On Thu, 2019-03-14 at 00:25 +0300, Yuriy M. Kaminskiy wrote:
On 12.03.2019 15:02, Yuriy M. Kaminskiy wrote:
Then I will probably take a look at poly1305
... and it looks problematic; porting poly1305/armv6 is possible, but there won't be much improvement over generic C code:
$ poly1305-opt/bin/poly1305-util bench 8192 byte(s): neon, 15114.40 ns per call, 1.8 ns/byte armv6, 31944.33 ns per call, 3.9 ns/byte generic/32, 39088.50 ns per call, 4.8 ns/byte
neon (and other simd implementations) is much faster, but requires larger state; current nettle's struct poly1305_ctx is 56 bytes, optimized versions requires up to 192 bytes.
And it is embedded in struct chacha_poly1305_ctx and poly1305_aes_ctx, which looks like part of public (and used) low-level ABI.
(nettle-meta.h interface would be safe wrt struct size changes, but so far everything I've looked at - including gnutls - was not using it :-()
FWIW, I wouldn't feel blocked by an ABI break in Nettle. Simo.