On Tue, Feb 22, 2022 at 9:55 PM Niels Möller <ni...@lysator.liu.se> wrote:
> ni...@lysator.liu.se (Niels Möller) writes: > > > I'm considering reorganizing the internal gcm functions. I think I'd > > like to have > > > > void > > _nettle_ghash_set_key (struct gcm_key *gcm, const union nettle_block16 > *key); > > > > which sets the key (typically, the key block is zero encrypte using aes). > > > > void > > _nettle_ghash_update (const struct gcm_key *key, union nettle_block16 > *x, > > size_t length, const uint8_t *data); > > > > where the input is complete blocks (padding done in the calling C code). > > Not sure if length should be block count or byte count. > > I'm trying this out, on the branch ghash-refactor, new internal > interface in > > https://git.lysator.liu.se/nettle/nettle/-/blob/ghash-refactor/ghash-internal.h > > I settled for block count rather than byte count. > > > void > > _nettle_ghash_digest (union nettle_block16 *digest, const union > nettle_block16 *x); > > And I've dropped this function. Using different byte order complicates > unit testing, testing, and I think cost of byteswapping the 16-byte > state at start and end of ghash_update is pretty small. > > I've done the needed changes for the C, the x86_64, arm64 and powerpc64 > implementations. s390x code also needs update, I hope to get to that in > a few days (unless someone else wants to do that). > I handled the s390x part and pushed a MR for changes. > Update has been fairly simple, split gcm_hash.asm into one file each for > gcm_init_key and gcm_hash, update functions to new names and > conventions, and delete the code to handle a partial block at the end of > gsm_hash. Some small further simplifications are likely possible. > > > Would perhaps be good to also delete the code for GCM_TABLE_BITS != 8, > > which isn't enabled and haven't been tested in years. > > Done that too. > > The main gain is less complexity in the asm code, which no longer needs > to deal with partial blocks, and less #ifdef complexity in the fat build > setup. > Good point, the new structure makes more sense from a low-level perspective. regards, Mamone > Regards, > /Niels > > -- > Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. > Internet email is subject to wholesale government surveillance. > _______________________________________________ > nettle-bugs mailing list > nettle-bugs@lists.lysator.liu.se > http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs > _______________________________________________ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs