Sorry for the late response, and putting on my VIA hat for a second: On Sat, Aug 30, 2008 at 09:55:00PM +1200, Michal Ludvig wrote: > > Can you remind me the reason why our PadLock SHA implementation > > copies things into a page before hashing it? > > > > According to the programming manual, it would seem that the state > > should be recorded in EDI after each 64-byte block so we should > > be able to use the init/update/final model, no? > > > > Or has the chip changed since we implemented it? > > IIRC The first versions of VIA PadLock required the input data to be > aligned on 16-bytes boundaries and more importantly they always > finalised the hash. Therefore we had to collect all data before hashing > them. > > AFAIK Recent versions of PadLock don't insist on finalising the hash and > don't insist on input data alignment either and this workaround isn't > needed anymore. I don't know if VIA still sells their motherboard models > with the older CPUs or not. as far as I know, all VIA padlock enabled processors that you can buy today always finalize the hash. I have heard rumors that with the CN / Nano this is changing. VIA will update the padlock programming manual about that. Since AFAIK Nano is still only sampling and thre's no end-user product with that CPU in the market yet, there's no hurry right now. I'll make sure to ping you guys once three is news about this. -- - Harald Welte http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)