Commit Graph

38 Commits

Author SHA1 Message Date
Denys Vlasenko
17e6fb06b3 tls: whitespace fix
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 21:22:36 +02:00
Denys Vlasenko
5e9c617021 tls: P256: sp_256_sub_8_p256_mod always subtracts in-place, use that
i386:

function                                             old     new   delta
sp_256_mont_reduce_8                                 245     243      -2
sp_256_mont_dbl_8                                     26      24      -2
sp_256_ecc_mulmod_8                                 1161    1157      -4
sp_256_proj_point_dbl_8                              359     353      -6
sp_256_sub_8_p256_mod                                 71      32     -39
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/5 up/down: 0/-53)             Total: -53 bytes

non-asm code:

function                                             old     new   delta
sp_256_sub_8_p256_mod                                  -      12     +12
sp_256_mont_reduce_8                                 250     243      -7
sp_256_mont_dbl_8                                     31      24      -7
sp_256_ecc_mulmod_8                                 1171    1157     -14
sp_256_proj_point_dbl_8                              374     353     -21
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/4 up/down: 12/-49)            Total: -37 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 20:19:30 +02:00
Denys Vlasenko
87e3f2e9f8 tls: P256: x86-64 optimized sp_256_sub_8_p256_mod
function                                             old     new   delta
sp_256_sub_8_p256_mod                                  -      53     +53
sp_256_mont_reduce_8                                 223     217      -6
sp_256_mont_dbl_8                                     38      32      -6
sp_256_ecc_mulmod_8                                 1535    1529      -6
sp_256_proj_point_dbl_8                              469     454     -15
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/4 up/down: 53/-33)             Total: 20 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 19:59:39 +02:00
Denys Vlasenko
911344a998 tls: P256: x86-64 assembly
function                                             old     new   delta
sp_256_mont_mul_8                                    127     155     +28
sp_256_proj_point_dbl_8                              448     469     +21
sp_256_mont_sub_8                                     23      35     +12
sp_256_mont_dbl_8                                     26      38     +12
sp_256_sub_8                                          44      49      +5
sp_256_ecc_mulmod_8                                 1530    1535      +5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 6/0 up/down: 83/0)               Total: 83 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 17:17:34 +02:00
Denys Vlasenko
22fd8fd3f4 tls: P256: tweak arm assembly (currently disabled)
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 16:10:49 +02:00
Denys Vlasenko
d74993d31d tls: P@256: remove "header comment is kept intact" comment
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 14:28:47 +02:00
Denys Vlasenko
567eefcaf8 tls: P256: do not dumplicate sp_256_sub_8()
function                                             old     new   delta
sp_256_proj_point_dbl_8                              359     374     +15
sp_256_ecc_mulmod_8                                 1159    1171     +12
sp_256_mont_reduce_8                                 245     250      +5
sp_256_mont_dbl_8                                     26      31      +5
sp_256_sub_8_p256_mod                                 43       -     -43
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 4/0 up/down: 37/-43)             Total: -6 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 14:25:54 +02:00
Denys Vlasenko
00f2cceb6a tls: P256: shrink sp_256_mul_add_8 a bit more
function                                             old     new   delta
sp_256_mont_reduce_8                                 257     245     -12

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 10:15:29 +02:00
Denys Vlasenko
c784284615 tls: P256: propagate constants, create dedicated "subtract p256_mod" function
8 instances of this subtraction probably warrant a few bytes more of code.

function                                             old     new   delta
sp_256_sub_8_p256_mod                                  -      71     +71
sp_256_mont_sub_8                                      -      29     +29
sp_256_mont_dbl_8                                      -      26     +26
sp_256_mont_reduce_8                                 262     257      -5
sp_256_ecc_mulmod_8                                 1171    1161     -10
sp_256_proj_point_dbl_8                              374     359     -15
static.sp_256_mont_sub_8                              29       -     -29
static.sp_256_mont_dbl_8                              31       -     -31
------------------------------------------------------------------------------
(add/remove: 3/2 grow/shrink: 0/3 up/down: 126/-90)            Total: 36 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 01:11:48 +02:00
Denys Vlasenko
2430fcfd8d tls: optimize sp_256_mont_reduce_8 in P256
The code size decrease is small, but we eliminate ALL multiplies!

function                                             old     new   delta
sp_256_mont_reduce_8                                 268     262      -6

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-06 00:24:03 +02:00
Denys Vlasenko
bbd723ebec tls: optimize sp_256_mul_8 in P256
function                                             old     new   delta
sp_256_mont_mul_8                                    151     150      -1

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 23:19:18 +02:00
Denys Vlasenko
3b411ebbfc tls: replace "26-bit" P256 code with 32-bit one.
function                                             old     new   delta
sp_256_ecc_mulmod_8                                    -    1171   +1171
sp_256_mod_mul_norm_8                                  -     834    +834
sp_256_proj_point_dbl_8                                -     374    +374
sp_256_mont_reduce_8                                   -     268    +268
sp_256_mont_mul_8                                      -     151    +151
sp_256_sub_8                                           -      76     +76
sp_256_add_8                                           -      76     +76
sp_256_cmp_8                                           -      38     +38
static.sp_256_mont_dbl_8                               -      31     +31
static.sp_256_mont_sub_8                               -      29     +29
sp_256_to_bin_8                                        -      28     +28
sp_256_point_from_bin2x32                             50      73     +23
sp_256_mont_sqr_8                                      -       7      +7
sp_256_mont_sqr_10                                     7       -      -7
p256_mod                                              40      32      -8
curve_P256_compute_pubkey_and_premaster              186     167     -19
sp_256_sub_10                                         22       -     -22
sp_256_add_10                                         22       -     -22
sp_256_cmp_10                                         24       -     -24
sp_256_norm_10                                        31       -     -31
static.sp_256_mont_sub_10                             49       -     -49
static.sp_256_mont_dbl_10                             52       -     -52
static.sp_256_mul_add_10                              82       -     -82
sp_256_from_bin_10                                   119       -    -119
sp_256_to_bin_10                                     120       -    -120
sp_256_mont_reduce_10                                178       -    -178
sp_256_mont_mul_10                                   214       -    -214
sp_256_proj_point_dbl_10                             451       -    -451
sp_256_ecc_mulmod_10                                1216       -   -1216
sp_256_mod_mul_norm_10                              1305       -   -1305
------------------------------------------------------------------------------
(add/remove: 12/15 grow/shrink: 1/2 up/down: 3106/-3919)     Total: -813 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 20:01:38 +02:00
Denys Vlasenko
55578f2fb7 tls: fix the case of sp_256_mont_tpl_10() leaving striay high bits
It has no effect on correctness, but interferes with compating internal state
of different implementations.

function                                             old     new   delta
sp_256_proj_point_dbl_10                             443     451      +8
static.sp_256_mont_sub_10                             46      49      +3
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 11/0)               Total: 11 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 19:46:39 +02:00
Denys Vlasenko
81d8af1970 tls: fix (what looks like) a rare corner case bug in P256
function                                             old     new   delta
static.sp_256_mont_sub_10                             30      46     +16

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 17:31:33 +02:00
Denys Vlasenko
92402d5e0a tls: remove one overzealous debugging statement
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 14:01:52 +02:00
Denys Vlasenko
137864f559 tls: add debugging scaffolding to P256 code
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 13:50:11 +02:00
Denys Vlasenko
389329efbe tls: another P256 code shrink
Propagate constant arrays and scalars deeper down call chain.
Use sp_256_mont_mul_10 to implement sp_256_mont_sqr_10.

function                                             old     new   delta
sp_256_mont_mul_10                                     -     214    +214
sp_256_mont_reduce_10                                  -     178    +178
sp_256_mont_sqr_10                                     -       7      +7
static.sp_256_mont_reduce_10                         178       -    -178
static.sp_256_mont_mul_10                            214       -    -214
static.sp_256_mont_sqr_10                            234       -    -234
------------------------------------------------------------------------------
(add/remove: 3/3 grow/shrink: 0/0 up/down: 399/-626)         Total: -227 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 13:39:33 +02:00
Denys Vlasenko
e730505034 tls: P256 code shrink
function                                             old     new   delta
sp_256_to_bin_10                                       -     120    +120
sp_256_from_bin_10                                     -     119    +119
sp_256_proj_point_dbl_10                             446     443      -3
curve_P256_compute_pubkey_and_premaster              191     186      -5
sp_256_point_from_bin2x32                             62      50     -12
sp_256_to_bin                                        120       -    -120
static.sp_256_from_bin                               149       -    -149
------------------------------------------------------------------------------
(add/remove: 2/2 grow/shrink: 0/3 up/down: 239/-289)          Total: -50 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-05 13:32:04 +02:00
Denys Vlasenko
7714518f1a tls: code shrink P256 code
function                                             old     new   delta
sp_256_to_bin                                        148     120     -28

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-10-01 13:51:39 +02:00
Denys Vlasenko
ac36e70074 tls: remove unused define
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-09-30 00:03:23 +02:00
Denys Vlasenko
81f9a0035b tls: tweak sp_256_ecc_gen_k_10 for smaller code
function                                             old     new   delta
curve_P256_compute_pubkey_and_premaster              194     191      -3

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 18:48:43 +02:00
Denys Vlasenko
840ae69615 tls: shrink sp_256_mod_mul_norm_10 more
function                                             old     new   delta
sp_256_mod_mul_norm_10                              1439    1305    -134

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 13:32:19 +02:00
Denys Vlasenko
646e856294 tls: shrink sp_256_mod_mul_norm_10
function                                             old     new   delta
sp_256_mod_mul_norm_10                              1439    1405     -34

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 13:09:44 +02:00
Denys Vlasenko
48a18d15df tls: shrink p256_base more
function                                             old     new   delta
static.p256_base_bin                                   -      64     +64
sp_256_point_from_bin2x32                              -      62     +62
static.base_y                                         40       -     -40
static.base_x                                         40       -     -40
curve_P256_compute_pubkey_and_premaster              291     194     -97
------------------------------------------------------------------------------
(add/remove: 2/2 grow/shrink: 0/1 up/down: 126/-177)          Total: -51 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 12:24:21 +02:00
Denys Vlasenko
39a3ef51b5 tls: shrink p256_base
function                                             old     new   delta
curve_P256_compute_pubkey_and_premaster              196     291     +95
static.base_y                                          -      40     +40
static.base_x                                          -      40     +40
p256_base                                            244       -    -244
------------------------------------------------------------------------------
(add/remove: 2/1 grow/shrink: 1/0 up/down: 175/-244)          Total: -69 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 01:32:05 +02:00
Denys Vlasenko
a2bc52dd44 tls: reorder P256 functions to make more sense
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 01:21:26 +02:00
Denys Vlasenko
e52e43c72f tls: whitespace fixes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-27 00:40:40 +02:00
Denys Vlasenko
9a40be433d tls: get rid of constant-time add/sub operations
function                                             old     new   delta
sp_256_sub_10                                          -      22     +22
static.sp_256_mont_reduce_10                         176     178      +2
sp_256_mod_mul_norm_10                              1440    1439      -1
sp_256_proj_point_dbl_10                             453     446      -7
sp_256_ecc_mulmod_10                                1229    1216     -13
static.sp_256_mont_sub_10                             52      30     -22
static.sp_256_cond_sub_10                             32       -     -32
------------------------------------------------------------------------------
(add/remove: 1/1 grow/shrink: 1/4 up/down: 24/-75)            Total: -51 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 21:58:04 +02:00
Denys Vlasenko
120401249a tls: fix whitespace in P256 code
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 20:24:34 +02:00
Denys Vlasenko
93b886f54b tls: shrink sp_256_mont_inv_10
function                                             old     new   delta
sp_256_ecc_mulmod_10                                1237    1251     +14
p256_mod_2                                            32       -     -32
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/0 up/down: 14/-32)            Total: -18 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 18:05:53 +02:00
Denys Vlasenko
6381f3d4f6 tls: stop passing temporary buffer address in P256 code
function                                             old     new   delta
sp_256_proj_point_dbl_10                             435     453     +18
sp_256_ecc_mulmod_10                                1300    1237     -63
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/1 up/down: 18/-63)            Total: -45 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 17:41:43 +02:00
Denys Vlasenko
772e18775e tls: shrink sp_256_proj_point_dbl_10
function                                             old     new   delta
sp_256_ecc_mulmod_10                                1329    1300     -29

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 17:25:27 +02:00
Denys Vlasenko
b3b1713a58 tls: in P256 replace constant-time compares with usual ones
function                                             old     new   delta
sp_256_cmp_10                                          -      24     +24
sp_256_ecc_mulmod_10                                1332    1329      -3
sp_256_cmp_equal_10                                   30       -     -30
static.sp_256_cmp_10                                  43       -     -43
------------------------------------------------------------------------------
(add/remove: 1/2 grow/shrink: 0/1 up/down: 24/-76)            Total: -52 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 16:53:53 +02:00
Denys Vlasenko
4d3a5c135c tls: simplify sp_256_proj_point_dbl_10
function                                             old     new   delta
sp_256_proj_point_dbl_10                             490     435     -55

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 15:21:38 +02:00
Denys Vlasenko
03ab2a90bb tls: simplify array manipulations in sp_256_ecc_mulmod_10
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 14:55:46 +02:00
Denys Vlasenko
166363f47d tls: get rid of address obfuscation trick in P256
function                                             old     new   delta
addr_mask                                              8       -      -8
sp_256_ecc_mulmod_10                                1363    1330     -33
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 0/1 up/down: 0/-41)             Total: -41 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 14:40:21 +02:00
Denys Vlasenko
074b33bf16 tls: simplify sp_256_ecc_gen_k_10, cosmetic changes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 14:33:38 +02:00
Denys Vlasenko
f18a1fd6f3 tls: implement secp256r1 elliptic curve (aka P256)
function                                             old     new   delta
sp_256_mod_mul_norm_10                                 -    1439   +1439
sp_256_ecc_mulmod_10                                   -    1363   +1363
sp_256_proj_point_dbl_10                               -     490    +490
p256_base                                              -     244    +244
static.sp_256_mont_sqr_10                              -     234    +234
static.sp_256_mont_mul_10                              -     214    +214
curve_P256_compute_pubkey_and_premaster                -     197    +197
static.sp_256_mont_reduce_10                           -     176    +176
static.sp_256_from_bin                                 -     149    +149
sp_256_to_bin                                          -     148    +148
tls_handshake                                       2046    2146    +100
static.sp_256_mul_add_10                               -      82     +82
.rodata                                           103275  103336     +61
static.sp_256_mont_sub_10                              -      52     +52
static.sp_256_mont_dbl_10                              -      52     +52
static.sp_256_cmp_10                                   -      43     +43
p256_mod                                               -      40     +40
static.sp_256_cond_sub_10                              -      32     +32
p256_mod_2                                             -      32     +32
sp_256_norm_10                                         -      31     +31
sp_256_cmp_equal_10                                    -      30     +30
sp_256_add_10                                          -      22     +22
addr_mask                                              -       8      +8
------------------------------------------------------------------------------
(add/remove: 22/0 grow/shrink: 2/0 up/down: 5239/0)          Total: 5239 bytes
   text	   data	    bss	    dec	    hex	filename
1018192	    559	   5020	1023771	  f9f1b	busybox_old
1023431	    559	   5020	1029010	  fb392	busybox_unstripped

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2021-04-26 13:30:09 +02:00