Re: Patch: cprng_fast performance - please review.

[Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>]

campbell+netbsd-tech-kern@ wrote:

> > +void
> > +hc128_init(hc128_state_t *state, const uint8_t *key, const uint8_t *iv)
> > +{
> > +   unsigned int i;
> > +   uint32_t w[1280], *p = state->p, *q = state->q;
> 
> 5 KB on the stack is a lot!  Granted, this is a leaf routine which in
> our case will be called only in a softint handler, but still.

Note the caller of this hc128_init() is:

> > +static void
> > +cprng_fast_randrekey(cprng_fast_ctx_t *ctx)
> > +{
> > +   uint8_t key[16], iv[16];
> > +   hc128_state_t tempstate;
> > +   int s;
> > +
> > +   int have_initial = rnd_initial_entropy;
> > +
> > +   cprng_strong(kern_cprng, key, sizeof(key), FASYNC);
> > +   cprng_strong(kern_cprng, iv, sizeof(iv), FASYNC);
> > +   /* Rekey the hc128 state - expensive, don't do this at splhigh.  */
> > +   hc128_init(&ctx->hc128, key, iv);

The "hc128_state_t" is declared as:

> > +typedef struct
> > +{
> > +   uint32_t p[512];
> > +   uint32_t q[512];
> > +   uint16_t i;
> > +} hc128_state_t;

so it already consumes >4KB stack.
I'm afraid "9KB stack on rekeying" is fatal on most ports.

I wonder if we should also consider "speed vs memory"
especially for embedded users.

---
Izumi Tsutsui