Re: [S390x] Optimize SHA1 with fat build support

[Niels Möller]

Maamoun TK  writes:

> I made a merge request in the main repository that optimizes SHA1 for s390x
> architecture with fat build support !33
> .

Regarding the discussion on
https://git.lysator.liu.se/nettle/nettle/-/merge_requests/33#note_10005:
It seems the sha1 instructions on s390x are fast enough that the
overhead of loading constants, and loading and storing the state, all
per block, is a significant cost.

I think it makes sense to change the internal convention for
_sha1_compress so that it can do multiple blocks. There are currently 5
assembly implementations that would need updating: arm/v6, arm64/crypto, x86,
x86_64 and x86_64/sha_ni. And the C implementation, of course.

If it turns out to be too large a change to do them all at once, one
could introduce some new _sha1_compress_n function or the like, and use
when available. Actually, we probably need to do that anyway, since for
historical reasons, _nettle_sha1_compress is a public function, and needs
to be kept (as just a simple C wrapper) for backwards compatibility.
Changing it incrementally should be doable but a bit hairy.

There are some other similar compression functions with
assembly implementation, for md5, sha256 and sha512. But there's no need
to change them all at the same time, or at all.

Regarding the MD_UPDATE macro, that one is defined in the public header
file macros.h (which in retrospect was a mistake). So it's probably best
to leave it unchanged. New macros for the new convention should be put
into some internal header, e.g., md-internal.h.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Re: Is there an equivalent to curve25519_mul for ECC keys?

[Niels Möller]

Nicolas Mora  writes:

> I'm wondering if there is a function of a combination of functions to
> perform a DH computation using ECC keys and their parameters "struct
> ecc_point *pub1, struct ecc_scalar *key2"?

ecc_point_mul (declared in ecc.h) is intended to do that. There's also
a variant ecc_point_mul_g.

But it seems they're not properly documented in the manual.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

Is there an equivalent to curve25519_mul for ECC keys?

[Nicolas Mora]

Hello,

I'm wondering if there is a function of a combination of functions to perform a 
DH computation using ECC keys and their parameters "struct ecc_point *pub1, 
struct ecc_scalar *key2"?

/Nicolas
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs