[PATCH 1/8] g10/decrypt-data: use fill_buffer in more places

Jussi Kivilinna jussi.kivilinna at iki.fi
Thu Nov 8 19:38:47 CET 2018 

On 7.11.2018 21.49, Werner Koch wrote:
> On Wed,  7 Nov 2018 18:38, jussi.kivilinna at iki.fi said:
> 
>> Should I push this patch set to new branch in gnupg repo?
> 
> Just go ahead and push it directly to master.
> 
>> I've also looked at disabling extra hash contexts when decrypting
>> non-signed files. Could those contexts be disabled when any AEAD or
>> MDC encrypted packet is seen? Such patch would look something this:
> 
> While looking at your patches I was reminded to check whether we have
> some useless hash context running. 
> 
>> +    unsigned int seen_encrypted_mdc:1; /* Any PKT_ENCRYPTED_MDC packet seen */
>> +    unsigned int seen_encrypted_aead:1; /* Any PKT_ENCRYPTED_AEAD packet seen */
> 
> There is either one MDC packet or one AEAD packet.
> 
>> -  if (!any && !opt.skip_verify)
>> +  if (!any && !opt.skip_verify && !c->any.seen_encrypted_mdc &&
>> +      !c->any.seen_encrypted_aead)
>>      {
>>        /* This is for the old GPG LITERAL+SIG case.  It's not legal
>>           according to 2440, so hopefully it won't come up that often.
> 
> For sure this is not possible with AEAD.  With MDC it is unlikely but I
> think we should not touch that case given that the goal is to fade out
> the use of MDC.
> 

Ok, I'll make patch AEAD only. For CFB/MDC, user can of course use 
--skip-verify if they know that input does not have signature and want
to get highest performance.

Here's results that I've seen with patch/--skip-verify for different types
of input on my machine (2GiB input file from ramfs):

decrypting MDC encrypted, signed (AES128+SHA1(mdc)+SHA512(sign)):
 user 5.2s, 364 MB/s
decrypting MDC encrypted, not signed (AES128+2xSHA1(mdc+extra)+RMD160(extra)):
 user 9.6s, 206 MB/s
decrypting MDC encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
 user 3.0s, 575 MB/s

decrypting MDC symmetric encrypted, not signed (AES128+SHA1(mdc+extra)+RMD160(extra)):
 user 9.7s, 205 MB/s
decrypting MDC symmetric encrypted, not signed --skip-verify (AES128+SHA1(mdc)):
 user 3.1s, 556 MB/s

decrypting AEAD encrypted, signed (AES128_OCB+SHA512(sign)):
 user 4.7s, 387 MB/s
decrypting AEAD encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
 user 7.6s, 258 MB/s
decrypting AEAD encrypted, not signed --skip-verify or patched (AES128_OCB):
 user 0.95s, 1.2 GB/s

decrypting AEAD symmetric encrypted, not signed (AES128_OCB+SHA1(extra)+RMD160(extra)):
 user 7.6s, 256 MB/s
decrypting AEAD symmetric encrypted, not signed --skip-verify or patched (AES128_OCB):
 user 1.1s, 1.1 GB/s

I also noticed that --skip-verify does not affect decryption speed of
signed input. Selected digest algorithm gets enabled regardless of 
--skip-verify in proc_plaintext(). Should this be fixed?

-Jussi

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 671 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20181108/c9938035/attachment-0001.sig>

More information about the Gnupg-devel mailing list