Umfrage/Architekturfrage zur DEC

**Kas Ob.**

Missed this part

Delphi-Quellcode:

			class procedure TCSPRNG.DetectSIMDSupport;

{$IF Defined(CPUX86) or Defined(CPUX64)}

asm

  {$IFDEF CPUX86}

  push ebx

  {$ENDIF}

  mov eax, 1          // CPUID leaf 1

  cpuid

  test edx, 1 shl 26  // Check SSE2 bit (bit 26 in EDX)

  jz @NoSIMD

  mov byte ptr [FSIMDSupported], 1

  jmp @Done

@NoSIMD:

  mov byte ptr [FSIMDSupported], 0

@Done:

{  mov eax, 1           // CPUID leaf 1 (faster than mov eax,1 on some CPUs)

  cpuid

  xor al, al          // AL = 0 (prepare for no SSE2)

  test edx, 1 shl 26  // Check SSE2 bit (bit 26 in EDX)

  setnz al            // AL = 1 if supported, 0 otherwise

  mov [FSIMDSupported], al}

  {$IFDEF CPUX86}

  pop ebx

  {$ENDIF}

end;

{$ELSE}

begin

  FSIMDSupported := False; // Non-x86 platforms use Pascal

end;

{$ENDIF}

**rabatscher**

Thanks for the implementation. (hey was that from the random generator mrmath

looks quite similar

I actually have already one that is that far including the (non simd version) of Poly1305.

I'm currently in the state of bringing the Poly1305 together with the chacha cipher....

And.. although it is stated that there are 20 rounds for the standard implementation the implementation does a "double round" which halfs
the number (at least that is what I found when implementing the example from the RFC)

**rabatscher**

Here my progress so far..
It includes heavily edited base classes too (not sure if that stays that way) - it is a start and I'm not expecting
this to be anyway close to a final architecture/working example.

The poly1305 test case works, as well as the base chacha20 encoding.
The tag is still not working....

When this works I will add an AVX version of the chacha cipher and try to create simd versions of the poly1305 update...

**Kas Ob.**

Zitat von rabatscher:

Here my progress so far..
It includes heavily edited base classes too (not sure if that stays that way) - it is a start and I'm not expecting
this to be anyway close to a final architecture/working example.

The poly1305 test case works, as well as the base chacha20 encoding.
The tag is still not working....

When this works I will add an AVX version of the chacha cipher and try to create simd versions of the poly1305 update...

Something is OFF, i didn't run the code, might be later, but this part is perplexing me

zusammenfalten · markieren

Delphi-Quellcode:

			procedure TPoly1305.InitInternal(const InitVector: T32ByteArray);

begin

     FillChar(FH, sizeof(FH), 0);

     ///* r &= 0xffffffc0ffffffc0ffffffc0fffffff */

//     st->r[0] = U8TOU32(&key[0]) & 0x0fffffff;

//     st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc;

//     st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc;

//     st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc;

     FR[0] := U8ToU32(@initVector[0]) and $0fffffff;

     FR[1] := U8ToU32(@initVector[4]) and $0ffffffc;

     FR[2] := U8ToU32(@initVector[8]) and $0ffffffc;

     FR[3] := U8ToU32(@initVector[12]) and $0ffffffc;

     FNonce[0] := U8ToU32(@initVector[16]);

     FNonce[1] := U8ToU32(@initVector[20]);

     FNonce[2] := U8ToU32(@initVector[24]);

     FNonce[3] := U8ToU32(@initVector[28]);

     fNum := 0;

end;

And it is really from here

https://github.com/openssl/openssl/b...305/poly1305.c
I see the clipingof the lower 2 bits for 4,8 and 12, but don't see the cliping of the highest 4 bits for 3,7,11 and 15.
From

https://en.wikipedia.org/wiki/Poly13...on_of_Poly1305

Zitat:

The secret key r = ....

In all cases, use the standardized version from

https://www.rfc-editor.org/rfc/rfc7539#section-2.5 this one is the most important and has the pseudo code in full, which also dictate :

Zitat:

o r[3], r[7], r[11], and r[15] are required to have their top four
bits clear (be smaller than 16)

o r[4], r[8], and r[12] are required to have their bottom two bits
clear (be divisible by 4)
...

void poly1305aes_test_clamp(unsigned char r[16])
{
r[3] &= 15;
r[7] &= 15;
r[11] &= 15;
r[15] &= 15;
r[4] &= 252;
r[8] &= 252;
r[12] &= 252;
}

So unless the code form OpenSSL is doing some arithmetic tricks and over optimized it is missing parts or has different implementation somewhere.

**Kas Ob.**

Ok Now i see it, it is doing the clipping/clamping on 32bit
///* r &= 0xffffffc0ffffffc0ffffffc0fffffff */

**rabatscher**

Here a first version that includes poly1305 to the chacha cipher - tests according to rfc7539 are included.
The code is far from beeing ready but it's a start

There are also some changes to the base classes... so if one could take a look at it would be great...

Still - I guess if the Mr. Humm likes the changes I need to figure on how to create a pull request on that lib....

**TurboMagic**

Zitat von rabatscher:

Here a first version that includes poly1305 to the chacha cipher - tests according to rfc7539 are included.
The code is far from beeing ready but it's a start

There are also some changes to the base classes... so if one could take a look at it would be great...

Still - I guess if the Mr. Humm likes the changes I need to figure on how to create a pull request on that lib....

Well, somebody is creating security risks by leaking real names of forum users

I think the other version presented in this thread only works on x86/x64 systems because of ASM usage.
Correct? While I like the use of AVX code to speed things up any implementation which shall get added to DEC
one daymust also have a pure pascal implementation for cross platform compatibility.

Oh and about autodetection whether a CPU supports AVX: somewhere in system.pas is some code available for
querying CPUID and from that one can find out if it supports AVX/AVX2.

Oh and since the current minimum supported Delphi version is 10.1 any version of Delphi prior to the one with
built in AVX asm support (11.0 Alexandria) needs to use the pure Pascal implementation.

That's my take for this evening on this one.

**rabatscher**

Ups sorry...

The chacha avx version from my mrmath library actually handles that quite well - the assembler routines were converted to db statements
if the assembler does not know the statements... SSE is known to Delhi since I guess D2010 so these can be left there...

Is the library used on non x86/x64 platforms too? If thats the case the endianess will be a challenge

I also have had troubles to not use a specialized class - the initialization of the poly1305 class is quite chacha specific (half of a block is dismissed,
the counter is increased). What do you think about that?

**TurboMagic**

Hello,

not sure what to think about the last question, but the DEC library
is cross platform compatible since V6.0. That was the biggest new feature
back then.

If you look into DECOptions.inc you'll also find the possibility to turn the
use of ASM for x86 on or off via define.

Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

AW: Umfrage/Architekturfrage zur DEC

Forumregeln

Kas Ob. Registriert seit: 3. Sep 2023 457 Beiträge	#15 AW: Umfrage/Architekturfrage zur DEC 20. Mai 2025, 11:29 Ok Now i see it, it is doing the clipping/clamping on 32bit ///* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ Kas
	Zitat

TurboMagic Registriert seit: 28. Feb 2016 Ort: Nordost Baden-Württemberg 3.094 Beiträge Delphi 12 Athens	#19 AW: Umfrage/Architekturfrage zur DEC 21. Mai 2025, 22:23 Hello, not sure what to think about the last question, but the DEC library is cross platform compatible since V6.0. That was the biggest new feature back then. If you look into DECOptions.inc you'll also find the possibility to turn the use of ASM for x86 on or off via define. Grüße TurboMagic
	Zitat