- User Since
- May 28 2018, 4:57 PM (144 w, 4 d)
Oct 7 2020
OK, I upgraded the patch, including style adjustments to GNU style despite feeling that not having clang-format support for GNU style leads to it driving away contributors. It also credits Andy, and I have personally e-mailed Andy before.
v2: avoid __int128 which is poorely optimized, and bizarrely not available
in 32-bit addressing mode (our SIMD unit is 128 bits).
v3: properly credit Andy and Cryptograms (there was never mal-intent here, just FUD).
Sep 14 2020
I think the code is using https://en.wikipedia.org/wiki/Estrin%27s_scheme but I have no scholarship applying this to AES-GCM. I will have to look closer.
Aug 31 2020
I think I am doing to try to do this on top of the work of Szabolcs Nagy with the goal of making it portable, and also serving as a test cast to my carry-less multiplication intrinsic RFC. Hopefully I can also remove the manual register allocation that makes it still a derivitive work of Andy, however this algorithm takes advantage of the communicative properties of carry-less multiplication, which is mult(H) on page 5 of the gcm spec, this communicative property works differently than with addition and multiplication in a way I do not entirely understand.
Aug 30 2020
and Andy is the sole author, and he even told me personally by e-mail this
a long time ago when I was interested in the libcrypt library of glibc is .
He also licensed cryptogams for the Linux kernel (because of WireGuard)
however that did not make it into the version the version that was merged
(some of his code is already there, and IIRC includes the ghash at issue
Jul 3 2020
Jun 22 2020
Minicloud is up. I found that the altivec flags are never passed when libgcrypt is compiled big-endian.
Jun 20 2020
I am using Duff's device which is not in that version (and makes it considerably simpler), but it certainly is influenced by that version (and the preprocessing of the table taking advantage of the communicative nature of carryless multiplication is novel in that version), and I can add a note to that effect.
Jun 16 2020
Switching to assembly for the shifts made a significant speed-up. As Minicloud is seemingly broken (can't open up ssh port) I cannot test on 64-bit big-endian or 32-bit and have thus made it 64le-only.
Apr 27 2020
remove <<64 | >> 64 which has poor codegen.
described in previous comment. Mostly cosmetic
Generally nice looking patch and great improvement for performance.
Apr 14 2020
Jan 21 2020
Yes, I need to optimize it.
Dec 9 2019
I am about half way. Sorry for the slowness.
Nov 8 2019
El vie., 8 nov. 2019 8:19, johnmar (John Martinez) <firstname.lastname@example.org>
C-based intrinsic implementations are discouraged.
Aug 30 2019
this has been commited
this has been commited
Jul 18 2019
@werner I would be willing to share 20% to the reviewer of my patches. (or 25% in this case, as @jwilk went through the effort to even write a test to point out a bug in my code). However, so far that has been entirely @jwilk who has been reviewing my patches.
Jul 9 2019
Managed to get the build correct. (patches in 1 sec)
I find Phabricator differential interface is quite horrible to use.
Jul 8 2019
(if I ever get PPC HW access).
and cryptogam wrapper functions
Jul 5 2019
@gcwilson Can you notify the performance team of this new patch?
Jun 23 2019
Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.
I assigned the CVE, but yes it needs more facts.
Jun 22 2019
I will work on OCB mode, eventually. Perhaps you could review what I have, but leave T4529 open until OCB mode is completed.
Jun 19 2019
fix building with hard ware acceleration off.
fix running with hardware acceleration off.
Jun 8 2019
Regarding OCB: I do not want to touch a patent-encumbered algorithm (3 more years) which claims to force only GPL usage of libgcrypt.
correctly generate the asm for it's "linux quirk" mode (fix build on big-endian)
It turns out that the upstream cryptogams is broken on ppc64 big-endian elfv1. I reported this upstream https://github.com/dot-asm/cryptogams/issues/5 (openssl version works fine)
Jun 7 2019
Jun 6 2019
fix ctr mode when counter overflows.
resolve merge conflicts
Good catch on using the counter to foil "smart" algorithms.
Jun 5 2019
The openssl version is a 64-bit counter (at least for ppc8), not 32-bit.
Jun 4 2019
Benchmarks with the block ciphers is here https://dev.gnupg.org/D493
include missing file.
added CTR mode support
Jun 3 2019
May 30 2019
May 28 2019
I do not have a PoC (or much interest in making one, I have too many more important things to do), but I believe this to be correct, based heavily on PPC knowledge of Nicolas König <email@example.com> . This attack also applies to AMD, Intel, and ARM.
fix build with a fixup that got applied twice. better benchmarks
May 27 2019
May 24 2019
Fix alignment needs of vcrypto instructions.
Didn't do sufficient testing.
Actually include modified perlasm file.
May 20 2019
I'm looking into doing a pretty epic hack of using the switch_endian syscall to speed this up.
Would the maintainers accept having perl in the repository? Linux does it.