Michal Ludvig
Mon, 24 Apr 2006 03:51:59 -0700
Andy Polyakov wrote:
Hi,BTW, have you considered synergetic implementation, which would work as following. Arrange an intermediate buffer followed by non-accessible page [commonly would be done with anonymous mmap of two pages followed by mprotect(PROT_NONE) for the second page]. Upon *_init we call software SHA*_Init. Then all short inputs go directly through software SHA*_Update, while everything that is larger than certain value, say 256 bytes, is treated as following. Input stream is first "purged/aligned" by running single pass of SHA*_Update till SHA*_CTX->data is full. Then available 64-byte chunks are copied to the *bottom* of first page mentioned above. Then we set up SEGV signal handler, let hardware suffer from page fault and collect the intermediate hash values. The procedure is repeated if more than pagesize was availalbe at a time. SHA*_CTX->Nl,Nh are adjusted accordingly and remaning bytes [if any] are fed again to software SHA*_Update. Upon *_final we just call *software* SHA*_Final.Are you sure it flushes the intermediate results on exception? Well we can try ;-)
Yep it works. Proof of concept at http://www.logix.cz/michal/devel/padlock/phe_sum.c It isn't optimized at all, does finalizing in HW so it can be compiled wothout OpenSSL and only works for files <512MB. But it actually works, which is a good start ;-)
Thanks for the idea Andy! Michal ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]