tech-crypto archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: cprng_fast performance - please review.
campbell+netbsd-tech-kern@ wrote:
> > +void
> > +hc128_init(hc128_state_t *state, const uint8_t *key, const uint8_t *iv)
> > +{
> > + unsigned int i;
> > + uint32_t w[1280], *p = state->p, *q = state->q;
>
> 5 KB on the stack is a lot! Granted, this is a leaf routine which in
> our case will be called only in a softint handler, but still.
Note the caller of this hc128_init() is:
> > +static void
> > +cprng_fast_randrekey(cprng_fast_ctx_t *ctx)
> > +{
> > + uint8_t key[16], iv[16];
> > + hc128_state_t tempstate;
> > + int s;
> > +
> > + int have_initial = rnd_initial_entropy;
> > +
> > + cprng_strong(kern_cprng, key, sizeof(key), FASYNC);
> > + cprng_strong(kern_cprng, iv, sizeof(iv), FASYNC);
> > + /* Rekey the hc128 state - expensive, don't do this at splhigh. */
> > + hc128_init(&ctx->hc128, key, iv);
The "hc128_state_t" is declared as:
> > +typedef struct
> > +{
> > + uint32_t p[512];
> > + uint32_t q[512];
> > + uint16_t i;
> > +} hc128_state_t;
so it already consumes >4KB stack.
I'm afraid "9KB stack on rekeying" is fatal on most ports.
I wonder if we should also consider "speed vs memory"
especially for embedded users.
---
Izumi Tsutsui
Home |
Main Index |
Thread Index |
Old Index