From owner-svn-src-stable-10@freebsd.org Mon Feb 27 14:02:13 2017 Return-Path: Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 482E5CEF82C for ; Mon, 27 Feb 2017 14:02:13 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 10CBE80B for ; Mon, 27 Feb 2017 14:02:12 +0000 (UTC) (envelope-from ed@nuxi.nl) Received: by mail-yw0-x230.google.com with SMTP id p77so36601272ywg.1 for ; Mon, 27 Feb 2017 06:02:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuxi-nl.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fHqYQNBv5NxBvRsb+L+5F86AOB4sEIjeRmTQtO02egc=; b=LQyEQwXOLkVC6QAW9CssBW+jLj1YxY/JwNX3fCBRZ01C2yQXP0YOQ0QjpBglVPgMTh kkCAV993oEs1pnLdLQkLxshyewtyxWKPoRY/jPxL4r9IZiCyB+e11Rx4aPrP01lnSQrq DTueFRp11vzlYnOBamXF/RQwGqWvfY+5l7S8EGJJ2aEhUWGlbuP4vGZ4k9xa/8dN2V5E BqEj3vYpivqXEajEM+jk7BpWM5awv7FgXlz3SpkkRzg4/sR6TzSh82jLZEk2x5F6MOKl 5/GZXSPJydMSL/zEp6uc0qdaOxDQJmtD2q7hWvgFuItyCAWBH+9MPZbKeCM7e5yzQK9y fDKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fHqYQNBv5NxBvRsb+L+5F86AOB4sEIjeRmTQtO02egc=; b=M1xycmVDH1rDbjVmwNUk3J6L4FM36VwSKdlbs3WTd+x3Ehey9FeMmVqKEwoWFebIpK 3uP96lq8fbV2BpLCTaK5OTnLxDRQNl0jGWRh4sxRljPAbQFyvlgtOA1z8gGlxW/4xya1 g0rae02jUMKH7w4EOPfgX3FLvly++iZHggqJNPwDTXc1oZF0kUGg7WnZSv0NoHDnbxeZ Uz6n+IMGvsmntCiC5vYCqhBYTpC+xdlupw2+nAY4KZYJzDTBaELkdCWexA26V/FBlvEj Jo6g4SBNAAPBmcoymMGNVsfPe9reG66JTYPWWGtOTRqJCxiL3DRb5ztoQPkJ3QZtpIxq 67Og== X-Gm-Message-State: AMke39krHsb0taS4W5iY5XTT+xC0phh8ENlqgTxC4zmE/1DNQZyBpGEoH82wtOz30koR/7tnRp72zv62owfDPA== X-Received: by 10.13.220.65 with SMTP id f62mr12184736ywe.6.1488204131878; Mon, 27 Feb 2017 06:02:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.129.51.198 with HTTP; Mon, 27 Feb 2017 06:01:41 -0800 (PST) In-Reply-To: <201702271305.v1RD5HOi077424@repo.freebsd.org> References: <201702271305.v1RD5HOi077424@repo.freebsd.org> From: Ed Schouten Date: Mon, 27 Feb 2017 15:01:41 +0100 Message-ID: Subject: Re: svn commit: r314335 - stable/10/sys/crypto/sha2 To: Andriy Gapon Cc: src-committers , svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-stable-10@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 10-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Feb 2017 14:02:13 -0000 Hi Andriy, 2017-02-27 14:05 GMT+01:00 Andriy Gapon : > +/* Message schedule computation */ > +#define MSCH(W, ii, i) \ > + W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] [snip] > uint32_t W[64]; [snip] > + for (i = 0; i < 64; i += 16) { > + RNDr(S, W, 1, i); > + RNDr(S, W, 2, i); > + RNDr(S, W, 3, i); > + RNDr(S, W, 4, i); > + RNDr(S, W, 5, i); > + RNDr(S, W, 6, i); > + RNDr(S, W, 7, i); > + RNDr(S, W, 8, i); > + RNDr(S, W, 9, i); > + RNDr(S, W, 10, i); > + RNDr(S, W, 11, i); > + RNDr(S, W, 12, i); > + RNDr(S, W, 13, i); > + RNDr(S, W, 14, i); > + RNDr(S, W, 15, i); > + > + if (i == 48) > + break; > + MSCH(W, 0, i); > + MSCH(W, 1, i); > + MSCH(W, 2, i); > + MSCH(W, 3, i); > + MSCH(W, 4, i); > + MSCH(W, 5, i); > + MSCH(W, 6, i); > + MSCH(W, 7, i); > + MSCH(W, 8, i); > + MSCH(W, 9, i); > + MSCH(W, 10, i); > + MSCH(W, 11, i); > + MSCH(W, 12, i); > + MSCH(W, 13, i); > + MSCH(W, 14, i); > + MSCH(W, 15, i); > + } Something interesting that I noticed some time ago when comparing the various SHA-{256,512} implementations: there is no need to store the entire extended message in W. During every iteration of this loop, RNDr() and MSCH() never go more than 16 elements back. Say, if you were to modify MSCH() to something like this: > +#define MSCH(W, ii) \ > + W[ii] += s1(W[(ii + 14) % 16]) + W[(ii + 9) % 16] + s0(W[(ii + 1)) % 16]) Then it will compute the next chunk of the extended message in-place. RNDr() must then be adjusted to use W[i] instead of W[i + ii], of course. W then only needs to hold 16 elements instead of 64 or 80. -- Ed Schouten Nuxi, 's-Hertogenbosch, the Netherlands KvK-nr.: 62051717