[PATCH 1/1] Improved whirlpool hash performance

Jussi Kivilinna jussi.kivilinna at iki.fi
Mon Sep 1 17:47:26 CEST 2014 

On 28/08/14 21:02, And Sch wrote:
> * cipher/whirlpool.c (whirlpool_transform, sbox, added macro): Added macro and rearranged round function to alternate between reading to and writing from different state and key variables. Two whirlpool_context_t variables removed, two were replaced, the sizes of state and key doubled, so overall the burn stack stays the same. buffer_to_block and block_xor were combined into one operation. The sbox was converted to one large table, because it is faster than many small tables.

Changelog lines should be maximum of 72 characters in length.

> --
> 
> Benchmark on different systems:
> 
<snip>
> ---
> 
> diff -ruNp libgcrypt-1.6.2/cipher/whirlpool.c libgcrypt-1.6.3/cipher/whirlpool.c
> --- libgcrypt-1.6.2/cipher/whirlpool.c	2014-08-21 07:50:39.000000000 -0500
> +++ libgcrypt-1.6.3/cipher/whirlpool.c	2014-08-28 12:47:04.917824140 -0500

Are these patches against the latest development branch?

> @@ -87,6 +87,17 @@ typedef struct {
>    for (i = 0; i < 8; i++) \
>      block_dst[i] ^= block_src[i];
>  
> +/* XOR lookup boxes with index SRC [(SHIFT + n) & 7] >> x. */
> +#define WHIRLPOOL_XOR(src, shift) \
> +	C[((unsigned int)(src[ (shift)         ] >> 56)       )          ] ^ \
> +	C[((unsigned int)(src[((shift) + 7) & 7] >> 48) & 0xff) +  256   ] ^ \
> +	C[((unsigned int)(src[((shift) + 6) & 7] >> 40) & 0xff) + (256*2)] ^ \
> +	C[((unsigned int)(src[((shift) + 5) & 7] >> 32) & 0xff) + (256*3)] ^ \
> +	C[((unsigned int)(src[((shift) + 4) & 7] >> 24) & 0xff) + (256*4)] ^ \
> +	C[((unsigned int)(src[((shift) + 3) & 7] >> 16) & 0xff) + (256*5)] ^ \
> +	C[((unsigned int)(src[((shift) + 2) & 7] >>  8) & 0xff) + (256*6)] ^ \
> +	C[((unsigned int)(src[((shift) + 1) & 7]      ) & 0xff) + (256*7)] \
> +
>  ?
>  
>  /* Round constants.  */
> @@ -107,7 +118,7 @@ static const u64 rc[R] =
>  ?
>  
>  /* Main lookup boxes.  */
> -static const u64 C0[256] =
> +static const u64 C[8*256] =

Maybe make this 'static const u64 C[8][256] instead?  Macro above would be slightly clearer

>    {
>      U64_C (0x18186018c07830d8), U64_C (0x23238c2305af4626),
>      U64_C (0xc6c63fc67ef991b8), U64_C (0xe8e887e8136fcdfb),
> @@ -237,10 +248,7 @@ static const u64 C0[256] =
<snip>
> -  block_xor (context->hash_state, data_block, i);
> -  block_xor (context->hash_state, state, i);
> +  block_xor (context->hash_state, state[0], i);
>  
>    return /*burn_stack*/ 4 * sizeof(whirlpool_block_t) + 2 * sizeof(int) +
>                          4 * sizeof(void*);
> 
> ____________________________________________________________
> FREE ONLINE PHOTOSHARING - Share your photos online with your friends and family!
> Visit http://www.inbox.com/photosharing to find out more!
> 

Please check settings in your email application. It's currently mangling these patches so that they do not apply without some extra work.

-Jussi

More information about the Gcrypt-devel mailing list