ni...@lysator.liu.se (Niels Möller) writes:
> I've tried out this mod function (for 64-bit):
>
> static void
> ecc_448_modp(const struct ecc_modulo *m, mp_limb_t *rp)
...
> This gives a speedup of 85% over the general ecc_mod (on my machine),
> and gives about
ni...@lysator.liu.se (Niels Möller) writes:
> ni...@lysator.liu.se (Niels Möller) writes:
>
>> I'm considering the below patch. I think there's room for further
>> improvement, maybe splitting the h_to_a method up (it's called with op
>> == 0, and with op
Dmitry Eremin-Solenikov writes:
> Any feedback on this change?
I think the renaming makes sense, but perhaps best to mere the curve448
changes first.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale governm
ni...@lysator.liu.se (Niels Möller) writes:
> I'm considering the below patch. I think there's room for further
> improvement, maybe splitting the h_to_a method up (it's called with op
> == 0, and with op == 2 from the ecdsa, but never with op == 1). Maybe
> addi
e effort. See the section on cooordinate choice
on https://www.lysator.liu.se/~nisse/misc/ed25519-msp430.html for some
details).
> A close rival to ecdsa sign/verify (see rfc 7091 and 5832).
Ok, I'll have to look that up (but not at the moment).
Regards,
/Niels
--
Niels Möller. P
ocal, because OpenBSD's
> compilers don't look there by default. gmake is GNU make.)
Does OpenBSBs runtime linker look in /usr/local/lib by default? The
configure script also supports --with-lib-path=/usr/local/lib, which
will add a -L flag and in addition attempt to guess the proper
-
19 operations). Depending on applications'
needs.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
ni...@lysator.liu.se (Niels Möller) writes:
> E.g., ecc_point_mul takes a const struct ecc_point as input, and calls
> ecc->mul, which for the standard weierstrass curves is ecc_mul_a. This
> one is a loop including a call to ecc_add_jja, which assumes that the z
> coordinate
; + mpz_limbs_copy (r + 2 * ecc->p.size, y, ecc->p.size);
I don't think we should use the mpz_t type in internal ecc functions.
mpz_limbs_copy is not side-channnel silent, since organization of
storage inside mpz_t is different depending on the leading bits.
Regards,
/Niels
--
N
Daiki Ueno writes:
> ni...@lysator.liu.se (Niels Möller) writes:
>
>> I see you've made some chenges to the needed scratch space, if I
>> understand it correctly, you need to allow h_to_a_itch larger than
>> mul_itch or mul_g_itch. You increase the value of ECC_ECD
or gmp-bugs list and ask for advice
(see https://gmplib.org/#MAILINGLISTS)? Don't forget to say precisely
which GMP version you're using.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
ni...@lysator.liu.se (Niels Möller) writes:
> Performance for the scalar multiplication primitives seem to be slower
> than secp384 and slightly faster than secp521, and looking at point
> addition, it's slower than secp521. I hope that will be improved a quite
> a bit with
nt
signing. It's a bit odd that *verify* for rsa-tr appears slower than the
non-tr, since no secrets are involved, and the same function is called.
May be a problem in the benchmark program.
Is "Smooth CRT" something that I should look up?
Regards,
/Niels
--
Niels Möller. PG
e a non-canonical result, r >= q. So correcting the
shift isn't enough.
On the other hand, this code should perhaps be deleted altogether, I
think h_to_a with flags == 2 is used only for ecdsa. It might make sense
to instead add a function pointer to struct ecc_modulo to do canonical
reduction; t
he Montgomery curve. On the
> other hand, the tables for curve448 are directly generated from the
> coordinates on the corresponding Edwards curve ("edwards448").
This is no longer the case, since the handling curve 25519 was changed
early on, based on your patches back then.
R
27;s updated every hour or something like
that.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs
ose changes over to master. Please
remind to remove --disable-gost when things have stabilized.
> The problem is that both 3.5(.1) and master have same version. I just
> hope that we can get all ECC changes in single release.
Version checks on master will unfortunately never be quite relia
riate, since changes to struct ecc_curve is no longer considered a
change to the public abi, and will not imply an soname change or
anything like that).
> ed25519 should not be directly tied to ABI compat. I'll take a look.
Thanks.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email
But I think curve implementation has some room to choose it's
preferred representation.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs ma
ni...@lysator.liu.se (Niels Möller) writes:
> The gnutls tests failed, see
> https://gitlab.com/gnutls/nettle/-/jobs/357863630.
These are the failing gnutls tests:
FAIL: chainverify
FAIL: key-import-export
FAIL: privkey-keygen
FAIL: x509sign-verify-gost
FAIL: key-export-pkcs8
FAIL:
ni...@lysator.liu.se (Niels Möller) writes:
> I've merged some of Daiki's preparations for curve448 (also equivalent
> to an untwisted edwards curve) to master-updates, to be merged to master
> as soon as ci looks ok.
The gnutls tests failed, see
https://gitlab.com/gnutls/nett
#x27;s how the
curves are specified. For curve25519 (and curve448, when completed), the
main api uses octet strings for input and output, so struct ecc_point is
not that important. For the GOST curves, I don't know, but I think we should
use the coordinates that are most useful for application
context. In either case, to reduce r to the canonical range 0 <= r < m,
one conditional subtraction is needed.
One complication is that ecc_mod_add and ecc_mod_sub do *not* ensure r <
2 m, only r < B. So for moduli where 2 m < B, it's possible to get
outputs t >= 2m.
Regards
see is needed in
places where a canonical representation, t < m, is required.
Result is the same as with if (mpn_cmp(...)) mpn_sub_n(...), but an
unconditional subtraction + cnd_cpy makes that logic side-channel
silent.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyi
r the constants.
> One self test failure, unrelated to XTS mode:
>
> PASS: symbols
> dlopen failed: dlopen(../libnettle.so, 2): image not found
> ../run-tests: line 57: 86075 Abort trap "$1" $testflags
> FAIL: dlopen
Old problem, fixed recently, see
https://gi
Daniel Kahn Gillmor writes:
> i notice that https://www.lysator.liu.se/~nisse/nettle/nettle.html is
> served with the HTTP header:
>
> Content-Type: text/html; charset=iso-8859-1
>
> but it contains non-ASCII text -- your name "Niels Möller", but it is
> rende
!
> Btw, I just noticed that the links to the Pike, PostgreSQL, and R6RS
> Scheme bindings are dead.
Pike is alive, I've updated the link. The Postgres and scheme bindings,
I don't know, anyone else?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368
_stream (#if:ed out, not sure if it's worth reviving).
>
> Indeed, thank you for the suggestion. I'm attaching updated patches.
Pushed now, with a few additional fixes for the test.
Thanks!
/Niels Möller
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Inte
fb8_*crypt, in several ways. And check
they all give the same result. A bit like it's done in arcfour-test.c,
or the test_cipher_stream (#if:ed out, not sure if it's worth reviving).
What do you think?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Inte
x.html
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/li
ni...@lysator.liu.se (Niels Möller) writes:
> Not sure in which order to do things. Maybe it will be best to first add
> the square root routines, with tests, and then add functions for
> converting between points and octet strings (and related utilities, if
> needed).
I'v
uld be
sped up by using separate functions for aes128, aes192 and aes256. To
enable that, it's best to have separate functions all the way.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject
ially prove.
I would consider adding asserts for such conditions, to ensure that the
library fails promptly and in a controlled fashion in case assumptions
turn out to be wrong.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is
mentation to GNU Nettle, but I
doubt they have the resources to do a thorough investigation. If you
know the patent holders, you could mail and ask them, or check if
there's any general patent policy for 3GPP members. Reviewing any
licensing terms they offer should be an easier task for F
single struct, provided that it's clearly specified how the set_nonce
call is expected to be used.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
t file and move the declarations of gost28147_param_* over to
gost28147-internal.h.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailin
rement? (That's what umac does, because it's
defined in a way to make that more efficient). Or be specified as
invalid, triggering asserts whenever it is easy to detect?
I think it has to be specified; it will be too confusing if UMAC
behaves in one way and GMAC behaves dif
then hash several messages with the same
key using a sequence of ->update and ->digest calls.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
__
rds,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/net
because I was guided by the findings of "git grep block".
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle
dbarysh...@gmail.com writes:
> From: Dmitry Eremin-Solenikov
>
> Move GCM's block shift function to block-internal.h. This concludes
> moving of all Galois mul-by-2 to single header.
I've merged patch 1-3 to the master-updates branch. Thanks!
Regards,
/Niels
--
Niels
ize, and
for ecc there are both constant tables, for ecc_mul_g, and run-time
tables for ecc_mul_a.
Is there any interest in improving support for low-end embedded devices?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale g
(((x) & 0x8080808080808080) >> 15))
> -void
> +static inline void
> _cmac128_block_mulx(union nettle_block16 *dst,
> const union nettle_block16 *src)
> {
> - uint64_t carry = (src->u64[0] & 0x80)
ttle_block16 *y)
>for (j = 0; j < 8; j++, b <<= 1)
> {
> if (b & 0x80)
> - gcm_gf_add(&Z, &Z, &V);
> + block16_xor3(&Z, &Z, &V);
This and few other calls below can be block16_xor rather than block16_xor3.
Re
table) is unimportant. That should mean that as
long as bar is more recent than foo.c, there's no need to remake bar,
and no need to remake foo, no matter if foo happens to be out-of-date or
non-existent. The stamp file is a workaround, and as you noticed, it's
not perfect. Is there a bette
ni...@lysator.liu.se (Niels Möller) writes:
> I've now merged this and the cmac_des3 patch onto a branch "cmac64".
And now pushed to master, together with the documentation update.
Thanks,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet e
.
Not sure how to fix that. A workaround is to copy with cp -a, which
ensures that you won't attempt to rebuild *any* of the generated files
in the tarball, including config.h.in and configure. Might also help a
bit to reorder the files in the tarball, but I wouldn't recommend
depending on
think it would be
useful with some level of pgp-support in the Nettle library?
Regarding the Rust bindings, what's the best place to point other Rust
users? https://crates.io/crates/nettle, or
https://sequoia-pgp.gitlab.io/nettle-rs/nettle/, or somewhere else?
Regards,
/Niels
--
Niels Mölle
Some stamp files are included intentionally, to avoid precisely that
type of problems. See the note on stamp-h.in in the autoconf manual for
one well documented example:
https://www.gnu.org/software/autoconf//manual/autoconf-2.64/html_node/Automatic-Remaking.html
Regards,
/Niels
--
Niels
of 160 bits.
Is it common to use hmac, without context implying a fix key size ?
Slightly related: HMAC is defined as allowing very long keys, by hashing
the key in case it's larger than the block size (e.g., 512 bits for
hmac-sha1 and hmac-sha256). That seems a bit obscure to me. Are there
any app
ing des?
RFC4493 doesn't seem quite right. Is it NIST SP 800-38B, mentioned in a
comment with the tests?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
const uint32_t *in, uint32_t *out);
Same here: if internal, shouldn't be in an installed header file. And
"simple" looks a bit odd.
Should the sbox argument be of type const gost28147_param * ?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Key
the implementation shared with
cmac128? I think it would be nice to move it to a separate source file
cmac64.c. Sharing the cmac.h header file is fine.
BTW, I'm sorry for the duplicated effort on nettle_block16 w; I'm
traveling and online only sporadically, so I gave it a try without being
ut I'm not sure if it's possible to
rearrange it to use a different bit order without explicit bit reversal
of the input. At least, not an easy change.
I'm thinking of some shared macros or inline functions to abstract the
left shift operations, say block16_mulx_be, block16_mulx_le.
R
t, that part of the change has
to wait.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://l
ttle didn't use uint64_t).
Maybe one could do without this union and simply use uint64_t, but then
one would need some casts to (uint8_t *). So a union may be clearer.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subjec
so updating the hmac and umac tests, but that
wasn't as easy as I hoped. For hmac, the variable key size doesn't fit
the struct nettle_mac. For umac, key size is fixed, but one also has a
nonce and nonce auto-increment.
Regards,
/Niels
--
Niels Möller. PGP
Simo Sorce writes:
> On Wed, 2019-05-15 at 10:48 -0400, Simo Sorce wrote:
>> On Wed, 2019-05-15 at 11:42 +0200, Niels Möller wrote:
>> > Simo Sorce writes:
>> >
>> > > Attached find patch that adds points checks to the ECDH test case.
>> > >
u?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
rity.
Can you resend links for the first two or thee changes, or resend latest
patches?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mail
efile
improvements contributed by Jay Foad.
* The "example" program examples/eratosthenes.c has been
deleted.
* The contents of hash context structs, and the deprecated
aes_ctx struct, have been reorganized, to enable later
optimizations.
--
Ni
ow if the there's been any related multiarch
improvements in autoconf's default behavior recently.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
ni...@lysator.liu.se (Niels Möller) writes:
> Nikos Mavrogiannopoulos writes:
>
>> The x86_64/sha_ni directory is not included in the distribution, and
>> thus compilation fails when --enable-fat is provided. I update my
>> previous patch to add `make distcheck` to inc
b', which is somewhat unlikely to
be used on the command line.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle
ild from a git repo.
(And also, please don't use the term "autotools" if you want to say
anything specific; autotools is a very loose term refering to a couple
of very different tools each with their own particular quirks).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is p
, I don't know
how a configure script can find out authoritatively if --prefix or
--libdir were present on the command line, which is why I compare libdir
to the default value instead.
And I really don't understand why you'd prefer a nettle specific
--disable-... argument over the GNU
ually, perhaps to
try out a modification of her own. If you have a packaging framework
that runs configure for you, it's expected that package configuration
needs to add a couple of explicit arguments to override the defaults.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is prefer
> LIBNETTLE_LIBS=''
I don't understand this change. $(foo) and ${foo} have the same meaning
in make (and this is quoted from the shell). A think it's an improvement
to change ${} to $() here, for consistency with other nerby make
references, but I take it
with some
consistency with other packages using autoconf.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs
Alon Bar-Lev writes:
> I sent three patches to cleanup our gentoo downstream patches, can you
> please consider them for the release so we have zero patching?
Not for this release, sorry. I'll send comments on the patches
separately.
Regards,
/Niels
--
Niels Möller. PGP-encrypt
27;s just that
--enable-fat happens to make it visible at compile time.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettl
organized, to enable later
optimizations.
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
signature.asc
Description: PGP signature
___
nettle-bugs mail
he NEWS file, if there's anything NEWS-worthy that I
have missed, speak up. Or if there are some additional improvements that
really ought to get into the 3.5 release.
I aim to have the release happen in a week or two.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyi
hes
as text attachments is more robust.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.
++ b/hmac-internal.h
@@ -0,0 +1,51 @@
+/* hmac-internal.h
+
+ HMAC message authentication code (RFC-2104).
+
+ Copyright (C) 2001, 2002, 2019 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either
ni...@lysator.liu.se (Niels Möller) writes:
> I think the siv code could benefit from a funtion to create a cmac
> digest in one step, without the update/digest split and the intermediate
> buffer. That would be something like
>
> cmac128_message(const struct cmac128_key *key, con
emoted to
internal for now? For siv, we would need some variant of cmac_set_key
function that takes only a cmac128_key argument, not a cmac128_ctx, and
the new cmac128_message. These could be internal or public.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Jeffrey Walton writes:
> Are there any plans for ARMv8?
I'm not planning to work on that soon, and I don't have any convenient
access to ARMv8 hardware. Contributions welcome.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email
development version (to be nettle-3.5) can use sha_ni
instructions on x86_64, for both sha1 and sha256.
There isn't yet any assembly code for ARMv8.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale governm
ommit 9b41e3b82b567abb68c1b7fc3b1e6b1a4ed87b26
Author: Niels Möller
Date: 2019-06-01 10:30:29 +0200
New struct cmac128_key.
diff --git a/ChangeLog b/ChangeLog
index 53cdc41d..a7a4355f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2019-06-01 Niels Möller
+
+ * cmac.h (struct cmac128_key): New s
ion for the list and for the maintainers is, is this a
> reasonable API to add to Hogweed? Is there interest in including it in
> Hogweed if I were to take the time to turn it into a tidy patch?
It could make sense. Do you have any concrete use cases?
Regards,
/Niels
--
Niels Möller. PGP-e
uot;,
> 0);
> + test_public_key (
> +"(P,0) with secp-192r1", &_nettle_secp_192r1,
> +"6277101735386680763835789423207666416083908700390324961279",
> +"0", 0);
Any particular reason the tests are all for secp_192r1 ?
Regards,
/N
rs.
To make running in a loop useful, you need to add random seeding, see
ecc-mod-test.c for an example to how to do it, enabled by the
NETTLE_TEST_SEED environment variable. Used like
while NETTLE_TEST_SEED=0 ./testsuite/ecc-mod-test ; do : ; done
Regards,
/Niels
--
Niels Möller. PGP-en
chiark-utils, viking), see
https://codesearch.debian.net/search?q=md5-compat.h, so I think we
should keep it around; it's very simple and testing is better than for
des-compat.h.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is
ut I'm not happy with the
> way code looks in my tree.
I've committed changes to move buffers last in the hash context structs.
That should make it a bit easier, but probably still not so pretty.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Inte
the point functions. Could consider doing
these operations (or part of them) using indirection via some new
function pointer in struct ecc_modulo.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesa
le compare after cnd_add_1.
Unfortunately, "nearly always" isn't enough; it means that some inputs
will result in a value of hi making the code branch differently, and
that information then leaks through cache and/or timing. If it's likely
to be exploitable, I can't say, but
nding on hi (except for asserts, since they always branch the
same way in a non-crashing program). The adjustmenst can only do
unconditional calls to functions like mpn_add_mul_1 and cnd_add_1.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is
eeded, or if I ought to focus on getting 3.5 out
asap.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysat
ter to add a test case to check that ecc_point_set rejects (0,0) ?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing
erhaps the most
conservative approach: support for empty nonce, however that should
behave, can be added later.
Opinions?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
__
tal (but still
allow it), and dropped some macros and unrelated changes (which would
belong on a different branch). Please have a look, and say if I've
messed up something.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesa
6)
> PROLOGUE(nettle_sha3_permute)
> W64_ENTRY(1, 16)
This placement between .text and the prologue depends on .pushsection /
.popsection. I think it should be moved last, just like in the other
files, either explicitly or by means of a divert in some of the included
m4 files.
Regard
epended on the earlier
patches in the series, which I didn't want to apply right away.
Old-fashioned patch -p1 could apply the patch, with "fuzz 2".
So are there any other options to make the git patching tools a bit more
tolerant or fuzzy?
Regards,
/Niels
--
Niels Möller. PGP-encrypt
n gcc output?
>
> There are symbolic names to compose the 0x03 value and for the
> 0xc002 values, the rest are just label arithmetic.
>
> I will change in next submission.
I see, I was hoping for something more similar to
.section .note.GNU-stack,"",TYPE_PROGBITS
file "aes-decrypt-internal.asm"
> -
> +
> C _aes_decrypt(unsigned rounds, const uint32_t *keys,
> C const struct aes_table *T,
> C size_t length, uint8_t *dst,
> @@ -70,6 +70,7 @@ define(,<%rbp>)
> .text
>
structure setup to use the macros. I
> have kept the union
Maybe it would be easier without using the CMAC macros. They're intended
for convenience, so there's little point in using them where it doesn't
bring any convenience.
> The attached version should address the comme
Nikos Mavrogiannopoulos writes:
> On Sun, 2019-04-14 at 09:33 +0200, Niels Möller wrote:
>> > +typedef int
>> > +nettle_decrypt_message(void *ctx,
>> > + size_t nlength, const uint8_t *nonce,
>> > +
"Yuriy M. Kaminskiy" writes:
> On 14.03.2019 08:41, Niels Möller wrote:
>> "Yuriy M. Kaminskiy" writes:
>>
>>> When compiled for armv6+ and getauxval() is present (glibc 2.16+),
>>> avoid slow and unreliable /proc/cpuinfo parsing.
>>
pher *nc,
> + const uint8_t *key)
> +{
> + unsigned skey_size = nc->key_size;
> +
> + assert(skey_size <= SIV_MAX_KEY_SIZE/2);
> + memcpy(ctx->s2vk, key, skey_size);
I think this function should do the underlying key setup also for the
cipher instance use
601 - 700 of 1686 matches
Mail list logo
