Page MenuHome GnuPG

slandden (Shawn Landden)
User

Projects

User does not belong to any projects.

User Details

User Since
May 28 2018, 4:57 PM (331 w, 6 d)
Availability
Available

Recent Activity

Oct 7 2020

slandden added a comment to T5040: Improve PPC code using code from CRYPTOGRAMs.

OK, I upgraded the patch, including style adjustments to GNU style despite feeling that not having clang-format support for GNU style leads to it driving away contributors. It also credits Andy, and I have personally e-mailed Andy before.

Oct 7 2020, 2:57 PM · legal, libgcrypt
slandden updated the diff for D501: VPMSUMD accelleration for GCM mode on PPC.

v2: avoid __int128 which is poorely optimized, and bizarrely not available

in 32-bit addressing mode (our SIMD unit is 128 bits).

v3: properly credit Andy and Cryptograms (there was never mal-intent here, just FUD).

Oct 7 2020, 2:54 PM

Sep 14 2020

slandden added a comment to T5040: Improve PPC code using code from CRYPTOGRAMs.

I think the code is using https://en.wikipedia.org/wiki/Estrin%27s_scheme but I have no scholarship applying this to AES-GCM. I will have to look closer.

Sep 14 2020, 9:12 PM · legal, libgcrypt

Aug 31 2020

slandden added a comment to T5040: Improve PPC code using code from CRYPTOGRAMs.

I think I am doing to try to do this on top of the work of Szabolcs Nagy[1] with the goal of making it portable, and also serving as a test cast to my carry-less multiplication intrinsic RFC[2]. Hopefully I can also remove the manual register allocation that makes it still a derivitive work of Andy, however this algorithm takes advantage of the communicative properties of carry-less multiplication, which is mult(H) on page 5 of the gcm spec[3], this communicative property works differently than with addition and multiplication in a way I do not entirely understand.

Aug 31 2020, 2:11 PM · legal, libgcrypt

Aug 30 2020

slandden added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

and Andy is the sole author, and he even told me personally by e-mail this
a long time ago when I was interested in the libcrypt library of glibc is .
He also licensed cryptogams for the Linux kernel (because of WireGuard)
however that did not make it into the version the version that was merged
(some of his code is already there, and IIRC includes the ghash at issue
here).

Aug 30 2020, 9:14 PM

Jul 3 2020

slandden added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

So?

Jul 3 2020, 1:04 AM

Jun 22 2020

slandden added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

Minicloud is up. I found that the altivec flags are never passed when libgcrypt is compiled big-endian.

Jun 22 2020, 4:38 AM

Jun 20 2020

slandden added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

I am using Duff's device which is not in that version (and makes it considerably simpler), but it certainly is influenced by that version (and the preprocessing of the table taking advantage of the communicative nature of carryless multiplication is novel in that version), and I can add a note to that effect.

Jun 20 2020, 5:04 PM

Jun 16 2020

slandden updated the summary of D501: VPMSUMD accelleration for GCM mode on PPC.
Jun 16 2020, 2:57 PM
slandden updated the diff for D501: VPMSUMD accelleration for GCM mode on PPC.

Switching to assembly for the shifts made a significant speed-up. As Minicloud is seemingly broken (can't open up ssh port) I cannot test on 64-bit big-endian or 32-bit and have thus made it 64le-only.

Jun 16 2020, 2:57 PM

Apr 27 2020

slandden updated the diff for D501: VPMSUMD accelleration for GCM mode on PPC.

remove <<64 | >> 64 which has poor codegen.

Apr 27 2020, 2:32 PM
slandden updated the diff for D501: VPMSUMD accelleration for GCM mode on PPC.

described in previous comment. Mostly cosmetic

Apr 27 2020, 2:24 PM
slandden added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

Generally nice looking patch and great improvement for performance.

Apr 27 2020, 2:21 PM

Apr 14 2020

slandden created D501: VPMSUMD accelleration for GCM mode on PPC.
Apr 14 2020, 2:56 PM

Jan 21 2020

slandden added a comment to T4630: libgcrypt: POWER GHASH Vector Acceleration.

Yes, I need to optimize it.

Jan 21 2020, 9:31 PM · Feature Request, libgcrypt

Dec 9 2019

slandden added a comment to T4630: libgcrypt: POWER GHASH Vector Acceleration.

I am about half way. Sorry for the slowness.

Dec 9 2019, 5:51 PM · Feature Request, libgcrypt

Nov 8 2019

slandden added a comment to T4630: libgcrypt: POWER GHASH Vector Acceleration.

El vie., 8 nov. 2019 8:19, johnmar (John Martinez) <noreply@dev.gnupg.org>
escribió:

Nov 8 2019, 5:29 PM · Feature Request, libgcrypt
slandden added a comment to T4630: libgcrypt: POWER GHASH Vector Acceleration.

C-based intrinsic implementations are discouraged.

Nov 8 2019, 12:16 AM · Feature Request, libgcrypt

Aug 30 2019

slandden abandoned D491: Support for PowerPC's AES acceleration..

this has been commited

Aug 30 2019, 6:53 PM
slandden abandoned D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..

this has been commited

Aug 30 2019, 6:53 PM

Jul 18 2019

slandden updated subscribers of T4630: libgcrypt: POWER GHASH Vector Acceleration.

@werner I would be willing to share 20% to the reviewer of my patches. (or 25% in this case, as @jwilk went through the effort to even write a test to point out a bug in my code). However, so far that has been entirely @jwilk who has been reviewing my patches.

Jul 18 2019, 5:59 PM · Feature Request, libgcrypt

Jul 9 2019

slandden added a comment to D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.

Managed to get the build correct. (patches in 1 sec)

Jul 9 2019, 4:42 PM
slandden added a comment to D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.

I find Phabricator differential interface is quite horrible to use.

Jul 9 2019, 12:09 AM

Jul 8 2019

slandden added a comment to D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.

(if I ever get PPC HW access).

Jul 8 2019, 8:02 PM
slandden added a comment to D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.

and cryptogam wrapper functions

Jul 8 2019, 8:01 PM

Jul 5 2019

slandden updated subscribers of D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.

@gcwilson Can you notify the performance team of this new patch?

Jul 5 2019, 7:42 PM
slandden updated the summary of D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.
Jul 5 2019, 7:38 PM
slandden created D494: rijndael/ppc: re-implement single-block mode, and implement OCB block cipher.
Jul 5 2019, 7:38 PM

Jun 23 2019

slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.

Jun 23 2019, 7:52 PM · side-channel, libgcrypt, Bug Report
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

I assigned the CVE, but yes it needs more facts.

Jun 23 2019, 5:48 PM · side-channel, libgcrypt, Bug Report

Jun 22 2019

slandden added a comment to D493: AES block modes for PPC.

I will work on OCB mode, eventually. Perhaps you could review what I have, but leave T4529 open until OCB mode is completed.

Jun 22 2019, 1:52 AM

Jun 19 2019

slandden updated the summary of D493: AES block modes for PPC.
Jun 19 2019, 5:38 PM
slandden updated the diff for D493: AES block modes for PPC.

fix building with hard ware acceleration off.

Jun 19 2019, 5:32 PM
slandden updated the diff for D492: Add PowerPC crypto acceleration support for SHA2..

rebase

Jun 19 2019, 5:32 PM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

fix running with hardware acceleration off.

Jun 19 2019, 5:32 PM

Jun 8 2019

slandden added a comment to D493: AES block modes for PPC.

Regarding OCB: I do not want to touch a patent-encumbered algorithm (3 more years) which claims to force only GPL usage of libgcrypt[1].

Jun 8 2019, 5:45 PM
slandden updated the summary of D493: AES block modes for PPC.
Jun 8 2019, 2:11 AM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

rebase

Jun 8 2019, 2:09 AM
slandden updated the diff for D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..

correctly generate the asm for it's "linux quirk" mode (fix build on big-endian)

Jun 8 2019, 2:09 AM
slandden planned changes to D491: Support for PowerPC's AES acceleration..

It turns out that the upstream cryptogams is broken on ppc64 big-endian elfv1. I reported this upstream https://github.com/dot-asm/cryptogams/issues/5 (openssl version works fine)

Jun 8 2019, 1:17 AM

Jun 7 2019

slandden updated the diff for D491: Support for PowerPC's AES acceleration..

include hwf-ppc.c

Jun 7 2019, 10:39 PM

Jun 6 2019

slandden updated the diff for D493: AES block modes for PPC.

fix ctr mode when counter overflows.

Jun 6 2019, 9:08 PM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

resolve merge conflicts

Jun 6 2019, 9:07 PM
slandden accepted rCdaedbbb5541c: AES: move look-up tables to .data section and unshare between processes.

LGTM

Jun 6 2019, 6:41 PM
slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
Jun 6 2019, 6:40 PM · side-channel, libgcrypt, Bug Report
slandden accepted rCa4c561aab101: GCM: move look-up table to .data section and unshare between processes.

Good catch on using the counter to foil "smart" algorithms.

Jun 6 2019, 6:37 PM

Jun 5 2019

slandden added a comment to D493: AES block modes for PPC.

The openssl version is a 64-bit counter (at least for ppc8), not 32-bit.

Jun 5 2019, 5:44 PM

Jun 4 2019

slandden updated the diff for D493: AES block modes for PPC.

wipe the stack

Jun 4 2019, 9:43 PM
slandden added a comment to D491: Support for PowerPC's AES acceleration..

Benchmarks with the block ciphers is here https://dev.gnupg.org/D493

Jun 4 2019, 9:29 PM
slandden updated the diff for D492: Add PowerPC crypto acceleration support for SHA2..

include missing file.

Jun 4 2019, 7:11 PM
slandden updated the diff for D493: AES block modes for PPC.

added CTR mode support

Jun 4 2019, 7:08 PM

Jun 3 2019

slandden created D493: AES block modes for PPC.
Jun 3 2019, 5:38 AM

May 30 2019

slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
May 30 2019, 3:46 PM · side-channel, libgcrypt, Bug Report

May 28 2019

slandden reopened T4541: C implementation of AES is vulnerable to side-channel attacks as "Open".
May 28 2019, 8:14 PM · side-channel, libgcrypt, Bug Report
slandden closed T4541: C implementation of AES is vulnerable to side-channel attacks as Invalid.

I do not have a PoC (or much interest in making one, I have too many more important things to do), but I believe this to be correct, based heavily on PPC knowledge of Nicolas König <koenigni@student.ethz.ch> . This attack also applies to AMD, Intel, and ARM.

May 28 2019, 8:12 PM · side-channel, libgcrypt, Bug Report
slandden updated the diff for D492: Add PowerPC crypto acceleration support for SHA2..

fix build with a fixup that got applied twice. better benchmarks

May 28 2019, 1:35 AM

May 27 2019

slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 27 2019, 9:15 PM
slandden created T4541: C implementation of AES is vulnerable to side-channel attacks.
May 27 2019, 9:10 PM · side-channel, libgcrypt, Bug Report

May 24 2019

slandden updated the diff for D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..
May 24 2019, 9:05 PM
slandden requested review of D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..
May 24 2019, 9:04 PM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

proper benchmarks

May 24 2019, 9:04 PM
slandden updated the diff for D492: Add PowerPC crypto acceleration support for SHA2..

Fix alignment needs of vcrypto instructions.

May 24 2019, 9:03 PM
slandden planned changes to D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..
May 24 2019, 6:39 AM
slandden planned changes to D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:39 AM
slandden planned changes to D492: Add PowerPC crypto acceleration support for SHA2..

Didn't do sufficient testing.

May 24 2019, 6:31 AM
slandden updated the diff for D491: Support for PowerPC's AES acceleration..

Actually include modified perlasm file.

May 24 2019, 6:16 AM
slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:15 AM
slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:07 AM
slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:07 AM
slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:06 AM
slandden added a task to D492: Add PowerPC crypto acceleration support for SHA2.: T4530: libgcrypt: POWER SHA-2 Vector Acceleration.
May 24 2019, 6:06 AM
slandden added a revision to T4530: libgcrypt: POWER SHA-2 Vector Acceleration: D492: Add PowerPC crypto acceleration support for SHA2..
May 24 2019, 6:06 AM · libgcrypt, Feature Request
slandden created D492: Add PowerPC crypto acceleration support for SHA2..
May 24 2019, 6:06 AM
slandden updated the summary of D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:04 AM
slandden created D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:03 AM
slandden added a revision to T4529: libgcrypt: POWER AES Vector Acceleration: D491: Support for PowerPC's AES acceleration..
May 24 2019, 6:03 AM · libgcrypt, Feature Request
slandden created D490: PowerPC optimized routines for AES and SHA2 using PowerISA 2.07 instructions..
May 24 2019, 6:01 AM

May 20 2019

slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

I'm looking into doing a pretty epic hack of using the switch_endian syscall to speed this up.

May 20 2019, 11:52 PM · libgcrypt, Feature Request
slandden added a comment to T4529: libgcrypt: POWER AES Vector Acceleration.

Would the maintainers accept having perl in the repository? Linux does it.[1]

May 20 2019, 8:35 PM · libgcrypt, Feature Request

May 29 2018

slandden updated the task description for T4002: gpg-error.h uses c11 reserved word "noreturn".
May 29 2018, 6:35 PM · Bug Report
slandden created T4002: gpg-error.h uses c11 reserved word "noreturn".
May 29 2018, 6:34 PM · Bug Report