From owner-svn-src-head@freebsd.org Thu Oct 1 21:05:51 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9C008434124; Thu, 1 Oct 2020 21:05:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C2QdW3dvGz3SwT; Thu, 1 Oct 2020 21:05:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6053C17292; Thu, 1 Oct 2020 21:05:51 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 091L5pSN099335; Thu, 1 Oct 2020 21:05:51 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 091L5pAn099334; Thu, 1 Oct 2020 21:05:51 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <202010012105.091L5pAn099334@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Thu, 1 Oct 2020 21:05:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366344 - in head: lib/libmd sys/crypto/skein/amd64 X-SVN-Group: head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: in head: lib/libmd sys/crypto/skein/amd64 X-SVN-Commit-Revision: 366344 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2020 21:05:51 -0000 Author: emaste Date: Thu Oct 1 21:05:50 2020 New Revision: 366344 URL: https://svnweb.freebsd.org/changeset/base/366344 Log: libmd: fix assembly optimized skein implementation The assembly implementation incorrectly used logical AND instead of bitwise AND. Fix, and re-enable in libmd. Submitted by: Yang Zhong Reviewed by: cem (earlier) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D26614 Modified: head/lib/libmd/Makefile head/sys/crypto/skein/amd64/skein_block_asm.S Modified: head/lib/libmd/Makefile ============================================================================== --- head/lib/libmd/Makefile Thu Oct 1 20:08:27 2020 (r366343) +++ head/lib/libmd/Makefile Thu Oct 1 21:05:50 2020 (r366344) @@ -116,12 +116,12 @@ CFLAGS+= -DSHA1_ASM SRCS+= rmd160.S CFLAGS+= -DRMD160_ASM .endif -#.if exists(${MACHINE_ARCH}/skein_block_asm.S) -## Fully unroll all loops in the assembly optimized version -#ACFLAGS+= -DSKEIN_LOOP=0 -#SRCS+= skein_block_asm.S -#CFLAGS+= -DSKEIN_ASM -DSKEIN_USE_ASM=1792 # list of block functions to replace with assembly: 256+512+1024 = 1792 -#.endif +.if exists(${MACHINE_ARCH}/skein_block_asm.S) +# Fully unroll all loops in the assembly optimized version +ACFLAGS+= -DSKEIN_LOOP=0 +SRCS+= skein_block_asm.S +CFLAGS+= -DSKEIN_ASM -DSKEIN_USE_ASM=1792 # list of block functions to replace with assembly: 256+512+1024 = 1792 +.endif .if exists(${MACHINE_ARCH}/sha.S) || exists(${MACHINE_ARCH}/rmd160.S) || exists(${MACHINE_ARCH}/skein_block_asm.S) ACFLAGS+= -DELF -Wa,--noexecstack .endif Modified: head/sys/crypto/skein/amd64/skein_block_asm.S ============================================================================== --- head/sys/crypto/skein/amd64/skein_block_asm.S Thu Oct 1 20:08:27 2020 (r366343) +++ head/sys/crypto/skein/amd64/skein_block_asm.S Thu Oct 1 21:05:50 2020 (r366344) @@ -56,7 +56,7 @@ ROUNDS_512 = 8*((((SKEIN_ROUNDS / 10) + 5) % 10) + 5 ROUNDS_1024 = 8*((((SKEIN_ROUNDS ) + 5) % 10) + 5) # only display rounds if default size is changed on command line .irp _NN_,256,512,1024 - .if _USE_ASM_ && \_NN_ + .if _USE_ASM_ & \_NN_ .irp _RR_,%(ROUNDS_\_NN_) .if _NN_ < 1024 .print "+++ SKEIN_ROUNDS_\_NN_ = \_RR_" @@ -277,7 +277,7 @@ _STK_OFFS_ = 0 #starting offset f StackVar X_stk ,8*(WCNT) #local context vars StackVar ksTwk ,8*3 #key schedule: tweak words StackVar ksKey ,8*(WCNT)+8 #key schedule: key words - .if (SKEIN_ASM_UNROLL && (\BLK_BITS)) == 0 + .if (SKEIN_ASM_UNROLL & (\BLK_BITS)) == 0 StackVar ksRot ,16*(\KS_CNT) #leave space for "rotation" to happen .endif StackVar Wcopy ,8*(WCNT) #copy of input block @@ -397,15 +397,15 @@ _NN_ = _NN_ - 1 .macro Skein_Debug_Round BLK_BITS,R,RDI_OFFS,afterOp # call the appropriate (local) debug "function" pushq %rdx #save rdx, so we can use it for round "number" - .if (SKEIN_ASM_UNROLL && \BLK_BITS) || (\R >= SKEIN_RND_SPECIAL) + .if (SKEIN_ASM_UNROLL & \BLK_BITS) || (\R >= SKEIN_RND_SPECIAL) movq $\R,%rdx .else #compute round number using edi _rOffs_ = \RDI_OFFS + 0 .if \BLK_BITS == 1024 movq rIdx_offs+8(%rsp),%rdx #get rIdx off the stack (adjust for pushq rdx above) - leaq 1+(((\R)-1) && 3)+_rOffs_(,%rdx,4),%rdx + leaq 1+(((\R)-1) & 3)+_rOffs_(,%rdx,4),%rdx .else - leaq 1+(((\R)-1) && 3)+_rOffs_(,%rdi,4),%rdx + leaq 1+(((\R)-1) & 3)+_rOffs_(,%rdi,4),%rdx .endif .endif call Skein_Debug_Round_\BLK_BITS @@ -749,7 +749,7 @@ C_label Skein_256_Unroll_Cnt # MACRO: eight rounds for 512-bit blocks # .macro R_512_FourRounds _RR_ #RR = base round number (0 % 8) - .if (SKEIN_ASM_UNROLL && 512) + .if (SKEIN_ASM_UNROLL & 512) # here for fully unrolled case. _II_ = ((\_RR_)/4) + 1 #key injection counter R_512_OneRound 8, 9,10,11,12,13,14,15,%((\_RR_)+0),,, @@ -972,13 +972,13 @@ rIdx_offs = tmpStk_1024 addReg \reg0 , \reg1 #perform the MIX RotL64 \reg1 , 1024,%((\_RN0_) % 8),\_Rn1_ xorReg \reg1 , \reg0 -.if ((\_RN0_) && 3) == 3 #time to do key injection? +.if ((\_RN0_) & 3) == 3 #time to do key injection? .if _SKEIN_DEBUG movq %\reg0 , xDebug_1024+8*\w0(%rsp) #save intermediate values for Debug_Round movq %\reg1 , xDebug_1024+8*\w1(%rsp) # (before inline key injection) .endif _II_ = ((\_RN0_)/4)+1 #injection count - .if SKEIN_ASM_UNROLL && 1024 #here to do fully unrolled key injection + .if SKEIN_ASM_UNROLL & 1024 #here to do fully unrolled key injection addq ksKey+ 8*((_II_+\w0) % 17)(%rsp),%\reg0 addq ksKey+ 8*((_II_+\w1) % 17)(%rsp),%\reg1 .if \w1 == 13 #tweak injection @@ -1062,7 +1062,7 @@ _Rn_ = (\_RR_) + 3 Skein_Debug_Round 1024,%(_Rn_+1) .endif - .if (SKEIN_ASM_UNROLL && 1024) == 0 #here with rdi == rIdx, X0 on stack + .if (SKEIN_ASM_UNROLL & 1024) == 0 #here with rdi == rIdx, X0 on stack #"rotate" the key schedule on the stack i8 = o1K_r8 i0 = o1K_rdi