[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMuHMdUcJN_ZZLnx8TuhoXYV1DAKK9NsXjH2M0xAdn9JTS16wA@mail.gmail.com>
Date: Wed, 12 Jan 2022 11:59:48 +0100
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
netdev <netdev@...r.kernel.org>, wireguard@...ts.zx2c4.com,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
bpf <bpf@...r.kernel.org>, Theodore Tso <tytso@....edu>,
Greg KH <gregkh@...uxfoundation.org>,
jeanphilippe.aumasson@...il.com, Ard Biesheuvel <ardb@...nel.org>
Subject: Re: [PATCH crypto v3 0/2] reduce code size from blake2s on m68k and
other small platforms
Hi Jason,
On Tue, Jan 11, 2022 at 11:05 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
> Geert emailed me this afternoon concerned about blake2s codesize on m68k
> and other small systems. We identified two effective ways of chopping
> down the size. One of them moves some wireguard-specific things into
> wireguard proper. The other one adds a slower codepath for small
> machines to blake2s. This worked, and was v1 of this patchset, but I
> wasn't so much of a fan. Then someone pointed out that the generic C
> SHA-1 implementation is still unrolled, which is a *lot* of extra code.
> Simply rerolling that saves about as much as v1 did. So, we instead do
> that in this patchset. SHA-1 is being phased out, and soon it won't
> be included at all (hopefully). And nothing performance-oriented has
> anything to do with it anyway.
>
> The result of these two patches mitigates Geert's feared code size
> increase for 5.17.
>
> v3 improves on v2 by making the re-rolling of SHA-1 much simpler,
> resulting in even larger code size reduction and much better
> performance. The reason I'm sending yet a third version in such a short
> amount of time is because the trick here feels obvious and substantial
> enough that I'd hate for Geert to waste time measuring the impact of the
> previous commit.
>
> Thanks,
> Jason
>
> Jason A. Donenfeld (2):
> lib/crypto: blake2s: move hmac construction into wireguard
> lib/crypto: sha1: re-roll loops to reduce code size
Thanks for the series!
On m68k:
add/remove: 1/4 grow/shrink: 0/1 up/down: 4/-4232 (-4228)
Function old new delta
__ksymtab_blake2s256_hmac 12 - -12
blake2s_init.constprop 94 - -94
blake2s256_hmac 302 - -302
sha1_transform 4402 582 -3820
Total: Before=4230537, After=4226309, chg -0.10%
Tested-by: Geert Uytterhoeven <geert@...ux-m68k.org>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Powered by blists - more mailing lists