Hello, I have put in https://github.com/nmav/nettle-mini/tree/gmp-mini a version of nettle that has an additional configure option. The --enable-mini-gmp. This will compile libghoweed using mini-gmp thus allowing nettle to be used in space constrained systems. Note that using nettle with mini-gmp instead of gmp imposes a penalty of around 10x, and may leak more information due to side-channels (this should not be the case for RSA as blinding is performed in hogweed, but I haven't checked the other algorithms).
regards, Nikos
On Mon, Mar 10, 2014 at 9:28 AM, Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com wrote:
Hello, I have put in https://github.com/nmav/nettle-mini/tree/gmp-mini a version of nettle that has an additional configure option. The --enable-mini-gmp. This will compile libghoweed using mini-gmp thus allowing nettle to be used in space constrained systems. Note that using nettle with mini-gmp instead of gmp imposes a penalty of around 10x, and may leak more information due to side-channels (this should not be the case for RSA as blinding is performed in hogweed, but I haven't checked the other algorithms).
I've now have nettle-mini for both master and 2.7. The patches required for master are gmp-mini branch and for 2.7 in nettle-2.7-mini-gmp. What I haven't tried is combining nettle and hogweed in a single library when in mini mode. I believe the savings should be negligible in modern embedded systems, and will cause practical issues as it will be harder to determine which library to link with.
I'd appreciate if these go upstream as I've failed to add nettle to openwrt (and don't have to time to pursue that further), so I no longer plan to maintain these patches separately (and they will be easily break on makefile changes).
regards, Nikos
Nikos Mavrogiannopoulos nmav@gnutls.org writes:
I've now have nettle-mini for both master and 2.7. The patches required for master are gmp-mini branch and for 2.7 in nettle-2.7-mini-gmp.
Nice!
I'd appreciate if these go upstream as I've failed to add nettle to openwrt (and don't have to time to pursue that further), so I no longer plan to maintain these patches separately (and they will be easily break on makefile changes).
I'd really like to add mini-gmp support on the master branch, but I think it has to wait until after the release. I see one issue which your code, which I'd like to fix before integration, and that is that I think it is a bit too brittle to link the test programs with the real gmp. Problem is that mpz_t defined by gmp and mini-gmp is not really compatible.
It's possible to use mini-gmp and gmp in the same executable, since the symbol names seen by the linker are different, but then each compilation unit should use either gmp or mini-gmp, and no mpz_t variables can be passed across this boundary. The mini-gmp testsuite does this, converting numbers to hex strings when they need to be passed between gmp and mini-gmp functions.
For the nettle testsuite, I hope one can get by with something simpler. Do as many of the tests as possible using mini-gmp only, and disable tests which depend on functions only available in the real gmp library, e.g., mpz_urandomb.
Regards, /Niels
Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I have put in https://github.com/nmav/nettle-mini/tree/gmp-mini a version of nettle that has an additional configure option. The --enable-mini-gmp. This will compile libghoweed using mini-gmp thus allowing nettle to be used in space constrained systems.
I've done this a bit differently, but I've now pushed an --enable-mini-gmp option on the master branch. Testing appreciated.
Happy hacking, /Niels
On Wed, Jun 25, 2014 at 10:59 PM, Niels Möller nisse@lysator.liu.se wrote:
I've done this a bit differently, but I've now pushed an --enable-mini-gmp option on the master branch. Testing appreciated.
I haven't tested with gnutls, as I still need to convert it to use the new API, but a small patch is attached which makes hogweed-benchmark to run on Fedora and RHEL (that don't include the SECP-224 and 192 curves).
regards, Nikos
Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I haven't tested with gnutls, as I still need to convert it to use the new API, but a small patch is attached which makes hogweed-benchmark to run on Fedora and RHEL (that don't include the SECP-224 and 192 curves).
Pushed on the master branch. Thanks.
/Niels
nettle-bugs@lists.lysator.liu.se
-
Nikos Mavrogiannopoulos -
Nikos Mavrogiannopoulos -
nisse@lysator.liu.se