nettle-bugs April 2021

nettle-bugs@lists.lysator.liu.se

5 participants
6 discussions

Add RSA-OAEP encryption/decryption to Nettle
by Nicolas Mora 09 Mar '24

09 Mar '24

Hello, I've made a new Merge Request in the nettle gitlab repo to provide RSA-OAEP encryption and decryption: https://git.lysator.liu.se/nettle/nettle/-/merge_requests/20 It adds 2 new functions: int pkcs1_oaep_encrypt (size_t key_size, void *random_ctx, nettle_random_func *random, size_t hlen, size_t label_length, const uint8_t *label, size_t message_length, const uint8_t *message, mpz_t m); int pkcs1_oaep_decrypt (size_t key_size, const mpz_t m, size_t hlen, size_t label_length, const uint8_t *label, size_t *length, uint8_t *message); The parameter hlen is the output length of the SHA function used for masking data: - SHA1_DIGEST_SIZE - SHA256_DIGEST_SIZE - SHA384_DIGEST_SIZE - SHA512_DIGEST_SIZE Is it possible to get feedback for this MR and eventually push it to the master branch? Thanks in advance /Nicolas

4 21

Curve point decompression
by Wim Lewis 10 Nov '21

10 Nov '21

I'm looking at implementing elliptic curve point compression a la SEC1 (admittedly, mostly to reduce the number of "feature not supported" code paths in a library, but it seems like a somewhat useful ability). Nettle/Hogweed already implements it internally for curve25519, but I want to implement it for the "secp" curves as well. Point compression is easy enough, but point decompression requires some curve math, potentially dependent on the specific curve, and some of it is redundant with what's already done in ecc_point_set(). So I was thinking about moving this functionality into Hogweed as a function along the lines of ecc_point_set_compressed(), which would take, instead of a y-coordinate, an int containing the sign/parity of the y-coordinate. So my question for the list and for the maintainers is, is this a reasonable API to add to Hogweed? Is there interest in including it in Hogweed if I were to take the time to turn it into a tidy patch?

3 10

[S390x] Optimize AES modes
by Maamoun TK 19 Sep '21

19 Sep '21

I made a merge request for optimizing AES modes on s390x architecture, the patch implements the optimized cores using cipher instructions that have been added to s390x arch in message security assist extensions. The patch uses the following functions: KM-AES-128 (ECB-AES128) KM-AES-192 (ECB-AES192) KM-AES-256 (ECB-AES256) KMC-AES-128 (CBC-AES128) KMC-AES-192 (CBC-AES192) KMC-AES-256 (CBC-AES256) KMAC-AES-128 (CCM-AES128, CMAC-AES128) KMAC-AES-192 (CCM-AES192) KMAC-AES-256 (CCM-AES256, CMAC-AES256) KMF-AES-128 (CFB-AES128, CFB8-AES128) KMF-AES-192 (CFB-AES192, CFB8-AES192) KMF-AES-256 (CFB-AES256, CFB8-AES256) KM-XTS-AES-128 (XTS-AES128) KM-XTS-AES-256 (XTS-AES256) KIMD-GHASH (GHASH) KMCTR-AES-128, KMA-GCM-AES-128 (CTR-AES128) KMCTR-AES-192, KMA-GCM-AES-192 (CTR-AES192) KMCTR-AES-256, KMA-GCM-AES-256 (CTR-AES256) KMA-GCM-AES-128 (GCM-AES128) KMA-GCM-AES-192 (GCM-AES192) KMA-GCM-AES-256 (GCM-AES256) The merge request has also a benchmark that measures the speed of optimized cores on s390x arch. I can't set up gitlab CI for automatic testing on s390x arch because qemu hasn't implemented cipher functions for this arch. However, there is an easy way to test the patch manually by requesting a free account on the LinuxONE Community Cloud, both short-term and long-term access are available. https://linuxone.cloud.marist.edu/#/register?flag=VM regards, Mamone

4 39

HPKE implementation
by Norbert Pocs 14 Jul '21

14 Jul '21

Hello mailing list, I am a student at Brno University of Technology at Faculty of Information Technology and intern at Red Hat Crypto team. My current project is the implementation of HPKE draft [0]. The first goal is to implement mode_base. Example usage for the project is the encrypted hello message in TLS [1]. Do you have interest in merging the code after completion? [0] https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07 [1] https://gitlab.com/gnutls/gnutls/-/issues/595 Regards Norbert Pócs

2 3

[RFC PATCH 0/6] Introduce combined AES-GCM assembly for POWER9+
by Christopher M. Riedl 01 Jun '21

01 Jun '21

Hi! This series introduces a mechanism to support arch specific, combined AES+GCM {en,de}cryption functions. These functions are stubbed by default and will fall-back to the separate hash and crypt functions if no arch override exists. The arch override can be provided either at build time via appropriate config options or using the FAT runtime mechanism. An implementation combining AES+GCM _can potentially_ yield significant performance boosts by allowing for increased instruction parallelism, avoiding C-function call overhead, more flexibility in assembly fine-tuning, etc. This series provides such an implementation based on the existing optimized Nettle routines for POWER9 and later processors. Benchmark results on a POWER9 Blackbird running at 3.5GHz are given at the end of this mail. Both builds were configured statically ie. not FAT. FAT performance is slightly lower for both but shows similar gains with this series. The OpenSSL build is based on latest OpenSSL master with all PowerPC optimizations enabled. Note that the gains on an early POWER10 system are even more impressive but unfortunately I cannot share those results publically yet :( AES+GCM combined (this series) ------------------------------ Algorithm mode Mbyte/s gcm_aes128 encrypt 2567.62 gcm_aes128 decrypt 2582.32 gcm_aes128 update 7724.15 gcm_aes192 encrypt 2279.39 gcm_aes192 decrypt 2293.20 gcm_aes192 update 7724.41 gcm_aes256 encrypt 2054.09 gcm_aes256 decrypt 2061.25 gcm_aes256 update 7724.04 openssl gcm_aes128 encrypt 2336.93 openssl gcm_aes128 decrypt 2337.95 openssl gcm_aes128 update 6248.22 openssl gcm_aes192 encrypt 2113.93 openssl gcm_aes192 decrypt 2114.93 openssl gcm_aes192 update 6210.65 openssl gcm_aes256 encrypt 1936.95 openssl gcm_aes256 decrypt 1935.88 openssl gcm_aes256 update 6208.72 AES,GCM separate (nettle master) -------------------------------- Algorithm mode Mbyte/s gcm_aes128 encrypt 1418.66 gcm_aes128 decrypt 1418.97 gcm_aes128 update 7766.31 gcm_aes192 encrypt 1314.03 gcm_aes192 decrypt 1313.17 gcm_aes192 update 7760.23 gcm_aes256 encrypt 1218.75 gcm_aes256 decrypt 1218.64 gcm_aes256 update 7760.52 openssl gcm_aes128 encrypt 2324.70 openssl gcm_aes128 decrypt 2317.19 openssl gcm_aes128 update 6152.77 openssl gcm_aes192 encrypt 2102.99 openssl gcm_aes192 decrypt 2098.98 openssl gcm_aes192 update 6175.62 openssl gcm_aes256 encrypt 1925.85 openssl gcm_aes256 decrypt 1922.49 openssl gcm_aes256 update 6204.55 Christopher M. Riedl (6): gcm: Introduce gcm_aes_{de,en}crypt() ppc: Fix variable name for --enable-power-altivec ppc: Add FAT feature and config option for ISA 3.0 ppc: Add gcm_aes_encrypt() asm for ISA 3.0 (P9) ppc: Add gcm_aes_decrypt() asm for ISA 3.0 (P9) ppc: Enable gcm_aes_{de,en}crypt() FAT configure.ac | 19 +- fat-ppc.c | 45 ++ fat-setup.h | 6 + gcm-internal.h | 14 + gcm.c | 151 ++++++- powerpc64/fat/gcm-aes-decrypt.asm | 37 ++ powerpc64/fat/gcm-aes-encrypt.asm | 37 ++ powerpc64/p9/gcm-aes-decrypt.asm | 663 +++++++++++++++++++++++++++++ powerpc64/p9/gcm-aes-encrypt.asm | 666 ++++++++++++++++++++++++++++++ 9 files changed, 1630 insertions(+), 8 deletions(-) create mode 100644 powerpc64/fat/gcm-aes-decrypt.asm create mode 100644 powerpc64/fat/gcm-aes-encrypt.asm create mode 100644 powerpc64/p9/gcm-aes-decrypt.asm create mode 100644 powerpc64/p9/gcm-aes-encrypt.asm -- 2.26.1

3 12

Add AES Key Wrap (RFC 3394) in Nettle
by Nicolas Mora 23 May '21

23 May '21

Hello, I've added a merge request to implement AES key wrap and unwrap in Nettle [1]. The MR is not complete, because the tests haven't been pushed yet and the documentation is missing, but if the new functionality is welcome to Nettle, I'd rather have some feedback on the code first, to make sure it respects the project guidelines. I can add tests based on the tests vectors in the RFC [2], but I'm not sure how the test suites are build, should I need to create test_wrap functions like in aes-test.c or something else? Thanks in advance for your help! /Nicolas [1] https://tools.ietf.org/html/rfc3394 [2] https://tools.ietf.org/html/rfc3394#section-4

5 25

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

nettle-bugs April 2021