Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I don't know however of a portable way to do initialization transparently without an explicit function call.
It works for gmp. Which doesn't imply that we should do it in exactly the same way, of course.
The cpuid test would have then to be moved to an assembly file.
Right.
Indeed. Once a framework for overwriting functionality is set, those would be not very hard to add. However setting such framework in nettle seems to require substantial work as all exported functions need to be replaced by function pointers thus breaking ABI.
I don't think the function pointers should be exported. If "fat" library is enabled (default for x86), then the exported function should be
void memxor (...) { (*memxor_p)(...); }
I think one should have the possibility to choose between fat and non-fat builds, with the same ABI. There's going to be a small extra call overhead in the fat case.
As long as all implementations can use the same ctx structs, there should be no problem with the ABI. If we also want to support hardware acelerators which are like black boxes, then some API and or ABI changes may be necessary.
I wouldn't care of serpent optimizations much :)
I'm not surprised ;-) But on processors which lack aes-instructions, but which have 256-bit %ymm-registers, serpent can most likely be twice as fast as aes if used in ctr mode (for the current code with 128-bit %xmm-registers, serpent speed was somewhere between aes-128 and aes-192 last time I measured).
/nisse