Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 May 2013 3:38:12 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Change to dynamic (SHA2 SIMD logic)

I have just released the first round of new SIMD code for dynamic 'large hash' code. This code uses the flat buffers, which have also been resized from 260 bytes to 256 bytes, which is base-2 divisible by 64 and 128.  This new code will use these buffers, as is, without flipping into or out of MMX_COEF format (which is what SHA1 currently does).  Within newest the sse-intrinsics code, there is a flag that the input data is in 'flat' mode. In flat mode, it is simply an array of bytes where there are MMX_COEF buffers of proper size butted against each other. There is also another flag that lists it is flat data, but each input is 2 input buffers wide (i.e. 128 byte buffers for SHA256 hash).  This double wide flat flag was added for cryptsha256. I added a new flag for flat inputs that are 4x normal size, which is what dynamic will be using, with the 256 byte flat buffers.  

One VERY NICE thing about doing it this way, is that within the dyna code as I have it, the SSE code (for sha224/256) is NOT limited to a 55 byte single buffer limitation, like it is with MD4/5.  I have implemented this to work up to 4 SSE buffers (for sha256). This means the max length value that could be handled, is 256-9 bytes (247 bytes), which is 4 SHA256 buffers.  When I get to shat512, it will be up to 2 sha512 buffers, which is up to 256-17 or 239 bytes.  Now, for the format sha512(sha512($p).sha512($s)), I can do some work in SSE, but then a 256 byte string is the result.  That still fits (just fits), in the input buffer.  However, that last sha512 will have to be done using oSSL CTX code (which will require 3 SHA512 blocks).

But so far, all of the SHA256 and SHA224 code has been done using SSE.  I will get the SHA512 code next.  I will look at re-doing the SHA1 code ,which has been a big problerm.  I believe this new method will eliminate almost all of the serious problems I have with the SHA1 code, and it will likely speed things up, along with removing the 55 byte limitation as a bonus.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.