[PATCH 1/8] g10/decrypt-data: use fill_buffer in more places
jussi.kivilinna at iki.fi
Thu Nov 8 19:38:47 CET 2018
On 7.11.2018 21.49, Werner Koch wrote:
> On Wed, 7 Nov 2018 18:38, jussi.kivilinna at iki.fi said:
>> Should I push this patch set to new branch in gnupg repo?
> Just go ahead and push it directly to master.
>> I've also looked at disabling extra hash contexts when decrypting
>> non-signed files. Could those contexts be disabled when any AEAD or
>> MDC encrypted packet is seen? Such patch would look something this:
> While looking at your patches I was reminded to check whether we have
> some useless hash context running.
>> + unsigned int seen_encrypted_mdc:1; /* Any PKT_ENCRYPTED_MDC packet seen */
>> + unsigned int seen_encrypted_aead:1; /* Any PKT_ENCRYPTED_AEAD packet seen */
> There is either one MDC packet or one AEAD packet.
>> - if (!any && !opt.skip_verify)
>> + if (!any && !opt.skip_verify && !c->any.seen_encrypted_mdc &&
>> + !c->any.seen_encrypted_aead)
>> /* This is for the old GPG LITERAL+SIG case. It's not legal
>> according to 2440, so hopefully it won't come up that often.
> For sure this is not possible with AEAD. With MDC it is unlikely but I
> think we should not touch that case given that the goal is to fade out
> the use of MDC.
Ok, I'll make patch AEAD only. For CFB/MDC, user can of course use
--skip-verify if they know that input does not have signature and want
to get highest performance.
Here's results that I've seen with patch/--skip-verify for different types
of input on my machine (2GiB input file from ramfs):
decrypting MDC encrypted, signed (AES128+SHA1(mdc)+SHA512(sign)):
user 5.2s, 364 MB/s
decrypting MDC encrypted, not signed (AES128+2xSHA1(mdc+extra)+RMD160(extra)):
user 9.6s, 206 MB/s
decrypting MDC encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
user 3.0s, 575 MB/s
decrypting MDC symmetric encrypted, not signed (AES128+SHA1(mdc+extra)+RMD160(extra)):
user 9.7s, 205 MB/s
decrypting MDC symmetric encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
user 3.1s, 556 MB/s
decrypting AEAD encrypted, signed (AES128_OCB+SHA512(sign)):
user 4.7s, 387 MB/s
decrypting AEAD encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
user 7.6s, 258 MB/s
decrypting AEAD encrypted, not signed --skip-verify or patched (AES128_OCB):
user 0.95s, 1.2 GB/s
decrypting AEAD symmetric encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
user 7.6s, 256 MB/s
decrypting AEAD symmetric encrypted, not signed --skip-verify or patched (AES128_OCB):
user 1.1s, 1.1 GB/s
I also noticed that --skip-verify does not affect decryption speed of
signed input. Selected digest algorithm gets enabled regardless of
--skip-verify in proc_plaintext(). Should this be fixed?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 671 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel