From e8905d2a66caf970d1f8e79d8101e6a670012447 Mon Sep 17 00:00:00 2001 From: Michael Munday Date: Tue, 26 Sep 2017 07:32:26 -0400 Subject: [PATCH] crypto/elliptic: reduce allocations in s390x P256 code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Go compiler assumes that pointers escape when passed into assembly functions. To override this behavior we can annotate assembly functions with go:noescape, telling the compiler that we know pointers do not escape from it. By annotating the assembly functions in the s390x P256 code in this way we enable more variables to be allocated on the stack rather than the heap, reducing the number of heap allocations required to execute this code: name old alloc/op new alloc/op delta SignP256 3.66kB ± 0% 2.64kB ± 0% -27.95% (p=0.008 n=5+5) VerifyP256 4.46kB ± 0% 1.23kB ± 0% -72.40% (p=0.008 n=5+5) name old allocs/op new allocs/op delta SignP256 40.0 ± 0% 31.0 ± 0% -22.50% (p=0.008 n=5+5) VerifyP256 41.0 ± 0% 24.0 ± 0% -41.46% (p=0.008 n=5+5) Change-Id: Id526c30c9b04b2ad79a55d76cab0e30cc8d60402 Reviewed-on: https://go-review.googlesource.com/66230 Run-TryBot: Michael Munday TryBot-Result: Gobot Gobot Reviewed-by: Ian Lance Taylor --- src/crypto/elliptic/p256_s390x.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/crypto/elliptic/p256_s390x.go b/src/crypto/elliptic/p256_s390x.go index 44c0f41f07..a36786e466 100644 --- a/src/crypto/elliptic/p256_s390x.go +++ b/src/crypto/elliptic/p256_s390x.go @@ -50,6 +50,8 @@ func (curve p256CurveFast) Params() *CurveParams { // Functions implemented in p256_asm_s390x.s // Montgomery multiplication modulo P256 +// +//go:noescape func p256MulAsm(res, in1, in2 []byte) // Montgomery square modulo P256 @@ -58,19 +60,31 @@ func p256Sqr(res, in []byte) { } // Montgomery multiplication by 1 +// +//go:noescape func p256FromMont(res, in []byte) // iff cond == 1 val <- -val +// +//go:noescape func p256NegCond(val *p256Point, cond int) // if cond == 0 res <- b; else res <- a +// +//go:noescape func p256MovCond(res, a, b *p256Point, cond int) // Constant time table access +// +//go:noescape func p256Select(point *p256Point, table []p256Point, idx int) + +//go:noescape func p256SelectBase(point *p256Point, table []p256Point, idx int) // Montgomery multiplication modulo Ord(G) +// +//go:noescape func p256OrdMul(res, in1, in2 []byte) // Montgomery square modulo Ord(G), repeated n times @@ -85,10 +99,16 @@ func p256OrdSqr(res, in []byte, n int) { // If sign == 1 -> P2 = -P2 // If sel == 0 -> P3 = P1 // if zero == 0 -> P3 = P2 +// +//go:noescape func p256PointAddAffineAsm(P3, P1, P2 *p256Point, sign, sel, zero int) // Point add +// +//go:noescape func p256PointAddAsm(P3, P1, P2 *p256Point) int + +//go:noescape func p256PointDoubleAsm(P3, P1 *p256Point) func (curve p256CurveFast) Inverse(k *big.Int) *big.Int {