[Botan-devel] SSE2 SHA-1

Jack Lloyd lloyd at randombit.net
Tue Sep 30 16:55:21 EDT 2008

On Tue, Sep 30, 2008 at 04:47:12PM -0400, Jack Lloyd wrote:
> On Tue, Sep 30, 2008 at 02:04:17PM -0400, Jack Lloyd wrote:
> Re 1.7.14:
> > A change in the asm implementations of SHA-1, MD4, MD5, and
> > Serpent. Instead of replacing the C++ implementation, they derive from
> > it as a new class (for instance MD5_IA32 or SHA_160_SSE2) and override
> > just the particular functions that are optimized. This means that
> > referring to, for instance, SHA_160 will always mean the C++ code (but
> > one can query feature macros or use the lookup system to get the
> > fastest SHA-1 for the system).
> This fixes the problems people saw on x86 with v1.7.13 where the SSE2
> and x86 asm versions of SHA-1 would conflict. All versions available
> get compiled and the best one is selected.

All the SHA-1 impl timings on my Core2, using 1.7.14:

SSE2 64-bit: 231 MiB/s
SSE2 32-bit: 197 MiB/s
x86-64 asm: 164 MiB/s
C++ (64-bit): 164 MiB/s
x86 asm: 158 MiB/s
C++ (32-bit): 136 MiBMi/s

Michal Ludvig reports SHA-1 north of 315 MiB/s on a VIA C3 [1] with
the builtin SHA instruction, though apparently the interface is
difficult to program due to a weird instruction design [2].


[1]: http://lists.logix.cz/pipermail/padlock/2006/000026.html
[2]: http://www.logix.cz/michal/devel/padlock/phe_sum.xp

More information about the botan-devel mailing list