Thanks for the report,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an
.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully
Simon Josefsson writes:
> Hi
>
> What do you think?
Looks good, thanks. Merged this, as well as your other doc fix.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government sur
update config.guess and config.sub to
latest versions (previous update in Nettle was a year ago).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettl
Niels Möller writes:
> If there are no show-stoppers, I may make the release as soon as this
> Wednesday evening (May 10, and for me, evening starts around 17 UTC).
Testing is going rather well. I've found and fixed one bug giving a
compile error in the tests when configured with --d
at tries to handle multiple blocks
more efficiently. See
https://git.lysator.liu.se/nettle/nettle/-/blob/master/testsuite/ocb-test.c#L222
and below.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale gover
and 64-bit sparc.
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email
Noah Watkins writes:
> (fwiw sanitizer does report a memory leak when eccdata is
> running at the end of make).
If it looks like the sanitizer could be right, can you share the error
report?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet
bly files are missing completely, or if they're there but with some
other symbol names (those are tweaked a bit by fat build logic: names
with suffixes like _aesni and _pclmul are typical for fat builds, and
setup by the wrapper files in x86_64/fat/).
Regards,
/Niels
--
Niels Möller. P
Niels Möller writes:
> I've got the code to work, and I've written an x86_64 assembly
> implementation using sse2 instructions. Code on the
> ghash-sidechannel-silent branch. On my laptop, I seem toget these
> numbers:
>
> Old C implementation: 350 MB/s
> Old asm imp
Niels Möller writes:
> In initial benchmarking, this loop appears to run in 4.2 cycles per
> iteration on my laptop, and a slowdown by a factor of 3 compared to the
> current C implementation of ghash_update. Penalty may be a bit less for
> assembly implementation, but I haven't trie
mplementation of AES. It's possible to replace sbox lookups by
bit-slicing techniques (I'm told boringssl includes an aes
implementation doing that), but I haven't look into how that works out.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet em
YMM register holds 26 bits from one of 4 powers,
but then you need more than 5 registers if you need pieces with and with
the premultiply by 5? And also layout of registers used for accumulation.
Sorry I'm a bit slow reviewing.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8
Maamoun TK writes:
> Thank you for merging the patch. There is a very tiny change that keeps
> itching me since I submitted the patch, the following PR
> https://git.lysator.liu.se/nettle/nettle/-/merge_requests/59 would scratch
> that itch.
Merged.
/Niels
--
Niels Möl
on zen3/zen4 architectures. You can find the
> patch here https://git.lysator.liu.se/nettle/nettle/-/merge_requests/57
Thanks, now merged.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale governme
mplements
> Yarrow-256, which is similar, but uses @acronym{SHA256} and
> @acronym{AES} to get an internal state of 256 bits.
Thanks, applied.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject
with SIMD processing.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe se
ill
be a bit tight to fit to the debian schedule. In the best case, we could
have a release out around new year or early January. I guess it likely
counts as a "transition", even if it's abi and api backwards compatible?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8
const declared.
Not sure what changes are warranted. It would be good to fix the errors
on argument types for ccm and xts, but at least for ccm that's both an
API and an ABI change, so a bit tricky.
The immediate question is what the new ocb functions should look like.
Regards,
/Ni
are
appropriate. Choice also depends a on the value of a, if it's a special,
small or large number.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
ne
s one or more
messages, with another struct representing per-message state. (Not a
perfect fit for hpke, but I hope you get the idea. In this case the
"session" thing would correspond to the "context" in the spec, and if it
is responsible for the message sequence number, it h
ons?
* There's an RFC comment that I take it can be updated now?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -
ot r7, v1, v2), and the
caller needs to be aware of that.
One could do something similar for other DEFINE_* macros, but less
important since those are defined in the .asm file and used only once (I
think?).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Inter
hope it should be possible to have the C loop defined
locally in poly1305-update.c (depending on HAVE_NETTLE_poly1305_blocks,
and maybe HAVE_NETTLE_fat_poly1305_blocks, like in a few other places).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet e
ni...@lysator.liu.se (Niels Möller) writes:
> But I still want to find a way to merge the refactoring branch without
> breaking the ppc build (in the current state, the branch fails with link
> errors on ppc).
I think the simplest way is to just move _nettle_poly1305_blocks to its
own
Maamoun TK writes:
> On Sat, Oct 29, 2022 at 11:31 AM Niels Möller wrote:
>
>> I think I'd like to merge the multi-block refactoring branch
>> (refactor-poly1305) before your radix 2^44 code. But that breaks current
>> power assembly, since that branch currently re
lti-block function loop around it.
What would you suggest?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- ne
useful and interesting.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscrib
he high half. If working with regular 64-bit
registers, it's not too bad, but I guess it may get rather messy with
vector registers. So perhaps not the first thing to try out.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale g
on x86_64, I think it would be good
to try out adding it for ppc as well to see if it brings a small or
large improvement. Do you already have multiblock radix-2^64 code in
your merge request, or only the new radix 2^44 variant?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA3
m a very quick look at
https://datatracker.ietf.org/doc/html/draft-shen-sm2-ecdsa, it seems
it's more complex than sm3 and sm4, and I can't say how well it fits
with the current implementation of other crypto primitives based on
elliptic curves.
Regards,
/Niels
--
Ni
ni...@lysator.liu.se (Niels Möller) writes:
> Ideally, I'd like to have something like the below:
>
> uint64_t l0, l1, l2, h0, h1, h1;
>
> l0 = p0 & 0xfff; h0 = p0 >> 44;
> l1 = p1 & 0xfff; h1 = p1 >> 44;
> l2 = p2 & 0x3f
Two parallel additions to l0 and l1.
The dependent addition chain p0 -> p1 -> l2 could hopefully be evaluated
in parallel, so that it's all completed in 5-6 cycles. Not sure if there
will be any gain in practice, the reduction you use seems to have a
dependency chain that's just one or two c
e multiple).
+ */
union
{
-uint32_t r32[6];
-uint64_t r64[3];
+uint32_t r32[14];
+uint64_t r64[7];
} r;
- uint32_t s32[3];
- /* State, represented as words of 26, 32 or 64 bits, depending on
- implementation. */
- /* High bits first, to maintain alignment. */
- uint32_t
e able
to try something out in the weekend or next week.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator
dware accelerators built
by the adversary.
Then the reference for each function doesn't need to explain the purpose
t_cost and s_cost.
> +Next follows the utility function for computing the minimum required size of
> the working buffer
> +@var{scratch} for the @code{balloon} function.
operations without
ny side-channel silence).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysa
o RFC8452 Appendix A.
This MR is now merged. Thanks!
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu
ni...@lysator.liu.se (Niels Möller) writes:
> Thanks, merged onto the balloon branch.
And balloon changes now merge to the master branch. I hope to get to
read the docs later this week.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet em
lloon branch.
> I will be working on the documentation for the balloon function now.
Great. It may take a few days before I can review it, though.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale go
ni...@lysator.liu.se (Niels Möller) writes:
> Thanks, merged to a new branch, "balloon", for testing.
The ubsan test failed (built with CFLAGS="-fsanitize=undefined
-fno-sanitize-recover -g -O2"). See
https://gitlab.com/gnutls/nettle/-/jobs/3029478202, could e.g, be a ca
ded?
Minor note: In the tests, I think it's perfectly fine to leak memory in
the failure case, so it's fine to call FAIL or ASSERT directly, without
first freeing memory.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is
> SHEX("4fc7e302ffa29ae0eac31166cee7a552d1d71135f4e0da66486fb68a749b73a4"));
> +test_balloon(_sha256, 8, "password", 4, "salt", 1, 1,
> +
> SHEX("eefda4a8a75b461fa389c1dcfaf3e9dfacbc26f81f22e6f280d15cc18c417545"
hey're not considered secure by today's standards?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.ly
harm in doing
> that. Is that ok if I put them as size_t?
I think that is ok. size_t for cost_s makes sense. I don't know what's
the reasonable value is for cost_t? But makes some sense to stick to the
same type for both cost parameters.
Regards,
/Niel
ot;5f02f8206f9cd212485c6bdf85527b698956701ad0852106f94b94ee94577378"));
> +test_balloon(8, "password", 0, "", 3, 3, _sha256,
> +
> SHEX("20aa99d7fe3f4df4bd98c655c5480ec98b143107a331fd491deda885c4d6a6cc"));
> +test_balloon(1, "", 1, "", 3, 3, _sha256,
ppendix A.
Thanks, I added a few comments on the MR. In particular, I think it's
undesirable to duplicate much of the ghash logic. I've had a quick look
at the RFC, and it seems the intention is that polyval can be
implemented as a rather simple wrapper around ghash?
Regards,
/Niels
--
Nie
application can use to determine needed size.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists
Tianjia Zhang writes:
> Thanks for your review, any comments about this series of patches?
Merged now, with only some minor issues (missing menu items in
nettle.texinfo, add sm4.h to HEADERS in Makefile.in).
Thanks,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6
ni...@lysator.liu.se (Niels Möller) writes:
> Brad Smith writes:
>
>> I'm fine with mips64 for *BSD and Linux.
>
> Let's do that then.
I just committed the change to have abi check apply only for mips64.
Anything more needed?
Regards,
/Niels
--
Nie
ni...@lysator.liu.se (Niels Möller) writes:
> As we discussed recently, having internal compression functions that can
> do more than one block has the potential to speed up hash functions
> where compression is pretty fast, typically thanks to specal hardware
> instructions. I've tr
ni...@lysator.liu.se (Niels Möller) writes:
> Do I understand that code correctly, that qemu never reads the third
> "vrc" input to the instruction?
Actually, it appears latest qemu is doing this correctly (it's just that
for some reason, operands are named a->vra, a->vrb
ction via public accessors instead. And a few are
uses of internal utility functions.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs ma
ly1305 code which passed tests natively.
I've pushed a workaround to the master-updates branch, see
https://git.lysator.liu.se/nettle/nettle/-/commit/d618864183ccfdcd0d1b5443111fbaf9a5934517
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email i
files).
I think it's desirably to be able to run all tests linked to the main
.so library files. I can think of some other workarounds though, but the
right choice will depend a bit on which internal symbols actually are
needed for the tests.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8
related, I'm not aware of any special instructions for improved
md5 performance on any architecture (to be compared to the sha1 and
sha256 instructions currently used on x86_64, arm64 and s390x)?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet emai
user has to
set libdir manually, of the autoconf default of ${exec_prefix}/lib isn't
right.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs
(including linker flags
like --export-all-symbols, --enable-auto-import, --whole-archive,
although it's not entirely clear to me what each of those flags do).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Int
ni...@lysator.liu.se (Niels Möller) writes:
> Ah, that's a bug, I think. That *mips* pattern (see
> https://git.lysator.liu.se/nettle/nettle/-/blob/master/configure.ac#L344)
> should be replaced to only match 64-bit mips.>
>
> Does it work to just replace it with *mips64*
ni...@lysator.liu.se (Niels Möller) writes:
> Corentin Labbe writes:
>
>> Since new shaxxx_compress functions were added, it is time to add
>> documenation for it along documentation for old md5/sha1_compress.
>
> Thanks. A few comments below. Let me know if you can d
d really like to see not deleted.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsub
d to only match 64-bit mips. And similar for *sparc*,
just above.
Does it work to just replace it with *mips64*?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government sur
re, but until now I had just ignored it.
Nice that it's also fixed by the stdlib.h include.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
net
t, unfortunately, conventions differ between linux distributions. The
configure script tries to guess based on existence of directories on the
build system, but that way of guessing makes no sense for a cross
compile.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677
lude "hmac.h"
diff --git a/nettle-internal.h b/nettle-internal.h
index ddc483de..ac55c459 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -36,6 +36,8 @@
#define NETTLE_INTERNAL_H_INCLUDED
#include
+/* Needed for alloca on freebsd */
+#include
#include "nett
ettle
(or any other GNU or copyleft software), please abstain from offensive
language like "infected".
> Please consider to change back to LGPLv2 or dual license GPLv2 |
> LGPLv2
This is unlikely to happen. If you want it to be considered seriously,
please substantiate a concrete usec
-343,7 +343,7 @@ case "$host_cpu" in
> ;;
>*mips*)
> AC_TRY_COMPILE([
> -#if defined(__sgi) && defined(__LP64__)
> +#if defined(__mips64) || defined(__mips64__) || (defined(__sgi) &&
> defined(__LP64__))
> #error 64-bit mips
> #endif
&
does include stdlib.h.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe se
the former, if that solves the problem. There are
lots of local symbols with short and non-unique names, and we really
have to rely on naming hygiene in standard headers to avoid collisions.
Regards,
/Niels Möller
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subje
t;-share" ;;
> hpux*) CCPIC="+z"; ;;
> - *freebsd*) CCPIC="-fpic" ;;
> + freebsd*|netbsd*|openbsd*) CCPIC="-fPIC" ;;
> sco*|sysv4.*) CCPIC="-KPIC -dy -Bdynamic" ;;
> solaris*) CCPIC="-KP
ot;.
Most notable speedup is for s390x, where speedup of sha256 (for large
messages) is 2.5 times.
I think I will merge these changes soon, any feedback or additional
benchmarks most welcome.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email
;;
> cygwin*)CCPIC="" ;;
> mingw32*) CCPIC="" ;;
Thanks. Just two questions:
1. The comment on the line above was intended for the solaris case, does
it apply to openbsd? (Perhaps I should just delete the comment, it
isn't that helpful).
from
https://ftp.gnu.org/gnu/nettle/nettle-3.8.1.tar.gz
ftp://ftp.gnu.org/gnu/nettle/nettle-3.8.1.tar.gz
https://www.lysator.liu.se/~nisse/archive/nettle-3.8.1.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.8.1 release
This is a bugfix release, fixing a few portability
and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.6 and libhogweed.so.6.6, with sonames
libnettle.so.8 and libhogweed.so.6.
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government su
ess), right?
Since these hash functions use the same compression as sha256 and
sha512, respectively.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
__
ni...@lysator.liu.se (Niels Möller) writes:
> PS. Speaking of work, I'm considering looking for new
> employment/contracting, any advice or suggestions welcome off-list. My
> wish list:
>
> * Primarily foss work.
> * Problems in the intersection of computer science and math.
build process
> proceeds so I can make a merge request for that change.
So adding the pseudo op
.machine "z10"
tells the assembler to recognize the instructions (similar to .machine
"z13" in some other s390x files).
I've merged your change, with a minor edit of co
l sentence. Not
sure if you can say something more specific, but still concise, about
usecases? Or you could write that something like "provides access to the
underlying compression function, for the rare applications that need
that".
Regards,
/Niels
--
Niels Möller. PGP key CB4962D07
g hash function. The most important detail is to be clear
about the representation and size of the state argument.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government survei
/~nisse/nettle/nettle.html.
The release can be downloaded from
https://ftp.gnu.org/gnu/nettle/nettle-3.8.tar.gz
ftp://ftp.gnu.org/gnu/nettle/nettle-3.8.tar.gz
https://www.lysator.liu.se/~nisse/archive/nettle-3.8.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.8 release
want to test on Mac, please be aware that make check
may not work out-of-the-box, see the "Known issue" section in the NEWS
file for details and a workaround.
If all goes well, I hope to make the release one week from now.
Regards,
/Niels
--
Niels Mölle
(and I imagine they will cause some additional
complexity when we get to have optional assembly implementation of those
functions). Let's leave out for now.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to who
ns fall back to the plain C
implementation.
What about sha3? It seems Nettle exposes the sha3_permute function, but
it's completely undocumented.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholes
startup cost for each call, since we don't have
space for extra pre-computed powers. But for large messages, we'll get
the best speed if we can make reduction as cheap as possible.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email
some size argument to nettle-benchmark to
make it easier to choose right threshold. If we end up with more
thresholds like this, we could consider tuning them more automatically,
analogous to the gmp/tune/tuneup program. But for start, manual tuning
is good enough.
Regards,
/Niels
--
Niels Möller
ni...@lysator.liu.se (Niels Möller) writes:
> I'm not that fond of the struct cbc_aes128_ctx though, which includes
> both (constant) subkeys and iv. So I'm considering changing that to
>
> void
> cbc_aes128_encrypt(const struct aes128_ctx *ctx, uint8_t *iv,
>
git in the range 0 <= x <
2^26, it can most likely be made to work with a somewhat larger range.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
net
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to
get it right, that when AVX2 is enabled, also single block
poly1305 will use radix 2^26?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs
file, and a deletion of the
out-of-date author list in the manual.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs
ni...@lysator.liu.se (Niels Möller) writes:
> I've also noticed that the copyright/authorship section of the manual
> is very out-of-date, so I'm trying to put together a more
> comprehensive AUTHORS file to replace that.
See below. Based on the author info in the manual, ChangeLog
e and math.
* Part time, e.g., 4 days a week.
* Either located in Stockholm area, or remote.
See also https://www.lysator.liu.se/~nisse/cv.html
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government su
R for changes.
I've now merged all these changes to the master branch. It seems the
gnutls build in the ci keeps failing, but that looks unrelated to this
change.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale
ni...@lysator.liu.se (Niels Möller) writes:
> I'm considering reorganizing the internal gcm functions. I think I'd
> like to have
>
> void
> _nettle_ghash_set_key (struct gcm_key *gcm, const union nettle_block16
> *key);
>
> which sets the key (typically, the key bloc
ni...@lysator.liu.se (Niels Möller) writes:
> I've written a first version of a gcm_hash for x86_64, using the
> pclmulqdq (carryless mul) instructions. With only a single block at a time,
> no interleaving, this gives to 4.3 GByte/s,
I've added proper config and fat setup a
since I read the RFC, but I don't think it is proper use to
use OCB with the same key, but change tag_length from message to message.
> This has the benefit of working for how OpenPGP currently constructs the
> nonce, which does not result in monotonically incrementing nonces
> (currently,
per cycle, by interleaving, we could perhaps increase
performance by another factor of two.
See below. Configure options and fat setup still missing.
Regards,
/Niels
C x86_64/gcm-hash.asm
ifelse(`
Copyright (C) 2022 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free
s
sm4_set_encrypt_key + sm4_invert_key, where sm4_invert_key is a function
that just reverses the order (a bit similar to _nettle_aes_invert,
but simpler). Then the same sm4_crypt function can be used for both
encrypt and decrypt.
Not sure what's best, but I'd lean towards (2),
Maamoun TK writes:
> On Sat, Jan 29, 2022 at 4:29 PM Niels Möller wrote:
>
>> ** Interleaving **
>>
>> The other approach, used in the recent powerpc gcm code, is to
>> interleave multiple blocks. For simplicity, only consider 2-way
>> interleaving here. T
ni...@lysator.liu.se (Niels Möller) writes:
> Y_2 B^2 + Y_1 B + Y_0 = (X_2 B^2 + X_1 B + X_0) (K_1 B + K_0) (mod P)
>
> This can be arranged with 6 independent multiply instructions + cheap
> accumulation. (I haven't worked out the details for the ghash case, but
> I do expect t
101 - 200 of 1234 matches
Mail list logo
