From owner-svn-src-stable-10@freebsd.org  Mon Feb 27 14:02:13 2017
Return-Path: <owner-svn-src-stable-10@freebsd.org>
Delivered-To: svn-src-stable-10@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 482E5CEF82C
 for <svn-src-stable-10@mailman.ysv.freebsd.org>;
 Mon, 27 Feb 2017 14:02:13 +0000 (UTC) (envelope-from ed@nuxi.nl)
Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com
 [IPv6:2607:f8b0:4002:c05::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 10CBE80B
 for <svn-src-stable-10@freebsd.org>; Mon, 27 Feb 2017 14:02:12 +0000 (UTC)
 (envelope-from ed@nuxi.nl)
Received: by mail-yw0-x230.google.com with SMTP id p77so36601272ywg.1
 for <svn-src-stable-10@freebsd.org>; Mon, 27 Feb 2017 06:02:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=nuxi-nl.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=fHqYQNBv5NxBvRsb+L+5F86AOB4sEIjeRmTQtO02egc=;
 b=LQyEQwXOLkVC6QAW9CssBW+jLj1YxY/JwNX3fCBRZ01C2yQXP0YOQ0QjpBglVPgMTh
 kkCAV993oEs1pnLdLQkLxshyewtyxWKPoRY/jPxL4r9IZiCyB+e11Rx4aPrP01lnSQrq
 DTueFRp11vzlYnOBamXF/RQwGqWvfY+5l7S8EGJJ2aEhUWGlbuP4vGZ4k9xa/8dN2V5E
 BqEj3vYpivqXEajEM+jk7BpWM5awv7FgXlz3SpkkRzg4/sR6TzSh82jLZEk2x5F6MOKl
 5/GZXSPJydMSL/zEp6uc0qdaOxDQJmtD2q7hWvgFuItyCAWBH+9MPZbKeCM7e5yzQK9y
 fDKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=fHqYQNBv5NxBvRsb+L+5F86AOB4sEIjeRmTQtO02egc=;
 b=M1xycmVDH1rDbjVmwNUk3J6L4FM36VwSKdlbs3WTd+x3Ehey9FeMmVqKEwoWFebIpK
 3uP96lq8fbV2BpLCTaK5OTnLxDRQNl0jGWRh4sxRljPAbQFyvlgtOA1z8gGlxW/4xya1
 g0rae02jUMKH7w4EOPfgX3FLvly++iZHggqJNPwDTXc1oZF0kUGg7WnZSv0NoHDnbxeZ
 Uz6n+IMGvsmntCiC5vYCqhBYTpC+xdlupw2+nAY4KZYJzDTBaELkdCWexA26V/FBlvEj
 Jo6g4SBNAAPBmcoymMGNVsfPe9reG66JTYPWWGtOTRqJCxiL3DRb5ztoQPkJ3QZtpIxq
 67Og==
X-Gm-Message-State: AMke39krHsb0taS4W5iY5XTT+xC0phh8ENlqgTxC4zmE/1DNQZyBpGEoH82wtOz30koR/7tnRp72zv62owfDPA==
X-Received: by 10.13.220.65 with SMTP id f62mr12184736ywe.6.1488204131878;
 Mon, 27 Feb 2017 06:02:11 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.51.198 with HTTP; Mon, 27 Feb 2017 06:01:41 -0800 (PST)
In-Reply-To: <201702271305.v1RD5HOi077424@repo.freebsd.org>
References: <201702271305.v1RD5HOi077424@repo.freebsd.org>
From: Ed Schouten <ed@nuxi.nl>
Date: Mon, 27 Feb 2017 15:01:41 +0100
Message-ID: <CABh_MK==nm1rpy0STaECBVF-fT+5C5BapDWjkOOqAEeszOBknw@mail.gmail.com>
Subject: Re: svn commit: r314335 - stable/10/sys/crypto/sha2
To: Andriy Gapon <avg@freebsd.org>
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, 
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: svn-src-stable-10@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for only the 10-stable src tree
 <svn-src-stable-10.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-10/>
List-Post: <mailto:svn-src-stable-10@freebsd.org>
List-Help: <mailto:svn-src-stable-10-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2017 14:02:13 -0000

Hi Andriy,

2017-02-27 14:05 GMT+01:00 Andriy Gapon <avg@freebsd.org>:
> +/* Message schedule computation */
> +#define MSCH(W, ii, i)                         \
> +       W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii]

[snip]

>         uint32_t W[64];

[snip]

> +       for (i = 0; i < 64; i += 16) {
> +               RNDr(S, W, 1, i);
> +               RNDr(S, W, 2, i);
> +               RNDr(S, W, 3, i);
> +               RNDr(S, W, 4, i);
> +               RNDr(S, W, 5, i);
> +               RNDr(S, W, 6, i);
> +               RNDr(S, W, 7, i);
> +               RNDr(S, W, 8, i);
> +               RNDr(S, W, 9, i);
> +               RNDr(S, W, 10, i);
> +               RNDr(S, W, 11, i);
> +               RNDr(S, W, 12, i);
> +               RNDr(S, W, 13, i);
> +               RNDr(S, W, 14, i);
> +               RNDr(S, W, 15, i);
> +
> +               if (i == 48)
> +                       break;
> +               MSCH(W, 0, i);
> +               MSCH(W, 1, i);
> +               MSCH(W, 2, i);
> +               MSCH(W, 3, i);
> +               MSCH(W, 4, i);
> +               MSCH(W, 5, i);
> +               MSCH(W, 6, i);
> +               MSCH(W, 7, i);
> +               MSCH(W, 8, i);
> +               MSCH(W, 9, i);
> +               MSCH(W, 10, i);
> +               MSCH(W, 11, i);
> +               MSCH(W, 12, i);
> +               MSCH(W, 13, i);
> +               MSCH(W, 14, i);
> +               MSCH(W, 15, i);
> +       }

Something interesting that I noticed some time ago when comparing the
various SHA-{256,512} implementations: there is no need to store the
entire extended message in W. During every iteration of this loop,
RNDr() and MSCH() never go more than 16 elements back.

Say, if you were to modify MSCH() to something like this:

> +#define MSCH(W, ii)                         \
> +       W[ii] += s1(W[(ii + 14) % 16]) + W[(ii + 9) % 16] + s0(W[(ii + 1)) % 16])

Then it will compute the next chunk of the extended message in-place.
RNDr() must then be adjusted to use W[i] instead of W[i + ii], of
course. W then only needs to hold 16 elements instead of 64 or 80.

-- 
Ed Schouten <ed@nuxi.nl>
Nuxi, 's-Hertogenbosch, the Netherlands
KvK-nr.: 62051717