we have acc2 <= 4 and borrow = 1, thus (t2 = acc2 - t2 - borrow) will be 0 whenever acc > modulus. **It would be highly unlikely to find such a test vector with t2 > 0 after that final reduction:** Trying to craft that vector requires having acc and r of high values before their multiplication, yet ensuring that after the reduction (see Note) of their product, the resulting value of the accumulator has t2 = 4, all 1s in t1 and most of t0 so that no borrow occurs from acc1:acc0 - t1:t0. * Note: the reduction is basically carried by folding over the top 64+62 bits once, then folding them again shifted left by 2, resulting in adding 5 times those bits. Change-Id: If7d86b7a9b74ec3615ac2d7a97f80100dbfaee7f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51885 Reviewed-by: Adam Langley <alangley@gmail.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> |
3 years ago |