john icon indicating copy to clipboard operation
john copied to clipboard

Published 20 hours ago verified publisher icon openwall

Specialize SIMD SHA-256 for half-length input, iterated hashing

Open solardiz opened this issue 1 year ago • 2 comments

Implement changes to SIMD SHA-256 and to some formats that use it, similarly to what #5425 did for SHA-512.

solardiz avatar Jan 14 '24 02:01 solardiz

Additionally, we should probably be able to assume element 14 is zero in more cases - also for full length single-block or last block input - since for the only/last block it's high 32 bits of length (or high 64 for SHA-512). However, that would be a separate flag and it'd probably only be worth the overhead when building a specialized version (so the overhead would be removed by the compiler).

solardiz avatar Jan 14 '24 02:01 solardiz

Looks like these formats/uses would benefit from half-length input iterated hashing:

keyring_fmt_plug.c:		SIMDSHA256body(keys, keys32, NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT);
pkcs12_plug.c:			SIMDSHA256body(sse_buf, (uint32_t*)sse_buf, NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT);
pwsafe_fmt_plug.c:			SIMDSHA256body(keys, keys32, NULL, SSEi_MIXED_IN|SSEi_OUTPUT_AS_INP_FMT);

solardiz avatar Jan 16 '24 12:01 solardiz