memxor

[Niels Möller]

Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> writes:

> I don't know however of a portable way to do initialization
> transparently without an explicit function call.

It works for gmp. Which doesn't imply that we should do it in exactly
the same way, of course.

> The cpuid test would have then to be moved to an assembly file.

Right.

> Indeed. Once a framework for overwriting functionality is set, those would
> be not very hard to add. However setting such framework in nettle seems to
> require substantial work as all exported functions need to be replaced by
> function pointers thus breaking ABI.

I don't think the function pointers should be exported. If "fat" library
is enabled (default for x86), then the exported function should be

  void memxor (...)
  {
    (*memxor_p)(...);
  }

I think one should have the possibility to choose between fat and
non-fat builds, with the same ABI. There's going to be a small extra
call overhead in the fat case.

As long as all implementations can use the same ctx structs, there
should be no problem with the ABI. If we also want to support hardware
acelerators which are like black boxes, then some API and or ABI changes
may be necessary.

> I wouldn't care of serpent optimizations much :)

I'm not surprised ;-) But on processors which lack aes-instructions, but
which have 256-bit %ymm-registers, serpent can most likely be twice as
fast as aes if used in ctr mode (for the current code with 128-bit
%xmm-registers, serpent speed was somewhere between aes-128 and aes-192
last time I measured).

/nisse

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.