Simon Josefsson simon@josefsson.org writes:
Here is a first milestone, to port Blowfish from libgcrypt to Nettle. The self-test work, and there are no API changes, and I didn't have to do anything strange to the code, so I'm hoping there won't be any problems.
Thanks! Looks like it should be easy to integrate.
I didn't look at the original blowfish.c in Nettle except for the first few header lines, so I have no idea what kind of improvements could be made -- but I don't think that is important compared to the license.
I diffed the files, and they are essentially the same (not surprising, since the old code in nettle is based on some older version of gnugpg). One possibly important difference (which I have introduced),
gnupg/gcrypt:
#ifdef WORDS_BIGENDIAN #define F(x) ((( s0[((uint8_t*)&x)[0]] + s1[((uint8_t*)&x)[1]]) \ ^ s2[((uint8_t*)&x)[2]]) + s3[((uint8_t*)&x)[3]] ) #else #define F(x) ((( s0[((uint8_t*)&x)[3]] + s1[((uint8_t*)&x)[2]]) \ ^ s2[((uint8_t*)&x)[1]]) + s3[((uint8_t*)&x)[0]] ) #endif
nettle:
#define F(c, x) \ ((( (c->s[0][(x>>24) &0xff] + c->s[1][(x>>16) & 0xff]) \ ^ c->s[2][(x>>8) & 0xff]) + c->s[3][x & 0xff]) & 0xffffffff)
The reason is that I want x to live in a register, and that I'm afraid that doing the conversion via memory accesses is expensive. And maybe it will also prevent gcc from allocating a register for it at all (at least with earlier versions of gcc, if you ever took the address of a variable, it was totally disqualified for register allocation).
Some benchmarking and/or look at the assembly code is needed to really say what's best.
There's one more #ifdef WORDS_BIGENDIAN in the libgcrypt version, in the key setup. Since this is usually not performance critical, I'd be tempted to remove that.
I have not signed papers specifically for Nettle, hence the (C) with my name, but I can do FSF papers if it is required.
Currently, there's no policy requiring copyright assignments for Nettle. Not sure if that's good or bad, but currently copyright for each file is owned by the respective authors (except for code that's copied from libgcrypt or glibc or so, which is owned by the FSF). And, e.g., the DES implementation by Dana L. How predates Nettle by many years, and I haven't even been able to contact the author.
Regards, /Niels