Re: Deterministic (EC)DSA
Daiki Ueno writes: > The attached patch adds support for the deterministic DSA and ECDSA, as > defined in RFC 6979, which enables us to use the signing function > without randomness. Thanks, I've had a first read, and added some comments on your MR (https://git.lysator.liu.se/nettle/nettle/-/merge_requests/64). Regards, /Niels -- Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677. Internet email is subject to wholesale government surveillance. ___ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
[PATCH v2 1/2] powerpc64: Add optimized assembly for sha256-compress-n
This patch introduces an optimized powerpc64 assembly implementation for
sha256-compress-n. This takes advantage of the vshasigma instruction, as
well as unrolling loops to best take advantage of running instructions
in parallel.
The following data was captured on a POWER 10 LPAR @ ~3.896GHz
Current C implementation:
Algorithm mode Mbyte/s
sha256 update 280.97
hmac-sha256 64 bytes 80.81
hmac-sha256256 bytes 170.50
hmac-sha256 1024 bytes 241.92
hmac-sha256 4096 bytes 268.54
hmac-sha256 single msg 276.16
With optimized assembly:
Algorithm mode Mbyte/s
sha256 update 446.42
hmac-sha256 64 bytes 124.89
hmac-sha256256 bytes 268.90
hmac-sha256 1024 bytes 382.06
hmac-sha256 4096 bytes 425.38
hmac-sha256 single msg 439.75
Signed-off-by: Eric Richter
---
fat-ppc.c | 12 +
powerpc64/fat/sha256-compress-n-2.asm | 36 +++
powerpc64/p8/sha256-compress-n.asm| 323 ++
3 files changed, 371 insertions(+)
create mode 100644 powerpc64/fat/sha256-compress-n-2.asm
create mode 100644 powerpc64/p8/sha256-compress-n.asm
diff --git a/fat-ppc.c b/fat-ppc.c
index cd76f7a1..efbeb2ec 100644
--- a/fat-ppc.c
+++ b/fat-ppc.c
@@ -203,6 +203,10 @@ DECLARE_FAT_FUNC(_nettle_poly1305_blocks,
poly1305_blocks_func)
DECLARE_FAT_FUNC_VAR(poly1305_blocks, poly1305_blocks_func, c)
DECLARE_FAT_FUNC_VAR(poly1305_blocks, poly1305_blocks_func, ppc64)
+DECLARE_FAT_FUNC(_nettle_sha256_compress_n, sha256_compress_n_func)
+DECLARE_FAT_FUNC_VAR(sha256_compress_n, sha256_compress_n_func, c)
+DECLARE_FAT_FUNC_VAR(sha256_compress_n, sha256_compress_n_func, ppc64)
+
static void CONSTRUCTOR
fat_init (void)
@@ -231,6 +235,8 @@ fat_init (void)
_nettle_ghash_update_arm64() */
_nettle_ghash_set_key_vec = _nettle_ghash_set_key_ppc64;
_nettle_ghash_update_vec = _nettle_ghash_update_ppc64;
+
+ _nettle_sha256_compress_n_vec = _nettle_sha256_compress_n_ppc64;
}
else
{
@@ -239,6 +245,7 @@ fat_init (void)
_nettle_aes_invert_vec = _nettle_aes_invert_c;
_nettle_ghash_set_key_vec = _nettle_ghash_set_key_c;
_nettle_ghash_update_vec = _nettle_ghash_update_c;
+ _nettle_sha256_compress_n_vec = _nettle_sha256_compress_n_c;
}
if (features.have_altivec)
{
@@ -338,3 +345,8 @@ DEFINE_FAT_FUNC(_nettle_poly1305_blocks, const uint8_t *,
size_t blocks,
const uint8_t *m),
(ctx, blocks, m))
+
+DEFINE_FAT_FUNC(_nettle_sha256_compress_n, const uint8_t *,
+ (uint32_t *state, const uint32_t *k,
+size_t blocks, const uint8_t *input),
+ (state, k, blocks, input))
diff --git a/powerpc64/fat/sha256-compress-n-2.asm
b/powerpc64/fat/sha256-compress-n-2.asm
new file mode 100644
index ..4f4eee9d
--- /dev/null
+++ b/powerpc64/fat/sha256-compress-n-2.asm
@@ -0,0 +1,36 @@
+C powerpc64/fat/sha256-compress-n-2.asm
+
+ifelse(`
+ Copyright (C) 2024 Eric Richter, IBM Corporation
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(_nettle_sha256_compress_n) picked up by configure
+
+define(`fat_transform', `$1_ppc64')
+include_src(`powerpc64/p8/sha256-compress-n.asm')
diff --git a/powerpc64/p8/sha256-compress-n.asm
b/powerpc64/p8/sha256-compress-n.asm
new file mode 100644
index ..d76f337e
--- /dev/null
+++ b/powerpc64/p8/sha256-compress-n.asm
@@ -0,0 +1,323 @@
+C x86_64/sha256-compress-n.asm
+
+ifelse(`
+ Copyright (C) 2024 Eric Richter, IBM Corporation
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by
[PATCH v2 2/2] powerpc64: Add optimized assembly for sha512-compress
This patch introduces an optimized powerpc64 assembly implementation for
sha512-compress, derived from the implementation for sha256-compress-n.
The following data was captured on a POWER 10 LPAR @ ~3.896GHz
Current C implementation:
Algorithm mode Mbyte/s
sha512 update 447.02
sha512-224 update 444.30
sha512-256 update 445.02
hmac-sha512 64 bytes 97.27
hmac-sha512256 bytes 204.55
hmac-sha512 1024 bytes 342.86
hmac-sha512 4096 bytes 409.57
hmac-sha512 single msg 433.95
With optimized assembly:
Algorithm mode Mbyte/s
sha512 update 705.36
sha512-224 update 705.63
sha512-256 update 705.34
hmac-sha512 64 bytes 141.66
hmac-sha512256 bytes 310.26
hmac-sha512 1024 bytes 534.22
hmac-sha512 4096 bytes 641.74
hmac-sha512 single msg 677.14
Signed-off-by: Eric Richter
---
fat-ppc.c | 10 +
powerpc64/fat/sha512-compress-2.asm | 36 +++
powerpc64/p8/sha512-compress.asm| 327
3 files changed, 373 insertions(+)
create mode 100644 powerpc64/fat/sha512-compress-2.asm
create mode 100644 powerpc64/p8/sha512-compress.asm
diff --git a/fat-ppc.c b/fat-ppc.c
index efbeb2ec..a228386a 100644
--- a/fat-ppc.c
+++ b/fat-ppc.c
@@ -207,6 +207,10 @@ DECLARE_FAT_FUNC(_nettle_sha256_compress_n,
sha256_compress_n_func)
DECLARE_FAT_FUNC_VAR(sha256_compress_n, sha256_compress_n_func, c)
DECLARE_FAT_FUNC_VAR(sha256_compress_n, sha256_compress_n_func, ppc64)
+DECLARE_FAT_FUNC(_nettle_sha512_compress, sha512_compress_func)
+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, c)
+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, ppc64)
+
static void CONSTRUCTOR
fat_init (void)
@@ -237,6 +241,7 @@ fat_init (void)
_nettle_ghash_update_vec = _nettle_ghash_update_ppc64;
_nettle_sha256_compress_n_vec = _nettle_sha256_compress_n_ppc64;
+ _nettle_sha512_compress_vec = _nettle_sha512_compress_ppc64;
}
else
{
@@ -246,6 +251,7 @@ fat_init (void)
_nettle_ghash_set_key_vec = _nettle_ghash_set_key_c;
_nettle_ghash_update_vec = _nettle_ghash_update_c;
_nettle_sha256_compress_n_vec = _nettle_sha256_compress_n_c;
+ _nettle_sha512_compress_vec = _nettle_sha512_compress_c;
}
if (features.have_altivec)
{
@@ -350,3 +356,7 @@ DEFINE_FAT_FUNC(_nettle_sha256_compress_n, const uint8_t *,
(uint32_t *state, const uint32_t *k,
size_t blocks, const uint8_t *input),
(state, k, blocks, input))
+
+DEFINE_FAT_FUNC(_nettle_sha512_compress, void,
+ (uint64_t *state, const uint8_t *input, const uint64_t *k),
+ (state, input, k))
diff --git a/powerpc64/fat/sha512-compress-2.asm
b/powerpc64/fat/sha512-compress-2.asm
new file mode 100644
index ..9445e5ba
--- /dev/null
+++ b/powerpc64/fat/sha512-compress-2.asm
@@ -0,0 +1,36 @@
+C powerpc64/fat/sha512-compress-2.asm
+
+ifelse(`
+ Copyright (C) 2024 Eric Richter, IBM Corporation
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(_nettle_sha512_compress) picked up by configure
+
+define(`fat_transform', `$1_ppc64')
+include_src(`powerpc64/p8/sha512-compress.asm')
diff --git a/powerpc64/p8/sha512-compress.asm b/powerpc64/p8/sha512-compress.asm
new file mode 100644
index ..83fe0e36
--- /dev/null
+++ b/powerpc64/p8/sha512-compress.asm
@@ -0,0 +1,327 @@
+C x86_64/sha512-compress.asm
+
+ifelse(`
+ Copyright (C) 2024 Eric Richter, IBM Corporation
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General
[PATCH v2 0/2] Add optimized powerpc64 assembly for SHA2
I've updated this set to use the proper conventions for register names, and also adjusted the IV macro according to the suggestions provided. I can also confirm that I've gotten a working build environment based on the approach the GitLab CI configuration, and that the ppc64 big-endian build does indeed pass tests. Amended original cover letter: This set introduces an optimized powerpc64 assembly implementation for SHA256 and SHA512. This have been derived from BSD-2-Clause licensed code authored by IBM, originally released in the IBM POWER Cryptography Reference Implementation project[1], modified to work in Nettle, contributed under the GPL license. Development of this new implementation targetted POWER 10, however supports the POWER 8 and above ISA. The following commits provide the performance data I recorded on POWER 10, though similar improvements can be found on P8/P9. I have tested this patch set on POWER 8 and POWER 10, hardware running little-endian linux distributions, and via qemu-user for big-endian ppc64. Eric Richter (2): powerpc64: Add optimized assembly for sha256-compress-n powerpc64: Add optimized assembly for sha512-compress-n fat-ppc.c | 22 ++ powerpc64/fat/sha256-compress-n-2.asm | 36 +++ powerpc64/fat/sha512-compress-2.asm | 36 +++ powerpc64/p8/sha256-compress-n.asm| 323 + powerpc64/p8/sha512-compress.asm | 327 ++ 5 files changed, 744 insertions(+) create mode 100644 powerpc64/fat/sha256-compress-n-2.asm create mode 100644 powerpc64/fat/sha512-compress-2.asm create mode 100644 powerpc64/p8/sha256-compress-n.asm create mode 100644 powerpc64/p8/sha512-compress.asm -- 2.44.0 ___ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
