Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2043336ybl;
        Sat, 14 Dec 2019 05:05:46 -0800 (PST)
X-Google-Smtp-Source: APXvYqzMT9gNaU/ACDBwHz/CszP7O2Q6bmCDAAr505UPEn714IW+ICFl64xDGKYllRc+uTJ5KsFT
X-Received: by 2002:a05:6830:14d5:: with SMTP id t21mr20905747otq.324.1576328745947;
        Sat, 14 Dec 2019 05:05:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576328745; cv=none;
        d=google.com; s=arc-20160816;
        b=dTXv2kdI4eoNIbBb9fuI9VBJLZRMEHI2D2y+nO7AdTZWoUoDN0L1m6fZeA354TmCfd
         Kc+Mtb1d0uioIztMGZPCaeWSx62HJdk9sodv45AaMjmYzFKnxIbR49AF2WznD/zJH2R/
         xq2UBz5M2mJ+c3hpLiYzAi3m/eXtRN9f/j4Uy/5yLFZoYzvqRWv0oOiYN6k0asYFJINl
         N6Mc7NVzdYoQCC2dOgZbQMcMDCaOnWQrn1CY05LRrZJ9OMQt05r6AkpL5vk8NmutIP3Z
         WNL36KODLGCNEaRVctcJkQQ5p7fhD5lMGm3xcBcL6vWQVLJ4J0BEo8XuCK3eAatO3viy
         4dyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=KYZB0a3bBEYijgxPHojbc9Gj0Z7GhGfbpt68/iN2yR8=;
        b=Cb6dronv5Z5hMiUNYV1i1xbYT/AHiAiz+VLEo+MA26LLCSuC5B6yRBoJKiJionX/re
         EEEbNQXwj+xX832U0T5TS6ZTtmwnzZrjo2yUMZwrGhHDmkHM/RBsQk589vYZfnWISiqX
         M5CIahndbs9TJ/5A/JENhpGpb/XCKJvCqZsD5iYv1vm2orOno6C6iSH4R3/P2ZTijXMi
         pc69c1epKhH5jQowSBlKQBNpzmZbHBhGIecWi47M1xWw0ftT7B6ZY9bEpKfus4lEiwHK
         Razicth0EgXelFmjM4vIaJQCRqMvYe3i3b987KA42EML0KeqZIrbPzrCygl209oxz+AE
         kurw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=mail header.b=eU6hf604;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b79si6672323oii.162.2019.12.14.05.05.25;
        Sat, 14 Dec 2019 05:05:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@zx2c4.com header.s=mail header.b=eU6hf604;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725900AbfLNNFY (ORCPT <rfc822;vinayvnsup@gmail.com>
        + 99 others); Sat, 14 Dec 2019 08:05:24 -0500
Received: from frisell.zx2c4.com ([192.95.5.64]:36663 "EHLO frisell.zx2c4.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725872AbfLNNFY (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Sat, 14 Dec 2019 08:05:24 -0500
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 363a0ee7
        for <linux-crypto@vger.kernel.org>;
        Sat, 14 Dec 2019 12:09:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version
        :references:in-reply-to:from:date:message-id:subject:to:cc
        :content-type; s=mail; bh=hYC2PaaBwR3br+jRNZ3yRFwJE6g=; b=eU6hf6
        049i57W5WxyZkofghZQeCqoPO7RjOHgOAiQqCDJKPxE+ptKrYpJ/Idh7X9Wd86KW
        us4SSnUmKHHDnhJVkbWXBYpwpQdkEMICX4fpu2yn7JbHwETMbMORnfAtuf1EpKK4
        McDtamofzYTsoX5ygoet0aNlXE8bJ2WFUzBjA2qxhwKrVQPeKNKf2YyvmDZRtj7B
        IFGGutdIb8zGN0nhIQVngaIG1KkjITGLGRRN9E4dABgZMDh0paSJ1gzv2+rvIecy
        OB9q20gw2tgtnPM15As+4njSoiclnGIur4XjXsaPu01I42TP3yryPXVZg5yBkBEh
        l1jmwLzAEdo0glmw==
Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id b1ac8f99 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
        for <linux-crypto@vger.kernel.org>;
        Sat, 14 Dec 2019 12:09:19 +0000 (UTC)
Received: by mail-ot1-f50.google.com with SMTP id p8so2717551oth.10
        for <linux-crypto@vger.kernel.org>; Sat, 14 Dec 2019 05:05:22 -0800 (PST)
X-Gm-Message-State: APjAAAWnpUTJoQ8MGA8f2OmUa8zlBrYihNhKpbfZRQNZ25SNE+msBwuh
        gDdCDQNfLigzWNzYI3u8KPeqYaxgra3xFqBN8wA=
X-Received: by 2002:a05:6830:1b6a:: with SMTP id d10mr21168278ote.52.1576328721427;
 Sat, 14 Dec 2019 05:05:21 -0800 (PST)
MIME-Version: 1.0
References: <20191211170936.385572-1-Jason@zx2c4.com> <20191212093008.217086-1-Jason@zx2c4.com>
 <d55e0390c7187b09f820e123b05df1e5e680df0b.camel@strongswan.org>
 <CAHmME9ovvwX3Or1ctRH8U5PjpNNMe9ixOZLi3F0vbO9SqA04Ow@mail.gmail.com>
 <CAHmME9reEXXSmQr+6vPM1cwr+pjvwPwJ5n3UZ0BUSjO2kQQcNg@mail.gmail.com>
 <CAKv+Gu80EVN-_aHPSYUu=0TvFJERBMKFvQS-gce3z_jx=X7www@mail.gmail.com>
 <CAHmME9oQ-Yj2WWuvNj1KNm=d4+PgnVFOusnh8HG0=yYWdi2UXQ@mail.gmail.com>
 <7d30f7c912a5565b1c26729b438c1a95286fcf56.camel@strongswan.org>
 <CAHmME9rP_AAH6=R7ZRPnu3UPTvZ+c32-XYOr2jstSyQvCaQhnA@mail.gmail.com> <20191213032849.GC1109@sol.localdomain>
In-Reply-To: <20191213032849.GC1109@sol.localdomain>
From:   "Jason A. Donenfeld" <Jason@zx2c4.com>
Date:   Sat, 14 Dec 2019 14:05:10 +0100
X-Gmail-Original-Message-ID: <CAHmME9p-dBVbCBoX+p4n3meC5n_GjCuZgMiUfUqG2-G-wqLbyQ@mail.gmail.com>
Message-ID: <CAHmME9p-dBVbCBoX+p4n3meC5n_GjCuZgMiUfUqG2-G-wqLbyQ@mail.gmail.com>
Subject: Re: [PATCH crypto-next v2 1/3] crypto: poly1305 - add new 32 and
 64-bit generic versions
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        Herbert Xu <herbert@gondor.apana.org.au>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi Eric,

On Fri, Dec 13, 2019 at 4:28 AM Eric Biggers <ebiggers@kernel.org> wrote:
> Now, it's possible that the performance gain outweighs this, and I too would
> like to have the C implementation of Poly1305 be faster.  So if you'd like to
> argue for the performance gain, fine, and if there's a significant performance
> gain I don't have an objection.  But I'm not sure why you're at the same time
> trying to argue that *adding* an extra implementation somehow makes the code
> easier to audit and doesn't add complexity...

Sorry, I don't mean to be confusing, but I clearly haven't written
very well. There are two things being discussed here, 32-bit and
64-bit, rather than just one. Let me clarify:

- The motivation for the 64-bit version is primarily performance. Its
performance isn't really in dispute. It's significant and good. I'll
put this in the commit message of the next series I send out.

- The motivation for the 32-bit version is primarily to have code that
can be compared line by line to the 64-bit version, in order to make
auditing easier given the situation with two implementations and also
for general cleanliness. I think there's enormous value in having the
other implementation be "parallel". Rather than two totally different
and foreign implementations, we have two related and comparable ones.
That's a good thing.  As a *side note*, it might also be slightly
faster than the one it replaces, which is great and all I guess, but
not the primary motivation of the 32-bit version.

Does that make sense? That's why I appear to simultaneously be arguing
that performance matters and doesn't matter. The motivation for the
64-bit version is performance. The motivation for the 32-bit version
is cleanliness. Two things, which are related.

I'll make this clear in the commit message of the next series I send.
Sorry again for being confusing.

Jason