On February 27, 2017 6:01:41 AM PST, Ed Schouten <[email protected]> wrote: >Hi Andriy, > >2017-02-27 14:05 GMT+01:00 Andriy Gapon <[email protected]>: >> +/* Message schedule computation */ >> +#define MSCH(W, ii, i) \ >> + W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i >+ ii + 1]) + W[i + ii] > >[snip] > >> uint32_t W[64]; > >[snip] > >> + for (i = 0; i < 64; i += 16) { >> + RNDr(S, W, 1, i); >> + RNDr(S, W, 2, i); >> + RNDr(S, W, 3, i); >> + RNDr(S, W, 4, i); >> + RNDr(S, W, 5, i); >> + RNDr(S, W, 6, i); >> + RNDr(S, W, 7, i); >> + RNDr(S, W, 8, i); >> + RNDr(S, W, 9, i); >> + RNDr(S, W, 10, i); >> + RNDr(S, W, 11, i); >> + RNDr(S, W, 12, i); >> + RNDr(S, W, 13, i); >> + RNDr(S, W, 14, i); >> + RNDr(S, W, 15, i); >> + >> + if (i == 48) >> + break; >> + MSCH(W, 0, i); >> + MSCH(W, 1, i); >> + MSCH(W, 2, i); >> + MSCH(W, 3, i); >> + MSCH(W, 4, i); >> + MSCH(W, 5, i); >> + MSCH(W, 6, i); >> + MSCH(W, 7, i); >> + MSCH(W, 8, i); >> + MSCH(W, 9, i); >> + MSCH(W, 10, i); >> + MSCH(W, 11, i); >> + MSCH(W, 12, i); >> + MSCH(W, 13, i); >> + MSCH(W, 14, i); >> + MSCH(W, 15, i); >> + } > >Something interesting that I noticed some time ago when comparing the >various SHA-{256,512} implementations: there is no need to store the >entire extended message in W. During every iteration of this loop, >RNDr() and MSCH() never go more than 16 elements back. > >Say, if you were to modify MSCH() to something like this: > >> +#define MSCH(W, ii) \ >> + W[ii] += s1(W[(ii + 14) % 16]) + W[(ii + 9) % 16] + s0(W[(ii >+ 1)) % 16]) > >Then it will compute the next chunk of the extended message in-place. >RNDr() must then be adjusted to use W[i] instead of W[i + ii], of >course. W then only needs to hold 16 elements instead of 64 or 80.
Add Colin, author of the original code -- Allan Jude _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to "[email protected]"
